The big picture: The original Secure Boot certificates Microsoft issued in 2011 for Windows devices began expiring last week, and new BIOS firmware is being rolled out by PC OEMs to keep Windows computers protected against boot-level threats. To help users navigate the transition, Asus, Dell, HP, Lenovo, and other PC makers have published official guides for BIOS and firmware updates.
Asus has confirmed that all consumer PCs will receive the update automatically through Windows Update. Users can also check manually via PowerShell to determine whether the certificates have already been installed. If not, they can follow the guide and run the Secure-Boot-Update scheduled task to install the latest certificates.
Lenovo has provided direct BIOS download links for all supported product lines, including ThinkPad, ThinkCentre, IdeaPad, Legion, Yoga, and others. The company also noted that some products are no longer supported and will not receive BIOS updates containing the new Secure Boot certificates.
Dell has revealed that devices with an end-of-service life before January 1, 2026, will not receive the new certificates. The company is only releasing updates for newer Alienware, Inspiron, XPS, Latitude, OptiPlex, Precision, Vostro, and Wyse devices.
HP's consumer PCs will receive the new certificates via Windows Update, but enterprise devices will require the SBKPFV3 substring in the SMBIOS Type 1 field as the minimum BIOS version string to receive the update. Like Dell, HP is also restricting the rollout to newer models, with PCs released in 2018 and earlier unable to update to the new BIOS.
MSI devices powered by Intel 7th- to 11th-generation Core processors or AMD Ryzen 3000H to 5000U processors will be updated through Windows Update, while newer systems featuring Intel 12th-generation or AMD Ryzen 5000H and later will require a BIOS flash. The company has published direct download links for updated BIOS packages on its official website for all compatible devices.
Acer is also seeding the updated BIOS for all compatible Aspire, Nitro, Predator, Swift, Extensa, TravelMate, and Spin devices through Windows Update. Many devices received the update between June 12 and June 26, while others are expected to be updated in the near future.
Microsoft's guide on Secure Boot certificates for Surface devices confirms that all supported Surface Pro, Surface Laptop, Surface Book, and Surface Studio models will receive the 2023 certificates through Windows Update. Devices that fall outside the support window will not receive the update as part of the company's standard software support policy.
Microsoft previously confirmed that an expired Windows Secure Boot certificate will not affect any functionality, meaning PCs that have not yet been updated to the latest certificate will continue to operate normally and receive all security updates. However, they may not support newer security protections for the early boot process, potentially leaving them more vulnerable to bootkits, firmware rootkits, and boot-sector viruses.