Event details
MicrosoftYeah, it looks like it was able to update the DB with the certificates. I also would expect that the 2023 signed boot manager will update if it hasn't already. The KEK is what you don't get in this case - probably due to the age. The device will continue to run and get updates. What you won't get is the updates to the Secure Boot DBX when there are security issues in things like boot loaders and other firmware modules.
Kudos to you for keeping it running that long and to Dell for manufacturing something that lasts. I sympathize with you. I'm still using my Lenovo Yoga Pro 2 that is about the same age as your Dell. I can sense that I'm getting close to getting a new laptop. 🙂
And yes I believe it did update the signed boot manager. Does that do us any good without the KEK?
The signed boot manager does not require the KEK to be updated, as the 2023 DB updates are signed with the 2011 KEK.
Only the next boot manager certificates (in 2038) will require the 2023 KEK to be present (if the device still works by then).
We won't get updates to the Secure Boot DBX. Does that mean we will get updates to other Secure Boot components, or is it all or nothing?
You will get updates to the boot manager, even without KEK. You won't get the next certificates (in 2038 when the current ones expire) and you won't get any new DBX entries.
