Did you manually update your Secure Boot Keys ?

[mfessler 0]

Hi.

Current Microsoft Secure Boot Keys will expire in 2026. Therefore, it may be advisable to update the keys manually in advance.

I did the update and it was successful.

If you have bitlocker enabled, you are advised to save your bitlocker keys. You will need them after the secure boot key update. I don't have bitlocker enabled.

In powershell console opened as administrator, you must run the following commands, one at a time:

Set-ItemProperty -Path “HKLM:\SYSTEM\CurrentControlSet\Control\SecureBoot” -Name “AvailableUpdates” -Value 0x40

Start-ScheduledTask -TaskName “\Microsoft\Windows\PI\Secure-Boot-Update”

After you run the commands, you have to restart your PC twice for the update to take effect.

To check if the update is successful, you must run the following command in a powershell console with admin privileges:

[System.Text.Encoding]::ASCII.GetString((Get-SecureBootUEFI db).bytes) -match ‘Windows UEFI CA 2023’

This command should return the value TRUE. The below screenshot is from my PC. It returned a True value.



For further information, you may refer to the following Microsoft Windows IT Pro Blog:

Updating Microsoft Secure Boot keys before expiration in June 2026

https://support.microsoft.com/en-us/topic/frequently-asked-questions-about-the-secure-boot-update-process-b34bf675-b03a-4d34-b689-98ec117c7818 Windows IT Pro Blog: Microsoft, in collaboration with our ecosystem partners, is preparing to roll out replacement certificates that’ll set new Unified...

www.elevenforum.com

Hope you find this post helpful.