Just yesterday (June 5, 2026) I saw a video regarding the expiration of the three 2011 Certificates - two this month (June 2026) and the third in October. When I installed Zorin OS 17 exactly one year ago (6-year-old PowerSpec G-434), I was told to disable Secure Boot, which I did, and it has remained disabled ever since (currently running OS 18.1). I'm kind of new to this, so, is there anything I and others in a similar situation need to know? Any potential problems which may occur? Anything we need to do?
None.
These certificates are for Secure Boot use - having Secure Boot disabled means that those certificates are meaningless to you.
Microsoft Certificates act to verify that a process is safe to start at boot - which tells secure boot to allow that process to init.
If it is not verified in that manner - then secure boot blocks it.
Nvidia and GnuLinux as well as many Non-Microsoft products do not always get a shiny certificate from Microsoft that says, "We, Microsoft, vouch that this real thing really is a real thing."
To this end, disabling Secure Boot is a method to avoid the MS controlled verification blocking real processes.
I did my research beforehand before posting and in the confusion forgot to mention that I noticed this alert (yesterday) in Settings > Privacy & Security > Device Security
The alert is one year old, from when I first installed Zorin. I couldn't figure out why this alert would even occur nor why a certificate from Microsoft would even interact with Linux.
This is a normal alert in Gnome if secure boot is off.
I have seen it before and I rolled my eyes.
This is one of those situations where the end user is getting conflicting information - and leads to the question of: "Who do I believe?"
We cannot all be experts in everything. So we specialize and ask an expert when stepping toes outside of our expertise.
When you ask three experts and they give conflicting answers: You then know that it is an issue of Complexity and not just about Trust.
The opinions about Secure boot are complex. In addition: We end users are distrusted to manage what is our own. It is easier to advise people to accept control, than it is to teach them self-management.
The scientific method can help. If uncertain, make observations and weigh evidence. Your experience shows that this past year, Secure Boot has been disabled and despite not having Microsoft vetting your computers processes, you have not gone down in a ball of flames and heaping viral chaos.
There are... a lot of... parallels between Gnome and Microsoft.
There would be an Option for updating these Certificates without Windows. When You have Windows still installed, You already should got an Update to handle this.
Another Way is updating Your BIOS. When there is a current Version, it should include the updated Certificates. At least it was the Case for me.
