Ask Microsoft Anything: Secure Boot - April 23, 2026

It's time for our fourth Ask Microsoft Anything (AMA) about updating Secure Boot certificates on your Windows devices before they expire in June of 2026. If you've already bookmarked Secure Boot play...

Pearl-Angeles

Published Mar 11, 2026

AMA

IT_SystemEngineer

Brass Contributor

Mar 23, 2026

Are there any Updates regarding my Question: "Will Microsoft and/or Broadcom provide a solution to automatically update ESXi VMs with missing KEK/PK?"

The last Answer from PrabhakarMSFT was: "...we are coordinating with Broadcom to bring support in Windows to update KEK on the ESXI VMs. If new VMs are created on latest versions on ESXI, VMs get created with new certificates. For pre-existing VMs, Microsoft is coordinating with Broadcom and will be enabled in the future update."

JamesEpp
Iron Contributor
Mar 24, 2026
FWIW I'm trying to get a conversation going over here on this: VMware by Broadcom Missing PK-signed KEK · Issue #369 · microsoft/secureboot_objects
I don't know who to bring into the conversation.

Event details