this post was submitted on 09 Apr 2026
76 points (100.0% liked)

Opensource

6145 readers
81 users here now

A community for discussion about open source software! Ask questions, share knowledge, share news, or post interesting stuff related to it!

CreditsIcon base by Lorc under CC BY 3.0 with modifications to add a gradient


founded 2 years ago
MODERATORS
pylapp@programming.dev
76
VeraCrypt Developer Says Microsoft Terminated Windows Signing Account (linuxiac.com)
submitted 1 month ago by cm0002@infosec.pub to c/opensource@programming.dev
5 comments fedilink hide all child comments
top 5 comments
sorted by: hot top controversial new old
[–] Lucky@programming.dev 25 points 1 month ago

Update from Mounir 40 minutes ago

Thank you all for your feedback and your support in getting media attention through various social platforms.

After posting this, other developers in the security fields (like WireGuard) came forward to announce that they have the exact same issue. I understand why nobody talked publicly about this before and I'm glad that by going public I pushed others to do the same.

Positive aspect is that a Microsoft VP (Scott Hanselman) has announced on X that he will help address this issue affecting me and others. He also reached out to me and connected me with other Microsoft people to help address this issue.

I will let you know how things go.

[–] SnoringEarthworm@sh.itjust.works 17 points 1 month ago* (last edited 1 month ago)

In a public update, developer Mounir Idrassi reported the account was shut down without warning, explanation, or an apparent appeal process.

“I have encountered some challenges but the most serious one is that Microsoft terminated the account I have used for years to sign Windows drivers and the bootloader. This termination impacts my work beyond VeraCrypt and has consequences for my daily job. Currently I’m out of options.”

This is significant because VeraCrypt is a cross-platform encryption application for Windows, macOS, and Linux. On Windows, it supports system encryption features that require signed components, including drivers and the bootloader.

According to Idrassi, the account termination prevents the project from continuing its standard Windows signing process. Independent reporting indicated that losing signing access could stop VeraCrypt from releasing updated Windows builds before a certificate-related deadline, potentially causing boot issues for some users with system encryption enabled.

In other words, if you’re a Windows user who uses VeraCrypt, you have reason to be concerned. In the newly surfaced GitHub issue, the reporter says VeraCrypt’s DcsBoot.efi appears to be signed through the Microsoft Corporation UEFI CA 2011 chain and warns that this will stop working on June 27, 2026. The issue also says that on some Windows 11 systems, this could trigger Secure Boot warnings or even cause the boot option to be ignored.

So, if VeraCrypt cannot restore its Windows signing path or ship updated signed components in time, the project could face a real Secure Boot-related deadline on affected systems.

Emphasis mine

[–] onlinepersona@programming.dev 2 points 1 month ago (1 children)

I thought veracrypt was dead. Surprised to hear about it again.

[–] RonSijm@programming.dev 6 points 1 month ago

Maybe you're confused with Truecrypt?

Truecrypt died and Veracrypt came as a port. Haven't heard of Veracrypt being dead

[–] onlinepersona@programming.dev 0 points 1 month ago

I thought veracrypt was dead. Surprised to hear about it again.