Steve's blog
   


Steve About
Steve's blog,
The Words of the Sledge
steve@einval.com

Subscribe
Subscribe to the RSS feed.

Links

  • Home
  • Debian
  • PlanetDebian
  • Search PlanetDebian

    • Friends

  • Matthew Garrett
  • Jonathan McDowell
  • Jo McIntyre
  • Martin Michlmayr
  • Andrew Mobbs
  • Mike Pitt
  • Daniel Silverstone
  • Andy Simpkins
  • Neil Williams


    		•         
    Friday, 22 May 2026

    Secure Boot and CA Rollover - a heads-up for distributions

    Background

    I'm a member of the EFI team in Debian, and I've done much of the work for Debian to support UEFI Secure Boot (SB) in recent years. We have included that support for a number of releases now, starting back with Debian 10 (aka Buster).

    I'm also a long-time accredited member of the shim-review team, the group that checks and approves shim binaries before Microsoft will sign them.

    See the Debian wiki for lots of background details about Secure Boot and how we do things in Debian.

    Secure Boot depends on signatures, which are verified during boot using a chain of X.509 certificates. The root certificate(s) in the chain are embedded in computer firmware, then later software such as shim can add more certificates to extend the trust. Easy, right?

    The problem - certificates expire...

    Microsoft administer the most widespread Secure Boot root certificates, and have been doing so since the very beginning of UEFI Secure Boot as a concept. The Microsoft UEFI CA certificates are included in just about every x86 and x86-64 computer shipped, and also in quite a lot of arm64 machines too.

    (The fact that Microsoft is therefore a gatekeeper for Linux running under Secure Boot is very unpopular in some quarters, but this is just a fact of life in the world we live in.)

    The current certificates have been around since 2011:

    1. Windows Production PCA 2011 (used for signing Windows components)

      Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011
  Validity
    Not Before: Oct 19 18:41:42 2011 GMT
    Not After : Oct 19 18:51:42 2026 GMT

    This expires in October this year, ~5 months from now.

    2. Third Party Marketplace Root (used for signing option ROMs and other software)

      Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011
  Validity
    Not Before: Jun 27 21:22:45 2011 GMT
    Not After : Jun 27 21:32:45 2026 GMT

    For Linux folks, this second certificate is more interesting - it is the root of the certificate chain that Microsoft use when signing shim for Linux distributions

    This CA expires 5 weeks from today.

    OMG!!! Will all my existing Secure Boot machines stop booting?

    Almost definitely not, no.

    The specification for UEFI Secure Boot expects that valid dates on certificates should not be enforced for signatures here. All that matters here is the signatures themselves. Modulo buggy firmware, existing signed binaries should continue just fine.

    New CAs to be aware of

    Microsoft have published three new CAs:

    1. A new CA used for signing device option ROMs

      Subject: C=US, O=Microsoft Corporation, CN=Microsoft Option ROM UEFI CA 2023
  Validity
    Not Before: Oct 26 19:02:20 2023 GMT
    Not After : Oct 26 19:12:20 2038 GMT

    2. A new CA used for signing Windows components

      Subject: C=US, O=Microsoft Corporation, CN=Windows UEFI CA 2023
  Validity
    Not Before: Jun 13 18:58:29 2023 GMT
    Not After : Jun 13 19:08:29 2035 GMT

    3. A new CA used for signing other software (e.g. shim)

      Subject: C=US, O=Microsoft Corporation, CN=Microsoft UEFI CA 2023
  Validity
    Not Before: Jun 13 19:21:47 2023 GMT
    Not After : Jun 13 19:31:47 2038 GMT

    New machines and updated older machines will most likely have all of these new CAs installed. New machines are already shipping that only include the new CAs; they will not trust older software and this has already started causing problems for some users.

    Isn't this is all a bit short notice?

    Yes it is. :-(

    A common rule of thumb when deploying CA certificates is to start the process of replacement ("rollover") when a certificate reaches half of its lifetime. Unfortunately, Microsoft have done this very late. They generated new keys in 2023, but didn't start signing shim and other third-party software with the UEFI CA until October 2025.

    If I'm a distro developer, what should I do?

    If you already have an old shim signed by Microsoft for your distribution from before October 2025, then it will only be signed using the older CA that expires soon. On newer machines, your users will already not be able to boot your distro with Secure Boot enabled.

    If you want your users to be able to use Secure Boot in future, you will need to get a new shim build submitted, reviewed and signed using the new CA. However, that signed build will not work on older machines unless they have had the new CAs installed. This is also likely to cause problems for some users. You should encourage your users to update their systems NOW before things break for them.

    There is an interim solution which will work, but only if you're quick! Microsoft are currently returning shim binaries signed using both the old CA and the new CA. More specifically, for every binary that is submitted they will return two: one signed with each CA. If you use these directly, you'll need to plan to publish:

    • 2 signed shim binaries
    • 2 installers
    • 2 sets of live/installer images
    • etc.

    and explain to your users how they'll need to pick one. Good luck with that!

    However, it is possible to extract signatures from those signed shim binaries and attach them all onto one shim, giving you the Holy Grail here - a single shim that will boot on the vast majority of machines. Indeed, this is what I'm planning on doing in Debian. So-called "dual-signed" shims may provoke issues with buggy firmware, so be aware that you may have to deal with this too. But take heart: early testing by various distro folks with a dual-signed Fedora shim did not show any problems.

    You have 5 weeks and counting...

    Microsoft have promised to continue signing with the old CA as long as possible, right up to the last day. They understand how awkward things are going to be otherwise, and are trying to help here as much as possible.

    In the shim-review team, we have been expecting to see a surge of shim submissions before the old CA expires, to make the most of the "Holy Grail" dual-signed shims described above. But we've been really surprised that this has not been happening.

    So, this blog is a wake-up call for people doing Secure Boot with shim. Even if you're not going to be ready to ship a new shim binary to your users, you should really try to get a new build prepared and signed NOW so that you have it available to tide you over through the coming CA transition. Don't leave it too late.

    If you're not sure what to do, ask me and the other shim-review folks. We're happy to give advice. But don't delay.

    You have 5 weeks and counting.

    References

    I'll add more links here in the coming weeks.

    00:43 :: # :: /debian/efi :: 0 comments

    Sunday, 02 August 2015

    New UEFI team in Debian

    We've just started a new team in Debian for maintaining our UEFI packages together, with git repositories in a shared project on alioth etc. We're just working out the exact details of how we're going to manage things, but for now we've moved the following packages under the team's umbrella:

    • efibootmgr
    • efivar
    • fwupd
    • fwupdate
    • pesign

    and in the future we'll clearly end up adding more. We've also started a new IRC channel (#debian-efi) on irc.debian.org aka irc.oftc.net. New members always welcome to help with the work here!

    00:40 :: # :: /debian/efi :: 1 comment

    Tracking broken UEFI implementations

    There can be issues with shipping installer images including UEFI. But they're mainly due to crappy UEFI implementations that vendors have shipped. It's fairly well-known that Apple have shipped some really shoddy firmware over the years, and to allow people to install Debian on older Apple x86 machines we've now added the workaround of a non-UEFI 32-bit installer image too. But Apple aren't the only folks shipping systems with horrendously buggy UEFI, and a lot of Linux folks have had to deal with this over the last few years.

    I've been talking to a number of other UEFI developers lately, and we've agreed to start a cross-distro resource to help here - a list of known-broken UEFI implementations so that we can share our experiences. The place for this in in the OSDev wiki at http://wiki.osdev.org/Broken_UEFI_implementations. We're going to be adding new information here as we find it. If you've got a particular UEFI horror story on your own broken system, then please either add details there or let me know and I'll try to do it for you.

    00:40 :: # :: /debian/efi :: 3 comments

    Justifying 32-bit UEFI on 64-bit Intel hardware, and tracking broken UEFI implementations

    You might have seen some of the posts I've written in the last few months about adding support in Debian for so-called Mixed-EFI systems like the Intel Bay Trail: a 64-bit processor shipped with a 32-bit EFI implementation.

    I've finally seen a public justification from Intel evangelist Brian Richardson as to why these systems are crippled^Wconfigured this way, and it's nice to see our guesses confirmed. The reason is simply cost - like most consumer PCs shipped today, they come with Windows. In terms of system design, it's cheaper to just include the limited memory and storage needed for 32-bit Windows. 64-bit Windows takes a lot more storage in particular. And on modern systems 32-bit Windows can only boot using 32-bit UEFI. Fair enough...

    However, Brian goes on to state some more things that are simply out of date, saying that "Linux support for UEFI IA32 is still an unanswered question". Ummm, Brian: we've got working 32-bit x86 UEFI support in our standard Jessie (and newer) installation images already, and they work just fine on CD/DVD or USB stick. We've even gone one stage further than anybody else (thus far!) in adding easy support for running a full 64-bit Linux system on top of those 32-bit UEFI implementations.

    I say "thus far" here because all the work here here is Free Software. Other folks added the support in Linux for making a 64-bit kernel work with a 32-bit UEFI; I added code in Linux to expose some of the details to userspace, and code in Grub to work with it. My changes have gone upstream already, so I'd expect to see other distros like Fedora or Ubuntu also using them soon.

    00:40 :: # :: /debian/efi :: 1 comment