Ask Microsoft Anything: Secure Boot - Windows Tech Community

Event details

Ask Microsoft Anything (AMA) about updating Secure Boot certificates on your Windows devices before they expire in June of 2026. We recently published the first version of the Secure Boot playbook, o...

Heather_Poulsen

Updated Dec 09, 2025

AMA

lalanc01

Iron Contributor

Dec 08, 2025

What can we do if a device won't update it's secureboot cert?

We have updated to the latest bios version, released a few months back, set the registry key and started the scheduled task and rebooted multiple times, but the cert is still not updated.

Are there some logs/events that we can look at?

Thks

prabhv1982

Microsoft

Dec 10, 2025

Secure boot update failure events are logged in the System Event log under TPM-WMI channel. Refer to Secure Boot DB and DBX variable update events - Microsoft Support for list of Secure Boot event IDs to monitor.