Did you manually update your Secure Boot Keys ?


garlin said:
Will do. This script has taken a life of its own, it started as a quick tool for checking your progress thru the MS mitigation steps.
Click to expand...
Stuff like that comes in handy, just nice to know which version we're looking at. :-) BTW, thanks for coming up with it. (y)
 

My Computers

System One System Two

  • OS
    Win 11 Pro 25H2, Build 26200.8524
    Computer type
    PC/Desktop
    Manufacturer/Model
    Home Brew
    CPU
    Intel Core i5 14500
    Motherboard
    Gigabyte B760M G P WIFI
    Memory
    64GB DDR4
    Graphics Card(s)
    GeForce RTX 4060
    Sound Card
    Chipset Realtek
    Monitor(s) Displays
    LG 45" Ultragear, Acer 24" 1080p
    Screen Resolution
    5120x1440, 1920x1080
    Hard Drives
    Crucial P310 2TB 2280 PCIe Gen4 3D NAND NVMe M.2 SSD (O/S)
    Silicon Power 2TB US75 NVMe PCIe Gen4 M.2 2280 SSD (backup)
    Crucial BX500 2TB 3D NAND (2nd backup)
    Seagate 4TB Ironwolf, rotating HDD archive files
    External off-line backup Drives: 2 NVMe 4TB drives in external enclosures
    PSU
    Thermaltake Toughpower GF3 750W
    Case
    LIAN LI LANCOOL 216 E-ATX PC Case
    Cooling
    Lots of fans!
    Keyboard
    Microsoft Comfort Curve 2000
    Mouse
    Logitech G305
    Internet Speed
    Verizon FiOS 1GB
    Browser
    Firefox
    Antivirus
    Malware Bytes & Windows Defender Security
  • Operating System
    Win 11 Pro 25H2, Build 26200.8524
    Computer type
    PC/Desktop
    Manufacturer/Model
    Home Brew
    CPU
    Intel Core i5 14400
    Motherboard
    Gigabyte B760M DS3H AX
    Memory
    32GB DDR5
    Graphics card(s)
    Intel 700 Embedded GPU
    Sound Card
    Realtek Embedded
    Monitor(s) Displays
    27" HP 1080p
    Screen Resolution
    1920x1080
    Hard Drives
    Crucial P310 2TB 2280 PCIe Gen4 eD NAND PCIe SSD
    Samsung EVO 990 2TB NVMe Gen4 SSD
    Samsung 2TB SATA SSD
    PSU
    Thermaltake Smart BM3 650W
    Case
    Okinos Micro ATX Case
    Cooling
    Fans
    Keyboard
    Microsoft Comfort Curve 2000
    Mouse
    Logitech G305
    Internet Speed
    Verizon FiOS 1GB
    Browser
    Firefox
    Antivirus
    Malware Bytes & Windows Defender Security
This topic is now 23 pages long. Which script are we supposed to be using and where is the link?
Thanks
 

My Computer

System One

  • OS
    Win 11 Pro
    Computer type
    PC/Desktop
    Manufacturer/Model
    N/A
    CPU
    AMD Ryzen 7 9700X
    Motherboard
    ASUS Crosshair Viii Hero Wi Fi
    Memory
    G.Skill Trident Z5 Neo RGB 64GB Kit (2x32GB) DDR5-6000 C30
    Graphics Card(s)
    PowerColor Radeon RX 9060 XT Reaper GDDR6 16GB
    Sound Card
    USB Out NAD M51 DAC with Adams A8 powered speakers
    Monitor(s) Displays
    Dell 3219Q
    Screen Resolution
    3840 x 2160
    Hard Drives
    5 x WD_BLACK SN850x PCIe Gen4 NVMe M.2 SSD - 4TB
    PSU
    be quiet! DARK POWER 13 1000W Titanium PCIe 5.0 ATX Modular PSU
    Case
    Fractal Design Define 7 Full Tower Case (Black)
    Cooling
    Noctua NH-D15 G2 LBC - High Performance Multi-Socket PWM CPU Cooler
    Keyboard
    Razer Huntsman V2
    Mouse
    Razer Viper Ultimate
    Internet Speed
    Starlink 94Mbps down 20Mbps up
    Browser
    Brave
    Antivirus
    ESET

My Computer

System One

  • OS
    WindowsXP/7/8/8.1/10/11,Linux,Android,FreeBSD Unix
    Computer type
    Laptop
    Manufacturer/Model
    Dell XPS 15 9570
    CPU
    Intel® Core™ i7-8750H 8th Gen 2.2Ghz up to 4.1Ghz
    Motherboard
    Dell XPS 15 9570
    Memory
    64GB using 2x32GB CL16 Mushkin redLine modules
    Graphics Card(s)
    Intel UHD 630 & NVIDIA GeForce GTX 1050 Ti with 4GB DDR5
    Sound Card
    Realtek ALC3266-CG
    Monitor(s) Displays
    15.6" 4K Touch UltraHD 3840x2160 made by Sharp
    Screen Resolution
    3840x2160 4K UltraHD
    Hard Drives
    Samsung MZ-V9P4T0B/AM 990 PRO 4TB PCIe®4.0 NVMe™ M.2 SSD was Toshiba KXG60ZNV1T02 NVMe 1TB SSD
    PSU
    Dell XPS 15 9570
    Case
    Dell XPS 15 9570
    Cooling
    Stock
    Keyboard
    Stock
    Mouse
    SwitftPoint ProPoint
    Internet Speed
    Comcast/XFinity 1.44Gbps/42.5Mbps
    Browser
    Microsoft EDGE (Chromium based) & Google Chrome
    Antivirus
    Windows Defender that came with Windows

My Computer

System One

  • OS
    WindowsXP/7/8/8.1/10/11,Linux,Android,FreeBSD Unix
    Computer type
    Laptop
    Manufacturer/Model
    Dell XPS 15 9570
    CPU
    Intel® Core™ i7-8750H 8th Gen 2.2Ghz up to 4.1Ghz
    Motherboard
    Dell XPS 15 9570
    Memory
    64GB using 2x32GB CL16 Mushkin redLine modules
    Graphics Card(s)
    Intel UHD 630 & NVIDIA GeForce GTX 1050 Ti with 4GB DDR5
    Sound Card
    Realtek ALC3266-CG
    Monitor(s) Displays
    15.6" 4K Touch UltraHD 3840x2160 made by Sharp
    Screen Resolution
    3840x2160 4K UltraHD
    Hard Drives
    Samsung MZ-V9P4T0B/AM 990 PRO 4TB PCIe®4.0 NVMe™ M.2 SSD was Toshiba KXG60ZNV1T02 NVMe 1TB SSD
    PSU
    Dell XPS 15 9570
    Case
    Dell XPS 15 9570
    Cooling
    Stock
    Keyboard
    Stock
    Mouse
    SwitftPoint ProPoint
    Internet Speed
    Comcast/XFinity 1.44Gbps/42.5Mbps
    Browser
    Microsoft EDGE (Chromium based) & Google Chrome
    Antivirus
    Windows Defender that came with Windows
Cheers Almighty1
 

My Computer

System One

  • OS
    Win 11 Pro
    Computer type
    PC/Desktop
    Manufacturer/Model
    N/A
    CPU
    AMD Ryzen 7 9700X
    Motherboard
    ASUS Crosshair Viii Hero Wi Fi
    Memory
    G.Skill Trident Z5 Neo RGB 64GB Kit (2x32GB) DDR5-6000 C30
    Graphics Card(s)
    PowerColor Radeon RX 9060 XT Reaper GDDR6 16GB
    Sound Card
    USB Out NAD M51 DAC with Adams A8 powered speakers
    Monitor(s) Displays
    Dell 3219Q
    Screen Resolution
    3840 x 2160
    Hard Drives
    5 x WD_BLACK SN850x PCIe Gen4 NVMe M.2 SSD - 4TB
    PSU
    be quiet! DARK POWER 13 1000W Titanium PCIe 5.0 ATX Modular PSU
    Case
    Fractal Design Define 7 Full Tower Case (Black)
    Cooling
    Noctua NH-D15 G2 LBC - High Performance Multi-Socket PWM CPU Cooler
    Keyboard
    Razer Huntsman V2
    Mouse
    Razer Viper Ultimate
    Internet Speed
    Starlink 94Mbps down 20Mbps up
    Browser
    Brave
    Antivirus
    ESET
I have a question for the professionals here. I know you don't condone disabling Secure Boot, but in case I must, I want to know the answer.

Imagine that I have Secure Boot disabled, so my computer will still work after the expiration date of the certificates, without needing the new ones. Now imagine that a few months AFTER the expiration date, the CR2032 battery in my motherboard has stopped working, so the settings of the BIOS have been set to the default settings.

If I have a type of BIOS that has Secure Boot set to "On" in the default configuration, would that mean my computer cannot function again? Would it stop ONLY Windows from booting, but still allow me to enter the BIOS (to set Secure Boot to "Off" again)?

(I switch to a new BIOS battery often, and I'll buy a new one before the expiration date, but I'm still curious about the situation I described.)
 

My Computer

System One

  • OS
    Windows 10
    Computer type
    PC/Desktop
    Manufacturer/Model
    HP
AncientParadise said:
I have a question for the professionals here. I know you don't condone disabling Secure Boot, but in case I must, I want to know the answer.

Imagine that I have Secure Boot disabled, so my computer will still work after the expiration date of the certificates, without needing the new ones. Now imagine that a few months AFTER the expiration date, the CR2032 battery in my motherboard has stopped working, so the settings of the BIOS have been set to the default settings.

If I have a type of BIOS that has Secure Boot set to "On" in the default configuration, would that mean my computer cannot function again? Would it stop ONLY Windows from booting, but still allow me to enter the BIOS (to set Secure Boot to "Off" again)?

(I switch to a new BIOS battery often, and I'll buy a new one before the expiration date, but I'm still curious about the situation I described.)
Click to expand...
The CR2032 battery has nothing to do with it since the certificates is stored in a different location just like when you reset the CMOS or take out the battery, you can still not get into the BIOS if you had a BIOS password enabled so you will still be able to get into BIOS Setup to change Secure Boot to off and Windows will still boot and then you can fix it afterwards. Even if you went into the BIOS and deleted the secure boot keys and reset them back to defaults, it only takes a USB flash drive to put the certificate back on the system and you will get back in fine.

I just did it yesterday, all you have to do is:
1) Visit How to manage the Windows Boot Manager revocations for Secure Boot changes associated with CVE-2023-24932 - Microsoft Support
2) Goto the "Updating Windows install media" section and then do the following:
1758410074366.webp
Until you do that, your system will only boot with Secure Boot=Off
But with the flash drive, you can Keep Secure Boot=on and boot from the flash drive which will write the needed certificates and then it will boot without issues. If that still doesn't work, you can just use Mosby.

I had switched motherboards, changed the CMOS battery and even clear the CMOS during the past year and had always fixed it one way or another.
For example, see my post at:
www.elevenforum.com

Act now: Secure Boot certificates expire in June 2026

Windows IT Pro Blog: Prepare for the first global large-scale certificate update to Secure Boot. The Microsoft certificates used in Secure Boot are the basis of trust for operating system security, and all will be expiring beginning June 2026. The way to automatically get timely updates to new...
www.elevenforum.com www.elevenforum.com
 

My Computer

System One

  • OS
    WindowsXP/7/8/8.1/10/11,Linux,Android,FreeBSD Unix
    Computer type
    Laptop
    Manufacturer/Model
    Dell XPS 15 9570
    CPU
    Intel® Core™ i7-8750H 8th Gen 2.2Ghz up to 4.1Ghz
    Motherboard
    Dell XPS 15 9570
    Memory
    64GB using 2x32GB CL16 Mushkin redLine modules
    Graphics Card(s)
    Intel UHD 630 & NVIDIA GeForce GTX 1050 Ti with 4GB DDR5
    Sound Card
    Realtek ALC3266-CG
    Monitor(s) Displays
    15.6" 4K Touch UltraHD 3840x2160 made by Sharp
    Screen Resolution
    3840x2160 4K UltraHD
    Hard Drives
    Samsung MZ-V9P4T0B/AM 990 PRO 4TB PCIe®4.0 NVMe™ M.2 SSD was Toshiba KXG60ZNV1T02 NVMe 1TB SSD
    PSU
    Dell XPS 15 9570
    Case
    Dell XPS 15 9570
    Cooling
    Stock
    Keyboard
    Stock
    Mouse
    SwitftPoint ProPoint
    Internet Speed
    Comcast/XFinity 1.44Gbps/42.5Mbps
    Browser
    Microsoft EDGE (Chromium based) & Google Chrome
    Antivirus
    Windows Defender that came with Windows
I was curious about the situation of a person who won't ever feel comfortable installing a certificate without it being easily installed through "Windows Update". Imagine that person deciding to set Secure Boot to "Off", to avoid adding a certificate. Now imagine that the time is January 2027, so the old certificates have expired, but he'll be fine because he has Secure Boot set to "Off".

Now imagine one month later, during February 2027, his BIOS battery has stopped working. He'll buy a new battery, but the default settings are active now because the depletion of the battery caused his preferred settings to be erased. The default setting of his BIOS is to set Secure Boot to "On". The certificate is expired, so he can't enter Windows 10, but could he still enter the BIOS with an expired certificate, so, with a new battery, he'll set Secure Boot to "Off" again?

I know he could pay a professional to add the certificate, but I still want to know the answer. Would the expired certificates block access to the BIOS, too?
 

My Computer

System One

  • OS
    Windows 10
    Computer type
    PC/Desktop
    Manufacturer/Model
    HP
Imagine not overthinking something.

AncientParadise said:
but could he still enter the BIOS with an expired certificate, so, with a new battery, he'll set Secure Boot to "Off" again?
Click to expand...

Yes.

AncientParadise said:
Would the expired certificates block access to the BIOS, too?
Click to expand...

NO

Didn’t Almighty just answer that?

When is the last time a battery on a Motherboard died? I couldn’t tell you because I have never heard of it happening. At least not in the past 20 years.

My Motherboard was built in 2013/14 which is when I purchased it. I have used it everyday since. It still has the same battery.
 

My Computers

System One System Two

  • OS
    Windows 11 Pro 25H2 Build 26200.8524
    Computer type
    PC/Desktop
    Manufacturer/Model
    Sin-built 2013
    CPU
    Intel(R) Core(TM) i7-4770K CPU @ 3.50GHz
    Motherboard
    ASUS ROG Maximus VI Formula
    Memory
    32.0 GB of I forget and the box is in storage.
    Graphics Card(s)
    Gigabyte nVidia GeForce GTX 1660 Super OC 6GB
    Sound Card
    Onboard thingy
    Monitor(s) Displays
    5 x LG 25MS500-B - 1 x 24MK430H-B - 1 x Wacom Pro 22" Touch Screen Tablet
    Screen Resolution
    All over the place
    Hard Drives
    Too many to list.
    OS on Samsung 1TB 870 QVO SATA
    PSU
    Silverstone 1500
    Case
    NZXT Phantom 820 Full-Tower Case
    Cooling
    Noctua NH-D15 Elite Class Dual Tower CPU Cooler / 6 x EziDIY 120mm / 2 x Corsair 140mm somethings / 1 x 140mm Thermaltake something / 2 x 200mm Corsair.
    Keyboard
    Corsair K95 / Logitech diNovo Edge Wireless
    Mouse
    Logitech: G402 / G502 / Mx Masters / Mx Air Cordless
    Internet Speed
    2000/500Mbps
    Browser
    All sorts
    Antivirus
    Kaspersky Premium
    Other Info
    ㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤ⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
    TP-Link BE9300 WiFi 7 Bluetooth 5.4 (Archer TBE550E)
    TP-Link TX201 V1 2.5GB Lan

    Grandstream HT812 - VoIP
    ASUS DSL-AX82U - Mesh
    ASUS RT-AC68U - Mesh
    ASUS RT-BE88U Router

    Brother MFC-L2880DW Printer

    I’m on a horse.
  • Operating System
    Windows 11 Pro 25H2 Build 26200.8524
    Computer type
    Laptop
    Manufacturer/Model
    LENOVO Yoga 7 14IRL8 - 7i EVO OLED 14" Touchscreen i5 12 Core 16GB/512GB
    CPU
    Intel Core 12th Gen i5-1240P Processor (1.7 - 4.4GHz)
    Memory
    16GB LPDDR5 RAM
    Graphics card(s)
    Intel Iris Xe Graphics Processor
    Sound Card
    Optimized with Dolby Atmos®
    Screen Resolution
    QHD 2880 x 1800 OLED
    Hard Drives
    M.2 512GB
    Antivirus
    Defender / Malwarebytes
    Other Info
    …still on a horse.
Here is a clearer answer to your questions:

  • Can expired Secure Boot certificates block BIOS access?
    • No, expired Secure Boot certificates do not block access to the BIOS/UEFI firmware interface.
    • BIOS access is independent of Secure Boot status or certificate validity.
    • You can always enter BIOS setup during POST (usually via [Del], [F2], or [Esc] depending on your motherboard).

  • What happens when the BIOS battery dies?
    • CMOS settings (including Secure Boot state) revert to factory defaults.
    • If Secure Boot defaults to "On", and the certificate is expired, Windows will fail to boot.
    • However, you can still enter BIOS and manually set Secure Boot to "Off" again.

  • Can I recover access without installing a certificate?
    • Yes. As long as you can enter BIOS, you can disable Secure Boot and bypass the expired certificate.
    • This restores boot access to Windows (assuming no other boot integrity issues).

  • Would expired certificates ever prevent BIOS access?
    • No. Certificates only affect OS boot validation under Secure Boot.
    • BIOS/UEFI firmware is not gated by certificate status.


  • If BIOS access is blocked by a password or firmware-level lock (rare), you'd need to clear CMOS manually or use a recovery jumper.
  • But this is unrelated to certificate expiry.
  • You’re safe. Even in February 2027, with a dead battery and expired certs, you can re-enter BIOS and disable Secure Boot.
  • No need to install certificates unless you want Secure Boot enabled again.
 
Last edited:

My Computers

System One System Two

  • OS
    Windows 11 Pro 25H2 Build 26200.8524
    Computer type
    PC/Desktop
    Manufacturer/Model
    Sin-built 2013
    CPU
    Intel(R) Core(TM) i7-4770K CPU @ 3.50GHz
    Motherboard
    ASUS ROG Maximus VI Formula
    Memory
    32.0 GB of I forget and the box is in storage.
    Graphics Card(s)
    Gigabyte nVidia GeForce GTX 1660 Super OC 6GB
    Sound Card
    Onboard thingy
    Monitor(s) Displays
    5 x LG 25MS500-B - 1 x 24MK430H-B - 1 x Wacom Pro 22" Touch Screen Tablet
    Screen Resolution
    All over the place
    Hard Drives
    Too many to list.
    OS on Samsung 1TB 870 QVO SATA
    PSU
    Silverstone 1500
    Case
    NZXT Phantom 820 Full-Tower Case
    Cooling
    Noctua NH-D15 Elite Class Dual Tower CPU Cooler / 6 x EziDIY 120mm / 2 x Corsair 140mm somethings / 1 x 140mm Thermaltake something / 2 x 200mm Corsair.
    Keyboard
    Corsair K95 / Logitech diNovo Edge Wireless
    Mouse
    Logitech: G402 / G502 / Mx Masters / Mx Air Cordless
    Internet Speed
    2000/500Mbps
    Browser
    All sorts
    Antivirus
    Kaspersky Premium
    Other Info
    ㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤ⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
    TP-Link BE9300 WiFi 7 Bluetooth 5.4 (Archer TBE550E)
    TP-Link TX201 V1 2.5GB Lan

    Grandstream HT812 - VoIP
    ASUS DSL-AX82U - Mesh
    ASUS RT-AC68U - Mesh
    ASUS RT-BE88U Router

    Brother MFC-L2880DW Printer

    I’m on a horse.
  • Operating System
    Windows 11 Pro 25H2 Build 26200.8524
    Computer type
    Laptop
    Manufacturer/Model
    LENOVO Yoga 7 14IRL8 - 7i EVO OLED 14" Touchscreen i5 12 Core 16GB/512GB
    CPU
    Intel Core 12th Gen i5-1240P Processor (1.7 - 4.4GHz)
    Memory
    16GB LPDDR5 RAM
    Graphics card(s)
    Intel Iris Xe Graphics Processor
    Sound Card
    Optimized with Dolby Atmos®
    Screen Resolution
    QHD 2880 x 1800 OLED
    Hard Drives
    M.2 512GB
    Antivirus
    Defender / Malwarebytes
    Other Info
    …still on a horse.
antspants said:
When is the last time a battery on a Motherboard died? I couldn’t tell you because I have never heard of it happening. At least not in the past 20 years.

My Motherboard was built in 2013/14 which is when I purchased it. I have used it everyday since. It still has the same battery.
Click to expand...
Believe it or not, they do die. I had a 2014 computer, and I had to replace the coin cell a couple of years ago, it started losing it's time. Since it was so far off, the automatic network sync was refusing to set the time.
 

My Computers

System One System Two

  • OS
    Win 11 Pro 25H2, Build 26200.8524
    Computer type
    PC/Desktop
    Manufacturer/Model
    Home Brew
    CPU
    Intel Core i5 14500
    Motherboard
    Gigabyte B760M G P WIFI
    Memory
    64GB DDR4
    Graphics Card(s)
    GeForce RTX 4060
    Sound Card
    Chipset Realtek
    Monitor(s) Displays
    LG 45" Ultragear, Acer 24" 1080p
    Screen Resolution
    5120x1440, 1920x1080
    Hard Drives
    Crucial P310 2TB 2280 PCIe Gen4 3D NAND NVMe M.2 SSD (O/S)
    Silicon Power 2TB US75 NVMe PCIe Gen4 M.2 2280 SSD (backup)
    Crucial BX500 2TB 3D NAND (2nd backup)
    Seagate 4TB Ironwolf, rotating HDD archive files
    External off-line backup Drives: 2 NVMe 4TB drives in external enclosures
    PSU
    Thermaltake Toughpower GF3 750W
    Case
    LIAN LI LANCOOL 216 E-ATX PC Case
    Cooling
    Lots of fans!
    Keyboard
    Microsoft Comfort Curve 2000
    Mouse
    Logitech G305
    Internet Speed
    Verizon FiOS 1GB
    Browser
    Firefox
    Antivirus
    Malware Bytes & Windows Defender Security
  • Operating System
    Win 11 Pro 25H2, Build 26200.8524
    Computer type
    PC/Desktop
    Manufacturer/Model
    Home Brew
    CPU
    Intel Core i5 14400
    Motherboard
    Gigabyte B760M DS3H AX
    Memory
    32GB DDR5
    Graphics card(s)
    Intel 700 Embedded GPU
    Sound Card
    Realtek Embedded
    Monitor(s) Displays
    27" HP 1080p
    Screen Resolution
    1920x1080
    Hard Drives
    Crucial P310 2TB 2280 PCIe Gen4 eD NAND PCIe SSD
    Samsung EVO 990 2TB NVMe Gen4 SSD
    Samsung 2TB SATA SSD
    PSU
    Thermaltake Smart BM3 650W
    Case
    Okinos Micro ATX Case
    Cooling
    Fans
    Keyboard
    Microsoft Comfort Curve 2000
    Mouse
    Logitech G305
    Internet Speed
    Verizon FiOS 1GB
    Browser
    Firefox
    Antivirus
    Malware Bytes & Windows Defender Security
AncientParadise said:
I was curious about the situation of a person who won't ever feel comfortable installing a certificate without it being easily installed through "Windows Update". Imagine that person deciding to set Secure Boot to "Off", to avoid adding a certificate. Now imagine that the time is January 2027, so the old certificates have expired, but he'll be fine because he has Secure Boot set to "Off".

Now imagine one month later, during February 2027, his BIOS battery has stopped working. He'll buy a new battery, but the default settings are active now because the depletion of the battery caused his preferred settings to be erased. The default setting of his BIOS is to set Secure Boot to "On". The certificate is expired, so he can't enter Windows 10, but could he still enter the BIOS with an expired certificate, so, with a new battery, he'll set Secure Boot to "Off" again?

I know he could pay a professional to add the certificate, but I still want to know the answer. Would the expired certificates block access to the BIOS, too?
Click to expand...
Like I said earlier, you can always get into the BIOS since on a Dell machine, holding down the power button for 25-30 seconds will clear all the RTC Settings whcih is the same thing as pulling the CMOS battery so it'll be in the load factory settings which is Secure Boot = on. You will always be able to enter the BIOS unless you had a password set on the BIOS and you forgot the password. So if it fails to boot, just change Secure Boot = off in the BIOS and it will boot. To get it to boot with Secure Boot = on, you need to do what I mentioned in my last response which requires a USB Flash Drive as the only way that will happen is not because of the BIOS settings since those are stored on CMOS, the certificates is stored elsewhere, the same place where the password for the BIOS is. Otherwise, think about it. If someone wanted to made your system no longer boot, they can just clear your CMOS so the only way to even not boot is to first delete all keys or reset all keys in the BIOS. The certificates are for the system to boot, the BIOS to is configure the system. Does your BIOS itself get erased when you disconnect the power or pull the CMOS without the battery?
 
Last edited:

My Computer

System One

  • OS
    WindowsXP/7/8/8.1/10/11,Linux,Android,FreeBSD Unix
    Computer type
    Laptop
    Manufacturer/Model
    Dell XPS 15 9570
    CPU
    Intel® Core™ i7-8750H 8th Gen 2.2Ghz up to 4.1Ghz
    Motherboard
    Dell XPS 15 9570
    Memory
    64GB using 2x32GB CL16 Mushkin redLine modules
    Graphics Card(s)
    Intel UHD 630 & NVIDIA GeForce GTX 1050 Ti with 4GB DDR5
    Sound Card
    Realtek ALC3266-CG
    Monitor(s) Displays
    15.6" 4K Touch UltraHD 3840x2160 made by Sharp
    Screen Resolution
    3840x2160 4K UltraHD
    Hard Drives
    Samsung MZ-V9P4T0B/AM 990 PRO 4TB PCIe®4.0 NVMe™ M.2 SSD was Toshiba KXG60ZNV1T02 NVMe 1TB SSD
    PSU
    Dell XPS 15 9570
    Case
    Dell XPS 15 9570
    Cooling
    Stock
    Keyboard
    Stock
    Mouse
    SwitftPoint ProPoint
    Internet Speed
    Comcast/XFinity 1.44Gbps/42.5Mbps
    Browser
    Microsoft EDGE (Chromium based) & Google Chrome
    Antivirus
    Windows Defender that came with Windows
UEFI data is stored in onboard flash memory, because it has to be persistent. If pulling out the battery and waiting a few minutes was enough to defeat UEFI-based security, then there really wouldn't be a point to having it.
 

My Computer

System One

  • OS
    Windows 7
gunrunnerjohn said:
Believe it or not, they do die. I had a 2014 computer, and I had to replace the coin cell a couple of years ago, it started losing it's time. Since it was so far off, the automatic network sync was refusing to set the time.
Click to expand...


And when you replaced the battery, it was like nothing ever happened — less having to reconfigure your BIOS if you don’t use the defaults.
 

My Computers

System One System Two

  • OS
    Windows 11 Pro 25H2 Build 26200.8524
    Computer type
    PC/Desktop
    Manufacturer/Model
    Sin-built 2013
    CPU
    Intel(R) Core(TM) i7-4770K CPU @ 3.50GHz
    Motherboard
    ASUS ROG Maximus VI Formula
    Memory
    32.0 GB of I forget and the box is in storage.
    Graphics Card(s)
    Gigabyte nVidia GeForce GTX 1660 Super OC 6GB
    Sound Card
    Onboard thingy
    Monitor(s) Displays
    5 x LG 25MS500-B - 1 x 24MK430H-B - 1 x Wacom Pro 22" Touch Screen Tablet
    Screen Resolution
    All over the place
    Hard Drives
    Too many to list.
    OS on Samsung 1TB 870 QVO SATA
    PSU
    Silverstone 1500
    Case
    NZXT Phantom 820 Full-Tower Case
    Cooling
    Noctua NH-D15 Elite Class Dual Tower CPU Cooler / 6 x EziDIY 120mm / 2 x Corsair 140mm somethings / 1 x 140mm Thermaltake something / 2 x 200mm Corsair.
    Keyboard
    Corsair K95 / Logitech diNovo Edge Wireless
    Mouse
    Logitech: G402 / G502 / Mx Masters / Mx Air Cordless
    Internet Speed
    2000/500Mbps
    Browser
    All sorts
    Antivirus
    Kaspersky Premium
    Other Info
    ㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤ⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
    TP-Link BE9300 WiFi 7 Bluetooth 5.4 (Archer TBE550E)
    TP-Link TX201 V1 2.5GB Lan

    Grandstream HT812 - VoIP
    ASUS DSL-AX82U - Mesh
    ASUS RT-AC68U - Mesh
    ASUS RT-BE88U Router

    Brother MFC-L2880DW Printer

    I’m on a horse.
  • Operating System
    Windows 11 Pro 25H2 Build 26200.8524
    Computer type
    Laptop
    Manufacturer/Model
    LENOVO Yoga 7 14IRL8 - 7i EVO OLED 14" Touchscreen i5 12 Core 16GB/512GB
    CPU
    Intel Core 12th Gen i5-1240P Processor (1.7 - 4.4GHz)
    Memory
    16GB LPDDR5 RAM
    Graphics card(s)
    Intel Iris Xe Graphics Processor
    Sound Card
    Optimized with Dolby Atmos®
    Screen Resolution
    QHD 2880 x 1800 OLED
    Hard Drives
    M.2 512GB
    Antivirus
    Defender / Malwarebytes
    Other Info
    …still on a horse.
gunrunnerjohn said:
Believe it or not, they do die. I had a 2014 computer, and I had to replace the coin cell a couple of years ago, it started losing it's time. Since it was so far off, the automatic network sync was refusing to set the time.
Click to expand...
It does happen and depends on luck and the quality of the battery as my ASUS P4C-800E Deluxe motherboard which I am still using now, the original battery lasted for 5 years and the replacement battery is still working 15 years later.

As long as it is 2.80V and above, it will work but once it goes below 2.80V, it will stop working. The people using the CR versions of batteries use disposable batteries but people who use ML versions use a rechargeable battery. My Dell XPS 15 9570 uses a ML1220 and if I do not connect it to the wall for 3 weeks, the battery will be dead.

And there are people who have frequent CMOS battery dying as in every few days....
Ask all the people who have the Framework Modular Laptops with the 11th Generation Processor where their system will not boot if they do not plug the computer once every 7 days or so which is a big known issue as they will need to open the computer to manually fix it before it will work again, you can read about it here:
community.frame.work

Viability of an ML 1220 rechargable battery for RTC | CMOS (11th gen)

Hi all, just providing more detail on this. The RTC battery (CMOS battery) powers the very low power subsystem that preserves the real time clock (responsible for providing the calendar clock to the system) and some processor state. This battery exists to allow system time to be preserved...
community.frame.work community.frame.work
 
Last edited:

My Computer

System One

  • OS
    WindowsXP/7/8/8.1/10/11,Linux,Android,FreeBSD Unix
    Computer type
    Laptop
    Manufacturer/Model
    Dell XPS 15 9570
    CPU
    Intel® Core™ i7-8750H 8th Gen 2.2Ghz up to 4.1Ghz
    Motherboard
    Dell XPS 15 9570
    Memory
    64GB using 2x32GB CL16 Mushkin redLine modules
    Graphics Card(s)
    Intel UHD 630 & NVIDIA GeForce GTX 1050 Ti with 4GB DDR5
    Sound Card
    Realtek ALC3266-CG
    Monitor(s) Displays
    15.6" 4K Touch UltraHD 3840x2160 made by Sharp
    Screen Resolution
    3840x2160 4K UltraHD
    Hard Drives
    Samsung MZ-V9P4T0B/AM 990 PRO 4TB PCIe®4.0 NVMe™ M.2 SSD was Toshiba KXG60ZNV1T02 NVMe 1TB SSD
    PSU
    Dell XPS 15 9570
    Case
    Dell XPS 15 9570
    Cooling
    Stock
    Keyboard
    Stock
    Mouse
    SwitftPoint ProPoint
    Internet Speed
    Comcast/XFinity 1.44Gbps/42.5Mbps
    Browser
    Microsoft EDGE (Chromium based) & Google Chrome
    Antivirus
    Windows Defender that came with Windows
Once a full solution is determined...i.e. that updates all of the required keys, can someone post the process, or create a tutorial (in the tutorials forum)? I was successful in getting "Windows UEFI" to show up by running the powershell command. However, and I'm sure I'm not the only one, I'm not lost on what else to do? It is my understanding that the 2011 KEK and the 2011 PCA certificates need to be updated too? What is the safe procedure to do that?

I've also seen a rumor that Microsoft will ultimately do it for us via update. However, one site said you may need to have optional diagnostic data enabled (I have never had it enabled for privacy reasons). I just want to keep my machine updated and secure though:)
 

My Computers

System One System Two

  • OS
    Windows 11
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom
    CPU
    Intel i7-7700K
    Motherboard
    Asus Prime Z-270A
    Memory
    32GB 2666Mhz (Kingston Hyper X Fury)
    Graphics Card(s)
    Asus Nvidia 1050Ti
    Sound Card
    N/A
    Monitor(s) Displays
    Samsung C27F390
    Screen Resolution
    1920 x 1080
    Hard Drives
    1TB Western Digital SN770 (System) and 2TB Western Digital SN770 (Storage)
    Antivirus
    Windows Security
  • Operating System
    Windows 11 Home
    Computer type
    Laptop
    Manufacturer/Model
    Dell/XPS 15 9510
    CPU
    i9-11900H
    Motherboard
    Unknown
    Memory
    32GB
    Graphics card(s)
    Integrated Intel and Nvidia 3050Ti
    Sound Card
    Integrated (Realtek)
    Monitor(s) Displays
    None
    Screen Resolution
    1920 x 1200 (non-Touch)
    Hard Drives
    2TB SK Hynix P41 Platinum
    Antivirus
    Windows Security
If I'm seeing this right, I have the job 90% done here. I have the 2023 certs installed and Windows is booting using the 2023 cert. I just need to disallow the 2011 certs, right?

1758458285218.webp
 

My Computers

System One System Two

  • OS
    Win 11 Pro 25H2, Build 26200.8524
    Computer type
    PC/Desktop
    Manufacturer/Model
    Home Brew
    CPU
    Intel Core i5 14500
    Motherboard
    Gigabyte B760M G P WIFI
    Memory
    64GB DDR4
    Graphics Card(s)
    GeForce RTX 4060
    Sound Card
    Chipset Realtek
    Monitor(s) Displays
    LG 45" Ultragear, Acer 24" 1080p
    Screen Resolution
    5120x1440, 1920x1080
    Hard Drives
    Crucial P310 2TB 2280 PCIe Gen4 3D NAND NVMe M.2 SSD (O/S)
    Silicon Power 2TB US75 NVMe PCIe Gen4 M.2 2280 SSD (backup)
    Crucial BX500 2TB 3D NAND (2nd backup)
    Seagate 4TB Ironwolf, rotating HDD archive files
    External off-line backup Drives: 2 NVMe 4TB drives in external enclosures
    PSU
    Thermaltake Toughpower GF3 750W
    Case
    LIAN LI LANCOOL 216 E-ATX PC Case
    Cooling
    Lots of fans!
    Keyboard
    Microsoft Comfort Curve 2000
    Mouse
    Logitech G305
    Internet Speed
    Verizon FiOS 1GB
    Browser
    Firefox
    Antivirus
    Malware Bytes & Windows Defender Security
  • Operating System
    Win 11 Pro 25H2, Build 26200.8524
    Computer type
    PC/Desktop
    Manufacturer/Model
    Home Brew
    CPU
    Intel Core i5 14400
    Motherboard
    Gigabyte B760M DS3H AX
    Memory
    32GB DDR5
    Graphics card(s)
    Intel 700 Embedded GPU
    Sound Card
    Realtek Embedded
    Monitor(s) Displays
    27" HP 1080p
    Screen Resolution
    1920x1080
    Hard Drives
    Crucial P310 2TB 2280 PCIe Gen4 eD NAND PCIe SSD
    Samsung EVO 990 2TB NVMe Gen4 SSD
    Samsung 2TB SATA SSD
    PSU
    Thermaltake Smart BM3 650W
    Case
    Okinos Micro ATX Case
    Cooling
    Fans
    Keyboard
    Microsoft Comfort Curve 2000
    Mouse
    Logitech G305
    Internet Speed
    Verizon FiOS 1GB
    Browser
    Firefox
    Antivirus
    Malware Bytes & Windows Defender Security
gunrunnerjohn said:
If I'm seeing this right, I have the job 90% done here. I have the 2023 certs installed and Windows is booting using the 2023 cert. I just need to disallow the 2011 certs, right?

*snip*
Click to expand...

Screenshot 2025-09-21 152950.webp

Used Microsoft's instructions to add PCA 2011 to the DBX
 

My Computer

System One

  • OS
    Windows 11 Pro
    Computer type
    PC/Desktop
    CPU
    Ryzen 5 5800X
    Motherboard
    Asus B550 Strix gaming
    Memory
    32Gb Corsair 3200
    Graphics Card(s)
    Gigabyte RTX4070-Super
    Screen Resolution
    2x 1440, 1x 1080

My Computers

System One System Two

  • OS
    Win 11 Pro 25H2, Build 26200.8524
    Computer type
    PC/Desktop
    Manufacturer/Model
    Home Brew
    CPU
    Intel Core i5 14500
    Motherboard
    Gigabyte B760M G P WIFI
    Memory
    64GB DDR4
    Graphics Card(s)
    GeForce RTX 4060
    Sound Card
    Chipset Realtek
    Monitor(s) Displays
    LG 45" Ultragear, Acer 24" 1080p
    Screen Resolution
    5120x1440, 1920x1080
    Hard Drives
    Crucial P310 2TB 2280 PCIe Gen4 3D NAND NVMe M.2 SSD (O/S)
    Silicon Power 2TB US75 NVMe PCIe Gen4 M.2 2280 SSD (backup)
    Crucial BX500 2TB 3D NAND (2nd backup)
    Seagate 4TB Ironwolf, rotating HDD archive files
    External off-line backup Drives: 2 NVMe 4TB drives in external enclosures
    PSU
    Thermaltake Toughpower GF3 750W
    Case
    LIAN LI LANCOOL 216 E-ATX PC Case
    Cooling
    Lots of fans!
    Keyboard
    Microsoft Comfort Curve 2000
    Mouse
    Logitech G305
    Internet Speed
    Verizon FiOS 1GB
    Browser
    Firefox
    Antivirus
    Malware Bytes & Windows Defender Security
  • Operating System
    Win 11 Pro 25H2, Build 26200.8524
    Computer type
    PC/Desktop
    Manufacturer/Model
    Home Brew
    CPU
    Intel Core i5 14400
    Motherboard
    Gigabyte B760M DS3H AX
    Memory
    32GB DDR5
    Graphics card(s)
    Intel 700 Embedded GPU
    Sound Card
    Realtek Embedded
    Monitor(s) Displays
    27" HP 1080p
    Screen Resolution
    1920x1080
    Hard Drives
    Crucial P310 2TB 2280 PCIe Gen4 eD NAND PCIe SSD
    Samsung EVO 990 2TB NVMe Gen4 SSD
    Samsung 2TB SATA SSD
    PSU
    Thermaltake Smart BM3 650W
    Case
    Okinos Micro ATX Case
    Cooling
    Fans
    Keyboard
    Microsoft Comfort Curve 2000
    Mouse
    Logitech G305
    Internet Speed
    Verizon FiOS 1GB
    Browser
    Firefox
    Antivirus
    Malware Bytes & Windows Defender Security
You must log in or register to reply here.

Similar threads

Solved Secure boot update HowTo
30 31 32
Replies
622
Views
101K
XxXxX
XxXxX
  • Sticky
  • Article Article
Updating Microsoft Secure Boot keys before expiration in June 2026
26 27 28
Replies
556
Views
108K
Phirevixen
P

Latest Support Threads

Latest Tutorials

Back
Top Bottom