Hey everyone! I've got a query regarding the Secure Boot certificate update. When I execute `(Get-UEFISecureBootCerts db).Signature`, I see both the 2011 and the 2023 certificates listed. I'm wondering if the 2023 certificate will automatically become the active one after June, or if both certificates will remain active together without any priority? Thanks for your help!
1 Answer
From what I understand, OEMs are rolling out BIOS updates to include the 2023 certificate. You'll likely receive this update through Windows Update once it’s certified. Microsoft will also implement various phases in their monthly updates for the activation and enforcement of this new certificate in the UEFI bootloader. The unclear part is the timeline for when this will happen. Unlike some other recent changes, Microsoft hasn’t established a clear schedule for this. As long as the updates are managed effectively, user interaction shouldn't be a major concern.
If you're on a managed device, your IT should control when the UEFI certificate update goes live. If you're not managed, your device has to meet Microsoft's criteria based on previous models. You can trigger the update yourself, though, by tweaking a registry key. For more details, check out my blog or the official Microsoft documentation!