I'm getting mixed messages from Windows about my Secure Boot certificates. The new security settings page is telling me that 'Secure Boot is on, but using an older boot trust configuration that should be updated,' and it mentions I don't have enough data for automatic updates. In contrast, when I check the updated certificates in PowerShell, it confirms that they're installed and returns 'True.' So, what do I actually need to do to keep everything updated? I'm running Win11 Pro with OS Build 26200.8246, and I have an ASUS TUF X670E Plus WiFi motherboard, which is updated to the latest BIOS, version 3842 released on March 17, 2026.
2 Answers
It sounds like you're on the right track by updating your BIOS. If your certificates are set to installed in PowerShell, that’s a good sign. Just keep an eye on your OS updates moving forward to ensure everything aligns properly. Sometimes, Windows needs a bit of time to catch up with the hardware settings, so patience may be key here!
First off, it's great that you're keeping an eye on your Secure Boot status! You should definitely check out the GitHub link related to UEFI Secure Boot. It has some handy info. If Secure Boot was set to 'Other OS' in your BIOS originally, that could be the issue. Try setting it to 'Windows UEFI' if you haven't already. Just make sure you do this after backing up important data — it’s always a safe bet!
Got it! I just switched it to 'Windows UEFI,' but can I still run into issues if Secure Boot wasn't turned on during my last update?
Thanks for clearing that up! I'll keep monitoring the updates and check the BIOS settings periodically.