Forum Discussion
UEFI KEK Certs not updated on Windows 10
I have a Huawei D14 matebook from 2021 and updated the microsoft certificates, when I check this I get the following output, I see that the KEK cert is not updated is that stored in the bios ? Am I safe this way? Please help.
1 Reply
https://www.youtube.com/watch?v=7vfIaO70WQ0
https://www.catalog.update.microsoft.com/search.aspx?q=kb
https://consumer.huawei.com/en/support/pc-manager/
https://www.youtube.com/watch?v=_Htuf2DroIY
The original 2011 Microsoft Secure Boot Key Exchange Key (KEK) and Signature Database (DB) certificates are expiring in June and October 2026. To ensure your system continues receiving early-boot security updates, these must be replaced with the updated 2023 certificate versions.
Most supported Windows 10 and Windows 11 devices will receive this update automatically via Windows Update.
Run PowerShell as an administrator and execute the following commands: [1, 2]
Check for the 2023 KEK:
[System.Text.Encoding]::ASCII.GetString((Get-SecureBootUEFI KEK).bytes) -match 'Microsoft Corporation KEK 2K CA 2023'
Check for the 2023 DB Signatures:
[System.Text.Encoding]::ASCII.GetString((Get-SecureBootUEFI db). bytes) -match 'Microsoft UEFI CA 2023
https://github.com/powershell/powershell/releases
Huawei does not provide direct offline driver packages; instead, you must use the official PC Manager to keep your Windows 11 drivers updated.Visit the Official Site: Go to the PC Manager | HUAWEI Support Global page.Download the App: Navigate to the specific support page for your exact laptop model, find the "Driver Download" section, select PC Manager, and download the installer.Run the Installer: Once downloaded, open the package and follow the on-screen instructions.
https://www.driveridentifier.com/
