ZMedia Purwodadi
Home Software

Check for yourself: Has Windows 11 already applied the new Secure Boot certificates?

Shero King
Shero King
Updated: 0 min read
Table of Contents

 

Check for yourself: Has Windows 11 already applied the new Secure Boot certificates?
Source: Microsoft

Microsoft is rolling out new Secure Boot certificates with updates. This allows users to check whether the codes are already present on their system.

About 15 years after their introduction, the certificates required for Secure Boot will soon expire. Since the release of Windows 8 in 2012, Microsoft has been increasingly relying on this mechanism, which is loaded first at system startup. This is to provide more security and prevent possible existing malicious code from being introduced. However, the certificates will expire in June 2026, which will force Microsoft to make updates. This allows users to check whether the new certificates have already arrived on their computers.


Windows 11 users report bugs

Especially after the installation of the Patch Tuesday update from this February, some Windows 11 users are reporting new TPM-WMI errors related to Secure boot certificates. However, notes such as "BucketConfidenceLevel: Under observation - More data required" in the event viewer of Windows do not indicate damage. Rather, this means that Microsoft is working on the transition to the new certificates.

However, users can check for themselves whether the new certificates are already on their system. To do this, PowerShell is opened as an administrator and the following command is entered: ([System.Text.Encoding]::ASCII.getString((Get-SecureBootUEFI db).bytes) -match 'Windows UEFI CA 2023'). If the result "true" is displayed, the new certificate is already in the Secure Boot database. If the result is "false", the device has not yet received the new certificate and is still waiting for the update from Microsoft.


Microsoft Windows 11 Home

If the result "true" is displayed in Powershell, users can view the official logs in the event viewer. These are located in the tool under "Windows Logs" and "System". On the right side you need to click on "Filter current log..." and in the drop-down list "Event sources" the checkbox for TPM-WMI can be selected. If the event ID 1808 is found after filtering, this means that the new Secure Boot certificate has been successfully applied.

Are you also having problems with Secure Boot on Windows 11? Use the comment function and let us know what you think. To comment you would have to click on Shero king or be logged in to the Extreme forum.


Shero King
Shero King About Shero King – Independent News, Fearless Journalism

Post a Comment