The Microsoft KEK key expires in 2026
Owner: 77fa9abd-0359-4d32-bd60-28f4e78f784b
SHA1 Fingerprint: 31:59:0b:fd:89:c9:d7:4e:d0:87:df:ac:66:33:4b:39:31:25:4b:30
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
61:0a:d1:88:00:00:00:00:00:03
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation Third Party Marketplace Root
Validity
Not Before: Jun 24 20:41:29 2011 GMT
Not After : Jun 24 20:51:29 2026 GMT
Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation KEK CA 2011
and the new one should already be distributed through fwupd or through the manufacurer
Owner: 77fa9abd-0359-4d32-bd60-28f4e78f784b
SHA1 Fingerprint: 45:9a:b6:fb:5e:28:4d:27:2d:5e:3e:6a:bc:8e:d6:63:82:9d:63:2b
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
33:00:00:00:13:14:16:b8:61:6d:82:82:4b:00:00:00:00:00:13
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Microsoft Corporation, CN=Microsoft RSA Devices Root CA 2021
Validity
Not Before: Mar 2 20:21:35 2023 GMT
Not After : Mar 2 20:31:35 2038 GMT
Subject: C=US, O=Microsoft Corporation, CN=Microsoft Corporation KEK 2K CA 2023
The updated db should also have been received through fwupd by now.
What the article says is that when getting Microsoft to sign the shim after september, the shim will be signed with the new key. That is all.