Windows and Linux boot security keys expire June 24, threatening machine boot sequences

The Microsoft Third Party UEFI CA certificate that underpins secure boot for most Windows and Linux machines will begin expiring on June 24, 2026. Systems that haven't received updated firmware or bootloader signatures may fail to boot entirely. The issue affects millions of machines running Linux distributions that rely on Microsoft's signing authority through the shim bootloader, as well as Windows PCs with older firmware. Administrators must update to bootloaders signed by the new 2026 UEFI CA certificates before the deadline.