Expiration of Secure Boot signing certificates in 2026

Source: Red Hat Blog

The keys that Microsoft uses to sign for Secure Boot are expiring at the end of June 2026. Here is what you need to know:Secure Boot-enabled systems will continue to boot after June 2026 whether they are immediately updated or not.Red Hat has released new shims, signed by multiple certificates, for all supported RHEL 9 and RHEL 10 streams; RHEL 8 will receive the new shim in June 2026.To prepare your systems for the future, it’s best to update your firmware database, if an update is available, and update your shim.What is Secure Boot?UEFI Secure Boot is a security feature that permits only s