Updating The Expiring Secure Boot Certificates Is Sure To Go Without A Hitch
There’s No Way This Could Go Horribly Wrong
The root certificates used for Microsoft’s Secure Boot, to ensure only signed and trusted bootloaders are allowed to launch on UEFI devices expire in June. This is for any and all devices produced between 2011 and late 2024, as Microsoft did start providing the updated certificates to hardware manufacturers last year. The new Secure Boot certificates are being pushed via Windows Update, for the most part, which means if you are using an older version of Windows 11 or are still on Windows 10 you will not be getting the new certs.
To make things even more fun, not every machine can get new certs via the updates pushed via Windows Update. As you might expect, Microsoft is making that their customer’s problem and suggesting they reach out to their OEM to get the proper update. Microsoft can’t even be bothered to list what machines these might possibly be, essentially guaranteeing they will never be updated since the user will likely be unaware that their Secure Boot certs have expired.
Thankfully having expired certificates won’t prevent a machine from booting, it will just mean you are completely unprotected from nefarious bootloaders. The vast majority of users who need to go the extra mile to update their Secure Boot certs are unlikely to follow up, unless it breaks their favourite game. The new generation of anti-cheat software requires Secure Boot to be enabled, and this certificate update is sure to cause issues, which the users are most likely going to blame on the game publisher, not Microsoft.
Seeing as how Microsoft is never one to screw up in minor ways, today they also announced that Windows 11 26H1 will not be pushed via Windows Update. It will only be available, pre-installed, on select machines; before you celebrate please recall that Windows 11 25H2 hits EoL next October. The garbage piles of electronic waste created by their decision to require TPM 2.0 will grow even taller unless they reverse course. The thundering reaction from their Enterprise customers is sure to be heard by Microsoft, we shall see if they realize they need to do something about it in the coming months.
"After more than 15 years of continuous service, the original Secure Boot certificates are reaching the end of their planned lifecycle and begin expiring in late June 2026," said Windows Servicing and Delivery partner director Nuno Costa on Tuesday.
More Tech News From Around The Web
- Discord Will Require a Face Scan or ID for Full Access Next Month @ Slashdot
- Flickr emails users about data breach, pins it on third party @ The Register
- More than 135,000 OpenClaw instances exposed to internet in latest vibe-coded disaster @ The Register
- Google makes it easier to scrub your personal info and nudes from search @ Ars Technica
- New Raspberry Pi 4 Model Splits RAM Across Dual Chips @ Slashdot
- Cache is king and DIMMS are bling as memory prices soar @ The Register
- Linux 7.0 Kernel Confirmed By Linus Torvalds, Expected In Mid-April 2026 @ Slashdot
- A Bitcoin Blunder for the Ages: $40 Billion Accidentally Given Away @ Slashdot
- TP-Link Omada VPN Gateway ER8411 Review 10Gbps with a Catch @ ServeTheHome
