Event details

Join us in May for our fourth Ask Microsoft Anything (AMA) about updating Secure Boot certificates on your Windows devices before they start expiring in June of 2026. If you've already bookmarked Secure Boot playbook, but need more details or have a specific question, join us to get the answers you need to prepare for this milestone. No question is too big or too small. Update scenarios, inventorying your estate, formulating the right deployment plan for your organization -- we're here to help!

How do I participate?

Registration is not required. Simply select Add to calendar then sign in to the Tech Community and select Attend to receive reminders. Post your questions in advance, or any time during the live broadcast

Get started with these helpful resources

Heather_Poulsen
Updated Apr 21, 2026
AMA

2 Comments

  • WarWicked's avatar
    WarWicked
    Occasional Reader
    Apr 28, 2026

    We are doing IT Managed updates.

    Q. If the dbDefault was successfully updated by the OEM BIOS firmware update, is it safe to assume that the active db can be updated safely via the "AvailableUpdates" registry key (0x5944)?

    • mihi's avatar
      mihi
      Brass Contributor
      Apr 28, 2026

      I'd say it is a very strong reason to believe so. But on the other hand, alone the fact that the vendor issued a firmware update in the timeframe the certificate updates have been running is a very strong argument that the update process is safe (does not lead to hangs or incompatibility issues).

      OTOH, it is not a guarantee that it is successful (does not fail with a defined error code). There are cases (lost/replaced platform key) that cannot be remediated just by installing a firmware update, but only by following additional steps (e.g. suspending Bitlocker and resetting setup defaults). But I would expect the firmware vendor to clearly communicate those if they apply.