I've got several devices stashed away that might not be used until June 2026. Given that the secure boot certificates could expire before I get to them, I'm wondering if I'll still be able to update those certs once I pull the devices out of storage. Assuming I update the BIOS first, is it possible to apply the necessary cert updates after they've expired?
1 Answer
As far as I know, even if the secure boot certs expire, it won’t stop your devices from booting up later. You should be able to update them after you take the devices out of storage. Just keep in mind that while the revocation itself won't be an issue, Microsoft's guidance indicates that new security features meant for the early boot process won't be available unless you have updated certs before the expiry. So, while you can still perform updates, you might miss out on future enhancements or protections they release after cert expiration.
Thanks for clarifying! I figured as much, but I couldn't find a solid answer on whether the update system would still work post-expiration.