Event details

Join us in May for our fourth Ask Microsoft Anything (AMA) about updating Secure Boot certificates on your Windows devices before they start expiring in June of 2026. If you've already bookmarked Sec...
Heather_Poulsen
Updated May 18, 2026
AMA
Technical Takeoff
kamlie's avatar
kamlie
Copper Contributor
May 18, 2026

Are machines no longer supported by the OEMs going to get the new cert? After running the registry key to set to 0x5944 it goes to in progress but checking the event viewer states the following: The Secure Boot update KEK 2023 was blocked due to a known firmware issue on the device. Check with your device vendor for a firmware update that addresses the issue. This device signature information is included here.
will these devices get updated by microsoft eventually?

IvanCardim's avatar
IvanCardim
Icon for Microsoft rankMicrosoft
May 18, 2026

This event indicates that Windows can't apply the KEK 2023 due to a known limitation in the firmware - the new key can only be applied if new firmware is installed.

  • Claude_Boucher_OEM's avatar
    Claude_Boucher_OEM
    Brass Contributor
    May 18, 2026

    This can be something else, MS provide a KEK that is refused by the Firmware, but a correct one exist and can be install with a script.