Windows11 Prompts "Secure Boot KEK Update" Should I Install It?

The "Secure Boot KEK update" notification refers to an update to the Key Exchange Key (KEK) used in Secure Boot. Secure Boot is a security feature designed to ensure that your system only boots trusted software, preventing malicious code from loading during startup.

Occasionally, firmware updates or security patches include updates to the KEK to maintain security, trust, or compatibility. These updates might be necessary if Microsoft or your hardware manufacturer has changed the trust policies or needs to revoke compromised keys.

Hi,

A “Secure Boot KEK Update” is an official update to the Secure Boot key database (the Key Exchange Key).

These updates are published by Microsoft to keep the Secure Boot trust chain current and ensure that firmware can validate signed components correctly.

This type of update is legitimate and safe to install. It helps maintain the integrity of Secure Boot on your device and is delivered through Windows Update for all supported systems.