I've wondered what will happen to T2 Apple devices that cannot boot to anything except macOS & require online activation for first boot after reinstall, even years after purchase. When Apple eventually shuts down the T2 activation servers, do all these Macs become paperweights upon reset?
It should be mentioned Apple still provides SW Update for 10.4.x which was released in the G4 era, so this isn't a looming issue like the 2026 MS Certificate.
fuzzfactor•7mo ago
>Important When the 2011 CAs expire, Windows devices that do not have new 2023 certificates can no longer receive security fixes for pre-boot components compromising Windows boot security.
>Windows devices for businesses:
>https://support.microsoft.com/en-us/topic/windows-devices-fo...
>This article is targeted at organizations that do not share diagnostic data with Microsoft and have dedicated IT professionals who manage updates to their environment. Currently, there is insufficient information for Microsoft to fully support rolling out the Secure Boot certificates on these devices, especially those with diagnostic data disabled.
Hmm, so far the only proven technique for reliably updating the certificates is for regular consumer Windows users relying on full-auto Windows Update and deep integration with Microsoft servers at all times, not independent enterprises. Either way the motherboards' original UEFI firmware certificates aren't going to be truly updated at this point anyway. So the best fix is not even intended to be permanent. And this is by design? Where every device has a looming Microsoft defect under UEFI, nothing like a BIOS motherboard ever had. And it's a security defect? In the name of security?
"IMPORTANT
The Secure Boot certificate updates offered by Microsoft through Windows Update (WU) are applied to the active Secure Boot certificate variables; these updates are not persistent. If the Secure Boot state on a device is toggled from On to Off, the updates might be removed, as the active variables are reset. Consequently, even if Secure Boot is later re-enabled, the device will no longer retain the 2023 Secure Boot certificate updates that were previously installed through WU. This is because the updates from Microsoft are to the active variables of the Secure Boot certificates and not its default variables."
IOW in a dozen years nobody has come up with a way for millions of computers to remain as secure as they were when originally issued, just because of UEFI & SecureBoot which they are supposed to be experts at?
To be less generous, from another standpoint there are millions of computers happily running Windows 11 right now, where the electronics is in perfect condition and everything SecureBoots just great. In about a year the time will come when the fragility of the feature rears its ugly head and the system can then easily become incapable of booting as securely as it was this year, even though the PC's are still in the same exact top electronic condition.
And that will last forever since it will be incapable of updating the inbuilt certificates by then.
To be even less generous you could say it was just the kind of stupid that you can't fix. Which was obvious about UEFI & Microsoft SecureBoot from the beginning without even knowing about this time bomb.
Root cause has to be a pure defect in something about Microsoft when there is no change in electronics whatsoever.
Talk about design for landfill, if that's not enough you've got to have a scheduled doomsday "to boot".