Event details

Ask Microsoft Anything (AMA) about updating Secure Boot certificates on your Windows devices before they expire in June of 2026. We recently published the first version of the Secure Boot playbook, o...
Heather_Poulsen
Updated Dec 09, 2025
AMA
SebMcCayen_Swe's avatar
SebMcCayen_Swe
Occasional Reader
Dec 10, 2025

Is it enough to install the Firmware/BIOS provided via the computer manufacturer, example HP, Dell etc? 

  • Kevin_Sullivan_MSFT's avatar
    Kevin_Sullivan_MSFT
    Icon for Microsoft rankMicrosoft
    Dec 10, 2025

    Typically, no. Installing the BIOS update from your OEM gives you the new Secure Boot certificates in the default variables, but that alone doesn’t make them active. Windows takes care of updating the active variables during the update process, which are the ones the system actually uses at startup. So, you will also need to follow the guidance to update the certificates from Windows.