Why would being unable to sign stuff stop you from booting and decrypting your disk "in a few months"

What did VeraCrypt do

Why do they even have M$ signing keys

Whay

UEFI I don't think checks either expiry or timestamps at all. Instead it has the dbx which can contain blocked certificates or hashes of binaries that should not load.

Fair enough. I don't encourage just anyone either. Those who I have encouraged also know to call me if something blows up!

Still, VeraCrypt is just a very fragile piece of kit and users need to know that and be able to either fix it themselves or know someone who can do it.

Telling just random people on the streets to install it will indeed just block access to their data -- even without MS.

IMO, it is not acceptable to simply overlook these hurdles and say, "this is not available to you because you're not technical like me." These tools are necessary against the mass surveillance of the companies like Microsoft, Google, etc. and governments alike.
We, as technologist, should be working to make these more accessible to those who are not technologists too. Those folks deserve the right and privacy and security like the rest of us.

The data may be fine; however, not everyone who may use VeraCrypt has the same knowledge and skill base to know to pull up a Linux Live USB and go get their data back. I've encouraged non-technical users to use easy breakthroughs to add encryption to their Windows Home environments. They definitely will not have the knowledge do just go do this. Many may not have another device to create the Linux Live USB either.
This is still a problem, whether or not the data is still available through other means.