Matthew Garrett has posted a detailed followup to our recent article on the coming expiration of Microsoft's Secure Boot signing key.

The upshot is that nobody actually enforces these expiry dates - here's the reference code that disables it. In a year's time we'll have gone past the expiration date for 'Microsoft Windows UEFI Driver Publisher' and everything will still be working, and a few months later 'Microsoft Windows Production PCA 2011' will also expire and systems will keep booting Windows despite being signed with a now-expired certificate. This isn't a Y2K scenario where everything keeps working because people have done a huge amount of work - it's a situation where everything keeps working even if nobody does any work.