bootloader Archives

Winsage

June 15, 2026

Microsoft released the Windows 11 Secure Boot update for all PCs, how to verify yours

Microsoft has expanded the rollout of the Secure Boot 2023 certificate update to more Windows 11 and Windows 10 devices with the June 2026 Patch Tuesday update (KB5094126). This update aims to ensure that most supported consumer PCs are classified as high confidence, meaning necessary certificates are either installed or will be applied automatically. Secure Boot is a firmware security feature that verifies the software attempting to load during the startup process, blocking unauthorized software. The certificates supporting Secure Boot, issued in 2011, are expiring in stages starting June 24, 2026, prompting Microsoft to deploy replacement certificates. Most home users do not need to take manual action as the updates will occur automatically via Windows Update. Users can check their Secure Boot certificate status in the Windows Security app. A yellow warning indicates pending compatibility data, while a red alert suggests a firmware incompatibility requiring a BIOS update. Multiple reboots during the update process are normal, and a new SecureBoot folder in Windows is for staging cryptographic files. Older PCs may experience longer update times, and some may not receive updates due to firmware issues. HP users should check for BIOS updates if encountering BitLocker recovery loops. IT administrators should monitor device classifications and manually initiate updates for devices not in the high confidence category. Devices with Secure Boot disabled cannot receive updates, leaving them vulnerable. The expiration of the Microsoft Corporation KEK CA 2011 certificate on June 24 does not immediately affect device functionality, but it limits Microsoft's ability to sign new bootkit blacklist updates.

Winsage

June 12, 2026

Windows NT on the GameCube is Basically a Homebrew Project That Brings the Classic OS to Nintendo Hardware

GameCube enthusiasts are utilizing homebrew projects to enhance the console's capabilities, including region-free play and disc backups. A new initiative allows a full PowerPC build of Windows NT to run on the GameCube, leveraging its Gekko CPU's compatibility with early PowerPC-based PCs. The entii-for-workcubes project, led by Wack0, provides components for running Windows NT 3.51 or 4.0 on GameCube and Wii systems, featuring an ARC firmware bootloader for loading homebrew software. Users need to prepare an SD card with specific files and a Windows NT ISO to initiate the process. After installation, basic productivity tools are accessible, but limitations include only 24MB of RAM, slower access speeds, lack of sound support, and potential reboot stalls.

Winsage

June 8, 2026

Microsoft answers what you must do as Windows 11 Secure Boot deadline hits in days

The expiration date of the original Microsoft Secure Boot KEK certificate is June 24, 2026. Microsoft held a live "Ask Microsoft Anything" session on June 4 to address concerns regarding this deadline. The expiration affects the KEK key, while the DB key remains valid until October. After June 24, Microsoft will not be able to sign new DBX payloads, which are necessary for revoking compromised bootloaders. Devices without the new KEK may miss future revocations, leading to decreased security but will not stop booting immediately. The June Patch Tuesday update is expected to classify most systems as high confidence. IT administrators are advised to use the Intune monitoring report for device status and updates. Devices in a "temporarily paused" status require OEM firmware updates. Administrators should not delay manual rollouts for devices outside the high confidence classification. Secure Boot must be enabled to update certificates, and re-enabling it later can pose risks. Older models may receive high confidence classification faster than newer ones due to statistical requirements. In PXE boot environments, caution is needed when updating bootloaders. The Secure Boot update mechanism is consistent across Windows 10 and 11, and event logs are important diagnostic tools. Key event log entries include 1801, 1802, and 1803, which indicate various device statuses and issues. Microsoft provides resources at aka.ms/GetSecureBoot for further guidance.

Winsage

May 26, 2026

‘Restart Multiple Times’—Microsoft Changes Windows Next Week

Microsoft will begin the expiration of Secure Boot certificates on most PCs in June, marking the end of a 15-year period of stability. This affects all PCs manufactured before 2023. Users will likely need to perform multiple restarts during the update process, which includes pushing data into firmware and loading a new bootloader. Ignoring the Secure Boot deadline in June 2026 may lead to significant security risks, as Microsoft will stop providing essential boot updates and malware blacklists. The Windows Security App has been updated to help users monitor these changes, and users should check for warnings indicating the status of Secure Boot. It is important for Windows 10 users to ensure they are enrolled in the Extended Security Updates (ESU) program to avoid vulnerabilities.

AppWizard

May 6, 2026

May 2026’s Pixel update is here to fix charging speeds and camera app freezes

Google is rolling out the May 2026 software update for all supported Pixel devices running Android 16, which includes the Pixel 7a, Pixel 8 series, Pixel 8a, Pixel 9 series, Pixel 9a, Pixel 10 series, Pixel Tablet, and Pixel Fold, under the build number CP1A.260505.005. The update addresses known issues and brings enhancements to the devices listed. However, for Pixel 10, 10 Pro, 10 Pro XL, and 10 Pro Fold users, the update includes a bootloader change that prevents rolling back to previous versions of the bootloader after installation.

Winsage

March 6, 2026

Microsoft’s Secure Boot certificates expire in June 2026, but older PCs may never get the fix

Every Secure Boot-enabled Windows PC relies on cryptographic certificates issued by Microsoft in 2011 for boot process integrity. The first of these certificates will expire on June 24, 2026, impacting the ability to receive future security updates. Microsoft is rolling out replacement certificates through Windows Update, requiring collaboration between Microsoft, PC manufacturers, and users. Three critical certificates will expire: the Microsoft Corporation KEK CA 2011 and Microsoft UEFI CA 2011 in June 2026, and the Microsoft Windows Production PCA 2011 in October 2026. The new certificates introduced in 2023 have a restructured functionality to enhance security. Not all PCs are affected; newer devices manufactured since 2024 come with the new certificates. Windows 10 users face challenges as support ends in October 2025, and unsupported devices will not receive updates. Home users should ensure automatic Windows updates and check for firmware updates, while enterprise environments must verify firmware updates before applying certificate updates. The first certificate expiration is on June 27, 2026.

AppWizard

March 3, 2026

With developer verification, Google’s Apple envy threatens to dismantle Android’s open legacy

The F-Droid team published an open letter to Google, supported by 35 organizations, expressing concerns about Google's changes to the Android ecosystem. Many Android users rely on Google for app installations, facing challenges when trying to use alternative app stores or open-source apps without verification. Some developers are shifting to progressive web apps instead of Android. Alternatives to Google's verification system include non-certified Android devices and privacy-focused ROMs like LineageOS or GrapheneOS, but these options come with security vulnerabilities and installation difficulties for most users. Telecom companies impose restrictions on devices to ensure they work on their networks, leading to a reliance on stock software and security updates from Google and manufacturers.

AppWizard

October 22, 2025

Android users finally get Android 16 Beta 3.1, as bootloader fix comes in

Google has begun rolling out an update to address bootloop issues affecting users in the Android 16 QPR2 Beta 3 program. This update is being distributed to all devices, with specific instructions provided for those still facing problems. The Android 16 QPR2 Beta 3, released late last week, included new features such as an app shortcut button and updates to Live Caption, but was met with reports of bootloop issues among Pixel testers. The OTA patch rollout started on October 20, targeting bootloader issues, with patch version vBP41.250916.010 for Pixel 6, 6 Pro, or 6a devices, while other eligible Pixels receive the same version. Google has also provided steps for users still experiencing bootloop problems, including downloading Beta 3.1 and using Recovery mode for installation. Following the reports, Google retracted the patch to prevent further complications. Early feedback indicates that the new patch has resolved bootloop problems for some testers.

AppWizard

October 14, 2025

This Privacy-First Android Software Is Looking to Expand Beyond Pixel Devices

GrapheneOS is collaborating with an undisclosed original equipment manufacturer (OEM) to introduce new devices that will be competitively priced alongside Google’s Pixel lineup, featuring a flagship Qualcomm Snapdragon system-on-chip (SoC). This will be the first time GrapheneOS supports a Snapdragon processor since the Pixel 5 in 2020. Speculation points to potential partnerships with brands like Nothing or OnePlus. The anticipated device will have broad international availability and will be part of the OEM's regular product lineup with official GrapheneOS support. Current users of Pixel devices running GrapheneOS will continue to receive support until the end of their phones' update cycles, and compatibility with the Pixel 10 is planned, while support for the Pixel 11 is uncertain.

AppWizard

September 11, 2025

How Pixel and Android are bringing a new level of trust to your images with C2PA Content Credentials

The Google Pixel 10 phones incorporate C2PA Content Credentials in their camera and Google Photos, marking them as the first to attach these credentials to every photograph taken. The Pixel Camera app has achieved Assurance Level 2, the highest security rating from the C2PA Conformance Program, ensuring a secure environment for digital content. The integration employs a private-by-design strategy for certificate management, preventing traceability back to the creator. On-device trusted time-stamps allow users to trust images even after the certificate expires. The technology is supported by the Google Tensor G5 and Titan M2 security chip, enhancing hardware-backed security features. Content Credentials provide detailed information about the creation and protection of media files, helping users identify AI-generated or altered content. Google is a steering committee member of the Coalition for Content Provenance and Authenticity (C2PA), which aims to establish industry standards for digital content verification. The Pixel 10 categorizes digital content based on verifiable proof of its creation process. Each JPEG photo captured includes Content Credentials, and Google Photos validates these credentials for edited images. The implementation architecture is designed to be secure, verifiable, and usable offline. Google employs a unique certificate management strategy to enhance user privacy, ensuring that each key and certificate is used for only one image. An on-device offline time-stamping authority allows for the generation of trusted time-stamps without requiring internet connectivity.