"For most systems, including older ones that aren't being actively supported by their manufacturers, Microsoft is relying on Windows Update to provide updated certificates. For fully patched, functioning PCs running supported versions of Windows with Secure Boot enabled, the transition should be seamless, and you may in fact already be using the new certificates without realizing it. This is possible because UEFI-based systems have a small amount of NVRAM that can be used to store variables between boots;"
"generally, Windows and Linux operating systems using LVFS for firmware updates should be able to update any given system's NVRAM with the new certificates. PCs will only have problems deploying the new certificates if NVRAM is full or fragmented in some way, or if the PC manufacturer is shipping buggy firmware that doesn't support this kind of update."
Windows Update supplies updated UEFI Secure Boot certificates for most systems, including some older hardware. Fully patched PCs running supported Windows with Secure Boot enabled should receive the certificates seamlessly. UEFI systems use a small NVRAM area to store boot variables and certificates, and operating systems or LVFS firmware tooling can update that NVRAM. Certificate deployment can fail if NVRAM is full or fragmented, or if vendor firmware is buggy. A PowerShell command can check the active db for the new 'Windows UEFI CA 2023' certificate. Ensuring a supported Windows version and Secure Boot enabled helps enable the update.
Read at Ars Technica
Unable to calculate read time
Collection
[
|
...
]