How to Fix Windows PC Boot Issues Expected in June 2026
A notable deadline concerning Windows Secure Boot is approaching in June 2026. This development may significantly impact users of Windows PCs. Secure Boot plays a critical role in the computer startup process by verifying the system’s integrity before loading the operating system.
Understanding Secure Boot Features
Secure Boot ensures that only trusted software is allowed to run during startup. This process relies on cryptographic certificates stored in the UEFI firmware. These certificates serve as a trust anchor for essential boot components, including the Windows Boot Manager.
- When you turn on your PC, the firmware checks the certificates.
- If a trusted certificate is absent, the boot process terminates immediately.
This verification system is crucial for maintaining a secure environment, preventing unauthorized access and potential malware attacks.
Certificate Expirations and Their Consequences
Many Secure Boot certificates originating from 2011 are set to expire in June 2026. The following is a reference of the key certificates affected:
| Expiration Date | Certificate Being Phased Out | Replacement Certificate(s) | What the Certificate Controls |
|---|---|---|---|
| June 2026 | Microsoft Corporation KEK CA 2011 | Microsoft Corporation KEK CA 2023 | Authorizes updates to Secure Boot trust databases |
| June 2026 | Microsoft UEFI CA 2011 | Microsoft UEFI CA 2023, Microsoft Option ROM UEFI CA 2023 | Allows bootloaders, drivers, and option ROMs to run |
| October 2026 | Microsoft Windows Production PCA 2011 | Windows UEFI CA 2023 | Signs the Windows boot manager and core boot components |
Failure to update to the new certificates may prevent your PC from receiving future security updates and could cause startup issues.
Addressing Potential Startup Problems
When certificates expire, the transition to newer ones is critical. A firmware or security update might require trust in certificates that have not been installed, leading to startup failures.
In the past, updates addressing vulnerabilities exposed weaknesses in Secure Boot. Microsoft tightened its requirements, emphasizing the need for newer certificates from 2023.
Transitioning to Newer Secure Boot Certificates
Microsoft has initiated the transition to the newer certificates through a phased update process. High-confidence systems will receive these updates via Windows Update prior to the June 2026 deadline. This ensures their firmware is compatible with the new certificates.
Windows virtual machines, like those on Hyper-V and Azure, follow the same certificate update protocol as physical hardware. Any VM that does not accept newer certificates may also encounter issues.
What to Do Now
To ensure your PC continues to boot post-June 2026, follow these important steps:
- Check if Secure Boot is enabled in your Windows System Information.
- Ensure your system firmware is up-to-date, as updates should come from your PC manufacturer.
If your system qualifies for the update, it will generally occur seamlessly. However, dual-boot setups or PCs with legacy systems might require manual updates.
Additionally, run this PowerShell command to check for certificate update eligibility:
Get-ItemProperty -Path “HKLM:SYSTEMCurrentControlSetControlSecureBoot” | Format-ListBy ensuring your system is prepared for the transition and confirming Secure Boot is correctly configured, you can avoid potential startup issues when the June 2026 deadline arrives.
