Microsoft has clarified what will happen to Windows 11 PCs if Secure Boot certificates are not updated before they expire in June 2026.

Secure Boot is a security standard developed by the PC industry. It ensures a device boots only with software trusted by the original equipment manufacturer (OEM)..

Every time a PC starts, the firmware checks the cryptographic signature of each boot component, including those tied to certificates issued in 2011. Only after those checks pass is the Windows Boot Manager allowed to load.

When the existing Secure Boot certificates expire, millions of Windows PCs could be affected. In some cases, systems may become less secure. In more extreme scenarios, they could fail to boot properly.

The delivery of the new 2023 Secure Boot certificates is not a simple update, as they directly interact with the UEFI hardware on your computer’s motherboard.

“Microsoft must transfer the new 2023 certificates into the firmware, replace the boot manager with a version signed using the new keys, and finally revoke trust in the old certificates,” Windows Latest explains.

Microsoft has already set up a new Secure Boot folder on Windows PCs for this purpose.