Have questions? Of course you do. Here are answers to eight key questions about the Secure Boot certificate updates.
What is Secure Boot?
Secure Boot is a security feature that verifies that all firmware-based software is signed by a trusted certificate when Windows starts up. If something doesn’t match, it gets blocked. This all happens immediately on boot, before Windows or anything else loads.
Secure Boot is a part of the UEFI firmware standard, which replaced the older BIOS model for modern PCs. It was added to UEFI in 2011 so that only trusted, signed code could run during startup.
Microsoft issued its original Secure Boot certificates in 2011 and introduced Secure Boot as an optional feature in Windows 8. It remained optional in Windows 10, since UEFI had not had much time to penetrate the market when Windows 10 was released in 2015. But Secure Boot became mandatory in Windows 11. Windows 11 came out in 2021, giving UEFI-powered systems plenty of time to saturate the marketplace.