Quote:Windows 11 and supported Windows 10 PCs will get updates automatically
 
In brief: Secure Boot was originally introduced with Windows 8 as a firmware-based security feature designed to protect the OS from potentially malicious boot code. After more than 15 years, the original Secure Boot certificates are being retired and replaced with newer ones.

Microsoft is reminding users that the Secure Boot ecosystem will soon require a mandatory check-up. The Redmond-backed security protocol, part of the UEFI specification and primarily used on Windows systems, will need new encryption certificates because the older ones are expiring over the next few months.

Nuno Costa, a program manager in Microsoft's Windows Servicing and Delivery division, explained that the original Secure Boot certificates are reaching the end of their lifecycle. Starting in June 2026, the old certificates will no longer be valid.

"As cryptographic security evolves, certificates and keys must be periodically refreshed to maintain strong protection. Retiring old certificates and introducing new ones is a standard industry practice that helps prevent aging credentials from becoming a weak point and keeps platforms aligned with modern security expectations," Costa wrote on the official Windows blog.

Microsoft delivered up-to-date certificates for Secure Boot in 2023, but the originals have been used to validate the boot process since Windows 8. Users and organizations can obtain the newer certificates from several trusted sources, including UEFI firmware updates for compatible motherboards.

Continue Reading...