Serious Discussion Microsoft is preparing a massive update on the Secure Boot keys for UEFI

[nicolaasjan]

Microsoft announced that it’s changing the Secure Boot keys database in collaboration with the OEM partners to further prevent malware attacks before boot.
Secure Boot was implemented first on Windows 8 and it’s a prerequisite for Windows 11. This UEFI security feature appeared as an indispensable method of countering any attacks that occur before the boot sequence, when the system is most vulnerable.
It’s not the first time that Microsoft is updating DBX, but according to the Redmond giant, it’s the first DB update on such a large scale.

Microsoft is preparing a massive update on the Secure Boot keys for UEFI

 

[Ink]

Microsoft recommends creating a recovery key backup before updating.

This new DB update is available as an optional servicing update for all Secure Boot enabled devices from February 13, 2024.

Updating Microsoft Secure Boot keys

A new Microsoft Windows UEFI CA 2023 will replace the existing Windows Production 2011 CA.

techcommunity.microsoft.com