Updating Microsoft Secure Boot keys before expiration in June 2026



UPDATE 4/02:

Secure Boot certificate update status in the Windows Security app - Microsoft Support

support.microsoft.com support.microsoft.com

UPDATE 2/10:
www.elevenforum.com

Refreshing the root of trust: industry collaboration on Secure Boot certificate updates

Windows Experience Blog: Secure Boot is a foundational security feature of the Windows and Windows Server experience, providing protection from the moment a device powers on. Introduced in 2011, Secure Boot runs at startup – before Windows loads – and helps ensure only trusted, digitally signed...
www.elevenforum.com www.elevenforum.com


 Windows IT Pro Blog:

Secure Boot playbook for certificates expiring in 2026

The first set of tools and steps are now available to help you proactively update your Secure Boot certificates before they expire in June of 2026.

Secure Boot is more mature and robust today than it was some years ago. Coupled with the Unified Extensible Firmware Interface (UEFI) firmware signing process, Secure Boot uses cryptographic keys, known as certificate authorities (CAs), to validate that firmware modules come from a trusted source. This helps prevent malware from running early in the startup sequence of a Windows device.

Secure Boot certificates have always had expiration dates. New certificates help ensure that your devices stay up to date with the latest security protections. That is why your organization will need to install the 2023 CAs before the 2011 CAs start expiring in June of 2026.

Note: Need a refresher on why updating Secure Boot certificates is so important?
Many Windows PCs manufactured since 2024 already have the updated 2023 certificates. For the remaining devices, Microsoft is delivering new Secure Boot certificates through Windows monthly updates, with partner original equipment manufacturers (OEMs) making firmware updates available to help ensure compatibility.

If you wish to proactively update your Secure Boot certificates, this post contains initial steps you can take and tools you can use, with more scalable approaches coming soon. At a minimum, we encourage you to monitor the progress of your device fleet from the start.

Let’s get started. Here’s a summary of what you can do today to prepare:
  • Step 1: Inventory and prepare your environment
  • Step 2: Monitor and check your devices for Secure Boot status
  • Step 3: Apply OEM firmware updates before Microsoft updates
  • Step 4: Plan and pilot Secure Boot certificate deployments
  • Step 5: Troubleshoot and remediate common issues

Step 1: Inventory and prepare your environment​

For most devices in your organization, Microsoft will automatically update high-confidence devices via Windows Update. However, you can validate and actively roll out these updates, in which case, you would start by conducting an inventory.

Inventory

Most devices manufactured since 2012 have Secure Boot enabled, but you should always verify that. You should also check the status of the Secure Boot certificates with sample inventory PowerShell commands or by checking the value of the UEFICA2023Status registry key (it should ultimately be “updated”). Out of the devices that show up as not updated, build a small, representative sample. We recommend that you focus on the less common devices, for which high confidence determination isn’t automatic. Then follow the rest of the steps outlined in this post to pilot the certificate updates and help ensure that deployment is successful

Prepare select devices

To prepare devices for Secure Boot certificate deployment, consider how you’ll manage it. There are several approaches to managing Secure Boot certificate updates. Today, you can use registry keys or Group Policy. A Configuration Service Provider (CSP) for mobile device management (MDM), such as Microsoft Intune, is coming soon. Bookmark Windows Secure Boot certificate expiration and CA updates - Microsoft Support for the latest updates.
  1. The primary method is to deploy the certificates to devices that have been validated as ready for the update. See Step 4 when you’re ready to deploy these updates!
  2. For the more common device configurations in your environment, you can utilize two “assists” to manage your deployment:
    • Get new certificates through monthly Windows updates for high-confidence devices. This option is enabled by default for devices that are ready for new certificates. Microsoft will update these devices for you unless you opt out. To opt out, set the HighConfidenceOptOut registry key<a href="Secure Boot playbook for certificates expiring in 2026 - Windows IT Pro Blog" target="_self" rel="nofollow noopener noreferrer">ii</a> value to 1 or set the Automatic Certificate Deployment via Updates Group Policy to Disabled.
    • Opt devices in to Microsoft-managed controlled feature rollout. With registry keys, set the value of MicrosoftUpdateManagedOptIn to 1 to opt in to Microsoft-managed controlled feature rollout. The value of 0 or non-existent key means that you’re opted out. With Group Policy, configure the Certificate Deployment via Controlled Feature Rollout policy to Enabled. Note: To opt in, please configure devices to share required diagnostic data with Microsoft.
Important: All Secure Boot registry keys are under these two paths:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecureBoot
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecureBoot\Servicing

See Registry key updates for Secure Boot: Windows devices with IT-managed updates for more details.

Group Policy settings are available to you under the following path: Computer Configuration > Administrative Templates > Windows Components > Secure Boot. To get the updates that include the Group Policy for deploying Secure Boot certificate updates, download the latest Administrative Templates (.admx) for Windows 11 and Windows Server.

Step 2: Monitor and check your devices for Secure Boot status​

Check the Secure Boot status of your devices before and after deployment. Soon, you will be able to use your preferred management and reporting tools. For now, you can use registry keys or Windows Event Log events to identify which devices already have new certificates and which ones need attention.

Deployment progress

The text value of the UEFICA2023Status registry key will indicate if your certificate deployment status is not started, in progress, or updated. The value will change progressively until all new certificates and the new boot manager have been deployed successfully.

Successful deployment
  • Audit the Windows System Event Log events for Event ID 1808. This informational event indicates that the device has the required new Secure Boot certificates applied to the device’s firmware.
  • Audit the UEFICA2023Error registry key for issues. This key should not exist unless an error is pending.
  • Check that the text value of the UEFICA2023Status registry key reads as “Updated.”
Errors during deployment
  • Audit the Windows System Event Log for Event ID 1801.This error event indicates that the updated certificates have not been applied to the device. Analyze details specific to the device, including device attributes, that will help you in correlating which devices still need updating.
  • Check if the UEFICA2023Error registry key exists. If so, it indicates an error in certificate deployment. The error itself won’t appear in the Event Log. Trace related issues through Secure Boot DB and DBX variable update events.

Step 3: Apply OEM firmware updates before Microsoft updates​

Updated firmware can help prevent compatibility problems and ensure new Secure Boot certificates are accepted. If your organization has identified Secure Boot update issues or your OEM recommends a firmware update, apply the latest BIOS/UEFI update before installing Secure Boot–related Windows updates.

Some OEMs provide firmware updates that include important fixes and updated certificate stores. These updates help Secure Boot function correctly with new Windows certificates. Microsoft works closely with OEM partners to ensure these updates integrate smoothly with Windows.

Step 4: Plan and pilot Secure Boot certificate deployments​

As you’ve seen in Step 1, Microsoft can assist with your Secure Boot updates if you enable diagnostic data.

You can also deploy new Secure Boot certificates yourself for devices that don’t already have them. Choose a way to do this with registry keys, via Windows Configuration System (WinCS) command-line interface (CLI), or using Group Policy today. Pilot your desired method first on a representative set of devices to gain confidence.

In a typical enterprise deployment, whatever option you choose, allow approximately 48 hours and one or more restarts after changing configuration for updates to fully apply. See How updates are deployed for more details. For testing scenarios, you can accelerate the experience by following the steps outlined in Device Testing Using Registry Keys.

Important: Avoid mixing deployment methods on the same device. For additional technical recommendations to help you plan and deploy your Secure Boot updates, see Deployment strategies.

Option 1: Deploy certificates with registry keys​

Find the AvailableUpdates registry key located under this registry path:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecureBoot

Set its value to 0x5944 to deploy all needed certificates and update to the Windows UEFI CA 2023 signed boot manager. This key corresponds to the Group Policy setting Enable Secure Boot certificate deployment. For details, see Registry key updates for Secure Boot: Windows devices with IT-managed updates.

Option 2: Deploy certificates via Windows Configuration System (WinCS)​

New command-line tools are now available for domain-joined clients on Windows 11, versions 25H2, 24H2, and 23H2.

These include both a traditional executable and a PowerShell module to query and apply Secure Boot configurations locally to a device. For step-by-step guidance, see Windows Configuration System (WinCS) APIs for Secure Boot.

Deploy the Secure Boot updates via WinCS:
  • Feature name: Feature_AllKeysAndBootMgrByWinCS
  • WinCS key value: F33E0C8E002
  • Secure Boot configuration state: Enabled

Option 3: Deploy certificates using Group Policy​

Group Policy settings are available by navigating to Computer Configuration > Administrative Templates > Windows Components > Secure Boot.

To apply Secure Boot updates to devices using Group Policy, set the Enable Secure Boot certificate deployment policy to Enabled. This lets Windows automatically begin the certificate deployment process. This setting corresponds to the registry key AvailableUpdates.

Be sure to get the latest version of the .admx for Windows 11 and Windows Server. For more details, see Group Policy Objects (GPO) method of Secure Boot for Windows devices with IT-managed updates.

Option 4: Deploy certificates using mobile device management (coming soon)​

Soon, you’ll be able to manage Secure Boot updates using MDM solutions, such as Microsoft Intune. When this method is available, we will post updated guidance at Windows Secure Boot certificate expiration and CA updates - Microsoft Support.

Step 5. Troubleshoot and remediate common issues​

You can also use registry keys and Windows Event Log events to identify and resolve common issues:
  • The UEFICA2023Error registry key doesn’t exist if there are no errors. If it exists with a value other than 0, check your remediation recommendations in Secure Boot DB and DBX variable update events.
  • The AvailableUpdates registry key on a device is set to 0x4104. If it doesn’t clear the 0x0004 bit even after multiple restarts, the device doesn’t progress past deploying the new Key Exchange Key (KEK) certificate. If you encounter this error, check with your OEM to confirm they have followed the steps outlined in Windows Secure Boot Key Creation and Management Guidance.
  • If Event Viewer Windows Logs for System registers an Event ID 1795, it means that there was an error when Windows attempted to hand off the certificates to firmware. Check with the OEM to see if there is a firmware update available for the device to resolve this issue.

Your update strategy begins today​

Today, you can start preparing, monitoring, deploying, and troubleshooting Secure Boot certificates in advance of the June 2026 expiration date. The new registry keys, WinCS, Group Policy, and Windows Log tools are here to support you and are just the beginning. More tools for additional scenarios are in development.

For the latest information, bookmark Windows Secure Boot certificate expiration and CA updates. Looking for a specific topic?

 Source:

techcommunity.microsoft.com

Secure Boot playbook for certificates expiring in 2026

Explore tools and step-by-step guidance to help you proactively update your Secure Boot certificates.
techcommunity.microsoft.com techcommunity.microsoft.com



 Windows IT Pro Blog:

Updating Microsoft Secure Boot keys​

Microsoft, in collaboration with our ecosystem partners, is preparing to roll out replacement certificates that’ll set new Unified Extensible Firmware Interface (UEFI) Certificate Authorities (CAs) trust anchors in Secure Boot for the future. Look out for Secure Boot database updates rolling out in phases to add trust for the new database (DB) and Key Exchange Key (KEK) certificates. This new DB update is available as an optional servicing update for all Secure Boot enabled devices from February 13, 2024.

What is Secure Boot?​

Secure Boot is a security feature in the UEFI that helps ensure that only trusted software runs during the system’s boot sequence. It works by verifying the digital signature of any software against a set of trusted digital keys stored in the UEFI. As an industry standard, UEFI’s Secure Boot defines how platform firmware manages certificates, authenticates firmware, and how the operating system (OS) interfaces with this process. For more details on UEFI and Secure Boot, please refer to this article.

Secure Boot was first introduced to Windows systems with the Windows 8 release to protect against the emerging pre-boot malware (bootkit) threat at that time. Since then, Secure Boot has continued to be a part of Microsoft's Trusted Boot security architecture. Secure Boot authenticates modules such as UEFI firmware drivers, bootloaders, applications, and option ROMs (Read-Only Memory), which are firmware run by the PC BIOS during platform initialization, before they are all executed. As the final step of the Secure Boot process, the firmware verifies the Windows boot loader is trusted by Secure Boot and then passes control to the boot loader which in turn verifies, loads into memory, and launches Windows. This process coupled with the UEFI firmware signing process helps to ensure that only verified code executes before Windows, preventing attackers from utilizing the boot path as an attack vector. To learn more about how Secure Boot fits in with the overall Windows chip-t-cloud security, please refer to the Windows Security Book RWMyFE.

Trust and authenticity in Secure Boot are built using the Public-Key Infrastructure (PKI). This establishes a certificate management system which utilizes CAs to store digital certificates. These CAs, consisting of Original Equipment Manufacturer (OEM) or their delegates and Microsoft, generate key pairs that form the root of trust of a system.

bS00MDU1MzI0LTU1MTA0OWlGOEI2MDY4MzMyRDJDNzBC


Secure Boot “root of trust”: Setting trust anchors for the future​

Secure Boot’s root of trust utilizes a hierarchical system, where the Platform Key (PK) is typically managed by the OEM and used to sign updates to the KEK database. The KEK in turn signs updates to both the Allowed Signature DB and the Forbidden Signature Database (DBX).

The Secure Boot Allowed Signature DB and the DBX are integral to the functionality of Secure Boot. Bootloader modules’ signing authority must be allowlisted by the Secure Boot DB, while the DBX is used for revoking previously trusted boot components. Updates to the DB and DBX must be signed by a KEK in the Secure Boot KEK database.

The configuration of Secure Boot DB and KEK for Windows devices has remained the same since Windows 8. Microsoft requires every OEM to include the same three certificates managed by Microsoft for Windows and in support of the third-party hardware and OS ecosystem. These include the Microsoft Corporation KEK CA 2011 stored in the KEK database, and two certificates stored in the DB called the Microsoft Windows Production PCA 2011, which signs the Windows bootloader, and the Microsoft UEFI CA 2011 (or third-party UEFI CA), which signs third-party OS and hardware driver components.

All three of these Microsoft certificates expire in 2026. So, in collaboration with our ecosystem partners, Microsoft is preparing to roll out replacement certificates that will set new UEFI CA trust anchors for the future. Microsoft will be rolling out Secure Boot database updates in phases to add trust for the new DB and KEK certificates. The first DB update will add the Microsoft Windows UEFI CA 2023 to the system DB. The new Microsoft Windows UEFI CA 2023 will be used to sign Windows boot components prior to the expiration of the Windows Production CA 2011. This DB update will be optional for the February 2024 servicing and preview updates, and can be manually applied to devices. Microsoft will slowly roll out this DB update as we validate devices and firmware compatibility globally. The full DB update’s controlled-rollout process to all Windows customers will begin during the 2024 April servicing and preview updates, ahead of the certificate expiration in 2026. Meanwhile, efforts to update the Microsoft UEFI CA 2011 (aka third-party UEFI CA) and Microsoft Corporation KEK CA 2011 will begin late 2024, and will follow a similar controlled rollout process as this DB update.

While Microsoft has frequently performed DBX updates globally since the inception of Secure Boot, this will be the first DB update performed on such a large scale. We’re actively collaborating with our OEM partners to identify and address bugs in firmware implementation that could result in unbootable systems or render a device unreceptive to the DB update. To ensure a successful rollout, devices with identified issues will be suspended from receiving the update until a fix is released.

Microsoft is taking a very deliberate and cautious approach to rolling out this update. With this DB update, Microsoft will sustain its ability to service all Windows devices’ boot components.

Guidance to manually apply DB update​

The DB update is available on February 13, 2024, along with manual steps to allow customers to test for firmware compatibility, especially for organizations with fleets of devices. If you would like to manually apply the DB update to validate that your system is compatible, please read the following instructions. These actions should be completed with non-critical hardware representing devices in your environment.

Pre-requisite checks​

Before attempting the DB update, please ensure to perform the necessary pre-requisite checks:
  1. If you intend to manually apply this update to a large group of devices, we advise that you begin by rolling out to individual devices with the same firmware and specifications first to minimize the risks in the case of firmware bugs in your devices.
  2. Please verify that your UEFI firmware version is the most recent available version by your firmware vendor or OEM.
  3. For data backup steps, please refer to this guide.
  4. If you use BitLocker or if your enterprise has deployed BitLocker on your machine, ensure to backup BitLocker Keys:

    www.elevenforum.com

    Backup BitLocker Recovery Key in Windows 11

    This tutorial will show you how to back up the BitLocker recovery key for a drive in Windows 10 and Windows 11. BitLocker Drive Encryption is a data protection feature that integrates with the operating system and addresses the threats of data theft or exposure from lost, stolen, or...
    www.elevenforum.com www.elevenforum.com

    A) See this portal to ensure your BitLocker keys are backed up before your next reboot for your selfhost device. In the unlikely event that device becomes inoperable after receiving the update, the hard drive can still be unlocked.

    B) If the keys are backed up, the UI should resemble the following:

    bS00MDU1MzI0LTU1MTA1MGk5NzY0QzRENjdBQkYwRkE2


    C) If the keys are not backed up, please open Windows Search to search for “Manage BitLocker” and select Back up your recovery key followed by Save to your Azure AD or MSA account.

    bS00MDU1MzI0LTU1MTA1MWlEQkZDQTZDNDBDOEQwNzMy


    bS00MDU1MzI0LTU1MTA1Mmk5QjE2MDRBRTAyMUE1MDQ5


    bS00MDU1MzI0LTU1MTA1M2k2MzgxMUE1NEQ5NjEzREE4
For users that use a local account instead of an Azure Active Directory (AAD) or Microsoft account (MSA), you can print your recovery password, save to a file, and store it in a secure location.


 Formal DB update steps

  1. Apply the February 2024 (or later) security update.
  2. Open a PowerShell console and ensure that PowerShell is running as an administrator before running the following commands:
    1. Set the registry key to:

      Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\SecureBoot" -Name "AvailableUpdates" -Value 0x40
    2. Run the following scheduled task as:

      Start-ScheduledTask -TaskName "\Microsoft\Windows\PI\Secure-Boot-Update"
  3. Reboot the machine twice after running these commands to confirm that the machine is booting with the updated DB.
  4. To verify that the Secure Boot DB update was successful, open a PowerShell console and ensure that PowerShell is running as an administrator before running the following command:

    [System.Text.Encoding]::ASCII.GetString((Get-SecureBootUEFI db).bytes) -match ‘Windows UEFI CA 2023’

    bS00MDU1MzI0LTU1MTA1NGlGNjJBRDlDRTNCRDJCQTIw
If the command returns “True”, the update was successful. In the case of errors while applying the DB update, please refer to the article, KB5016061: Addressing vulnerable and revoked Boot Managers.


 Source:

techcommunity.microsoft.com

Updating Microsoft Secure Boot keys | Windows IT Pro blog

A new Microsoft Windows UEFI CA 2023 will replace the existing Windows Production 2011 CA.
techcommunity.microsoft.com techcommunity.microsoft.com
techcommunity.microsoft.com

Secure Boot playbook for certificates expiring in 2026

Explore tools and step-by-step guidance to help you proactively update your Secure Boot certificates.
techcommunity.microsoft.com techcommunity.microsoft.com
techcommunity.microsoft.com

Windows Server Secure Boot playbook for certificates expiring in 2026 | Microsoft Community Hub

This guidance describes the tools and options available to help organizations update Secure Boot certificates on Windows Server before the certificates begin...
techcommunity.microsoft.com techcommunity.microsoft.com

See also:
www.elevenforum.com

Act now: Secure Boot certificates expire in June 2026

UPDATE: https://www.elevenforum.com/t/updating-microsoft-secure-boot-keys-before-expiration-in-june-2026.22477/ Windows IT Pro Blog: Prepare for the first global large-scale certificate update to Secure Boot. The Microsoft certificates used in Secure Boot are the basis of trust for operating...
www.elevenforum.com www.elevenforum.com

Windows Secure Boot certificate expiration and CA updates - Microsoft Support

support.microsoft.com support.microsoft.com

Windows Secure Boot certificate expiration and CA updates - Microsoft Support

support.microsoft.com support.microsoft.com

Frequently asked questions about the Secure Boot update process - Microsoft Support

support.microsoft.com support.microsoft.com
 
Last edited:
Click to expand...
garlin said:
From a Secure Boot point of view, you're good.
I've checked and there is no Microsoft Development PCA 2014 as a Secure Boot cert.

It could be one of the policy files like SiPolicy.p7b or SkuSiPolicy.p7b.

1. Shutdown Windows.
2. Disable Secure Boot.

3. Restart Windows.
Code: 
mountvol S: /s
cd /d S:\EFI\Microsoft\Boot
ren SiPolicy.p7b RENAMED_SiPolicy.p7b
ren SkuSiPolicy.p7b RENAMED_SkuSiPolicy.p7b

4. Restart Windows once more.
5. Re-enable Secure Boot.

If that doesn't work, then you can restore the two policy files back as their normal filenames.
Click to expand...
With 29558 I cannot even boot the installation media with Secure Boot Enabled. 🤷‍♂️
 

My Computer

System One

  • OS
    Windows 11 Pro 25H2
    Computer type
    PC/Desktop
    Manufacturer/Model
    Dell XPS 8930
    CPU
    Intel I9-9900K
    Memory
    64GB
    Graphics Card(s)
    NVIDIA RTX 2060
    Sound Card
    NVIDIA High Definition Audio
    Monitor(s) Displays
    4k Samsung
    Screen Resolution
    3840 x 2160
    Hard Drives
    512GB NVMe, ADATA SU 800, 2TB HDD
garlin said:
OPTION 2 has the instructions to have the CA 2023 boot manager installed.
Click to expand...
done new results for my desktop PC.



C:\Temp_SecureBootCheck>Check-UEFI.bat -verbose
PowerShell 7.6.0
Windows 11 25H2 (26200.8117)

Secure Boot: ON
Virtualization Based Security: OFF
BitLocker on (C:) OFF

BIOS Firmware
-------------
System manufacturer System Product Name
Version: 5044
Date: 2026-01-03

Factory Default UEFI PK Cert
----------------------------
ASUSTeK MotherBoard PK Certificate

UEFI PK Cert
------------
ASUSTeK MotherBoard PK Certificate

Factory Default UEFI KEK Certs
------------------------------
Microsoft Corporation KEK CA 2011
Microsoft Corporation KEK 2K CA 2023
ASUSTeK MotherBoard KEK Certificate

UEFI KEK Certs
--------------
Microsoft Corporation KEK CA 2011
Microsoft Corporation KEK 2K CA 2023
ASUSTeK MotherBoard KEK Certificate

Factory Default UEFI DB Certs
-----------------------------
Microsoft Corporation UEFI CA 2011
Microsoft Windows Production PCA 2011
Microsoft Option ROM UEFI CA 2023
Microsoft UEFI CA 2023
Windows UEFI CA 2023
ASUSTeK MotherBoard SW Key Certificate
ASUSTeK Notebook SW Key Certificate

UEFI DB Certs
-------------
Microsoft Corporation UEFI CA 2011
Microsoft Windows Production PCA 2011
Microsoft Option ROM UEFI CA 2023
Microsoft UEFI CA 2023
Windows UEFI CA 2023
ASUSTeK MotherBoard SW Key Certificate
ASUSTeK Notebook SW Key Certificate

Factory Default UEFI DBX Certs
------------------------------
(NONE)
EFI_CERT_SHA256_GUID Signatures: 430

UEFI DBX Certs
--------------
(NONE)
Windows BootMgr SVN is MISSING.
EFI_CERT_SHA256_GUID Signatures: 430

EFI Files
---------
Disk 1: Windows Boot Manager [Windows UEFI CA 2023] is ALLOWED.
bootmgfw.efi File version: 26100.30227

Registry: WindowsUEFICA2023Capable = 2
[Windows UEFI CA 2023] in UEFI DB, and Windows starting from CA 2023 Boot Manager.

all set now right?
will boot at all right? LOL @_@

I rebooted my desktop PC after installing the 2023 certs to boot manager..
it booted :D :D ^_^ huwayy!
task is complete for desktop PC that just leaves my DELL laptop...
 

My Computers

System One System Two

  • OS
    Windows 11 Pro (x64)(v25H2)(26200.8524)
    Computer type
    PC/Desktop
    Manufacturer/Model
    [Self-built](custom-build)(June 2020)
    CPU
    AMD Ryzen 9 3900X 12-Core/24-threads
    Motherboard
    Asus PRIME X570-PRO (BIOS_r5044 [01/04/2026])
    Memory
    64GB, 2x G.Skill 32GB (PC3200)(DDR4-2137)
    Graphics Card(s)
    ASUS PRIME GeForce RTX 5070 12GB OC Edition, GPU by NVIDIA.
    Sound Card
    Realtek® ALC1220A 8-Channel High Definition Audio CODEC
    Monitor(s) Displays
    24" DELL Gaming Monitor - G2422HS - DisplayPort used
    Screen Resolution
    1920x1080p at 165Hz (16:9 Aspect Ratio)
    Hard Drives
    2TB Samsung 980 Pro (NVMe)(SSD)
    4TB Samsung 990 Pro (NVMe)(SSD)
    2TB Samsung 870 EVO (SSD)

    NVMe 2TB
    -- OS(Win11 Pro x64),
    -- programs,
    -- programming(MS Visual Studios 2022 Community Ed.),
    -- music

    NVMe 4TB
    video game installs.

    #3 FILE Server!
    PSU
    Thermaltake TOUGHPOWER DPS G RGB Titanium Certified 1250Watt
    Case
    Corsair Graphite Series 780T Full Tower PC Case
    Cooling
    AMD Wraith cooler (stock) & 3x Corsair case fans
    Keyboard
    Redragon K580 VATA RGB LED Backlit Mechanical Gaming Keyboard (brown switches).
    Mouse
    Redragon M602 RGB Wired USB Gaming mouse
    Internet Speed
    2,100Mbps Download, 300Mbps Upload
    Browser
    Firefox & Google Chrome
    Antivirus
    n/a aka "ABOVE TOP SECRET!" lol ;)
    Other Info
    My System is the ULTIMATE GAMING RIG ^_^
    TP-Link BE9300 Tri-Band Wi-Fi 7 Wireless 2.5Gigabit Router
    Model Archer BE550 (v1.0)
    Arris S34 Cable Modem
    Nvidia GFX Drivers: (v596.49)
    Realtek UAD Drivers: (v6.0.9977.1)
    Realtek LAN Drivers:(v1125.29.50.202)(2026-04-19)
    Intel LAN Drivers: (v14.01.24.00)(2025-10-03)
  • Operating System
    Windows 11 Pro x64
    Computer type
    Laptop
    Manufacturer/Model
    DELL G15 Ryzen edition, model 5515
    CPU
    AMD Ryzen 7 5800H
    Motherboard
    DELL G15 Ryzen edition
    Memory
    32GB GSkill DDR4 2x 16GB sticks
    Graphics card(s)
    Ryzen 7 5800H integrated AMD Radeon Graphics and Nvidia GeForce 3060 6GB
    Sound Card
    Realtek ALC3254 with Nahimic 3D Audio for Gamers
    Monitor(s) Displays
    built-in
    Screen Resolution
    1920x1080
    Hard Drives
    512GB NVMe SSD, 1TB Samsung 970 EVO NVMe SSD
    PSU
    unknown
    Case
    laptop
    Keyboard
    built-in
    Mouse
    Logitech B100 USB
    Internet Speed
    2,100Mbps download, 300Mbps upload
    Browser
    Firefox & Google Chrome
Melchior said:
I rebooted my desktop PC after installing the 2023 certs to boot manager..
it booted :D :D ^_^ huwayy!
task is complete for desktop PC that just leaves my DELL laptop...
Click to expand...
You're done with adding CA 2023 certs. PCA 2011 hasn't been revoked (but that's optional until later this year).
 

My Computer

System One

  • OS
    Windows 7
garlin said:
You're done with adding CA 2023 certs. PCA 2011 hasn't been revoked (but that's optional until later this year).
Click to expand...
will the "PCA 2011 hasn't been revoked" be automatic later this year?
 

My Computers

System One System Two

  • OS
    Windows 11 Pro (x64)(v25H2)(26200.8524)
    Computer type
    PC/Desktop
    Manufacturer/Model
    [Self-built](custom-build)(June 2020)
    CPU
    AMD Ryzen 9 3900X 12-Core/24-threads
    Motherboard
    Asus PRIME X570-PRO (BIOS_r5044 [01/04/2026])
    Memory
    64GB, 2x G.Skill 32GB (PC3200)(DDR4-2137)
    Graphics Card(s)
    ASUS PRIME GeForce RTX 5070 12GB OC Edition, GPU by NVIDIA.
    Sound Card
    Realtek® ALC1220A 8-Channel High Definition Audio CODEC
    Monitor(s) Displays
    24" DELL Gaming Monitor - G2422HS - DisplayPort used
    Screen Resolution
    1920x1080p at 165Hz (16:9 Aspect Ratio)
    Hard Drives
    2TB Samsung 980 Pro (NVMe)(SSD)
    4TB Samsung 990 Pro (NVMe)(SSD)
    2TB Samsung 870 EVO (SSD)

    NVMe 2TB
    -- OS(Win11 Pro x64),
    -- programs,
    -- programming(MS Visual Studios 2022 Community Ed.),
    -- music

    NVMe 4TB
    video game installs.

    #3 FILE Server!
    PSU
    Thermaltake TOUGHPOWER DPS G RGB Titanium Certified 1250Watt
    Case
    Corsair Graphite Series 780T Full Tower PC Case
    Cooling
    AMD Wraith cooler (stock) & 3x Corsair case fans
    Keyboard
    Redragon K580 VATA RGB LED Backlit Mechanical Gaming Keyboard (brown switches).
    Mouse
    Redragon M602 RGB Wired USB Gaming mouse
    Internet Speed
    2,100Mbps Download, 300Mbps Upload
    Browser
    Firefox & Google Chrome
    Antivirus
    n/a aka "ABOVE TOP SECRET!" lol ;)
    Other Info
    My System is the ULTIMATE GAMING RIG ^_^
    TP-Link BE9300 Tri-Band Wi-Fi 7 Wireless 2.5Gigabit Router
    Model Archer BE550 (v1.0)
    Arris S34 Cable Modem
    Nvidia GFX Drivers: (v596.49)
    Realtek UAD Drivers: (v6.0.9977.1)
    Realtek LAN Drivers:(v1125.29.50.202)(2026-04-19)
    Intel LAN Drivers: (v14.01.24.00)(2025-10-03)
  • Operating System
    Windows 11 Pro x64
    Computer type
    Laptop
    Manufacturer/Model
    DELL G15 Ryzen edition, model 5515
    CPU
    AMD Ryzen 7 5800H
    Motherboard
    DELL G15 Ryzen edition
    Memory
    32GB GSkill DDR4 2x 16GB sticks
    Graphics card(s)
    Ryzen 7 5800H integrated AMD Radeon Graphics and Nvidia GeForce 3060 6GB
    Sound Card
    Realtek ALC3254 with Nahimic 3D Audio for Gamers
    Monitor(s) Displays
    built-in
    Screen Resolution
    1920x1080
    Hard Drives
    512GB NVMe SSD, 1TB Samsung 970 EVO NVMe SSD
    PSU
    unknown
    Case
    laptop
    Keyboard
    built-in
    Mouse
    Logitech B100 USB
    Internet Speed
    2,100Mbps download, 300Mbps upload
    Browser
    Firefox & Google Chrome
You can wait for later, or revoke it now. Depends on your comfort level.

Revoking CA 2011 now means you need to check if you have bootable USB media that has Windows ISO's or a backup recovery image. Those need the newer boot files on them, otherwise they will have a banned boot file. Copying a new boot file to the USB is a relatively easy process.
 

My Computer

System One

  • OS
    Windows 7
garlin said:
You can wait for later, or revoke it now. Depends on your comfort level.

Revoking CA 2011 now means you need to check if you have bootable USB media that has Windows ISO's or a backup recovery image. Those need the newer boot files on them, otherwise they will have a banned boot file. Copying a new boot file to the USB is a relatively easy process.
Click to expand...
ooh easy huh?
lol :D do tell.

I will leave the 2011 un-revoked for now.

I have MediaCreationTool__Windows11__v24H2_build 7019.exe stored and a USB drive with Windows 11 on it..
thats as new as Microsoft has on their website for download.

not sure if its up to date on the USB flash drive...
 

My Computers

System One System Two

  • OS
    Windows 11 Pro (x64)(v25H2)(26200.8524)
    Computer type
    PC/Desktop
    Manufacturer/Model
    [Self-built](custom-build)(June 2020)
    CPU
    AMD Ryzen 9 3900X 12-Core/24-threads
    Motherboard
    Asus PRIME X570-PRO (BIOS_r5044 [01/04/2026])
    Memory
    64GB, 2x G.Skill 32GB (PC3200)(DDR4-2137)
    Graphics Card(s)
    ASUS PRIME GeForce RTX 5070 12GB OC Edition, GPU by NVIDIA.
    Sound Card
    Realtek® ALC1220A 8-Channel High Definition Audio CODEC
    Monitor(s) Displays
    24" DELL Gaming Monitor - G2422HS - DisplayPort used
    Screen Resolution
    1920x1080p at 165Hz (16:9 Aspect Ratio)
    Hard Drives
    2TB Samsung 980 Pro (NVMe)(SSD)
    4TB Samsung 990 Pro (NVMe)(SSD)
    2TB Samsung 870 EVO (SSD)

    NVMe 2TB
    -- OS(Win11 Pro x64),
    -- programs,
    -- programming(MS Visual Studios 2022 Community Ed.),
    -- music

    NVMe 4TB
    video game installs.

    #3 FILE Server!
    PSU
    Thermaltake TOUGHPOWER DPS G RGB Titanium Certified 1250Watt
    Case
    Corsair Graphite Series 780T Full Tower PC Case
    Cooling
    AMD Wraith cooler (stock) & 3x Corsair case fans
    Keyboard
    Redragon K580 VATA RGB LED Backlit Mechanical Gaming Keyboard (brown switches).
    Mouse
    Redragon M602 RGB Wired USB Gaming mouse
    Internet Speed
    2,100Mbps Download, 300Mbps Upload
    Browser
    Firefox & Google Chrome
    Antivirus
    n/a aka "ABOVE TOP SECRET!" lol ;)
    Other Info
    My System is the ULTIMATE GAMING RIG ^_^
    TP-Link BE9300 Tri-Band Wi-Fi 7 Wireless 2.5Gigabit Router
    Model Archer BE550 (v1.0)
    Arris S34 Cable Modem
    Nvidia GFX Drivers: (v596.49)
    Realtek UAD Drivers: (v6.0.9977.1)
    Realtek LAN Drivers:(v1125.29.50.202)(2026-04-19)
    Intel LAN Drivers: (v14.01.24.00)(2025-10-03)
  • Operating System
    Windows 11 Pro x64
    Computer type
    Laptop
    Manufacturer/Model
    DELL G15 Ryzen edition, model 5515
    CPU
    AMD Ryzen 7 5800H
    Motherboard
    DELL G15 Ryzen edition
    Memory
    32GB GSkill DDR4 2x 16GB sticks
    Graphics card(s)
    Ryzen 7 5800H integrated AMD Radeon Graphics and Nvidia GeForce 3060 6GB
    Sound Card
    Realtek ALC3254 with Nahimic 3D Audio for Gamers
    Monitor(s) Displays
    built-in
    Screen Resolution
    1920x1080
    Hard Drives
    512GB NVMe SSD, 1TB Samsung 970 EVO NVMe SSD
    PSU
    unknown
    Case
    laptop
    Keyboard
    built-in
    Mouse
    Logitech B100 USB
    Internet Speed
    2,100Mbps download, 300Mbps upload
    Browser
    Firefox & Google Chrome
Run Update_UEFI-CA2023.ps1 -BootMedia

The script tries to search for existing boot files on removable USB drives, and replace them if CA 2023 has been fully installed. In the worst case, you can temporarily disable Secure Boot and any bootable USB will work (regardless of its status).
 

My Computer

System One

  • OS
    Windows 7

My Computer

System One

  • OS
    Windows 11 Pro 64bit (release preview channel)
    Computer type
    PC/Desktop
    Manufacturer/Model
    Asus
    CPU
    i5 8400
    Motherboard
    ROG STRIX Z370-H GAMING
    Memory
    16 GB DDR4
    Graphics Card(s)
    RTX 3060 Ti
    Sound Card
    On Board
    Monitor(s) Displays
    Acer VG242Y P
    Screen Resolution
    1080p
    Hard Drives
    Intel 660p SSD
    PSU
    800w
    Internet Speed
    1000 Mbps
Warre1 said:
i also have changed text on that.
View attachment 167668
Click to expand...

I see the new text on my Dev Build 26300.8142 and Canary 28020.1797. 🤷‍♂️
1775204353697.webp
Edition Windows 11 Pro Insider Preview
Version 25H2
Installed on ‎2/‎2/‎2026
Evaluation expires on ‎8/‎11/‎2026 11:09 AM
OS build 26300.8142
Experience Windows Feature Experience Pack 1000.26100.345.0

Edition Windows 11 Pro Insider Preview
Version 26H1
Installed on ‎2/‎13/‎2026
Evaluation expires on ‎8/‎11/‎2026 11:09 AM
OS build 28020.1797
Experience Windows Feature Experience Pack 1000.26100.343.0


______________________________________________________________________________

While on the same machine when I boot 26200.8117, I still see the old text. 😵‍💫🤷‍♂️

1775204799064.webp

Edition Windows 11 Pro
Version 25H2
Installed on ‎8/‎29/‎2025
OS build 26200.8117
Experience Windows Feature Experience Pack 1000.26100.297.0
 
Last edited:

My Computer

System One

  • OS
    Windows 11 Pro 25H2
    Computer type
    PC/Desktop
    Manufacturer/Model
    Dell XPS 8930
    CPU
    Intel I9-9900K
    Memory
    64GB
    Graphics Card(s)
    NVIDIA RTX 2060
    Sound Card
    NVIDIA High Definition Audio
    Monitor(s) Displays
    4k Samsung
    Screen Resolution
    3840 x 2160
    Hard Drives
    512GB NVMe, ADATA SU 800, 2TB HDD
Im on a legacy ASUS bios , no updates available...............so I guess ; My Windows 11 is out of the game , this year !! :(
 

My Computer

System One

  • OS
    Windows11 Pro 25H2
    Computer type
    PC/Desktop
    Manufacturer/Model
    Asus
    CPU
    i7
    Motherboard
    z97k
    Memory
    32GB
    Graphics Card(s)
    nVidia
    Sound Card
    Realtek
    Hard Drives
    3
    Cooling
    air
    Browser
    Edge
    Antivirus
    ESET

My Computers

System One System Two

  • OS
    Win 11 Pro 25H2 26200.8524
    Computer type
    PC/Desktop
    Manufacturer/Model
    Self Built
    CPU
    Intel® Core™ i7-14700K
    Motherboard
    ASUS TUF Z690-PLUS WIFI BIOS 4505 11/29/25
    Memory
    G.SKILL Ripjaws S5 Series 64GB (2 x 32GB) DDR5
    Graphics Card(s)
    ASUS GeForce RTX 4070 Super 12GB
    Sound Card
    Sound Blaster AE-5 Plus
    Monitor(s) Displays
    ASUS TUF Gaming 27" 2K HDR Gaming
    Screen Resolution
    2560 x 1440
    Hard Drives
    Samsung 990 Pro 1TB NVMe (Win 11 25H2)
    SK hynix P41 500GB NVMe 25H2 DEV/Games
    SK hynix P41 2TB NVMe (x3)
    Crucial P3 Plus 4TB
    PSU
    Corsair RM850x Shift
    Case
    Antec Dark Phantom DP502 FLUX
    Cooling
    Corsair Nautilus 360 RS AIO
    Keyboard
    Logitech MK 320
    Mouse
    Razer Basilisk V3
    Internet Speed
    350Mbs
    Browser
    Firefox
    Antivirus
    Winows Security
    Other Info
    MR 8.1 Home

    System 3 Specs
    Win 11 Pro 25H2 26200.8524
    ASUS PRIME Z370-P II BIOS 3004 7/12/21
    Intel Core i7-8700 CPU @ 3.20GHz
    32GB DDR4 RAM (4x8)
    iGPU Intel UHD Graphics 630
  • Operating System
    Win 11 Pro 25H2 26200.8524
    Computer type
    PC/Desktop
    Manufacturer/Model
    Self Built
    CPU
    Intel Core i7-11700F
    Motherboard
    Asus TUF Gaming Z590 Plus WiFi (BIOS 2803)
    Memory
    64 GB DDR4
    Graphics card(s)
    MSI GeForce RTX 3060 Ventus 2X 12GB
    Sound Card
    SoundBlaster Audigy Fx V2
    Monitor(s) Displays
    Samsung F27T350
    Screen Resolution
    1920x1080
    Hard Drives
    Samsung 980 Pro 1TB
    Samsung 970 EVO Plus 2TB
    Samsung 870 EVO 500GB SSD
    PSU
    Corsair HX750
    Case
    Cougar MX330-G Window
    Cooling
    Thermalright Frozen Edge 240 Black AIO
    Internet Speed
    350Mbps
    Browser
    Firefox
    Antivirus
    Windows Security
Scott said:
Same for me.

View attachment 167675
Click to expand...
I have 4 systems all on 26200.8117. One shows that the boot certificates are applied as above, the other 3 just show secure boot is on as normal and no mention of certificates, Perhaps this feature is another "gradual rollout"?
 

My Computers

System One System Two

  • OS
    Windows 11 Home 24H2 RP
    Computer type
    PC/Desktop
    Manufacturer/Model
    Self-build
    CPU
    Intel I3-10100
    Motherboard
    MSI H410M-PRO
    Memory
    16 GB
    Graphics Card(s)
    Nvidia GT 1030
    Sound Card
    Motherboard default
    Monitor(s) Displays
    Philips 27 inch
    Screen Resolution
    1920x1080
    Hard Drives
    Samsung EVO 970 NVMe SSD 256 Gb
    Samsung QVO 870 SATA SSD 2 Tb
    PSU
    ATX 450W
    Keyboard
    Logitech
    Mouse
    Logitech Wireless
    Internet Speed
    930 Mb down / 120 Mb up
    Browser
    Edge
    Antivirus
    Windows Defender
    Other Info
    Microsoft Office 2021 Plus
  • Operating System
    Windows 11 Home
    Computer type
    PC/Desktop
    Manufacturer/Model
    Self-build
    CPU
    Intel i3-8100
    Motherboard
    Gigabyte Z370 D3
    Memory
    16 Gb
    Graphics card(s)
    Nvidia GT 720
    Sound Card
    Motherboard default
    Monitor(s) Displays
    Philips 27-inch
    Screen Resolution
    1920x1080
    Hard Drives
    Samsung 960 NVMe SSD 256 Gb
    Seagate 2 Tb HDD
    PSU
    ATX 450W
    Keyboard
    Microsoft
    Mouse
    Logitech Wireless
    Internet Speed
    930 Mb down / 120 Mb up
    Browser
    Edge
    Antivirus
    Windows Defender

My Computers

System One System Two

  • OS
    Windows11 Pro 26200.8524
    Computer type
    PC/Desktop
    Manufacturer/Model
    Dell Alienware Aurora R16
    CPU
    Intel Core i9 14900F (24 -Core, 68 MB Total Cache)
    Motherboard
    Dell Alienware
    Memory
    32GB DDR5
    Graphics Card(s)
    RTX 4080 Super w/581.95
    Sound Card
    Realtec
    Monitor(s) Displays
    Corsair XENEON 32QHD165
    Screen Resolution
    2560 X 1440
    Hard Drives
    1-2TB Samsung 990 Pro PCIe NVMe M2 SSD
    1-4TB Samsung 990 Pro PCIe NVMe M2 SSD
    PSU
    1000 Watt Platinum Dell
    Case
    Alienware
    Cooling
    Liquid Closed Loop
    Keyboard
    Logitech MK270 Wireless Keyboard
    Mouse
    Logitech MK270 Wireless
    Internet Speed
    100Gb's Down-20 Up
    Browser
    Firefox 151.0.2
    Antivirus
    Defender
    Other Info
    Very Quiet And Fast
    CyberPower UPS CP1500PFCLCD
  • Operating System
    PClinuxOS Mate (2025.7)
    Computer type
    PC/Desktop
    Manufacturer/Model
    Intel
    CPU
    13th Gen Inter(R) Core(TM) i3-1315U
    Motherboard
    Intel
    Memory
    64 GB DDR4 @3200 MHz.
    Graphics card(s)
    Internal
    Sound Card
    None
    Monitor(s) Displays
    Dell 2419HGCF
    Screen Resolution
    1920 X 1080
    Hard Drives
    SAMSUNG 980 PRO SSD 2TB, PCIe 4.0 M.2 2280
    PSU
    Chicony 30 Watt
    Case
    Small
    Keyboard
    Dell
    Mouse
    Razor
    Internet Speed
    1GB
    Browser
    Slimjet
Well , if you update your internet-security/ anti-virus on a regular base , there should be not much wrong , you will keep getting your Win-updates , even with secure boot off / legacy bios / MBR.............
So, Win11 will keep functioning in Legacy bios ( no sec.boot) as well ............! :wink:

Please , let me know if Im wrong................ 🛠️
 
Last edited:

My Computer

System One

  • OS
    Windows11 Pro 25H2
    Computer type
    PC/Desktop
    Manufacturer/Model
    Asus
    CPU
    i7
    Motherboard
    z97k
    Memory
    32GB
    Graphics Card(s)
    nVidia
    Sound Card
    Realtek
    Hard Drives
    3
    Cooling
    air
    Browser
    Edge
    Antivirus
    ESET
IT admin guide: Secure Boot certificate update status in the Windows Security app

[NOTE]: This registry key is optional, and only exists if you need to hide the Secure Boot status from users:

Feature Enablement Registry Key​

To enable or disable the Secure Boot certificate status feature, use the following registry subkey and entries:

Setting Details
Registry subkey HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Device security
Name HideSecureBootStates
Type REG_DWORD
Values 0 = Enabled (Show Secure Boot certificate status.)
1 = Disabled (Hide Secure Boot certificate status.)
Not present = Default (Enabled for Home/Pro; Disabled for Enterprise/Server)

Feature release schedule per OS version​

Enhancements in the Windows Security app that provide additional information about Secure Boot certificates will roll out in two phases, with timing varying by supported Windows version.

Phase 1 features​

What's included:
  • Secure Boot certificate update status displayed on the Device security page.
  • Icon badges reflecting the current certificate state. During Phase 1, badges are either green or yellow (caution), and the user can select the dismissal option to revert a yellow icon badge to green.
  • A "Learn more" link to additional guidance at aka.ms/getsecureboot.
Operating system Available
Windows 11 (23H2, 24H2, 25H2, 26H1)April 8, 2026 (app update)
Windows Server 2025April 8, 2026 (app update)
Windows 10 (22H2, 21H2, 1809)April 14, 2026 (cumulative update)
Windows Server 2019 & 2022 (Desktop Experience)April 14, 2026 (cumulative update)

Phase 2 features​

What's included:
  • App notifications for actionable and unserviceable Secure Boot states.
  • Yellow (caution) state allows user to select dismissal option to suppresses new notifications for this state.
  • Option for user to select "I accept the risks, don't remind me" for red (critical) states. This option reverts badges to "green" and suppresses all new notifications. (Requires administrator privileges).
Operating system Available
Windows 11 (23H2, 24H2, 25H2, 26H1) & Windows Server 2025May 16, 2026 (app update)
Windows 10 (22H2, 21H2, 1809)May 13, 2026 (cumulative update)
Windows Server 2019 & 2022 (Desktop Experience)May 13, 2026 (cumulative update)
 
Last edited:

My Computer

System One

  • OS
    Windows 7
I don't have the "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Device security" key
 

My Computer

System One

  • OS
    Windows 11 Pro 25H2
    Computer type
    Laptop
    Manufacturer/Model
    HP
    CPU
    Gen 11 Core i5
    Memory
    16GB
That indicates the new Security Center app hasn't been pushed out to everyone.

I don't have it yet, but I'm on 26200.8037 (March 2026). My Security Center is 1000.29510.0.1001, which is the current version offered in the Microsoft Updates Catalog. Windows Insiders might be getting it earlier.
 

My Computer

System One

  • OS
    Windows 7
i have that certificate text but not that register key.
 

My Computer

System One

  • OS
    Windows 11 Pro 64bit (release preview channel)
    Computer type
    PC/Desktop
    Manufacturer/Model
    Asus
    CPU
    i5 8400
    Motherboard
    ROG STRIX Z370-H GAMING
    Memory
    16 GB DDR4
    Graphics Card(s)
    RTX 3060 Ti
    Sound Card
    On Board
    Monitor(s) Displays
    Acer VG242Y P
    Screen Resolution
    1080p
    Hard Drives
    Intel 660p SSD
    PSU
    800w
    Internet Speed
    1000 Mbps
You must log in or register to reply here.

Similar threads

  • Article Article
Refreshing the root of trust: industry collaboration on Secure Boot certificate updates
Replies
6
Views
2K
garioch7
garioch7
  • Article Article
Act now: Secure Boot certificates expire in June 2026
17 18 19
Replies
361
Views
68K
Genix
Genix
Solved garlin's PowerShell scripts for updating Secure Boot CA 2023
104 105 106
Replies
2K
Views
171K
piggysmile15
piggysmile15

Latest Support Threads

Latest Tutorials

Back
Top Bottom