Will Keys expire?

Posted Sep 23, 2011 22:34 UTC (Fri) by sjlyall (guest, #4151)
Parent article: Garrett: UEFI secure booting (part 2)

What would happen if the key (Microsoft's, Vendor's, OS's) expires? Will the machine now refuse to boot?

Could Vendors use this to limit the lifetime of machines, so you'd buy a computer and find that the cert on it expires in 4 years time after which it won't boot.

Will Keys expire?

Posted Sep 24, 2011 20:29 UTC (Sat) by Cyberax (✭ supporter ✭, #52523) [Link] (1 responses)

It doesn't have an expiration date. Key revocation list is used instead to kill of bad certificates.

Will Keys expire?

Posted Sep 26, 2011 10:27 UTC (Mon) by tialaramex (subscriber, #21167) [Link]

Note that getting this working is not, so far as I can see, on the short path to getting a Windows logo (and thus OEM pricing) so there is every reason to expect revocation won't work correctly in some proportion of systems "secured" with the technology.

The absolute laziest "implementation" will be to accept Microsoft's generic OEM key as issued and nothing else, ever. That suits Microsoft just fine today, although it's a nightmare down the road there's no sign anybody at Microsoft is thinking further ahead than the next financial year anyway these days.