The Key Exchange Key (KEK) acts as an authority that allows Microsoft to update the other databases, like the DB and DBX that tell your computer which bootloaders are safe.

In June 2025, Microsoft announced that, in June 2026, it would begin deprecating Secure Boot certificates of Windows systems from 2011, which were superseded by their 2023 counterparts.

Microsoft is taking its time with the boot certificate rollout, but you don't have to. Activate the latest UEFI CA 2023 right now.

This article describes how to enable Secure Boot to install Windows 11. How Do I Enable Secure Boot? The easiest way to enable Secure Boot is to do so through UEFI. It's typically listed as one of the ...

There are countless security measures baked into your motherboard's software that help keep your entire PC safe from harm. One of these features is called Secure Boot, and it's something that can ...

Find the Secure Boot option and change it to Disabled. Save the changes and reboot again. We recommend keeping Secure Boot enabled unless you're sure it needs to be disabled. This article explains how ...

Microsoft's Secure Boot certificates expire in June and need to be replaced. Microsoft provides a guide for server admins.

In brief: Secure Boot was originally introduced with Windows 8 as a firmware-based security feature designed to protect the OS from potentially malicious boot code. After more than 15 years, the ...

The Call Of Duty RICOCHET team made this announcement: When Call of Duty: Black Ops 7 releases later this year, TPM 2.0 and Secure Boot will be required to play on PC. These hardware-level protections ...

So... my Asus mobo (ROG Strix Z390-E Gaming) is from 2018, and while the code Andrew provided for PowerShell shows I'm OK for the new cert, I get "False" for Default ...

And here I thought I was completely jaded and unable to be surprised by awful security practices after the reporting on CloudStrike. I'm actually less concerned by that than the fact they're test keys ...