THE BIG PICTURE: The original Secure Boot certificates Microsoft issued in 2011 for Windows devices began expiring last week, and new BIOS firmware is being rolled out by PC OEMs to keep Windows computers protected against boot-level threats. To help users navigate the transition, Asus, Dell, HP, Lenovo, and other PC makers have published official guides for BIOS and firmware updates.
Asus has confirmed that all consumer PCs will receive the update automatically through Windows Update. Users can also check manually via PowerShell to determine whether the certificates have already been installed. If not, they can follow the guide and run the Secure-Boot-Update scheduled task to install the latest certificates.
Lenovo has provided direct BIOS download links for all supported product lines, including ThinkPad, ThinkCentre, IdeaPad, Legion, Yoga, and others. The company also noted that some products are no longer supported and will not receive BIOS updates containing the new Secure Boot certificates.
Dell has revealed that devices with an end-of-service life before January 1, 2026, will not receive the new certificates. The company is only releasing updates for newer Alienware, Inspiron, XPS, Latitude, OptiPlex, Precision, Vostro, and Wyse devices.















