Event details
I asked them the same question. As far as I understand, the old boot images will continue working during PXE Boot, as long as the old certificates (the ones from 2011) are present in the UEFI store. If the old certificates are revoked, we need to create new boot images, possibly using new Windows ADK.
MicrosoftCorrect. And as called out in a few of my other answers (which you may or may not have seen) we have no intent to revoke the old certs as that serves no purpose and would cause widespread issues.
A key point in all of this to keep in mind is that the certs expiring has no immediate impact whatsoever. Nothing signed by these certs becomes invalid or untrusted just because the certs expired. Unless or really until we release an updated boot critical component that requires signing--which must be done with the new certs--nothing changes. When this does finally happen (as I'm sure it will happen at some point (but can't say how soon that will be) that's the time when that new component won't be trusted by devices without the new certs and thus they won't be able to install that new component. Again, components signed by the old certs, whether they be in a full OS instance or a WinPE boot image, are and will still be fully trusted--nothing changes for them.