Recent content by gdvbel

I need to specify you need to boot in uefi SECURE BOOT for the certificates to get integrated. And you need a uefi firmware which supports getting these new certificates. Some computers have an older uefi which is not capable of ingesting these CA 2023 certs.

With secure boot disabled, there is no control of the Windows boot sector against the certificates in secure boot So even if a malicious program inserted inself into uefi, your Windows system will not be aware of that, and continue booting as always after June 2026. Without the new CA 2023...

Your T-430 is also not on Lenovo's list among the computers which get the new CA 2023 certificates : https://support.lenovo.com/us/en/solutions/HT518129

I saw that your computer is a HP Elite 8300 SFF from 2012, latest rom firmware Apr 26, 2019. This older generation of UEFI firmware lacks the necessary mechanisms to correctly ingest and store the **Windows UEFI CA 2023** certificate into the firmware's internal db Secure Boot Signature...

You cannot update the new certificates if you are on a legacy bios. It has to boot in uefi.