My Graphics Card is acting up at the presence of Secure Boot CA2023 certificates !

suatcini54 · May 16, 2026

Recently I noticed that my Asus M/B BIOS CSM setting was enabled in my Secure Boot PC. It should have been disabled because I disabled it years ago when I enabled Secure Boot.

I re-disabled it and saved the setting but my PC could not boot. Instead I got a message that my graphics card (MSI geForce GTX 1050Ti) was incompatible with Secure Boot with UEFI CA2023 certificates. Luckily, my Asus M/B did not lock me out. Instead it presented a BIOS screen with a message reading I must Press F1 to enter BIOS and make necessary changes in order to be able to continue bootup.

So I left the BIOS CSM setting at Enabled. Auto setting is also accepted.

Upon a little investigation, I found out that my graphics card VBIOS was outdated and must have been updated. Or else, it would remain incompatible.

I checked for VBIOS updates but there is none for my graphics card.

Now my PC is crippled SecureBoot-wise.

If any of you has graphics cards that are still in mfg support cycle, you should look for VBIOS updates before it is too late.

For further information, you may refer to this article:

Some Older NVIDIA Graphics Cards May Not Boot Correctly with Windows Secure Boot After June 2026

A Redditor who goes by gaseousgalaxy, in a detailed post, claims that some of the older NVIDIA GeForce GPUs with UEFI-capable video BIOS could face problems booting with Windows Secure Boot enabled, as their UEFI GOP (graphics output protocol) security certificate expires in June 2026. UEFI GOP...

www.techpowerup.com

Hope this post is useful to some.

garlin · May 16, 2026

Have you tried the NVIDIA firmware update tool? It's not specifically designed to fix the GOP, but you will get the last firmware.

NVIDIA Graphics Firmware Update Tool for DisplayPort 1.3 and 1.4 Displays

NormanF · May 16, 2026

Seldom will hardware be a problem unless your PC is very old.

garlin · May 16, 2026

Wrong again. This has been a known problem with GPU's for a few years now. Some advanced GPU's have signed firmware in order to securely talk to the BIOS (during the POST phase, so you can interact with the BIOS menus). When Secure Boot wasn't enabled, your UEFI didn't care about signing requirements. And now it does.

It's not the age of the CPU, it's the age of your graphics card's firmware. Updated firmware will fix the problem. But like finding the correct BIOS updates, there may not be an official update for older GPU's, and thus people have gone the route of unofficial vBIOS update tools.

The NVIDIA forums have been talked about this problem for years, even before the recent Secure Boot deadline.

suatcini54 · May 16, 2026

garlin said:
Have you tried the NVIDIA firmware update tool? It's not specifically designed to fix the GOP, but you will get the last firmware.

NVIDIA Graphics Firmware Update Tool for DisplayPort 1.3 and 1.4 Displays

This firmware update I had done years ago. It was for Display Port compatibility of my gfx card. Now I need a VBIOS update for GOP of the gfx card. Several months ago Nvidia was the first to say there will not be any more driver update.

Thanks anyway.

suatcini54 · May 16, 2026

NormanF said:
Seldom will hardware be a problem unless your PC is very old.

My gfx card is ten years old. Enough time to leave it out of support. Fair enough.

NormanF · May 16, 2026

That's why if all your hardware drivers work, to leave them well enough unless something isn't working.

garlin · May 16, 2026

This isn't a HW driver issue. It's a firmware issue due to the UEFI spec, on how it restricts secure communication with non-motherboard devices. Newer GPU's or other devices can take advantage of the UEFI 2023 Option ROM cert, but that means your firmware has to be already signed.

If you have unsigned firmware, one of three things will happen:
- Worst case, you get no video during POST, and your PC refuses to boot.
- Less bad case, you get no video, but eventually your OS boots up and video works once the system has cleared BIOS.
- Least bad case, you get an annoying message from the BIOS warning you have unsigned firmware. Every single time the PC is powered up or reset.

suatcini54 · May 16, 2026

If UEFI firmware allows (mine does), one can choose legacy oprom for gfx card and still keep secure boot functionality without getting any nag screen during bootup. I call this crippled secure boot state, whatever that means.

KevTech · May 16, 2026

suatcini54 said:
This firmware update I had done years ago.

There are also some unofficial tools available at Reddit Nvidia.

Reddit

suatcini54 · May 16, 2026

Thanks @KevTech for the info. I will look it up tomorrow. It is a little bit late here. My gfx card is from Pascal series.

My Graphics Card is acting up at the presence of Secure Boot CA2023 certificates !

Well-known member

My Computers

Well-known member

My Computer

Well-known member

My Computers

Well-known member

My Computer

Well-known member

My Computers

Well-known member

My Computers

Well-known member

My Computers

Well-known member

My Computer

Well-known member

My Computers

Well-known member

My Computer

Well-known member

My Computers

Similar threads