Updated
Updated · ZDNet · Jun 24
Linux PCs Need 2023 Secure Boot Keys Before 2011 Certificates Expire in 2026
Updated
Updated · ZDNet · Jun 24

Linux PCs Need 2023 Secure Boot Keys Before 2011 Certificates Expire in 2026

3 articles · Updated · ZDNet · Jun 24

Summary

  • 2026 certificate expiry mainly threatens future Linux installs and updates, not machines already booting with Secure Boot enabled.
  • Microsoft’s 2011 Secure Boot certificates begin expiring in two 2026 waves, while newer 2023 keys are being pushed through OEM firmware updates to preserve trust for new boot components.
  • Firmware updates are the critical fix: users should install recent BIOS/UEFI releases—often via fwupdmgr on Linux—and then test a current distro ISO with Secure Boot turned on.
  • Major distributions including Fedora, RHEL, Ubuntu, SUSE and Debian have largely prepared their shim and signing chains, but older PCs without updated firmware could fail to boot newer images.
  • Disabling Secure Boot remains a fallback, but the report warns against making it permanent because it removes a meaningful defense against bootkits, rootkits and other persistent malware.

Sources

Center100%
ZDNet2h ago
Linux PCs Face Secure Boot Problem as Microsoft's 2011 Certificates Expire in 2026; Firmware Updates Crucial
tips4it.com2h ago
Secure Boot 2023: Which Windows PCs Might Miss the Update?
linkedin8h ago
A Microsoft Secure Boot signing certificate from 2011 is expiring on June 27, 2026, which has been used to sign the “shim” bootloader for nearly every major Linux distribution. Existing Linux… | Radoslav Krehlik
7 Sources

Insights

With Microsoft's old keys now expiring, what happens to Linux users whose PC vendors have abandoned firmware support?
Is the Linux 'Secure Boot' crisis a technical hurdle or a fundamental flaw in relying on Microsoft's keys?

Related Stories

Linux Faces 2026 Secure Boot Update as Microsoft Certificates Expire
6d ago
Windows 11 KB5094126 Triggers 0xc0430001 BSODs and BitLocker Lockouts After June Patch Tuesday
12d ago
Microsoft Warns Secure Boot Update May Need 3 Restarts as 2011 Certificates Expire in June
29d ago

Sources

7 total
Center100%
ZDNet2h ago
Linux PCs Face Secure Boot Problem as Microsoft's 2011 Certificates Expire in 2026; Firmware Updates Crucial
tips4it.com2h ago
Secure Boot 2023: Which Windows PCs Might Miss the Update?
linkedin8h ago
A Microsoft Secure Boot signing certificate from 2011 is expiring on June 27, 2026, which has been used to sign the “shim” bootloader for nearly every major Linux distribution. Existing Linux… | Radoslav Krehlik
Show all 7 sources

Related Stories

Linux Faces 2026 Secure Boot Update as Microsoft Certificates Expire
6d ago
Windows 11 KB5094126 Triggers 0xc0430001 BSODs and BitLocker Lockouts After June Patch Tuesday
12d ago
Microsoft Warns Secure Boot Update May Need 3 Restarts as 2011 Certificates Expire in June
29d ago