Hasty Briefsbeta

Windows Secure Boot certificates expiring in 2026

7 days ago
https://support.microsoft.com/en-gb/topic/windows-secure-boot-certificate-expiration-and-ca-updates-7ff40d33-95dc-4c3c-8725-a9b95457578e
Copy Link
  • #Certificate Expiration
  • #UEFI
  • #Secure Boot
  • Secure Boot is a UEFI-based security feature ensuring only trusted software runs during boot by verifying digital signatures against trusted certificates.
  • Introduced with Windows 8, Secure Boot protects against pre-boot malware by authenticating firmware modules before execution.
  • Secure Boot uses a hierarchy of keys (PK, KEK) and databases (DB, DBX) to manage trusted code and revocations.
  • Original Microsoft Secure Boot certificates (KEK CA 2011, Windows Production PCA 2011, UEFI CA 2011) are expiring in 2026.
  • New certificates (KEK 2K CA 2023, Windows UEFI CA 2023, UEFI CA 2023, Option ROM UEFI CA 2023) replace expiring ones for continued security.
  • Without updates, devices risk losing security updates and boot loader trust, compromising security and serviceability.
  • Action is required to update UEFI Secure Boot DB and KEK with new 2023 certificates to maintain device security.
AboutLogin