The UEFI 9/11 - Part VI - This Serious Harm Was Planned for Over a Decade, Not an Accident or Merely Some Misfortune
Certificates are "designed" to expire. That's just how they work, by virtue of deficient standards that upsell rotations or "renewals". Sometimes we refer to all this as a "cartel" or "cabal". They conspire to profit by making stuff artificially obsolete. Years ago we saw the Linux Foundation et al making many "old" devices no longer capable of accessing the Web, due to no technical reason other than some "root" certificates made to "expire."
Will the same happen to "old" PCs? If their firmware cannot be updated, there's trouble ahead. Even if it can be updated, there may still be trouble (firmware updates like these put machines at risk of becoming 'bricks'). The overall quality of a lot of firmware blobs - or of processes for updating firmware - are notoriously poor, subpar at best.
In Part I we introduced the issues in simple terms, in Part II we focused on the attacks on people who merely talked about these issues, Part III primarily tied things together, Part IV named some of the culprits, and Part V advised people to turn off "SecureBoot" (also in the sister site now that we're in September; live and learn).
"Can restricted boot even be disabled once it has been activated?"
Asking for a friend, asked the reader. "IIRC some proprietary drivers require it to be active."
There's definitely some software (or rootkits for games) which may increase risk by demanding it. It is akin to and related to attestation. It is an attack on software freedom - one in which GNOME and IBM participate.
To be very clear and unambiguous about it, this is fake security or "security" as a false pretext. Practical experience and recent history show that it increases complexity and reduces security. It causes users' insecurity; it's good for Microsoft's financial security. It is a solution in search of a problem and the main marketing was that it's required because of large partition sizes - a phony claim. One could tweak 'old' BIOS (just BIOS) to facilitate larger partition sizes. Now UEFI is also stealing the term "BIOS", after its false rationalisation was ambiently set aside, relegated to an ashtray of history.
The term "Serious Harm" is legally meaningful here; the person who did the above, which will cause Serious Harm to millions of people, pretends that he himself is the victim (of legitimate criticism) [1, 2]. Unable to convince courts, and having already run out of money, he now relies on Microsoft money to SLAPP critics. He is truly desperate to stop us writing about these issues. █