firmware issues Archives

Winsage

June 21, 2026

Microsoft reveals how to verify Windows 11’s Secure Boot update, what to do if your PC missed it

The expiration of Microsoft's Secure Boot 2011 certificates on June 24 will not prevent older Windows PCs from booting, as confirmed by Microsoft. Devices will continue to operate normally, but they will miss future boot-level security updates, including updates to the Windows Boot Manager and mitigations for newly identified vulnerabilities. The ability to receive the Secure Boot 2023 update depends on the device firmware's compatibility, with many manufacturers, including Dell, HP, Lenovo, and ASUS, having cutoffs for BIOS updates based on the device's End of Service Life. Older PCs using Legacy BIOS or Compatibility Support Module (CSM) mode do not utilize UEFI Secure Boot, making the update irrelevant. Users running Windows 11 on unsupported hardware may have Secure Boot disabled or improperly configured. Without the 2023 certificates, devices cannot receive future revocation updates to the Secure Boot DBX, which lists compromised bootloaders. Users on Windows 10 with supported OEMs may receive the update if a compatible BIOS is available, while those on older PCs without updates can continue using their devices but will lack future security updates. The Secure Boot status can be checked through the Windows Security app, with color-coded badges indicating the status of the certificates.

Winsage

June 15, 2026

Microsoft released the Windows 11 Secure Boot update for all PCs, how to verify yours

Microsoft has expanded the rollout of the Secure Boot 2023 certificate update to more Windows 11 and Windows 10 devices with the June 2026 Patch Tuesday update (KB5094126). This update aims to ensure that most supported consumer PCs are classified as high confidence, meaning necessary certificates are either installed or will be applied automatically. Secure Boot is a firmware security feature that verifies the software attempting to load during the startup process, blocking unauthorized software. The certificates supporting Secure Boot, issued in 2011, are expiring in stages starting June 24, 2026, prompting Microsoft to deploy replacement certificates. Most home users do not need to take manual action as the updates will occur automatically via Windows Update. Users can check their Secure Boot certificate status in the Windows Security app. A yellow warning indicates pending compatibility data, while a red alert suggests a firmware incompatibility requiring a BIOS update. Multiple reboots during the update process are normal, and a new SecureBoot folder in Windows is for staging cryptographic files. Older PCs may experience longer update times, and some may not receive updates due to firmware issues. HP users should check for BIOS updates if encountering BitLocker recovery loops. IT administrators should monitor device classifications and manually initiate updates for devices not in the high confidence category. Devices with Secure Boot disabled cannot receive updates, leaving them vulnerable. The expiration of the Microsoft Corporation KEK CA 2011 certificate on June 24 does not immediately affect device functionality, but it limits Microsoft's ability to sign new bootkit blacklist updates.

Winsage

June 8, 2026

Microsoft answers what you must do as Windows 11 Secure Boot deadline hits in days

The expiration date of the original Microsoft Secure Boot KEK certificate is June 24, 2026. Microsoft held a live "Ask Microsoft Anything" session on June 4 to address concerns regarding this deadline. The expiration affects the KEK key, while the DB key remains valid until October. After June 24, Microsoft will not be able to sign new DBX payloads, which are necessary for revoking compromised bootloaders. Devices without the new KEK may miss future revocations, leading to decreased security but will not stop booting immediately. The June Patch Tuesday update is expected to classify most systems as high confidence. IT administrators are advised to use the Intune monitoring report for device status and updates. Devices in a "temporarily paused" status require OEM firmware updates. Administrators should not delay manual rollouts for devices outside the high confidence classification. Secure Boot must be enabled to update certificates, and re-enabling it later can pose risks. Older models may receive high confidence classification faster than newer ones due to statistical requirements. In PXE boot environments, caution is needed when updating bootloaders. The Secure Boot update mechanism is consistent across Windows 10 and 11, and event logs are important diagnostic tools. Key event log entries include 1801, 1802, and 1803, which indicate various device statuses and issues. Microsoft provides resources at aka.ms/GetSecureBoot for further guidance.

Winsage

May 6, 2026

Microsoft confirms why Windows 11 updates might be weird right now, and look like they’re failing — but it’s nothing to worry about

Microsoft has acknowledged that some Windows 11 updates may require multiple reboots, particularly those related to Secure Boot certificates, which are essential for system security. These updates aim to protect against malware, especially rootkits, and ensure the effective functioning of Secure Boot. Some users have faced difficulties in receiving the new certificates due to firmware issues, but multiple reboots typically indicate that necessary security enhancements are being applied.

Winsage

April 2, 2026

Windows Security App Gains Secure Boot Certificate Status Ahead of Major Certificate Refresh

The Secure Boot certificates used by the Unified Extensible Firmware Interface (UEFI) on Windows PCs will expire in late June 2026. Microsoft is rolling out updated certificates through Windows Update to ensure user protection. Starting in April 2026, users can check their device's status in the Windows Security app, which will feature a color-coded badge system: - Green Checkmark: New certificates are installed, no action needed. - Yellow Caution Badge: Update pending or blocked due to hardware/firmware issues (expected in May 2026). - Red Stop Icon: Alerts users that older certificates are expiring, potentially preventing essential boot-level security updates (may appear as early as June 2026). The status will also be indicated in the Windows Security system tray icon. Most users will have a seamless update process by keeping Windows Update enabled, with devices from 2025 and many from 2024 covered. Older machines will receive updates gradually, guided by major OEMs. Microsoft advises against ignoring yellow or red warnings, as devices without updated certificates may be vulnerable to security threats and incompatible with future Windows updates. A support resource is available at aka.ms/getsecureboot.

Winsage

January 1, 2026

Windows Registry Tweak Unlocks 80% SSD Speed Boost on Consumer PCs

A modification in the Windows Registry can enable a native NVMe driver, potentially doubling the performance of solid-state drives (SSDs) by enhancing random read and write speeds by up to 80%. This driver is typically reserved for enterprise environments and is not officially available for consumer versions of Windows 11. The modification carries risks, including the possibility of rendering a system unbootable and disrupting features like BitLocker encryption. Early adopters have reported mixed results, with some experiencing significant performance improvements while others face stability issues. The tweak highlights the disparity between consumer and enterprise hardware capabilities and reflects ongoing discussions within the tech community about optimizing SSD performance.

Winsage

September 9, 2025

Windows 11 SSD failures could be caused by glitchy drive firmware – here’s what you need to know

Recent investigations by the PCDIY group in China suggest that SSD failures may be linked to the use of pre-release Phison firmware intended for engineering rather than consumer use. Phison's U.S. General Manager, Michael Wu, stated that many reports of disappearing SSDs stem from media testing on hardware with early firmware versions, which differ from those provided to consumers. Tests by PCDIY indicated that SSD failures related to the Windows 11 update were associated with pre-release firmware. There is speculation that SSD manufacturers may have shipped drives with outdated firmware due to a failure to implement updates. While most affected drives are Phison-based, issues have also been reported in SSDs without Phison controllers. Consumers are advised to ensure their drives are running the latest firmware and to verify firmware versions in Windows' Device Manager.

Winsage

September 7, 2025

New report blames Phison’s pre-release firmware for SSD failures — not Microsoft’s August patch for Windows

The unexpected failures of solid-state drives (SSDs) have been linked to pre-release engineering firmware on certain SSDs, particularly after Microsoft's August security patch for Windows 11. Testing by the PCDIY! group indicated that crashes were primarily affecting drives with this pre-release firmware. Users reported SSDs disappearing after intensive file transfers, with some systems failing to recover after a reboot. Phison stated it could not replicate the failures after extensive testing and suggested thermal issues might be involved, recommending heatsinks to mitigate overheating. Microsoft denied any connection between its August update and the SSD failures, concluding there was no evidence of a flaw introduced by the update. Users with official production firmware are unlikely to face issues. It is advised to update SSD firmware and back up important data as a precaution.