Secure Boot Certificate Update Deadline Nears for Windows and Linux Users

Windows and Linux users face an upcoming deadline to update cryptographic keys vital for system security. These keys protect against firmware-based UEFI infections, a form of malware that loads before operating system and anti-malware protections can activate.

Beginning June 24, three specific certificates that ensure the cryptographic verification of firmware and software during system boot will expire. These Microsoft-signed certificates are integral to Secure Boot, a security feature designed by Microsoft.

Secure Boot establishes a chain of trust by checking the digital signatures of all code loaded during system startup. This process ensures that the code originates from a trusted provider, such as the motherboard manufacturer. The primary purpose of Secure Boot is to counteract bootkits.

Bootkits are a type of malware that modifies the systems responsible for loading firmware and software during the initial boot sequence. Because bootkits load before the operating system and most other code, they are often difficult to detect. Once installed, these malicious programs can deploy further malware onto the OS, potentially stealing credentials, backdooring the system, or performing other harmful actions. Bootkits are particularly resilient, as they can survive operating system reinstallations and reinfect the system even after the OS has been disinfected.

According to Ars Technica, users should be aware of this impending deadline to safeguard their systems.