自 2026 年 6 月 24 日起，三个由 Microsoft 签署、支撑 Secure Boot 信任链的凭证将开始到期。Secure Boot 会在 Windows 与 Linux 系统启动时检查韧体与软体签章，以阻止 UEFI bootkits；这类恶意程式在作业系统与防毒保护启动前载入，因此可窃取凭证、建立后门，并在清除或重新安装作业系统后再次感染。

Bootkits 的演进横跨逾 40 年：1980 年代初针对 Apple II，2005 年 Black Hat 展示 BootRoot，2012 年出现攻击 EFI 与 Windows 8 UEFI 的概念验证，约 2013 年有 Dreamboat。真实 UEFI 攻击案例于 2018 年以 LoJax 出现，2020 年有 Kaspersky 命名的 MosaicRegressor，之后又出现 ESpecter、FinSpy、MoonBounce 等少数案例。

2023 年 LogoFail 揭露几乎影响全球 Windows 与 Linux 装置的 UEFI 图像解析漏洞，迫使 Microsoft 以 2023 年签章取代 2011 年三个旧签章。未更新装置仍可运作，但不再受新 UEFI 威胁保护；Windows 使用者可在 Windows Security > Device Security > Secure Boot 查看绿色勾号，Linux 使用者应等待新 shim，并保持韧体更新。

Starting June 24, 2026, three Microsoft-signed certificates that underpin the Secure Boot chain of trust will begin expiring. Secure Boot verifies firmware and software signatures during Windows and Linux startup to block UEFI bootkits; this malware loads before operating-system and antivirus protections, so it can steal credentials, install backdoors, and reinfect after cleanup or OS reinstallation.

Bootkits have evolved across more than 40 years: early 1980s attacks targeted Apple II machines, BootRoot was shown at Black Hat in 2005, proof-of-concept EFI and Windows 8 UEFI attacks appeared in 2012, and Dreamboat followed around 2013. Real-world UEFI attacks appeared with LoJax in 2018, Kaspersky-named MosaicRegressor in 2020, and later a small number of cases including ESpecter, FinSpy, and MoonBounce.

LogoFail, disclosed in 2023, exposed UEFI image-parsing flaws affecting almost all Windows and Linux devices worldwide, forcing Microsoft to replace three 2011 signatures with 2023 signatures. Unupdated machines will still run but lose protection against new UEFI threats; Windows users can check Windows Security > Device Security > Secure Boot for a green checkmark, while Linux users should watch for new shims and keep firmware updated.