Thanks for the replies.

"Secure Boot requires update binaries to be timestamped but it doesn't enforce strong verification of those timestamps. The only check is that you can only replace or delete a variable with a timestamp strictly greater than the last used timestamp for that variable. "

After staring at your comment for long enough, I think I understand what you're saying, but it's not really my question. I'm talking about "normal" code timestamping where the signature doesn't rely on the subject certificate still being time-valid (RFC 3161). What you're referring seems to be more about ensuring the proper lineage of updates (forward-only updates).

However...

"Thus the update binaries will always stay valid in the future, as per the current UEFI specifications."

...you lose me with this comment. Either the KEK binaries are valid past expiration xor they're not. If update binaries are valid forever and UEFI/SB processes are **trusting** an unauthenticated timestamp, then the whole expiration of the certificate would seem pointless. Or you didn't mean to say what I'm interpreting.

"Also, Secure Boot never checks if the certificate signing the binary is expired."

You're losing me even further with this one. What do you mean by binary? Do you mean the EFI bootloader/oprom/application? Or the update binary (the DB/DBX updates)?