Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Why is Windows saying my Secure Boot keys are outdated?

Adrian1983
Level 12

‎11-20-2025 01:16 PM

I have already cancelled my Back OPS 7 order due to a TPM and Secure Boot warning on steam which I enabled TPM and it was still saying it was disabled.

Is this going to be an issue launching games in future when more and more start using these security features?

Secure Boot CA/keys need to be updated. This device signature information is included here.
DeviceAttributes: BaseBoardManufacturer:ASUSTeK COMPUTER INC.;FirmwareManufacturer:American Megatrends Inc.;FirmwareVersion:4301;OEMModelBaseBoard:ROG STRIX Z690-A GAMING WIFI D4;OEMManufacturerName:ASUS;OSArchitecture:amd64;
BucketId: 35cfc8da07809a84f2381cb4f783b595e1634076753052e3eac3a0cf65b01d82
BucketConfidenceLevel:
UpdateType: 0
HResult: The operation completed successfully.

Labels:
0 Kudos
874 Views
9 REPLIES 9

JohnAb
Level 17

‎11-20-2025 11:36 PM

There are two issues here I think. First you need to enable "secure boot" in BIOS. That should keep Steam and any games happy. 

The other issue relates to updating security certificates. There are other threads on this, but this issue should not be causing you any problems in terms of booting or playing games as keys will continue working until the middle of next year even without updates. 

Z690 Hero, 12900K, BIOS 4505, MEI 2546.8.9.0, ME Firmware 16.1.40.2765, 7000X Case, RM1000x PSU, ASUS TUF OC 3090TI, 2 x 16GB Corsair RAM @ 5200MHz, Windows 11 Pro 25H2, Corsair H150i Elite AIO, 4x Corsair RGB fans, 3x M.2 NVME drives, 2x SATA SSDs, 2x SATA HDs.
0 Kudos

Adrian1983
Level 12
In response to JohnAb

‎11-22-2025 11:58 AM

Yes secure boot is enabled in the bios and confirmed by Windows.

I did install Windows without secure boot enabled whether that has anything to do with it I have no idea, From a bit of research that shouldn't make any difference so I have no idea.

0 Kudos

JohnAb
Level 17
In response to Adrian1983

‎11-23-2025 02:38 PM

That's odd. I had the same warning (for games) and enabling secure boot resolved it. Perhaps your issue is also linked to the outdated certificates then. I've not had that warning, so I have not researched the solution, but is your BIOS up to date? (also other drivers - see MokiChU thread in this forum)

Z690 Hero, 12900K, BIOS 4505, MEI 2546.8.9.0, ME Firmware 16.1.40.2765, 7000X Case, RM1000x PSU, ASUS TUF OC 3090TI, 2 x 16GB Corsair RAM @ 5200MHz, Windows 11 Pro 25H2, Corsair H150i Elite AIO, 4x Corsair RGB fans, 3x M.2 NVME drives, 2x SATA SSDs, 2x SATA HDs.
0 Kudos

MrAgapiGC
Level 17

‎11-21-2025 04:31 AM - edited ‎11-21-2025 04:31 AM

Follow this steps and you will be fine. Just follow to the letter the steps.

[INFORMATION] Secure Boot : Windows UEFI CA 2023 U... - Republic of Gamers Forum - 1121170

Tpm is set on 2 ways: in bios, trusted computing on advance menus is present then is activated. Enter secure boot, and make sure is set to windows UEFI mode some model like new will say something extra like in intel (i do not own a amd board)  

MrAgapiGC_3-1763728200847.png

 

if is not once load it (F10) and the nvmes are not there windows was installed in legacy. need to reinstall.

IF is there then you are set to go. 

you can check again in windows 25h2 to double check WIN+R type tpm.msc. if say like this windows has tpm enable 

MrAgapiGC_1-1763728099201.png

 

If after this STILL you ca not load your game, then

1. windows caput and something was bypass. 

2. windows files are corrupted or damage. 

3. reinstall the game. if still presist contact game developer.

cheers

 

Learn, Play Enjoy! We help and collaborate, NOT complain!
0 Kudos

Adrian1983
Level 12
In response to MrAgapiGC

‎11-22-2025 12:01 PM

Yes that's exactly how I have it setup and they are both enabled as confirmed by Windows.

I did install Windows without secure boot enabled but I was told this shouldn't make any difference so I am stumped.

0 Kudos

MrAgapiGC
Level 17
In response to Adrian1983

‎11-22-2025 01:51 PM

that is a good question. if you install windows 11 with no secure boot you hack it with rufus. simple .  up to you. i have chjange the way i install windows that i have use for 10 years now i am on ms way. and i am ok. less to TB stuff

Learn, Play Enjoy! We help and collaborate, NOT complain!
0 Kudos

Adrian1983
Level 12
In response to MrAgapiGC

‎11-23-2025 11:11 AM

No not Rufus, I just had Secure Boot disabled while I installed Windows, it's an unmodified install about 2 months ago, Before 25H2 was released  so I have no idea.

0 Kudos

MrAgapiGC
Level 17
In response to Adrian1983

‎11-23-2025 03:32 PM

interesting. there is 1 test you can do if you have the board..

if was new RMA.

if you have it, remove all nvmes and put 1 M2_1. reflash the bios activate all csm disable. vmd disable, secure boot on windows uefi keys standard and install windows from cero. You can use secure erase to delete the drive. and see what happens.

IN normal operation and foreget that tool you use to check, let see what it does. 

The TPM certificates will load on uefi update, board side. . OR reflash it. the others are inside windows that talk to bios. and they are added on windows install. i will keep silent to keep the post ok, since people will not like my lines. so try that. 

 

Learn, Play Enjoy! We help and collaborate, NOT complain!
0 Kudos

Adrian1983
Level 12
In response to MrAgapiGC

‎11-24-2025 12:26 PM

I do plan on doing a clean install again in the very near future so I will see what happens thanks.

0 Kudos