Skip to main content
Start a Conversation

Unsolved

anne_droid

5 Journeyman

 • 

1.6K Posts

 • 

6.2K Points

17

May 28th, 2026 17:46

Secure Boot 2023 Cert upgrade.

Hi

Not that it matters, but most of what follows is true.

I have seen several posts about the Secure Boot Certs 2023 being flagged up as missing.

Dell, I believe, has several to many BIOS upgrades that resolve the issue.

I don't have an issue.

PS C:\> ([System.Text.Encoding]::ASCII.GetString((Get-SecureBootUEFI db).bytes) -match 'Windows UEFI CA 2023')
True

Checking Secure Boot Certificates
To verify if your Secure Boot certificates are updated, you can use PowerShell on your Windows PC. Follow these steps:

Step 1: Open PowerShell
Press Windows + X and select Windows PowerShell (Admin) to run it as an administrator.
Step 2: Run the Command
Enter the following command in PowerShell:
powershell


([System.Text.Encoding]::ASCII.GetString((Get-SecureBootUEFI db).bytes) -match 'Windows UEFI CA 2023')

Step 3: Interpret the Result (my result is below)...

Windows PowerShell
Copyright (C) Microsoft Corporation. All rights reserved.

Install the latest PowerShell for new features and improvements! https://aka.ms/PSWindows

If the command returns True, your Secure Boot certificates are updated to the 2023 version.
If it returns False, your system is still using the older certificates, which are set to expire in June 2026.

Additional Steps if Certificates are Not Updated
If your certificates are not updated, consider the following actions:

Update Windows
Open Settings > Update & Security > Windows Update and check for updates. Install any pending updates.
Check OEM Firmware Updates

NB: You may need to add further steps to the process, double check with your Manufacturer.
EG: BitLocker Key (consider de-crypting your data) and Backups before making any changes.

Visit your PC manufacturer's support site (e.g., Dell, HP, Lenovo) to see if there are firmware updates available for your specific model.


Manual Registry Method


If updates do not resolve the issue, you may need to manually update the registry.

Use the following command in PowerShell:

powershell


reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Secureboot /v AvailableUpdates /t REG_DWORD /d 0x40 /f


After running this command, restart your PC and check the certificates again.

By following these steps, you can ensure that your Secure Boot certificates are current and your system remains secure.

  Kind Regards  

                                     

  anne_droid

No Responses!

Was this post helpful?

View All

No Events found!

Top