Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[META] Migration path from 2011 third party CA to 2023 third party CA certificate #443

Open
caschulz88 opened this issue Sep 17, 2024 · 1 comment
Labels
meta Not a review request, but an issue or notice wrt the signing process

Comments

@caschulz88
Copy link

Hey there,

I was wondering if you already published some kind of migration strategy all the shim based projects should be applying when talking about switching from 2011 third party CA certificate and our currently signed shim loader to the 2023 third party CA certificate, which Microsoft already started to roll out on first machines since spring this year.

Will there be a choice from which CA an submitted shim should get signed or do you plan to do the signing with both CAs for some limited time frame? Do you also publish some best practice guide based on Microsoft timelines for the third party CA version rollout? I bet Microsoft wants to set the old third party CA on DBX at some point. How to make sure that someone didn't miss anything?

As everybody might be affected by this future situation I wanted to open this thread for discussion and to get some official statement. I couldn't find anything official from Microsoft so far on those questions.

Thanks a lot!

@steve-mcintyre steve-mcintyre added the meta Not a review request, but an issue or notice wrt the signing process label Sep 30, 2024
@SherifNagy
Copy link
Collaborator

So far, we have no update from MSFT, shim submission are still signed with 2011 CA , so I guess we will have to wait until we get new updates, will keep the ticket open for tracking it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
meta Not a review request, but an issue or notice wrt the signing process
Projects
None yet
Development

No branches or pull requests

3 participants