OK! Found another obsolete OID sha1WithRSASignature in DisablePW and ABO certificates. There have a kernel patch that's sent in 2017 but it didn't receive any comment from community: https://email@example.com/msg1486333.html The obsolete be only found on Acer machine. And, I didn't see any good reason for support those obsolete OID currently. So, I still set this bug to WONTFIX unless anyone gives good reason for why we need DisablePW and ABO certificates on Linux.