From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail05.groups.io (mail05.groups.io [45.79.224.7]) by spool.mail.gandi.net (Postfix) with ESMTPS id 60A72740035 for ; Fri, 8 Nov 2024 02:26:41 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=lbJs3oZaOjMBS6ggZHoYajnIsh7J1IjdKSn7I8GtFlc=; c=relaxed/simple; d=groups.io; h=Feedback-ID:Message-ID:Date:MIME-Version:User-Agent:Subject:To:References:From:In-Reply-To:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Resent-Date:Resent-From:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Language:Content-Type:Content-Transfer-Encoding; s=20240830; t=1731032801; v=1; x=1731291999; b=QD0Byya/9CrI81C0rH690yLzTBK91JzBwB1wjj1xqsKf7O2vGQK08JQupR/u8LIVKrEOp5tT E5sE4E5qdrbcxqH3KwT521kRYdrWDHwA2Of8ezHAUzHXFaAbD5rk8Zsn8y4XqV+U6GQVqKt72n6 6efbsjeV/Q+P5zxxtew/t7Fko88spXlQ0IdsdJNfL2l+U7SNTBnC2omUjgISXWwQ+J21szNQZXE zVbx4Kc4LKrP0qgnduIR3QFNjG7uGEvcnB4rF1wgvKr0RVsA5rW9f0UI+1FLgJBkJ0a3xhe7xaK OlKWmZjmPRhHoRc7Fq+huZZfKmEF+lw9EbP8fdpSz7niw== X-Received: by 127.0.0.2 with SMTP id SSZRYY7687511xmcNTEUwu4L; Thu, 07 Nov 2024 18:26:39 -0800 X-Received: from fhigh-b6-smtp.messagingengine.com (fhigh-b6-smtp.messagingengine.com [202.12.124.157]) by mx.groups.io with SMTP id smtpd.web11.4106.1731032798888428390 for ; Thu, 07 Nov 2024 18:26:39 -0800 X-Received: from phl-compute-08.internal (phl-compute-08.phl.internal [10.202.2.48]) by mailfhigh.stl.internal (Postfix) with ESMTP id D71B4254008A; Thu, 7 Nov 2024 21:26:37 -0500 (EST) X-Received: from phl-mailfrontend-01 ([10.202.2.162]) by phl-compute-08.internal (MEProxy); Thu, 07 Nov 2024 21:26:37 -0500 X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeefuddrtdehgdegiecutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpggftfghnshhusghstghrihgsvgdpuffr tefokffrpgfnqfghnecuuegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnth hsucdlqddutddtmdenucfjughrpefkffggfgfuvfhfhfgjtgfgsehtjeertddtvdejnecu hfhrohhmpeftvggsvggttggrucevrhgrnhcuoehrvggsvggttggrsegsshguihhordgtoh hmqeenucggtffrrghtthgvrhhnpeejhedtuedufeejvdduvdeuheetvdehveduudfhtdfg jeefgfegffekhfffjeelhfenucffohhmrghinhepghhithhhuhgsrdgtohhmnecuvehluh hsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomheprhgvsggvtggtrges sghsughiohdrtghomhdpnhgspghrtghpthhtohepvddpmhhouggvpehsmhhtphhouhhtpd hrtghpthhtohepughouhhgfhhlihgtkhesmhhitghrohhsohhfthdrtghomhdprhgtphht thhopeguvghvvghlsegvughkvddrghhrohhuphhsrdhioh X-ME-Proxy: Feedback-ID: i5b994698:Fastmail X-Received: by mail.messagingengine.com (Postfix) with ESMTPA; Thu, 7 Nov 2024 21:26:37 -0500 (EST) Message-ID: <4c92803d-1735-43d0-bdd5-ed556f64c606@bsdio.com> Date: Thu, 7 Nov 2024 19:26:23 -0700 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [edk2-devel] ArmPlatformPkg: does SecureBootDefaultKeys.fdf.inc need updated to add more DB files? To: Doug Flick , devel@edk2.groups.io References: <25796.1730825185023888175@groups.io> From: "Rebecca Cran" In-Reply-To: <25796.1730825185023888175@groups.io> Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Resent-Date: Thu, 07 Nov 2024 18:26:39 -0800 Resent-From: rebecca@bsdio.com Reply-To: devel@edk2.groups.io,rebecca@bsdio.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: Bt8ekL3mcElGSeGZyVJqe6xHx7686176AA= Content-Language: en-US Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: quoted-printable X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20240830 header.b="QD0Byya/"; dmarc=none; spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 45.79.224.7 as permitted sender) smtp.mailfrom=bounce@groups.io On 11/5/24 9:46 AM, Doug Flick via groups.io wrote: > > Hey Rebecca! > > We actually have the following repo on github/secureboot_objects=20 > where you can get=20 > Secure Boot default releases and ask questions directly to the team=20 > that manages secure boot at Microsoft. > > To answer your question, > > The 2011 certificates are expiring in 2026 so we're beginning a=20 > transition away from them. > > The expiring certificates are: > > |DB: Microsoft Windows Production PCA 2011 DB: Microsoft Corporation=20 > UEFI CA 2011 (Third Party) KEK: Microsoft Corporation KEK CA 2011 | > > The new certificates are: > > |DB: Windows UEFI CA 2023 DB: Microsoft UEFI CA 2023 (Third Party) DB:=20 > Microsoft Option ROM UEFI CA 2023 (Only Option Roms (New behavior=20 > meant to improve configurability)) KEK: Microsoft Corporation KEK 2K=20 > CA 2023 | > > Right now the guidance is to include both sets of certificates to=20 > provide the most compatibility during the transition and then at a=20 > point further in the future we'll begin remove the 2011 certificates=20 > from the default. > Thanks! I was wondering if you know whether anyone's considered adding=20 the repo as a submodule of edk2, probably somewhere under CryptoPkg? --=20 Rebecca -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#120759): https://edk2.groups.io/g/devel/message/120759 Mute This Topic: https://groups.io/mt/109402104/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-