Hi,
Is the problem with updating the Secure Boot keys?
Specifying this one: https://support.microsoft.com/en-us/topic/scadenza-del-certificato-di-avvio-protetto-di-windows-e-aggiornamenti-della-ca-7ff40d33-95dc-4c3c-8725-a9b95457578e
Thanks
Secure boot enabled, hardware firmware limitation however
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(259.20000000000005, 25%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EC%3C/text%3E%3C/svg%3E)
Corvid
0
Reputation points
Hi! sorry new to asking here, title says it all basically.
I just wanted to know what I need to do in order to fix windows security saying that Secure boot is on but not supported for updates due to hardware firmware limitations.
I've tried to attach the msinfo32 screenshot.
Thanks!
Windows for home | Windows 11 | Security and privacy
2 answers
Sort by: Most helpful
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(92.8, 25%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EIB%3C/text%3E%3C/svg%3E)
Ivan B 114.5K Reputation points Independent Advisor2026-06-10T21:16:34.44+00:00 -
Corvid 0 Reputation points
2026-06-11T12:02:00.41+00:00 Hi
I don't know for sure but I can give it a try,
How would I update the keys then? -
Ivan B 114.5K Reputation points Independent Advisor
2026-06-11T12:16:24.1433333+00:00 Hi,
To check if you have updated your keys, just follow the procedure below:
Open a PowerShell console and make sure PowerShell is running as an administrator before running the following commands:
Imposta la chiave di registro su Set-ItemProperty -Path
“HKLM:\SYSTEM\CurrentControlSet\Control\SecureBoot” -Name “AvailableUpdates” -Value 0x40Run the following scheduled task as
Start-ScheduledTask -TaskName "\Microsoft\Windows\PI\Secure-Boot-Update"Restart your computer twice after running these commands to verify that your computer starts with the updated database.
To verify that the Secure Boot database upgrade was successful, open a PowerShell console and make sure PowerShell is running as an administrator before running the following command:
[System.Text.Encoding]::ASCII. GetString((Get-SecureBootUEFI db).bytes) -match 'Windows UEFI CA 2023'Check if the result is true;
If it says true, just wait for the update. If it takes longer than I mentioned and hasn't updated, perhaps the keys are in a BIOS file for update, so you would have to check if the motherboard manufacturer released a BIOS update with the updated keys.
If it doesn't update after a while, you would have to update the BIOS to update the keys. If you want, we can try the update?
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Thanks
-
Corvid 0 Reputation points
2026-06-11T16:52:44.2666667+00:00 Hi
Tried that and returned as true, guess ill wait for the update for now.
Thanks -
Ivan B 114.5K Reputation points Independent Advisor
2026-06-11T16:58:19.7766667+00:00 Hi,
I understand, I believe the update may not occur, but I can't be certain.
You can always count on the Microsoft Q&A community and have a good week.
If my answer helped or solved the problem, you can press the option to accept the answer or not.
Thanks
Sign in to comment -
-
AI answer
2026-06-10T20:10:56.28+00:00 Windows Security is reporting that Secure Boot is enabled but not supported for future Secure Boot certificate updates because of a firmware limitation on this device. That status means Windows can use Secure Boot today, but the device’s UEFI firmware cannot reliably accept the newer Secure Boot database/revocation updates that Microsoft is rolling out.
On such hardware there is no Windows-side fix; the limitation is in the device firmware. The supported options are:
- Check for the latest firmware/BIOS from the device manufacturer (Acer in this case) and install it. Some devices receive updated firmware that adds support for the new Secure Boot certificate update path.
- If, after updating to the latest available firmware, Windows still reports that Secure Boot updates are not supported because of hardware/firmware limitations, treat the device as not supported for automated Secure Boot certificate updates. In Microsoft guidance this corresponds to a “Not Supported – Known Limitation” state, where no automatic resolution is available.
- If Secure Boot updates remain unsupported and the device is still in support with the OEM, contact the OEM’s support to confirm whether a newer firmware is planned. If the device is out of support and no firmware update is available, the only way to fully support future Secure Boot updates is to move to newer hardware that does not have this limitation.
Windows will continue to boot and receive normal Windows Updates on such a device, but future boot-level protections that rely on updated Secure Boot certificates might not be applied.
References:
AI-generated content may be incorrect. Read our transparency notes for more information.