Secure Boot is a security feature in Windows 11 that ensures your PC is running firmware that’s legit, the real deal, to prevent malware and cheats. Unfortunately, the certificates it relies on to carry out this task are expiring in June this year, which has kicked Microsoft into action to start issuing replacements to PCs in need of them via Windows updates.
The latest security update, KB5074109, will start a process of checking whether a PC is using the expiring Secure Boot certificates (2011 CA) and provide the newer certificates (2023 CA) if so.
If you’re wondering why you should care, Secure Boot is relied on heavily by many game studios’ anti-cheat software, such as EA’s Javelin, Epic’s Easy Anti-Cheat, Activision’s Ricochet, and Riot’s Vanguard. Much to the chagrin of many gamers, I might add, as anti-cheat software has in the past been linked to system instability. There are also complaints that Secure Boot simply isn’t effective, but it has received a thumbs up from many developers, including Battlefield 6’s technical director, who told us last year that it was “hugely helpful” in tackling cheaters.
You can check which certificates you have on your machine by using Windows Powershell. Here’s how Dell recommends you do so:
- Open Powershell as administrator
- Enter: ([System.Text.Encoding]::ASCII.GetString((Get-SecureBootUEFI db).bytes) -match ‘Windows UEFI CA 2023’)
- If your PC has the 2023 certificates, it will display ‘True’
- If your PC does not have the 2023 certificates, it will display ‘False’ and you will need to receive the new certificates via Windows Update.
For the most part, you shouldn’t need to do anything yourself. Either you have the new certificates already (quite likely) or you’ll receive them soon enough via an automatic update. But it’s good reminder to let your PC update regularly ahead of the June expiry date to avoid any blips.
Also if you don’t have Secure Boot enabled or you’re not sure, Steam will tell you in just a couple clicks.
Best PC build 2026
