Windows Secure Boot Key Creation


gtspeck

gtspeck

Well-known member
Member
Local time
7:14 PM
Posts
98
Location
Kenner Louisiana
OS
Windows 11 24H2 Home
Reviewing “Windows Secure Boot Key Creation and Management Guidance” and not being computer proficient I’m not sure which certificate(s) I need. Do I need all three?

Any advice would be appreciated.

(1) Windows UEFI CA 2023 (2) Microsoft UEFI CA 2023 (3) Microsoft Option ROM UEFI CA 2023
 
Windows Build/Version
26100.4652 24H2

My Computer

System One

  • OS
    Windows 11 24H2 Home
    Computer type
    Laptop
    Manufacturer/Model
    HP ENVY
    CPU
    11th Generation Intel Core i7
    Memory
    12GB
    Monitor(s) Displays
    17.3” FHD Display
Someone correct me if I am wrong, but the Microsoft release notes today state that for home / consumer users no action is needed other than to allow the latest updates to be installed on your machine and to have Secure Boot enabled. The cert updates will then be automatic.
 

My Computers

System One System Two

  • OS
    Win11 Pro 24H2
    Computer type
    PC/Desktop
    Manufacturer/Model
    Self-built
    CPU
    Intel i7 11700K
    Motherboard
    ASUS Prime Z590-A MB
    Memory
    64GB (Waiting for warranty replacement of another 64GB for 128GB total)
    Graphics Card(s)
    No GPU - Built-in Intel Graphics
    Sound Card
    Integrated
    Monitor(s) Displays
    HP Envy 32
    Screen Resolution
    2560 x 1440
    Hard Drives
    1 x 1TB NVMe SSD
    1 x 2TB NVMe SSD
    1 x 4TB NVMe SSD
    3 x 512GB 2.5" SSD
    1 x 4TB 2.5" SSD
    5 x 8TB Seagate Barracuda HDD
    PSU
    Corsair HX850i
    Case
    Corsair iCUE RGB 5000X mid tower case
    Cooling
    Noctua NF-S12A chromax.black.swap case fans (Qty. 7) & Home Computer Specifications, Configuration, and Usage Notes General Specifications ASUS Prime Z590-A motherboard, serial number M1M0KC222467ARP Intel Core i7-11700K CPU (11th Gen Rocket Lake / LGA 1200 Socket) 128GB Crucial Ballistix RGB DDR4 3200 MHz DRAM (4 x 32GB) Corsair iCUE RGB 5000X mid tower case Noctua NH-D15 chromax.black CPU cooler Noctua NF-S12A chromax.black.swap case fans (Qty. 7) & Corsair LL-120 RGB Fans (Qty. 3)
    Keyboard
    Corsair K70 Max RGB Magnetic Keyboard
    Mouse
    Logitech MX Master 3
    Internet Speed
    1Gb Up / 1 Gb Down
    Browser
    Edge
    Antivirus
    Windows Defender
    Other Info
    The five 8TB drives and three 512GB SSDs are part of a DrivePool using StableBit DrivePool software. The three SSDs are devoted purely to caching for the 8TB drives. All of the important data is stored in triplicate so that I can withstand simultaneous failure of 2 disks.

    Networking: 2.5Gbps Ethernet and WiFi 6e
  • Operating System
    Win11 Pro 23H2
    Computer type
    Laptop
    Manufacturer/Model
    Lenovo ThinkBook 13x Gen 2
    CPU
    Intel i7-1255U
    Memory
    16 GB
    Graphics card(s)
    Intel Iris Xe Graphics
    Sound Card
    Realtek® ALC3306-CG codec
    Monitor(s) Displays
    13.3-inch IPS Display
    Screen Resolution
    WQXGA (2560 x 1600)
    Hard Drives
    2 TB 4 x 4 NVMe SSD
    PSU
    USB-C / Thunderbolt 4 Power / Charging
    Keyboard
    Backlit, spill resistant keyboard
    Mouse
    Buttonless Glass Precision Touchpad
    Internet Speed
    1Gb Up / 1Gb Down
    Browser
    Edge
    Antivirus
    Windows Defender
    Other Info
    WiFi 6e / Bluetooth 5.1 / Facial Recognition / Fingerprint Sensor / ToF (Time of Flight) Human Presence Sensor
gtspeck said:
Reviewing “Windows Secure Boot Key Creation and Management Guidance” and not being computer proficient I’m not sure which certificate(s) I need. Do I need all three?

Any advice would be appreciated.

(1) Windows UEFI CA 2023 (2) Microsoft UEFI CA 2023 (3) Microsoft Option ROM UEFI CA 2023
Click to expand...
Only the first two certs are really critical for home users.

Windows UEFI is for booting Windows
Microsoft UEFI is for booting EFI tools, or non-Windows OS'es like Linux
Microsoft Option ROM is for 3rd-parties to sign their own UEFI code

hsehestedt said:
Someone correct me if I am wrong, but the Microsoft release notes today state that for home / consumer users no action is needed other than to allow the latest updates to be installed on your machine and to have Secure Boot enabled. The cert updates will then be automatic.
Click to expand...
There will be automatic updates some time next year. Right now, it's "opt in".
 

My Computer

System One

  • OS
    Windows 7
You must log in or register to reply here.

Similar threads

Did you manually update your Secure Boot Keys ?
7 8 9
Replies
176
Views
9K
pseymour
pseymour
Enforce Secure Boot Requirement Win11 24H2 after drive failure and reinstall
Replies
1
Views
959
garlin
G
Solved Enabling Secure Boot
Replies
6
Views
763
bumgarb42
B
TPM 2.0 Devices and remediation of CVE-2023-24932 (Black Lotus) UEFI / Secure Boot Vulnerability. - Help for those with "Known Issues"
2
Replies
23
Views
4K
NetMan304
N
Windows 11 23H2: Secure Boot Failed to Update a Variable, Secure Boot is not enabled
Replies
1
Views
2K
FreeBooter
FreeBooter

Latest Support Threads

Latest Tutorials

Back
Top Bottom