Did you manually update your Secure Boot Keys ?


My Computers

System One System Two

  • OS
    Windows 11 Home, ver 24H2 build 26100.3037
    Computer type
    Laptop
    Manufacturer/Model
    Hewlett-Packard Spectre 13-4001 x360 convertable
    CPU
    Intel Core i5 5200U @ 2.20GH
    Motherboard
    Hewlett-Packard 802D
    Memory
    4 GB
    Graphics Card(s)
    Intel HD Graphics 5500 on board
    Sound Card
    Intel Smart Sound Technology (Intel SST)
    Hard Drives
    Micron 256GB M.2 2280 NGFF SSD MTFDDAV256TBN, (SATA 6.0 Gb/s)
    Keyboard
    Model # G01KB
    Antivirus
    Microsoft Defender
    Other Info
    born on date: 25 Feb 2016
  • Operating System
    Win 10 22H2 build 19045.5854
    Computer type
    PC/Desktop
    Manufacturer/Model
    Asus Desktop model M32AD-US019S (new 2015)
    CPU
    Intel Core i7 4th Gen 4790 (3.60GHz), Haswell 22nm Technology, SOCKET 1150
    Motherboard
    H81M-E/M51AD/DP_MB
    Memory
    16 GB (8GB in 2 modules)
    Graphics card(s)
    NVIDIA GeForce GTX 760, 3GB
    Monitor(s) Displays
    HP EliteDisplay E241i LED; HP EliteDisplay E243
    Hard Drives
    Samsung 500GB SSD, 870 EVO (SATA 6.0 )
    Micron 250GB SSD, CT250MX500
    Toshiba HDD, 3GB (original drive w/PC)
    Case
    ASUS
    Keyboard
    ASUS-------------------------
    Antivirus
    MS Defender
This is a multiple step process.
1. Add the CA 2023 cert to DB (whitelist) to allow newer versions of boot files to work.
2. Switch to newer boot files in Window system.
3. Add the CA 2011 cert to DBX (blacklist) to disable older versions of boot file.

When you're at step 1, both old and new boot files are allowed. But you shouldn't disable CA 2011 until Windows has switched its own boot files over, otherwise the system isn't allowed to boot with Secure Boot enabled.

Canceling CA 2011 will prevent the known Black Lotus variants from running since they're signed using CA 2011. The point is to avoid bricking the system when you skipped one of the steps, or it didn't work correctly.
 

My Computer

System One

  • OS
    Windows 7
garlin said:
Canceling CA 2011 will prevent the known Black Lotus variants from running since they're signed using CA 2011. The point is to avoid bricking the system when you skipped one of the steps, or it didn't work correctly.
Click to expand...
So, if I disable both of the 2011 versions, I should still be able to boot Windows or my USB recovery drives? I'm missing the Microsoft certificate for 2023.

EFI DB Certificates
-------------------
Microsoft Corporation UEFI CA 2011
Microsoft Windows Production PCA 2011
Windows UEFI CA 2023
 

My Computers

System One System Two

  • OS
    Win 11 Pro 24H2, Build 26100.4652
    Computer type
    PC/Desktop
    Manufacturer/Model
    Home Brew
    CPU
    Intel Core i5 14500
    Motherboard
    Gigabyte B760M G P WIFI
    Memory
    64GB DDR4
    Graphics Card(s)
    GeForce RTX 4060
    Sound Card
    Chipset Realtek
    Monitor(s) Displays
    LG 45" Ultragear, Acer 24" 1080p
    Screen Resolution
    5120x1440, 1920x1080
    Hard Drives
    Crucial P310 2TB 2280 PCIe Gen4 3D NAND NVMe M.2 SSD (O/S)
    Silicon Power 2TB US75 Nvme PCIe Gen4 M.2 2280 SSD (backup)
    Crucial BX500 2TB 3D NAND (2nd backup)
    External off-line backup Drives: 2 NVMe 4TB drives in external enclosures
    PSU
    Thermaltake Toughpower GF3 750W
    Case
    LIAN LI LANCOOL 216 E-ATX PC Case
    Cooling
    Lots of fans!
    Keyboard
    Microsoft Comfort Curve 2000
    Mouse
    Logitech G305
    Internet Speed
    Verizon FiOS 1GB
    Browser
    Firefox
    Antivirus
    Malware Bytes & Windows Security
  • Operating System
    Win 11 Pro 24H2, Build 26100.4652
    Computer type
    PC/Desktop
    Manufacturer/Model
    Home Brew
    CPU
    Intel Core i5 14400
    Motherboard
    Gigabyte B760M DS3H AX
    Memory
    32GB DDR5
    Graphics card(s)
    Intel 700 Embedded GPU
    Sound Card
    Realtek Embedded
    Monitor(s) Displays
    27" HP 1080p
    Screen Resolution
    1920x1080
    Hard Drives
    Crucial P310 2TB 2280 PCIe Gen4 eD NAND PCIe SSD
    Samsung EVO 990 2TB NVMe Gen4 SSD
    Samsung 2TB SATA SSD
    PSU
    Thermaltake Smart BM3 650W
    Case
    Okinos Micro ATX Case
    Cooling
    Fans
    Keyboard
    Microsoft Comfort Curve 2000
    Mouse
    Logitech G305
    Internet Speed
    Verizon FiOS 1GB
    Browser
    Firefox
    Antivirus
    Malware Bytes & Windows Security
I have the new 2023 Windows certificate installed, but not the Microsoft 2023 certificate. I guess if I run into trouble with booting one of my recovery drives, I can always disable secure boot for the process.
 

My Computers

System One System Two

  • OS
    Win 11 Pro 24H2, Build 26100.4652
    Computer type
    PC/Desktop
    Manufacturer/Model
    Home Brew
    CPU
    Intel Core i5 14500
    Motherboard
    Gigabyte B760M G P WIFI
    Memory
    64GB DDR4
    Graphics Card(s)
    GeForce RTX 4060
    Sound Card
    Chipset Realtek
    Monitor(s) Displays
    LG 45" Ultragear, Acer 24" 1080p
    Screen Resolution
    5120x1440, 1920x1080
    Hard Drives
    Crucial P310 2TB 2280 PCIe Gen4 3D NAND NVMe M.2 SSD (O/S)
    Silicon Power 2TB US75 Nvme PCIe Gen4 M.2 2280 SSD (backup)
    Crucial BX500 2TB 3D NAND (2nd backup)
    External off-line backup Drives: 2 NVMe 4TB drives in external enclosures
    PSU
    Thermaltake Toughpower GF3 750W
    Case
    LIAN LI LANCOOL 216 E-ATX PC Case
    Cooling
    Lots of fans!
    Keyboard
    Microsoft Comfort Curve 2000
    Mouse
    Logitech G305
    Internet Speed
    Verizon FiOS 1GB
    Browser
    Firefox
    Antivirus
    Malware Bytes & Windows Security
  • Operating System
    Win 11 Pro 24H2, Build 26100.4652
    Computer type
    PC/Desktop
    Manufacturer/Model
    Home Brew
    CPU
    Intel Core i5 14400
    Motherboard
    Gigabyte B760M DS3H AX
    Memory
    32GB DDR5
    Graphics card(s)
    Intel 700 Embedded GPU
    Sound Card
    Realtek Embedded
    Monitor(s) Displays
    27" HP 1080p
    Screen Resolution
    1920x1080
    Hard Drives
    Crucial P310 2TB 2280 PCIe Gen4 eD NAND PCIe SSD
    Samsung EVO 990 2TB NVMe Gen4 SSD
    Samsung 2TB SATA SSD
    PSU
    Thermaltake Smart BM3 650W
    Case
    Okinos Micro ATX Case
    Cooling
    Fans
    Keyboard
    Microsoft Comfort Curve 2000
    Mouse
    Logitech G305
    Internet Speed
    Verizon FiOS 1GB
    Browser
    Firefox
    Antivirus
    Malware Bytes & Windows Security
Do we need to have the newest version of the BIOS? If I don't have the newest version of the BIOS, would that cause a problem when Microsoft tries to automatically activate the new certificates with a future update?

Imagine that someone intentionally uses a version of the BIOS that is slightly older than the newest version, because people with the same computer have reported an unintended problem caused by the newest version. Would that ruin the process of adding the new certificates?

Is Microsoft's automatic testing of old models of computers (before the gradual roll-out) NOT reliant on a specific version of the BIOS that was tested? As long as the BIOS supports Secure Boot and UEFI, will the process be fine?
 
Last edited:

My Computer

System One

  • OS
    Windows 10
    Computer type
    PC/Desktop
    Manufacturer/Model
    HP
If this process is somewhat confusing for people that are actually reasonably computer proficient, what in the world with the tens of millions of unwashed masses going to do about this issue???
 

My Computers

System One System Two

  • OS
    Win 11 Pro 24H2, Build 26100.4652
    Computer type
    PC/Desktop
    Manufacturer/Model
    Home Brew
    CPU
    Intel Core i5 14500
    Motherboard
    Gigabyte B760M G P WIFI
    Memory
    64GB DDR4
    Graphics Card(s)
    GeForce RTX 4060
    Sound Card
    Chipset Realtek
    Monitor(s) Displays
    LG 45" Ultragear, Acer 24" 1080p
    Screen Resolution
    5120x1440, 1920x1080
    Hard Drives
    Crucial P310 2TB 2280 PCIe Gen4 3D NAND NVMe M.2 SSD (O/S)
    Silicon Power 2TB US75 Nvme PCIe Gen4 M.2 2280 SSD (backup)
    Crucial BX500 2TB 3D NAND (2nd backup)
    External off-line backup Drives: 2 NVMe 4TB drives in external enclosures
    PSU
    Thermaltake Toughpower GF3 750W
    Case
    LIAN LI LANCOOL 216 E-ATX PC Case
    Cooling
    Lots of fans!
    Keyboard
    Microsoft Comfort Curve 2000
    Mouse
    Logitech G305
    Internet Speed
    Verizon FiOS 1GB
    Browser
    Firefox
    Antivirus
    Malware Bytes & Windows Security
  • Operating System
    Win 11 Pro 24H2, Build 26100.4652
    Computer type
    PC/Desktop
    Manufacturer/Model
    Home Brew
    CPU
    Intel Core i5 14400
    Motherboard
    Gigabyte B760M DS3H AX
    Memory
    32GB DDR5
    Graphics card(s)
    Intel 700 Embedded GPU
    Sound Card
    Realtek Embedded
    Monitor(s) Displays
    27" HP 1080p
    Screen Resolution
    1920x1080
    Hard Drives
    Crucial P310 2TB 2280 PCIe Gen4 eD NAND PCIe SSD
    Samsung EVO 990 2TB NVMe Gen4 SSD
    Samsung 2TB SATA SSD
    PSU
    Thermaltake Smart BM3 650W
    Case
    Okinos Micro ATX Case
    Cooling
    Fans
    Keyboard
    Microsoft Comfort Curve 2000
    Mouse
    Logitech G305
    Internet Speed
    Verizon FiOS 1GB
    Browser
    Firefox
    Antivirus
    Malware Bytes & Windows Security
I don't know how many times it bears repeating, we're in the "opt in" stage. MS has to work with different OEM's to make sure the process works for as many PC's as they can cover. MS has provided the roadmap and framework for how it's supposed to be done, but your PC vendor is involved in this process.

Some of them will release newer BIOS updates which may include the certs & keys.
Others will test MS's method and see if it works. They have less than half a year left to iron out all the wrinkles.
 

My Computer

System One

  • OS
    Windows 7
You didn't need to repeat it even once, because I haven't forgotten the previous time you've mentioned we're in the opt-in stage. My question about the installed version of the BIOS seemed unrelated to the fact that we're in the opt-in stage (regarding the activation of the new certificates), but your new message contains new information (the possibility of a new BIOS version being provided by the manufacturer of a very old computer), so I am thankful to you.
 

My Computer

System One

  • OS
    Windows 10
    Computer type
    PC/Desktop
    Manufacturer/Model
    HP
It's entirely possible garlin was replying to the message immediately preceding his, regarding the people who don't take showers apparently.
 

My Computer

System One

  • OS
    Windows 11 Pro 24H2 [rev. 4652]
    Computer type
    PC/Desktop
    Manufacturer/Model
    Intel NUC12WSHi7
    CPU
    12th Gen Intel Core i7-1260P, 2100 MHz
    Motherboard
    NUC12WSBi7
    Memory
    64 GB
    Graphics Card(s)
    Intel Iris Xe
    Sound Card
    built-in Realtek HD audio
    Monitor(s) Displays
    Dell U3219Q
    Screen Resolution
    3840x2160 @ 60Hz
    Hard Drives
    Samsung SSD 990 PRO 1TB
    Keyboard
    CODE 104-Key Mechanical with Cherry MX Clears
    Antivirus
    Microsoft Defender
pseymour said:
It's entirely possible garlin was replying to the message immediately preceding his, regarding the people who don't take showers apparently.
Click to expand...
Lots of them in the world. :LOL:
 

My Computers

System One System Two

  • OS
    Win 11 Pro 24H2, Build 26100.4652
    Computer type
    PC/Desktop
    Manufacturer/Model
    Home Brew
    CPU
    Intel Core i5 14500
    Motherboard
    Gigabyte B760M G P WIFI
    Memory
    64GB DDR4
    Graphics Card(s)
    GeForce RTX 4060
    Sound Card
    Chipset Realtek
    Monitor(s) Displays
    LG 45" Ultragear, Acer 24" 1080p
    Screen Resolution
    5120x1440, 1920x1080
    Hard Drives
    Crucial P310 2TB 2280 PCIe Gen4 3D NAND NVMe M.2 SSD (O/S)
    Silicon Power 2TB US75 Nvme PCIe Gen4 M.2 2280 SSD (backup)
    Crucial BX500 2TB 3D NAND (2nd backup)
    External off-line backup Drives: 2 NVMe 4TB drives in external enclosures
    PSU
    Thermaltake Toughpower GF3 750W
    Case
    LIAN LI LANCOOL 216 E-ATX PC Case
    Cooling
    Lots of fans!
    Keyboard
    Microsoft Comfort Curve 2000
    Mouse
    Logitech G305
    Internet Speed
    Verizon FiOS 1GB
    Browser
    Firefox
    Antivirus
    Malware Bytes & Windows Security
  • Operating System
    Win 11 Pro 24H2, Build 26100.4652
    Computer type
    PC/Desktop
    Manufacturer/Model
    Home Brew
    CPU
    Intel Core i5 14400
    Motherboard
    Gigabyte B760M DS3H AX
    Memory
    32GB DDR5
    Graphics card(s)
    Intel 700 Embedded GPU
    Sound Card
    Realtek Embedded
    Monitor(s) Displays
    27" HP 1080p
    Screen Resolution
    1920x1080
    Hard Drives
    Crucial P310 2TB 2280 PCIe Gen4 eD NAND PCIe SSD
    Samsung EVO 990 2TB NVMe Gen4 SSD
    Samsung 2TB SATA SSD
    PSU
    Thermaltake Smart BM3 650W
    Case
    Okinos Micro ATX Case
    Cooling
    Fans
    Keyboard
    Microsoft Comfort Curve 2000
    Mouse
    Logitech G305
    Internet Speed
    Verizon FiOS 1GB
    Browser
    Firefox
    Antivirus
    Malware Bytes & Windows Security
AncientParadise said:
Do we need to have the newest version of the BIOS?
Click to expand...
Need, no, could use, yes. Latest BIOS/drivers updates fix security and features issues.
Latest AMD update fixes TPM vulnerability, not reversible, unless BIOS flashbios is used.

www.techpowerup.com

AMD Releases AGESA ComboAM5 1.2.0.3e to Patch fTPM Vulnerability

AMD began rolling out its latest AGESA ComboAM5 microcode for Socket AM5 platforms, as confirmed by an ASUS BIOS update for its ROG Crosshair X870E Hero motherboard. The company will likely get motherboard vendors and prebuilt OEMs to release BIOS updates with the new AGESA 1.2.0.3e microcode...
www.techpowerup.com www.techpowerup.com
 

My Computer

System One

  • OS
    Windows 11 Home Insider Canary
    Computer type
    PC/Desktop
    CPU
    AMD Ryzen 5 8600G (07/24)
    Motherboard
    ASROCK B650M-HDV/M.2 3.25 (07/24)
    Memory
    2x32GB Kingston FURY DDR5 5600 MHz CL36 @5200 CL40 (07/24)
    Graphics Card(s)
    ASROCK Radeon RX 6600 Challenger D 8G @48FPS (08/24)
    Sound Card
    Creative Sound BlasterX AE-5 Plus (05/24)
    Monitor(s) Displays
    24" Philips 24M1N3200ZS/00 (05/24)
    Screen Resolution
    1920×1080@165Hz via DP1.4
    Hard Drives
    Kingston KC3000 NVMe 2TB (05/24)
    ADATA XPG GAMMIX S11 Pro 512GB (07/19)
    PSU
    Seasonic Core GM 550 Gold (04/24)
    Case
    Fractal Design Define 7 Mini with 3x Noctua NF-P14s/12@555rpm (04/24)
    Cooling
    Noctua NH-U12S with Noctua NF-P12 (04/24)
    Keyboard
    HP Pavilion Wired Keyboard 300 (07/24) + Rabalux 76017 Parker (01/24)
    Mouse
    Logitech M330 Silent Plus (04/23)
    Internet Speed
    500/100 Mbps via RouterOS (05/21) & TCP Optimizer
    Browser
    Edge & Brave for YouTube & LibreWolf for FB
    Antivirus
    NextDNS blocking 95% TLDs
    Other Info
    Backup: Hasleo Backup Suite (PreOS)
    Headphones: Sennheiser RS170 (09/10)
    Phone: Samsung Galaxy Xcover 7 (02/24)
    Chair: Huzaro Force 4.4 Grey Mesh (05/24)
    Notifier: Xiaomi Mi Band 9 Milanese (10/24)
    2nd Monitor: AOC G2460VQ6 @75Hz (02/19)

My Computers

System One System Two

  • OS
    Windows 11 Pro 23H2
    Computer type
    Laptop
    Manufacturer/Model
    Microsoft Surface Pro
    Memory
    32GB
  • Operating System
    Windows 11 Pro 23H2
    Computer type
    Laptop
    Manufacturer/Model
    Lenovo ThinkPad P14s Gen 3 Intel (14”) Mobile Workstation - Type 21AK
    Memory
    32GB
pseymour said:
It's entirely possible garlin was replying to the message immediately preceding his
Click to expand...
Thanks.

Two things can happen at the same time:
1. You can be composing a reply to a specific comment or user, and someone else posts an unrelated comment before you get a chance to submit.
2. Some folks just dive straight to the end, because they hate reading a long thread from the start.

If I sound impatient, it's usually directed at someone who I've been directly answering for a while. And they're still not convinced.
 

My Computer

System One

  • OS
    Windows 7
garlin said:
Thanks.

Two things can happen at the same time:
1. You can be composing a reply to a specific comment or user, and someone else posts an unrelated comment before you get a chance to submit.
2. Some folks just dive straight to the end, because they hate reading a long thread from the start.

If I sound impatient, it's usually directed at someone who I've been directly answering for a while. And they're still not convinced.
Click to expand...
Maybe you should quote a little of the message so we know who you're slapping around.
 

My Computers

System One System Two

  • OS
    Win 11 Pro 24H2, Build 26100.4652
    Computer type
    PC/Desktop
    Manufacturer/Model
    Home Brew
    CPU
    Intel Core i5 14500
    Motherboard
    Gigabyte B760M G P WIFI
    Memory
    64GB DDR4
    Graphics Card(s)
    GeForce RTX 4060
    Sound Card
    Chipset Realtek
    Monitor(s) Displays
    LG 45" Ultragear, Acer 24" 1080p
    Screen Resolution
    5120x1440, 1920x1080
    Hard Drives
    Crucial P310 2TB 2280 PCIe Gen4 3D NAND NVMe M.2 SSD (O/S)
    Silicon Power 2TB US75 Nvme PCIe Gen4 M.2 2280 SSD (backup)
    Crucial BX500 2TB 3D NAND (2nd backup)
    External off-line backup Drives: 2 NVMe 4TB drives in external enclosures
    PSU
    Thermaltake Toughpower GF3 750W
    Case
    LIAN LI LANCOOL 216 E-ATX PC Case
    Cooling
    Lots of fans!
    Keyboard
    Microsoft Comfort Curve 2000
    Mouse
    Logitech G305
    Internet Speed
    Verizon FiOS 1GB
    Browser
    Firefox
    Antivirus
    Malware Bytes & Windows Security
  • Operating System
    Win 11 Pro 24H2, Build 26100.4652
    Computer type
    PC/Desktop
    Manufacturer/Model
    Home Brew
    CPU
    Intel Core i5 14400
    Motherboard
    Gigabyte B760M DS3H AX
    Memory
    32GB DDR5
    Graphics card(s)
    Intel 700 Embedded GPU
    Sound Card
    Realtek Embedded
    Monitor(s) Displays
    27" HP 1080p
    Screen Resolution
    1920x1080
    Hard Drives
    Crucial P310 2TB 2280 PCIe Gen4 eD NAND PCIe SSD
    Samsung EVO 990 2TB NVMe Gen4 SSD
    Samsung 2TB SATA SSD
    PSU
    Thermaltake Smart BM3 650W
    Case
    Okinos Micro ATX Case
    Cooling
    Fans
    Keyboard
    Microsoft Comfort Curve 2000
    Mouse
    Logitech G305
    Internet Speed
    Verizon FiOS 1GB
    Browser
    Firefox
    Antivirus
    Malware Bytes & Windows Security
If I sound impatient, it's usually directed at someone who I've been directly answering for a while. And they're still not convinced.
Click to expand...

If I sound impatient, it's because I'm impatient.
 

My Computer

System One

  • OS
    Windows 11 Pro 24H2 [rev. 4652]
    Computer type
    PC/Desktop
    Manufacturer/Model
    Intel NUC12WSHi7
    CPU
    12th Gen Intel Core i7-1260P, 2100 MHz
    Motherboard
    NUC12WSBi7
    Memory
    64 GB
    Graphics Card(s)
    Intel Iris Xe
    Sound Card
    built-in Realtek HD audio
    Monitor(s) Displays
    Dell U3219Q
    Screen Resolution
    3840x2160 @ 60Hz
    Hard Drives
    Samsung SSD 990 PRO 1TB
    Keyboard
    CODE 104-Key Mechanical with Cherry MX Clears
    Antivirus
    Microsoft Defender
You must log in or register to reply here.

Similar threads

  • Article Article
Updating Microsoft Secure Boot keys
4 5 6
Replies
106
Views
23K
THEBOSS619
THEBOSS619

Latest Support Threads

Latest Tutorials

Back
Top Bottom