Customers need to know about the certificate expiry in their Linux SecureBoot environments for the SEP and DCS products. Symantec releases signed Kernel Modules (KMODs) for Linux. Certificates last for five years. On July 12th, 2024, the current KMOD SecureBoot certificate will expire. 

DCS Linux Agents, Symantec Endpoint Protection Linux Agents operating a SecureBoot configuration.

Approximately a month before July 12, 2024 (we started on May 6th, 2024), Symantec will start publishing Kernal Module (KMOD) updates signed with both the current signing key and a new one with five years validity set to expire July 12, 2029. Existing customers (who have previously imported the SecureBoot key for SEP Linux) that do nothing will see a warning, but the product will continue to work. During this time, customers are advised to start importing the new public key via mokutil by following https://knowledge.broadcom.com/external/article/227099. It is OK to import both the old (expiry: July 12, 2024) and new (expiry: July 12, 2029) key; SEP Linux will use the refreshed key in this case. Customers not running Linux in SecureBoot mode are not affected by this.