Deadline near to update Secure Boot keys for Windows and Linux

Windows and Linux users have until June 24 to update cryptographic keys that guard the system boot sequence. Three Microsoft-signed certificates that verify firmware and boot software will expire on that date; those certificates form the core of Secure Boot, the chain of trust that checks digital signatures during startup.

UEFI bootkits can load before the operating system and most defenses, allowing them to persist through reinstalls and reinfect cleaned systems. In response to such threats and to mitigate a 2023 vulnerability known as LogoFail, Microsoft is replacing older signatures dated 2011 with new ones dated 2023.

Most Windows machines receive the key refresh automatically through regular monthly updates; users can confirm the change in Windows Security > Device Security > Secure Boot, where a green checkmark indicates completion. Linux distributions are updating the small first-stage bootloader known as the shim, and users should watch for those releases.

secure boot, windows, linux, uefi, microsoft, shim, uefi bootkit, logofail, cryptographic keys, bootloader