How to check if your Secure Boot certs are updated. (three methods)

garlin · Mar 22, 2026

Can you run the script with "-Verbose" option? One the UEFI variables may be corrupted, and doesn't allow PS to read it.

Sequence · Mar 22, 2026

Hi garlin,

---

PS C:\Downloads\SecureBoot-CA-2023-Updates> .\Check_UEFI-CA2023.ps1 -Verbose
Windows 11 25H2 (26200.7840)

Secure Boot: ON
Virtualization Based Security: ON
BitLocker on (C:) ON

BIOS Firmware
-------------
Microsoft Corporation Surface Pro 7
Version: 24.109.140
Date: 2025-07-21
ERROR: Failed to read UEFI Secure Boot settings.
Die Variable ist zurzeit nicht definiert: 0xC0000100

---

bikemanAMD · Mar 22, 2026

My New Gaming Laptop Status as of 3/22/2026 ((will Recheck Desktop status when back on that Machine shortly)

Specs of System are
AMD Advantage Edition Asus Tuf Gaming Laptop FA617NT-A16.R7700
Ryzen 7 7735HS
Radeon 7700S
512GB Boot NVMe
Windows 11 Pro
(Is Compatible with Windows 11)

Checking for Administrator permission...
Running as administrator - continuing execution...

22 March 2026
Manufacturer: ASUSTeK COMPUTER INC.
Model: ASUS TUF Gaming A16 FA617NT_FA617NT
BIOS: American Megatrends International, LLC., FA617NT.422, FA617NT.422, _ASUS_ - 1072009
Windows version: 25H2 (Build 26200.8039)

Secure Boot status: Enabled

Current UEFI PK
√ db_Manufacture20150617 Default UEFI PK √ db_Manufacture20150617 Checking if all patches applied [ooooooooooooooooooooooooooooooo Current UEFI KEK
√ Microsoft Corporation KEK CA 2011 (revoked: False)
√ Microsoft Corporation KEK 2K CA 2023 (revoked: False)
√ Microsoft Corporation KEK 2K CA 2023 (revoked: False)

Current UEFI DB
√ Microsoft Windows Production PCA 2011 (revoked: False)
√ Microsoft Corporation UEFI CA 2011 (revoked: False)
√ Windows UEFI CA 2023 (revoked: False)
√ Microsoft UEFI CA 2023 (revoked: False)
√ Microsoft Option ROM UEFI CA 2023 (revoked: False)
√ db_Manufacture20150617 (revoked: False)

Default UEFI DB
√ Microsoft Windows Production PCA 2011 (revoked: False)
√ Microsoft Corporation UEFI CA 2011 (revoked: False)
√ Windows UEFI CA 2023 (revoked: False)
√ Microsoft UEFI CA 2023 (revoked: False)
X Microsoft Option ROM UEFI CA 2023
√ db_Manufacture20150617 (revoked: False)

Current UEFI DBX
2025-10-14 (v1.6.0) : SUCCESS: 431 successes detected
Windows Bootmgr SVN : None
Windows cdboot SVN : None
Windows wdsmgfw SVN : None

Press any key to continue . . .

Desktop
Prebuilt Ibuypower All AMD Desktop

MSI Pro B650 VC Wifi Rev 1.0
Ryzen 7 7700X
Radeon 7800XT OC 16GB
Samsung 990 Pro 1TB NVMe
Samsung 990 Pro 2TB Game NVMe
Windows 11 Pro 26200.8039

Checking for Administrator permission...
Running as administrator - continuing execution...

22 March 2026
Manufacturer: Micro-Star International Co., Ltd.
Model: MS-7D78
BIOS: American Megatrends International, LLC., 1.L7, 1.L7, ALASKA - 1072009
Windows version: 25H2 (Build 26200.8039)

Secure Boot status: Enabled

Current UEFI PK
√ MSI SHIP PK

Default UEFI PK
√ MSI SHIP PK

Current UEFI KEK √ Microsoft Corporation KEK CA 2011 (revoked: False) √ Microsoft Corporation KEK 2K CA 2023 (revoked: False) √ MSI SHIP KEK (revoked: False) Default UEFI KEK √ Microsoft Corporation KEK CA 2011 (revoked: False) √ Microsoft Corporation KEK 2K CA 2023 (revoked: False) √ MSI SHIP KEK (revoked: False)
Current UEFI DB
√ Microsoft Windows Production PCA 2011 (revoked: False)
√ Microsoft Corporation UEFI CA 2011 (revoked: False)
√ Windows UEFI CA 2023 (revoked: False)
√ Microsoft UEFI CA 2023 (revoked: False)
√ Microsoft Option ROM UEFI CA 2023 (revoked: False)
√ MSI SHIP DB (revoked: False)

Default UEFI DB
√ Microsoft Windows Production PCA 2011 (revoked: False)
√ Microsoft Corporation UEFI CA 2011 (revoked: False)
√ Windows UEFI CA 2023 (revoked: False)
√ Microsoft UEFI CA 2023 (revoked: False)
√ Microsoft Option ROM UEFI CA 2023 (revoked: False)
√ MSI SHIP DB (revoked: False)

Current UEFI DBX
2025-10-14 (v1.6.0) : SUCCESS: 431 successes detected
Windows Bootmgr SVN : None
Windows cdboot SVN : None
Windows wdsmgfw SVN : None

Press any key to continue . . .

garlin · Mar 22, 2026

bikemanAMD said:
Current UEFI DBX
2025-10-14 (v1.6.0) : SUCCESS: 431 successes detected
Windows Bootmgr SVN : None
Windows cdboot SVN : None
Windows wdsmgfw SVN : None

CA 2023 certs are present, but CA 2011 has not been revoked.
You're good for now if you want to wait for MS to perform the CA 2011 revocation.

bikemanAMD · Mar 22, 2026

garlin said:
CA 2023 certs are present, but CA 2011 has not been revoked.
You're good for now if you want to wait for MS to perform the CA 2011 revocation.

Well probably easier waiting on MS to Perform the Revocation as right now i'd imagine i'd have issues with Macrium Reflect Rescue Flash drive like i had a few times in the past with it when previously i did have it Revoked at least on the Desktop, but also just updated the UEFI Bios on Desktop yesterday.

Had a little issue updating it, some reason MSI M-Flash froze before it even started the M Flash Mode But with Help from Co-Pilot and Bios flashback option on motherboard, got system updated fine after that.

hader · Mar 23, 2026

bikemanAMD said:
Current UEFI DBX
2025-10-14 (v1.6.0) : SUCCESS: 431 successes detected
Windows Bootmgr SVN : None
Windows cdboot SVN : None
Windows wdsmgfw SVN : None

Press any key to continue . . .

Showed this earlier. In order to fix this "None" issue; Run the following commands in Powershell as Admin;

- reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Secureboot /v AvailableUpdates /t REG_DWORD /d 0x200 /f
- Start-ScheduledTask -TaskName "\Microsoft\Windows\PI\Secure-Boot-Update"

After that; SVN's will show 7.0, 3.0 and 3.0. If they show other numbers ; your are not at the latest Windows version.

bikemanAMD · Mar 23, 2026

hader said:
Showed this earlier. In order to fix this "None" issue; Run the following commands in Powershell as Admin;

- reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Secureboot /v AvailableUpdates /t REG_DWORD /d 0x200 /f
- Start-ScheduledTask -TaskName "\Microsoft\Windows\PI\Secure-Boot-Update"

After that; SVN's will show 7.0, 3.0 and 3.0. If they show other numbers ; your are not at the latest Windows version.

Received this error in Powershell as Admin when adding the second Line

PS C:\> Start-ScheduledTask -TaskName "\Microsoft\Windows\PI\Secure-Boot-Update"
Start-ScheduledTask: The system cannot find the file specified.

The first one said Operation completed successfully

hader · Mar 23, 2026

LongScaryName said:
As you can see, I used MOSBY to do the update in the bios. It seemed to go just fine, but now when I enable secure boot, I get the error message "A bootable device has not been detected." Boots fine without secure boot enabled. I'm really, REALLY stumped at this point. Any advice anyone has would be greatly appreciated. I've done, checked, redone, rechecked, SO many times now, I'm about to pull what's left of my hair out. Thanks in advance.

And yet.... Your output looks still OK. That the script fails to get the default XXXX values lies maybe in the fact that in the past you have deleted those default setting inside your BIOS. (Those values are stored inside a separate piece of NVRAM on your motherboard alongside with your BIOS settings) You can do that, but you have to download them first onto your drive, store these at secure place, delete them and upload a different one to replace the original ones. Now they are empty and the script didn't expected that and gives you a failure obtaining it's value's. (no matter which script you uses; there are gone.)
Luckily those are not the valid ones. Those current values are, and they checked all OK.

For the good measure. Windows now boots anyway regardless if secure boot is turned on or off. When turned on it does an extra step; during the boot it will check if driver files are loaded: if they are signed (some are, some not) points towards a valid certificate. (Currently they point to CA2011. That will be replaced by CA2023 because that CA2011 will expire arround June 2026. A future update will a) Replace the current PCA2011 by the PCA2023 one and b) replace all drivers pointing to the new CA2023 certificate.) If they are pointing towards an invalid or expired certificate Windows will not load these driver files! (In case of secure boot is turned off; it will skip that checking step al together)

So in your case; OFF; uses the bootloader (don't look at any certificate), ON; uses the bootloader that looks at the certificate. You have a problem now because there is something wrong with the bootloader; "It can't find it." When Secured Boot is turned on. The checking part of the bootloader seems te be damaged.

That's a configuration issue rather then a certificate issue.
You can repair this by following the instructions on this page; How to Repair EFI/GPT Bootloader on Windows 10 or 11 | Windows OS Hub
Basically you have to go to the WinRE Environment and fix the bootloader. The page will show you how to do this. (Diskpart and you have to use bcdedit to repair/replace or fix your bootloader)

hdmi · Mar 23, 2026

bikemanAMD said:
Start-ScheduledTask: The system cannot find the file specified.

Start-ScheduledTask -TaskPath \Microsoft\Windows\PI\ -TaskName Secure-Boot-Update

hader · Mar 23, 2026

bikemanAMD said:
Received this error in Powershell as Admin when adding the second Line

PS C:\> Start-ScheduledTask -TaskName "\Microsoft\Windows\PI\Secure-Boot-Update"
Start-ScheduledTask: The system cannot find the file specified.

The first one said Operation completed successfully

OK... (I used this command myself just now to check if it could be found. No issues here. Comes straight back after completing it task)
That means... Someone deleted that task?... Check for it existence:

Check the following: Win+R: taskschd.msc.
The taskschedular will start. Dive deep into; Select Microsoft - Windows - PI and see inside the tree "PI" there is a task called "Secure-Boot-Update" (Underneath that one there should be a second task called "Sqm-Task")

If the task "Secure-Boot-Update" isn't there then... Somewhere back in time that task has been deleted by ????. It should be there! It is essential that it is there otherwise all this CA2023 stuff won't work. By calling this task; A specific Job-Function (in this case 0x200) is placed as a value inside AvailableUpdates as a to-do job. (There are several numbers available; not more that 5 that will execute certain tasks) This Secure-Boot-Update task picks up this 0x200 request and sends it to a MS Server. In respons some stuff is downloaded and applied. When successful this value (AvailableUpdates) will reset to 0x000 again to show you and the system it has finished with succes. I bet if you look now that value will still be 0x200 because that Secure-Boot-Update task inside the taskschedular is missing.

If it is indeed missing; no worry's I have made an export of this task in the past. (Helped someone else who's scheduled task was also deleted) It is a .xml file which is readable just as a normal .xml file would be. I will include this .xml as an attachment. Save it somewhere on disk. Stay inside the taskschedular in the same tree; Microsoft\Windows\PI. On the rightside richtclick on an empty space and "import task" point to that saved .xml file and OK. You just imported the vanished but needed scheduled task. Now execute that Start-ScheduledTask command again. It is there and it will finish his job. Check if AvailebleUpdates has gone from 0x200 back to 0x000. An indication that it has finished the job with succes. See then if now that None value has been resolved. (No reboot needed or maybe one time.) This scheduled task will be called during boot and every 12 hours. But now your calling it by yourself, so it must do something right now.....

Goodluck.

Ah. Attachment don't accept .xml files. OK. I then zip it first then.....

Note: I see now that one line in the .xml file is showing a Dutch description. That part of the .xml line can be replaced by the English version of it:

Replace this line:
<Description>Met deze taak worden de variabelen van Beveiligd opstarten bijgewerkt.</Description>

By this line:
<Description>This task updates the variables of Secure Boot.</Description>

Save.

bikemanAMD · Mar 23, 2026

hader said:
OK... (I used this command myself just now to check if it could be found. No issues here. Comes straight back after completing it task)
That means... Someone deleted that task?... Check for it existence:

Check the following: Win+R: taskschd.msc.
The taskschedular will start. Dive deep into; Select Microsoft - Windows - PI and see inside the tree "PI" there is a task called "Secure-Boot-Update" (Underneath that one there should be a second task called "Sqm-Task")

If the task "Secure-Boot-Update" isn't there then... Somewhere back in time that task has been deleted by ????. It should be there! It is essential that it is there otherwise all this CA2023 stuff won't work. By calling this task; A specific Job-Function (in this case 0x200) is placed as a value inside AvailableUpdates as a to-do job. (There are several numbers available; not more that 5 that will execute certain tasks) This Secure-Boot-Update task picks up this 0x200 request and sends it to a MS Server. In respons some stuff is downloaded and applied. When successful this value (AvailableUpdates) will reset to 0x000 again to show you and the system it has finished with succes. I bet if you look now that value will still be 0x200 because that Secure-Boot-Update task inside the taskschedular is missing.

If it is indeed missing; no worry's I have made an export of this task in the past. (Helped someone else who's scheduled task was also deleted) It is a .xml file which is readable just as a normal .xml file would be. I will include this .xml as an attachment. Save it somewhere on disk. Stay inside the taskschedular in the same tree; Microsoft\Windows\PI. On the rightside richtclick on an empty space and "import task" point to that saved .xml file and OK. You just imported the vanished but needed scheduled task. Now execute that Start-ScheduledTask command again. It is there and it will finish his job. Check if AvailebleUpdates has gone from 0x200 back to 0x000. An indication that it has finished the job with succes. See then if now that None value has been resolved. (No reboot needed or maybe one time.) This scheduled task will be called during boot and every 12 hours. But now your calling it by yourself, so it must do something right now.....

Goodluck.

Ah. Attachment don't accept .xml files. OK. I then zip it first then.....

Note: I see now that one line in the .xml file is showing a Dutch description. That part of the .xml line can be replaced by the English version of it:

Replace this line:
<Description>Met deze taak worden de variabelen van Beveiligd opstarten bijgewerkt.</Description>

By this line:
<Description>This task updates the variables of Secure Boot.</Description>

Save.

Well won't let me replace the Description line at all with the English version

(Nevermind figured it out)
All Good Now i think

But looks like it worked like was suppose to

Desktop Machine

Checking for Administrator permission...
Running as administrator - continuing execution...

23 March 2026
Manufacturer: Micro-Star International Co., Ltd.
Model: MS-7D78
BIOS: American Megatrends International, LLC., 1.L7, 1.L7, ALASKA - 1072009
Windows version: 25H2 (Build 26200.8039)

Secure Boot status: Enabled

Current UEFI PK
√ MSI SHIP PK

Default UEFI PK
√ MSI SHIP PK

Current UEFI KEK √ Microsoft Corporation KEK CA 2011 (revoked: False) √ Microsoft Corporation KEK 2K CA 2023 (revoked: False) √ MSI SHIP KEK (revoked: False) Default UEFI KEK √ Microsoft Corporation KEK CA 2011 (revoked: False) √ Microsoft Corporation KEK 2K CA 2023 (revoked: False) √ MSI SHIP KEK (revoked: False)
Current UEFI DB
√ Microsoft Windows Production PCA 2011 (revoked: False)
√ Microsoft Corporation UEFI CA 2011 (revoked: False)
√ Windows UEFI CA 2023 (revoked: False)
√ Microsoft UEFI CA 2023 (revoked: False)
√ Microsoft Option ROM UEFI CA 2023 (revoked: False)
√ MSI SHIP DB (revoked: False)

Default UEFI DB
√ Microsoft Windows Production PCA 2011 (revoked: False)
√ Microsoft Corporation UEFI CA 2011 (revoked: False)
√ Windows UEFI CA 2023 (revoked: False)
√ Microsoft UEFI CA 2023 (revoked: False)
√ Microsoft Option ROM UEFI CA 2023 (revoked: False)
√ MSI SHIP DB (revoked: False)

Current UEFI DBX
2025-10-14 (v1.6.0) : SUCCESS: 431 successes detected
Windows Bootmgr SVN : 7.0
Windows cdboot SVN : 3.0
Windows wdsmgfw SVN : 3.0

Press any key to continue . . .

neves · Mar 23, 2026

Sequence said:
Hi garlin,

---

PS C:\Downloads\SecureBoot-CA-2023-Updates> .\Check_UEFI-CA2023.ps1 -Verbose
Windows 11 25H2 (26200.7840)

Secure Boot: ON
Virtualization Based Security: ON
BitLocker on (C:) ON

BIOS Firmware
-------------
Microsoft Corporation Surface Pro 7
Version: 24.109.140
Date: 2025-07-21
ERROR: Failed to read UEFI Secure Boot settings.
Die Variable ist zurzeit nicht definiert: 0xC0000100

---

Did you install the Latest Firmware?

Download Surface Pro 7 Drivers and Firmware from Official Microsoft Download Center

This device has reached the End of Servicing. The following packages are no longer being updated with newer drivers and firmware.

www.microsoft.com

Sequence · Mar 23, 2026

Hi neves,

yes, i looked it up for my Surface 7 Pro, and the one from July 2025 seems to be the lastest one.

Microsofts official page <--- *click* lists 17.200.140.0 as the minimum version, which would be from december 2023.

neves · Mar 23, 2026

Sequence said:
Hi neves,

yes, i looked it up for my Surface 7 Pro, and the one from July 2025 seems to be the lastest one.

Microsofts official page <--- *click* lists 17.200.140.0 as the minimum version, which would be from december 2023.

You're probably correct. You could check with...

Surface - Free download and install on Windows | Microsoft Store

Get the most out of your Surface. The Surface app provides you with customization options and opportunity to learn more about your Surface device. Give feedback on your experience so we can keep making it better. Safety, warranty, and regulatory info is there whenever you need it.

apps.microsoft.com

I just thought this was a newer firmware: Download Surface Pro 7 Drivers and Firmware from Official Microsoft Download Center - for your model, but don't see it in updates history - where last is same version as your current one:

Surface Pro 7 update history | Microsoft Support

List of updates for Surface Pro 7

support.microsoft.com

garlin · Mar 23, 2026

September 2025 updates
September 30 release
The following update is available for Surface Pro 7 devices running Windows 10, Version 22H2 or greater.
Improvements and fixes:

Security:

Addresses potential security vulnerabilities related to Intel® Chipset Firmware Advisory INTEL-SA-01280 that may allow escalation of privilege or information disclosure.

This release contains the following components. The specific components installed are based on your device’s configuration:

Windows Update Name Device Manager
Surface - Firmware - 13.0.2490.3 Surface ME - Firmware
Surface - Firmware - 24.109.140.0 Surface UEFI - Firmware
Intel - System - 2512.7.3.0 Intel(R) Management Engine Interface #1 - System devices
Intel - SoftwareComponent - 1.76.95.0 Intel(R) iCLS Client - Software components

hader · Mar 23, 2026

bikemanAMD said:
.....

Current UEFI DBX
2025-10-14 (v1.6.0) : SUCCESS: 431 successes detected
Windows Bootmgr SVN : 7.0
Windows cdboot SVN : 3.0
Windows wdsmgfw SVN : 3.0

Press any key to continue . . .

Looks like that scheduled task was missing. Now it is present... It has done it's job. All have checkmarks (Default and Current) and all SVN's are as they should be. You're system is ready for the long awaited CA2023 update. (or will they call it CA2024?.....) Today I saw a small OOB update that was fixing some things that has to do with the MS account. (I had an issue with it too) My PC was no longer visible inside my MS account. (2 other machines were) Ater this update; it was there again...

But besides that; 2 new certificates were placed inside the intermediate store; "MS Code Signing PCA 2024" and "MS Windows Code Signing PCA 2024". Still no sign of that "MS Windows Production PCA 2023" (or PCA 2024 by now....) certificate that will replace the current "MS Windows Production PCA 2011" certificate. Only 2 drivers were updated inside the C:\Windows\system32\drivers directory. Both still pointing towards that PCA 2011 certificate.....

bikemanAMD · Mar 23, 2026

hader said:
Looks like that scheduled task was missing. Now it is present... It has done it's job. All have checkmarks (Default and Current) and all SVN's are as they should be. You're system is ready for the long awaited CA2023 update. (or will they call it CA2024?.....) Today I saw a small OOB update that was fixing some things that has to do with the MS account. (I had an issue with it too) My PC was no longer visible inside my MS account. (2 other machines were) Ater this update; it was there again...

But besides that; 2 new certificates were placed inside the intermediate store; "MS Code Signing PCA 2024" and "MS Windows Code Signing PCA 2024". Still no sign of that "MS Windows Production PCA 2023" (or PCA 2024 by now....) certificate that will replace the current "MS Windows Production PCA 2011" certificate. Only 2 drivers were updated inside the C:\Windows\system32\drivers directory. Both still pointing towards that PCA 2011 certificate.....

I assume i should do the same steps next time i'm on PC 2 Newer Gaming Laptop, as i haven't done much with the CA2023 certs on that machine at all since getting it. (It is Windows 11 Compatible, Asus TUF AMD Advantage edition FA617NT.A16.R7700)

Anyhow relaxes now for remainder of today, probably work on PC 2 sometime possibly tomorrow or next day

hader · Mar 23, 2026

bikemanAMD said:
I assume i should do the same steps next time i'm on PC 2 Newer Gaming Laptop, as i haven't done much with the CA2023 certs on that machine at all since getting it. (It is Windows 11 Compatible, Asus TUF AMD Advantage edition FA617NT.A16.R7700)

Anyhow relaxes now for remainder of today, probably work on PC 2 sometime possibly tomorrow or next day

Well you have to wait and see. I assume that missing scheduled task was just a fluke accident.

That scheduled task has been there always from the start. You should take steps yourself or a program to delete that task. I assume that will not be the case on your other PC.

I can't image anybody in their right mind is saying "lets delete that scheduled task" because if you don't know it's impact and there is no need for it why do it anyways? I think maybe a rouge program is to blame for it. Even clean temporary file and orphaned registry cleaners don't touch these scheduled tasks....

Even you can make an additional scheduled task to take some action when triggered on an event or at a certain time etc. It's use is not for Windows alone. Sometime programs are using it to check for updates or to run at startup time without having to start inside the "start at startup" setting inside settings - Apps. (Example; Powertoys has one job scheduled under your name inside scheduled tasks (only when installed off course) it's starts Powertoys as soon as you log in into your account as soon as your machine has booted. ) Other programs have tasks also like my virusscanner (F-secure), OEM (ASUS), Google etc. You can see them all in the main-tree where also Microsoft has a (very big) tree underneath it all.

bikemanAMD · Mar 23, 2026

Yeah I don't know how that scheduled task wasn't present in task scheduler. As I dont go in it much or delete anything there on purpose ever.

Unless somehow I left task scheduler open, and somehow cat managed to do it in the past when I wasn't at desk.

I dont run any cleaner applications, just Defender, Malwarebytes Premium, all updates always installed

Anyhow fixed on Desktop now, and other machine I'll check next time I use it, maybe tomorrow

hdmi · Mar 24, 2026

bikemanAMD said:
Yeah I don't know how that scheduled task wasn't present in task scheduler. As I dont go in it much or delete anything there on purpose ever.

Unless somehow I left task scheduler open, and somehow cat managed to do it in the past when I wasn't at desk.

I dont run any cleaner applications, just Defender, Malwarebytes Premium, all updates always installed

Anyhow fixed on Desktop now, and other machine I'll check next time I use it, maybe tomorrow

See post #369.

How to check if your Secure Boot certs are updated. (three methods)

Well-known member

My Computer

New member

My Computer

Well-known member

My Computers

Well-known member

My Computer

Well-known member

My Computers

Well-known member

My Computer

Well-known member

My Computers

Well-known member

My Computer

Jack of all trades – master of none

My Computers

Well-known member

Attachments

My Computer

Well-known member

My Computers

Well-known member

My Computer

New member

My Computer

Well-known member

My Computer

Well-known member

September 2025 updates​

My Computer

Well-known member

My Computer

Well-known member

My Computers

Well-known member

My Computer

Well-known member

My Computers

Jack of all trades – master of none

My Computers

September 2025 updates