Comment 6 for bug 1234649

Both shim and TianoCore include the following code:

static int check_cert_time(X509_STORE_CTX *ctx, X509 *x)
        {
#if defined(OPENSSL_SYS_UEFI)
  /* Bypass Certificate Time Checking for UEFI version. */
  return 1;
#else
      [...]
#endif
        }

So effectively, we don't do verification of signature times in UEFI. So this is a bug in sbsigntool.