[META] Migration path from 2011 third party CA to 2023 third party CA certificate #443
Labels
meta
Not a review request, but an issue or notice wrt the signing process
Comments
steve-mcintyre
added
the
meta
|
So far, we have no update from MSFT, shim submission are still signed with 2011 CA , so I guess we will have to wait until we get new updates, will keep the ticket open for tracking it. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hey there,
I was wondering if you already published some kind of migration strategy all the shim based projects should be applying when talking about switching from 2011 third party CA certificate and our currently signed shim loader to the 2023 third party CA certificate, which Microsoft already started to roll out on first machines since spring this year.
Will there be a choice from which CA an submitted shim should get signed or do you plan to do the signing with both CAs for some limited time frame? Do you also publish some best practice guide based on Microsoft timelines for the third party CA version rollout? I bet Microsoft wants to set the old third party CA on DBX at some point. How to make sure that someone didn't miss anything?
As everybody might be affected by this future situation I wanted to open this thread for discussion and to get some official statement. I couldn't find anything official from Microsoft so far on those questions.
Thanks a lot!
The text was updated successfully, but these errors were encountered: