Solved Secure boot update HowTo


ChrisVie said:
Thanks! The first two are not executed in Powershell, error message due to “.Type”:

+ (Get-Partition -DiskNumber 0 | Where-Object { .Type -eq ‘System’ })
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (.Type:String) [Where-Object], CommandNotFoundException
[I] + FullyQualifiedErrorId : CommandNotFoundException,Microsoft.PowerShell.Commands.WhereObjectCommand[/I]

This is the output of the third one:

View attachment 153667
Click to expand...
Did your command include the "$_" before before Type? I don't see it in your error message.

Here's what happens when I run it on my system without and with the "$_" (note, my System disk is DIsk 1 so that's why I'm using 1 vs 0).

(WITHOUT)
powershell -ExecutionPolicy Bypass -Command "(Get-Partition -DiskNumber 1 | Where-Object { .Type -eq 'System' })"
Where-Object : The term '.Type' is not recognized as the name of a cmdlet, function, script file, or operable program.
Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
At line:1 char:32
+ (Get-Partition -DiskNumber 1 | Where-Object { .Type -eq 'System' })
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (.Type:String) [Where-Object], CommandNotFoundException
+ FullyQualifiedErrorId : CommandNotFoundException,Microsoft.PowerShell.Commands.WhereObjectCommand


(WITH)
powershell -ExecutionPolicy Bypass -Command "(Get-Partition -DiskNumber 1 | Where-Object { $_.Type -eq 'System' })"


DiskPath: \\?\scsi#disk&ven_nvme&prod_samsung_ssd_990#5&29ebe5f4&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}

PartitionNumber DriveLetter Offset Size Type
--------------- ----------- ------ ---- ----
1 1048576 260 MB System
 

My Computer My Computer

At a glance

W11P-24H2
OS
W11P-24H2
Just want to say, before anything else, a BIG thanks to XxXxX for starting this thread!

The amount of information across Microsoft, its affilliated websites, and the related threads in this forum, is the biggest, by far, I've ever delved into, and for me at least, a real slog to wade through in the hope of finding the clarity, confidence and understanding before comitting to any SB updates...

Coincidentally, I'd already stumbled across the pieces to the method in post #1 earlier today, but after all the reems of other info I'd seen, I was dubious of how valid it was, until I saw this new thread...

And now its all done (see below) - thank heavens!

I did have to wait for ~5mins for the very last step to complete and get the the final 1808 code, but otherwise no problems at all.

Next step is the 2011 revocations - the DBX is still empty for now - but that's a job for a bit further down the line... 🤞



Initial DB Check for Windows UEFI CA 2023 Certificate...
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
True

Detailed DB & DBX Check & System Info...
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
2025 Nov 22 22:15
Manufacturer: Micro-Star International Co., Ltd.
Model: MS-7C83
BIOS: American Megatrends Inc., A.81, A.81, ALASKA - 1072009
Windows version: 23H2 (Build 22631.6199)

Secure Boot status: Enabled

Current UEFI KEK
√ Microsoft Corporation KEK CA 2011 (revoked: False)
√ Microsoft Corporation KEK 2K CA 2023 (revoked: False)

Default UEFI KEK
√ Microsoft Corporation KEK CA 2011 (revoked: False)
√ Microsoft Corporation KEK 2K CA 2023 (revoked: False)

Current UEFI DB
√ Microsoft Windows Production PCA 2011 (revoked: False)
√ Microsoft Corporation UEFI CA 2011 (revoked: False)
√ Windows UEFI CA 2023 (revoked: False)
√ Microsoft UEFI CA 2023 (revoked: False)
√ Microsoft Option ROM UEFI CA 2023 (revoked: False)

Default UEFI DB
√ Microsoft Windows Production PCA 2011 (revoked: False)
√ Microsoft Corporation UEFI CA 2011 (revoked: False)
√ Windows UEFI CA 2023 (revoked: False)
√ Microsoft UEFI CA 2023 (revoked: False)
√ Microsoft Option ROM UEFI CA 2023 (revoked: False)

Current UEFI DBX (only the latest one is needed to be secure)
2023-03-14 : FAIL: Check DBX failed
2023-05-09 : FAIL: Check DBX failed
2025-01-14 (v1.3.1) : FAIL: Check DBX failed
2025-06-11 (v1.5.1) : FAIL: Check DBX failed

View DB & DBX and Current System Boot File...
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Secure Boot: ON
BitLocker on (C:) OFF

UEFI KEK Certs
--------------
Microsoft Corporation KEK CA 2011
Microsoft Corporation KEK 2K CA 2023

UEFI DB Certs
-------------
Microsoft Corporation UEFI CA 2011
Microsoft Windows Production PCA 2011
Microsoft Option ROM UEFI CA 2023
Microsoft UEFI CA 2023
Windows UEFI CA 2023

UEFI DBX Certs
--------------

EFI Files
---------
Disk 0: Boot Manager [Windows UEFI CA 2023] is ALLOWED.

Registry: WindowsUEFICA2023Capable = 2
[Windows UEFI CA 2023] is in UEFI DB, and Windows is starting from CA 2023 Boot Manager.

View Secure Boot Update Events...
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ProviderName: Microsoft-Windows-TPM-WMI

TimeCreated Id LevelDisplayName Message
----------- -- ---------------- -------
22/11/2025 22:20:07 1808 Information This device has updated Secure Boot CA/keys.
22/11/2025 22:11:14 1799 Information Boot Manager signed with Windows UEFI CA 2023 was installed successfully
 

My Computer My Computer

At a glance

Win11 Pro 23H2 Final?...i3 gen 108GNVidia GTX
OS
Win11 Pro 23H2 Final?...
Computer type
PC/Desktop
Manufacturer/Model
DIY
CPU
i3 gen 10
Motherboard
MSI
Memory
8G
Graphics Card(s)
NVidia GTX
Sound Card
Integrated
Monitor(s) Displays
TV
Screen Resolution
HD
Hard Drives
SSD
Other Info
System fully W11 compliant (per WhyNotWin11 2.7.0.0.)
It is Local Account only and never knowingly been attached to a MS Account.
Anyone care to tell me what the red X's signify, beyond the obvious? I'm assuming not installed, other than that, unsure. The 2023 KEK Key is of particular interest.
 

Attachments

  • Keys.webp
    Keys.webp
    103.7 KB · Views: 9

My Computer My Computer

At a glance

Windows 11
OS
Windows 11
It means there are no entries for those certificates in those databases...

CORRECTION it should normally mean that... but I see you have you entries in your DBX (never seen those before) so not entirely sure...
(Sorry get ahead of myself there, not very helpful... I need to get some sleep)
 

My Computer My Computer

At a glance

Win11 Pro 23H2 Final?...i3 gen 108GNVidia GTX
OS
Win11 Pro 23H2 Final?...
Computer type
PC/Desktop
Manufacturer/Model
DIY
CPU
i3 gen 10
Motherboard
MSI
Memory
8G
Graphics Card(s)
NVidia GTX
Sound Card
Integrated
Monitor(s) Displays
TV
Screen Resolution
HD
Hard Drives
SSD
Other Info
System fully W11 compliant (per WhyNotWin11 2.7.0.0.)
It is Local Account only and never knowingly been attached to a MS Account.
Dirtyflash said:
Anyone care to tell me what the red X's signify, beyond the obvious? I'm assuming not installed, other than that, unsure. The 2023 KEK Key is of particular interest.
Click to expand...

the red X means you haven't installed the 2023 cert for the system to use or be able to update the system with the 2023 cert.
please go to post #1
and follow the steps > part A then > part B please

take your time and please read the instruction carefully step by step
best of luck Steve ..
 

My Computers My Computers

System One System Two

  • At a glance

    Debian 13 KDE .. Windows 11 HomeRyzen 7 5825u64GB DDR4 3200Ryzen 7 5825u
    OS
    Debian 13 KDE .. Windows 11 Home
    Computer type
    PC/Desktop
    Manufacturer/Model
    HP 24" AiO
    CPU
    Ryzen 7 5825u
    Motherboard
    HP
    Memory
    64GB DDR4 3200
    Graphics Card(s)
    Ryzen 7 5825u
    Sound Card
    RealTek
    Monitor(s) Displays
    24" HP AiO
    Screen Resolution
    1920 x 1080 @60 Hz
    Hard Drives
    1TB WD Blue SN580 M2 SSD Partitioned.
    2x 1TB USB HDD External Backup/Storage.
    PSU
    90W external power brick
    Case
    24" All in One
    Cooling
    Default Air Cooling
    Keyboard
    HP WiFi UK extended
    Mouse
    HP WiFi 3 Button
    Internet Speed
    1GB full fibre
    Browser
    Edge & Firefox
    Antivirus
    AVG Internet Security/Windows Defender
    Other Info
    Mainly Open Source Software

  • At a glance

    Ubuntu 22.04.5 LTSi5 7200u16GB DDR4Intel
    Operating System
    Ubuntu 22.04.5 LTS
    Computer type
    Laptop
    Manufacturer/Model
    Dell 13" Latitude 2017
    CPU
    i5 7200u
    Motherboard
    Dell
    Memory
    16GB DDR4
    Graphics card(s)
    Intel
    Sound Card
    Intel
    Monitor(s) Displays
    13" Dell Laptop
    Hard Drives
    250GB Crucial 2.5" SSD
    Mouse
    Generic WiFi 3 button
    Internet Speed
    WiFi only
    Browser
    Firefox
    Antivirus
    ClamAV TK
    Other Info
    Mainly Open Source Software
Dirtyflash said:
Anyone care to tell me what the red X's signify, beyond the obvious? I'm assuming not installed, other than that, unsure. The 2023 KEK Key is of particular interest.
Click to expand...

Default = Preinstalled Keys (Factory Default - if you will), so this came with your system. Thus, the X for those Default keys - means you didn't have those preinstalled.

Current = The Active Keys - currently used by your system. And yes, KEK 2K CA 2023 - is missing (that's why it's shown with X). KEK only comes with a BIOS/Firmware update from the manufacturer (can be issued through Windows Updates - or downloaded from OEM site - if a recent BIOS/Firmware update which includes it is available) - even tho - it's issued by Microsoft.
 

My Computer My Computer

At a glance

WinDOS 25H2Intel & AMDSO-DIMM SK Hynix 15.8 GB Dual-Channel DDR4-26...nVidia RTX 2060 6GB Mobile GPU (TU106M)
OS
WinDOS 25H2
Computer type
Laptop
CPU
Intel & AMD
Memory
SO-DIMM SK Hynix 15.8 GB Dual-Channel DDR4-2666 (2 x 8 GB) 1329MHz (19-19-19-43)
Graphics Card(s)
nVidia RTX 2060 6GB Mobile GPU (TU106M)
Sound Card
Onbord Realtek ALC1220
Screen Resolution
1920 x 1080
Hard Drives
1x Samsung PM981 NVMe PCIe M.2 512GB / 1x Seagate Expansion ST1000LM035 1TB
neves said:
Default = Preinstalled Keys (Factory Default - if you will), so this came with your system. Thus, the X for those Default keys - means you didn't have those preinstalled.

Current = The Active Keys - currently used by your system. And yes, KEK 2K CA 2023 - is missing (that's why it's shown with X). KEK only comes with a BIOS/Firmware update from the manufacturer (can be issued through Windows Updates - or downloaded from OEM site - if a recent BIOS/Firmware update which includes it is available) - even tho - it's issued by Microsoft.
Click to expand...
Thank you! That's a very straight forward, clear and easy to understand answer.
 

My Computer My Computer

At a glance

Windows 11
OS
Windows 11
Hello, what does my screenshot mean? Am I on the right track, or do I need to make further changes? Thank you for your answers.cmd_dzhZdnGSwb.webp
 

My Computer My Computer

At a glance

windows 11 25H224GBiris xe
OS
windows 11 25H2
Computer type
Laptop
Manufacturer/Model
ASUS Vivobook 15 (X1504)
Motherboard
Intel Alder Lake-P PCH
Memory
24GB
Graphics Card(s)
iris xe
Sound Card
realtek
Screen Resolution
1920X1080
Hard Drives
Samsung SSD 990 PRO 1TB
Browser
edge
Antivirus
eset anti virus
Thierry 83200 said:
Hello, what does my screenshot mean? Am I on the right track, or do I need to make further changes? Thank you for your answers.View attachment 153989
Click to expand...

please check this registry key
Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecureBoot\Servicing

in the right Window you will see ..
UEFICA2023Status which will now show 'Updated'
WindowsUEFICA2023Capable 0x00000002

1763879666704.webp

if the registry key comes back as 'updated' you are good to go.
best of luck Steve ..
 

My Computers My Computers

System One System Two

  • At a glance

    Debian 13 KDE .. Windows 11 HomeRyzen 7 5825u64GB DDR4 3200Ryzen 7 5825u
    OS
    Debian 13 KDE .. Windows 11 Home
    Computer type
    PC/Desktop
    Manufacturer/Model
    HP 24" AiO
    CPU
    Ryzen 7 5825u
    Motherboard
    HP
    Memory
    64GB DDR4 3200
    Graphics Card(s)
    Ryzen 7 5825u
    Sound Card
    RealTek
    Monitor(s) Displays
    24" HP AiO
    Screen Resolution
    1920 x 1080 @60 Hz
    Hard Drives
    1TB WD Blue SN580 M2 SSD Partitioned.
    2x 1TB USB HDD External Backup/Storage.
    PSU
    90W external power brick
    Case
    24" All in One
    Cooling
    Default Air Cooling
    Keyboard
    HP WiFi UK extended
    Mouse
    HP WiFi 3 Button
    Internet Speed
    1GB full fibre
    Browser
    Edge & Firefox
    Antivirus
    AVG Internet Security/Windows Defender
    Other Info
    Mainly Open Source Software

  • At a glance

    Ubuntu 22.04.5 LTSi5 7200u16GB DDR4Intel
    Operating System
    Ubuntu 22.04.5 LTS
    Computer type
    Laptop
    Manufacturer/Model
    Dell 13" Latitude 2017
    CPU
    i5 7200u
    Motherboard
    Dell
    Memory
    16GB DDR4
    Graphics card(s)
    Intel
    Sound Card
    Intel
    Monitor(s) Displays
    13" Dell Laptop
    Hard Drives
    250GB Crucial 2.5" SSD
    Mouse
    Generic WiFi 3 button
    Internet Speed
    WiFi only
    Browser
    Firefox
    Antivirus
    ClamAV TK
    Other Info
    Mainly Open Source Software
Thank you very much, here's what I have in my register. Sincerely,regedit_0TsoY2aAwb.webp
 

My Computer My Computer

At a glance

windows 11 25H224GBiris xe
OS
windows 11 25H2
Computer type
Laptop
Manufacturer/Model
ASUS Vivobook 15 (X1504)
Motherboard
Intel Alder Lake-P PCH
Memory
24GB
Graphics Card(s)
iris xe
Sound Card
realtek
Screen Resolution
1920X1080
Hard Drives
Samsung SSD 990 PRO 1TB
Browser
edge
Antivirus
eset anti virus
The secure boot expiration is June 26, 2026.

Microsoft is planning to provide an update before expiration via Windows update.

More than 90% of threads with collected log files have SecureBoot : Not Enabled

If secure boot is not enabled it leaves the computer exposed to malware.

Updating secure boot that is not enabled does not modify the malware risk.

In most cases waiting for Microsoft to provide updates works.




Frequently asked questions about the Secure Boot update process - Microsoft Support

support.microsoft.com support.microsoft.com



Code: 
If your device is managed by Microsoft, and sharing diagnostic data with Microsoft, then Microsoft will attempt 
to update the Secure Boot certificates automatically in most cases. 

While Microsoft will do their best to update Secure Boot, there will be some situations where the update is not guaranteed 
to apply and will need Customer action. 

The customer is ultimately responsible for updating the Secure Boot Certificates.

Some example situations where Microsoft Managed devices with diagnostic data shared do not get updated are as follows:

Microsoft Secure Boot updates work on only some in-support versions of Windows.

The diagnostic data enabled on your device could be blocked by a firewall in your organization and not reaching Microsoft.

There might be something wrong with the Firmware on the device.

Note What does it mean to be “Managed by Microsoft”? The system shares diagnostic data and is managed by Microsoft Cloud 
or Intune.

If your device is not sharing diagnostic data with Microsoft and is managed by your organization’s IT department or by the customer, 
then the IT department can update the systems following Microsoft’s guidance in Windows Secure Boot certificate expiration and 
CA updates.
 

My Computer My Computer

At a glance

Windows 10Intel(R) Core(TM) i7-4800MQ CPU @ 2.70GHz16 GB Total: Manufacturer : Samsung MemoryTyp...NVIDIA Quadro K3100M; Intel(R) HD Graphics 4600
OS
Windows 10
Computer type
Laptop
Manufacturer/Model
HP
CPU
Intel(R) Core(TM) i7-4800MQ CPU @ 2.70GHz
Motherboard
Product : 190A Version : KBC Version 94.56
Memory
16 GB Total: Manufacturer : Samsung MemoryType : DDR3 FormFactor : SODIMM Capacity : 8GB Speed : 1600
Graphics Card(s)
NVIDIA Quadro K3100M; Intel(R) HD Graphics 4600
Sound Card
IDT High Definition Audio CODEC; PNP Device ID HDAUDIO\FUNC_01&VEN_111D&DEV_76E0
Hard Drives
Model Hitachi HTS727575A9E364
Antivirus
Microsoft Defender
Other Info
Mobile Workstation
My ASUS-Z97 BIOS works in legacy-modus , though it can run in EUFI also .
In regedit ; " EUFICA2023 Status = NotStarted " and ; " WindowsEUFICA2023Capable = 0 "

What (??) should I do .............??
 

My Computers My Computers

System One System Two

  • At a glance

    Windows11 Pro 25H2i732GBnVidia
    OS
    Windows11 Pro 25H2
    Computer type
    PC/Desktop
    Manufacturer/Model
    Asus
    CPU
    i7
    Motherboard
    z97k
    Memory
    32GB
    Graphics Card(s)
    nVidia
    Sound Card
    Realtek
    Hard Drives
    3
    Cooling
    air
    Browser
    Edge
    Antivirus
    ESET

  • At a glance

    Windows11 ProIntel i516GBIntel
    Operating System
    Windows11 Pro
    Computer type
    PC/Desktop
    Manufacturer/Model
    ASUS
    CPU
    Intel i5
    Motherboard
    ASUS Basic
    Memory
    16GB
    Graphics card(s)
    Intel
    Sound Card
    Realtek
    Monitor(s) Displays
    Samsung
    Hard Drives
    one intern , 0ne extern, OS on SSD
    Cooling
    air
    Keyboard
    wireless Logitech
    Mouse
    wireless Logitech
    Internet Speed
    1GB
    Browser
    Edge
    Antivirus
    ESET
pietcorus2 said:
My ASUS-Z97 BIOS works in legacy-modus , though it can run in EUFI also .
In regedit ; " EUFICA2023 Status = NotStarted " and ; " WindowsEUFICA2023Capable = 0 "

What (??) should I do .............??
Click to expand...

is secure boot enabled. if secure boot is enabled please refer to post #1
follow the instructions in > part A then > part B

please take your time and follow them step by step.

if you dont use or dont have secure boot enabled then just wait for microsoft to update the system.
best of luck Steve ..
 

My Computers My Computers

System One System Two

  • At a glance

    Debian 13 KDE .. Windows 11 HomeRyzen 7 5825u64GB DDR4 3200Ryzen 7 5825u
    OS
    Debian 13 KDE .. Windows 11 Home
    Computer type
    PC/Desktop
    Manufacturer/Model
    HP 24" AiO
    CPU
    Ryzen 7 5825u
    Motherboard
    HP
    Memory
    64GB DDR4 3200
    Graphics Card(s)
    Ryzen 7 5825u
    Sound Card
    RealTek
    Monitor(s) Displays
    24" HP AiO
    Screen Resolution
    1920 x 1080 @60 Hz
    Hard Drives
    1TB WD Blue SN580 M2 SSD Partitioned.
    2x 1TB USB HDD External Backup/Storage.
    PSU
    90W external power brick
    Case
    24" All in One
    Cooling
    Default Air Cooling
    Keyboard
    HP WiFi UK extended
    Mouse
    HP WiFi 3 Button
    Internet Speed
    1GB full fibre
    Browser
    Edge & Firefox
    Antivirus
    AVG Internet Security/Windows Defender
    Other Info
    Mainly Open Source Software

  • At a glance

    Ubuntu 22.04.5 LTSi5 7200u16GB DDR4Intel
    Operating System
    Ubuntu 22.04.5 LTS
    Computer type
    Laptop
    Manufacturer/Model
    Dell 13" Latitude 2017
    CPU
    i5 7200u
    Motherboard
    Dell
    Memory
    16GB DDR4
    Graphics card(s)
    Intel
    Sound Card
    Intel
    Monitor(s) Displays
    13" Dell Laptop
    Hard Drives
    250GB Crucial 2.5" SSD
    Mouse
    Generic WiFi 3 button
    Internet Speed
    WiFi only
    Browser
    Firefox
    Antivirus
    ClamAV TK
    Other Info
    Mainly Open Source Software
XxXxX said:
is secure boot enabled. if secure boot is enabled please refer to post #1
follow the instructions in > part A then > part B

please take your time and follow them step by step.

if you dont use or dont have secure boot enabled then just wait for microsoft to update the system.
best of luck Steve ..
Click to expand...
Just checked bios ; " EUFI Boot = No " and " Secure Boot = not capable " ..................so , can I use this PC still , after June 2026 ...............???
How(??) will MS update my system ?
btw ; ASUS has no BIOS-updates for my Z97-K , latest is from 2020 ...........
 

My Computers My Computers

System One System Two

  • At a glance

    Windows11 Pro 25H2i732GBnVidia
    OS
    Windows11 Pro 25H2
    Computer type
    PC/Desktop
    Manufacturer/Model
    Asus
    CPU
    i7
    Motherboard
    z97k
    Memory
    32GB
    Graphics Card(s)
    nVidia
    Sound Card
    Realtek
    Hard Drives
    3
    Cooling
    air
    Browser
    Edge
    Antivirus
    ESET

  • At a glance

    Windows11 ProIntel i516GBIntel
    Operating System
    Windows11 Pro
    Computer type
    PC/Desktop
    Manufacturer/Model
    ASUS
    CPU
    Intel i5
    Motherboard
    ASUS Basic
    Memory
    16GB
    Graphics card(s)
    Intel
    Sound Card
    Realtek
    Monitor(s) Displays
    Samsung
    Hard Drives
    one intern , 0ne extern, OS on SSD
    Cooling
    air
    Keyboard
    wireless Logitech
    Mouse
    wireless Logitech
    Internet Speed
    1GB
    Browser
    Edge
    Antivirus
    ESET
pietcorus2 said:
Just checked bios ; " EUFI Boot = No " and " Secure Boot = not capable " ..................so , can I use this PC still , after June 2026 ...............???
Click to expand...

yes
the new 2023 cert just updates the data base for secure boot
if you are not using secure boot just carry on as normal
as you are not using any certs old or new.

best of luck Steve ..
 

My Computers My Computers

System One System Two

  • At a glance

    Debian 13 KDE .. Windows 11 HomeRyzen 7 5825u64GB DDR4 3200Ryzen 7 5825u
    OS
    Debian 13 KDE .. Windows 11 Home
    Computer type
    PC/Desktop
    Manufacturer/Model
    HP 24" AiO
    CPU
    Ryzen 7 5825u
    Motherboard
    HP
    Memory
    64GB DDR4 3200
    Graphics Card(s)
    Ryzen 7 5825u
    Sound Card
    RealTek
    Monitor(s) Displays
    24" HP AiO
    Screen Resolution
    1920 x 1080 @60 Hz
    Hard Drives
    1TB WD Blue SN580 M2 SSD Partitioned.
    2x 1TB USB HDD External Backup/Storage.
    PSU
    90W external power brick
    Case
    24" All in One
    Cooling
    Default Air Cooling
    Keyboard
    HP WiFi UK extended
    Mouse
    HP WiFi 3 Button
    Internet Speed
    1GB full fibre
    Browser
    Edge & Firefox
    Antivirus
    AVG Internet Security/Windows Defender
    Other Info
    Mainly Open Source Software

  • At a glance

    Ubuntu 22.04.5 LTSi5 7200u16GB DDR4Intel
    Operating System
    Ubuntu 22.04.5 LTS
    Computer type
    Laptop
    Manufacturer/Model
    Dell 13" Latitude 2017
    CPU
    i5 7200u
    Motherboard
    Dell
    Memory
    16GB DDR4
    Graphics card(s)
    Intel
    Sound Card
    Intel
    Monitor(s) Displays
    13" Dell Laptop
    Hard Drives
    250GB Crucial 2.5" SSD
    Mouse
    Generic WiFi 3 button
    Internet Speed
    WiFi only
    Browser
    Firefox
    Antivirus
    ClamAV TK
    Other Info
    Mainly Open Source Software
XxXxX said:
yes
the new 2023 cert just updates the data base for secure boot
if you are not using secure boot just carry on as normal
as you are not using any certs old or new.

best of luck Steve ..
Click to expand...
The best thing tp do with secure boot on ordinary domestic computers is just disable it. Same for Bitlocker. W11 boots fine without secure boot.

Windows defender these days is more than good enough for protection --if you lose your computer or it gets stolen you've a load more to worry about than what's on the laptop.

Anything really personal / important - store offline and / or on the cloud.

Cheers
jimbo
 

My Computer My Computer

At a glance

Windows XP,11 Linux Fedora Rawhide pre-releas...2 X Intel i7
OS
Windows XP,11 Linux Fedora Rawhide pre-release 45
Computer type
PC/Desktop
CPU
2 X Intel i7
Screen Resolution
4KUHD X 2
I'm pretty sure Windows updated mine.
 

My Computers My Computers

System One System Two Other systems

  • At a glance

    Windows 11 Pro
    OS
    Windows 11 Pro
    Computer type
    PC/Desktop
    Manufacturer/Model
    ASUS ROG Strix

  • At a glance

    Windows 11 Pro
    Operating System
    Windows 11 Pro
    Computer type
    Laptop
    Manufacturer/Model
    ASUS VivoBook
  • ASUS VivoBook 'Lite' ~ Windows 11 Home
Edwin said:
I'm pretty sure Windows updated mine.
Click to expand...
My PC works very fine with latest Win11 , all my soft (Office , etc, etc ) is up to date , booting within 20 seconds , all fine !
So, Im not thinking of buying new PC , why ( ??) should I ........?
btw ; "secure boot " , I dont need this crap , will only taking time extra ......... :wink:
 

My Computers My Computers

System One System Two

  • At a glance

    Windows11 Pro 25H2i732GBnVidia
    OS
    Windows11 Pro 25H2
    Computer type
    PC/Desktop
    Manufacturer/Model
    Asus
    CPU
    i7
    Motherboard
    z97k
    Memory
    32GB
    Graphics Card(s)
    nVidia
    Sound Card
    Realtek
    Hard Drives
    3
    Cooling
    air
    Browser
    Edge
    Antivirus
    ESET

  • At a glance

    Windows11 ProIntel i516GBIntel
    Operating System
    Windows11 Pro
    Computer type
    PC/Desktop
    Manufacturer/Model
    ASUS
    CPU
    Intel i5
    Motherboard
    ASUS Basic
    Memory
    16GB
    Graphics card(s)
    Intel
    Sound Card
    Realtek
    Monitor(s) Displays
    Samsung
    Hard Drives
    one intern , 0ne extern, OS on SSD
    Cooling
    air
    Keyboard
    wireless Logitech
    Mouse
    wireless Logitech
    Internet Speed
    1GB
    Browser
    Edge
    Antivirus
    ESET
jimbo45 said:
The best thing tp do with secure boot on ordinary domestic computers is just disable it.
Click to expand...
I wouldn't say "best"... but certainly the easiest.

I think there's a lot of security value even for home users with both Secure Boot and Bit Locker. I like knowing that should someone steal my computer it would take nation-state resources to go through my data to pull anything out of it like banking or credit card information.
 
Last edited:

My Computers My Computers

System One System Two

  • At a glance

    Windows 11 ProRyzen 7 5800XGSkill 3200, 2x8GBMSI RX 6800 XT Gaming Z
    OS
    Windows 11 Pro
    Computer type
    PC/Desktop
    Manufacturer/Model
    DIY
    CPU
    Ryzen 7 5800X
    Motherboard
    Gigabyte B550M Aorus Pro
    Memory
    GSkill 3200, 2x8GB
    Graphics Card(s)
    MSI RX 6800 XT Gaming Z
    Sound Card
    on-board Realtek
    Monitor(s) Displays
    MSI 180hz
    Screen Resolution
    1440p
    Hard Drives
    Samsung 980 Pro, Samsung 870 Evo, generic PCIe NVME, WD 1TB 2.5" laptop spinner
    PSU
    Corsair RM 650
    Case
    mATX
    Cooling
    BeQuiet 240mm AIO and a bunch of case fans
    Keyboard
    one that clacks softly
    Mouse
    logitech
    Internet Speed
    bunches of bps
    Browser
    Firefox
    Antivirus
    Windows' own

  • At a glance

    Win11 ProRyzen 7 170016GB DDR4RX-480
    Operating System
    Win11 Pro
    Computer type
    PC/Desktop
    Manufacturer/Model
    DIY
    CPU
    Ryzen 7 1700
    Motherboard
    GA-AB350M G-3
    Memory
    16GB DDR4
    Graphics card(s)
    RX-480
    Sound Card
    In-Built Realtek
    Monitor(s) Displays
    Samsung
    Screen Resolution
    1440p
    Hard Drives
    NVME/SSD's
    PSU
    Thermaltake BX1 550W
    Case
    Some junky thing
    Cooling
    ThermalTake Assassin(?)
    Browser
    FF/Edge
    Antivirus
    Whatever Windows does
    Other Info
    Secure Boot enabled updated to 2023 CA keys, TPM2.0 enabled with system drive Bitlocker'd.
I dont use bitlocker /secure boot/etc ..............lots of people , including me , are getting very tired of all these "running out of hands " security !
My firewall , and internet -safety kept me safe , for a looooong time already ............... :wink:
 

My Computers My Computers

System One System Two

  • At a glance

    Windows11 Pro 25H2i732GBnVidia
    OS
    Windows11 Pro 25H2
    Computer type
    PC/Desktop
    Manufacturer/Model
    Asus
    CPU
    i7
    Motherboard
    z97k
    Memory
    32GB
    Graphics Card(s)
    nVidia
    Sound Card
    Realtek
    Hard Drives
    3
    Cooling
    air
    Browser
    Edge
    Antivirus
    ESET

  • At a glance

    Windows11 ProIntel i516GBIntel
    Operating System
    Windows11 Pro
    Computer type
    PC/Desktop
    Manufacturer/Model
    ASUS
    CPU
    Intel i5
    Motherboard
    ASUS Basic
    Memory
    16GB
    Graphics card(s)
    Intel
    Sound Card
    Realtek
    Monitor(s) Displays
    Samsung
    Hard Drives
    one intern , 0ne extern, OS on SSD
    Cooling
    air
    Keyboard
    wireless Logitech
    Mouse
    wireless Logitech
    Internet Speed
    1GB
    Browser
    Edge
    Antivirus
    ESET
You must log in or register to reply here.

Similar threads

Secure boot update via Windows update
Replies
3
Views
2K
hader
hader
Secure Boot Update Issue for 2014 Dell Laptop
Replies
7
Views
2K
SIW2
SIW2
Solved Successful manual update of Secure Boot on Dell XPS8930 with older BIOS that will never update.
2
Replies
21
Views
2K
garlin
G
Solved garlin's PowerShell scripts for updating Secure Boot CA 2023
128 129 130
Replies
3K
Views
205K
iFX_Legacy
I
Solved Finding the UEFI's DBX SVN number using PowerShell
2 3 4
Replies
73
Views
11K
Ghot
Ghot

Latest Support Threads

Latest Tutorials

Back
Top Bottom