What do people do where it's a non-business device, it's got win 11 but not on the boot certificates update list as only some devices have been added to it ? 

How are normal users going to be able to do this ? 

MS OEM list:

https://support.microsoft.com/en-us/topic/original-equipment-manufacturer-oem-pages-for-secure-boot-9ecc3ba4-fb50-4bd3-9e9b-f16b35b8fb68

Dell info:

hxxps://www.dell.com/support/kbdoc/en-us/000368610/how-to-update-secure-boot-active-database-from-bios 

costs and Duration: 

Is there a cost associated with the new certificates?

There is no direct cost for receiving the 2023 certificates using Windows Update, and the 2023 CAs are already available for free at [ hxxps://learn.microsoft.com/en-gb/windows-hardware/manufacture/desktop/windows-secure-boot-key-creation-and-management-guidance?view=windows-11] 

However, BIOS updates for out-of-service devices may require manual intervention or service engagement, which could incur costs depending on support agreements.

>>

Dell devices supported list:   - how do consumers resolve if their equipment is not on the lists for bios updates below, but does have win 11 ? 

hxxps://www.dell.com/support/kbdoc/en-us/000347876/microsoft-2011-secure-boot-certificate-expiration#Lat

HP devices supported list: 

hxxps://support.hp.com/us-en/document/ish_13070353-13070429-16 

Lenovo Supported list:  [ from MS List above ]