Event details

It's time for our third Ask Microsoft Anything (AMA) about updating Secure Boot certificates on your Windows devices before they expire in June of 2026. If you've already bookmarked Secure Boot playb...
Pearl-Angeles
Updated Mar 11, 2026
AMA
Arden_White's avatar
Arden_White
Icon for Microsoft rankMicrosoft
Mar 13, 2026

Yeah, it looks like it was able to update the DB with the certificates. I also would expect that the 2023 signed boot manager will update if it hasn't already. The KEK is what you don't get in this case - probably due to the age. The device will continue to run and get updates. What you won't get is the updates to the Secure Boot DBX when there are security issues in things like boot loaders and other firmware modules.

Kudos to you for keeping it running that long and to Dell for manufacturing something that lasts. I sympathize with you. I'm still using my Lenovo Yoga Pro 2 that is about the same age as your Dell. I can sense that I'm getting close to getting a new laptop. 🙂

DJ8014A's avatar
DJ8014A
Copper Contributor
Mar 13, 2026

We won't get updates to the Secure Boot DBX. Does that mean we will get updates to other Secure Boot components, or is it all or nothing?

  • mihi's avatar
    mihi
    Brass Contributor
    Mar 13, 2026

    You will get updates to the boot manager, even without KEK. You won't get the next certificates (in 2038 when the current ones expire) and you won't get any new DBX entries.