Expiration of Microsoft 2011 Signed Secure Boot Certificate

Updated : 9th June, 2026
A woman looking at her laptop, which displays info about Secure Boot Certificate updates.

The Microsoft-signed Secure Boot certificate issued in 2011 is set to expire in June 2026. Beginning in the second half of 2026, affected models will receive the updated certificate in phases through Windows Automatic Updates.

Secure Boot is an important security feature that helps protect your laptop from malware attacks during the boot process. Although the expiration of the certificate will not affect normal system operation or everyday Windows usage, it may impact the delivery of certain security-related updates. As a result, devices that do not receive the updated certificate could face an increased risk of malware attacks during startup.

Please note:

  • The Galaxy Book3 series and prior releases are affected. In these models, support for Microsoft's new security updates may no longer be available.
  • Samsung has been collaborating with Microsoft to ensure that new certificates are applied to products released after and including the Galaxy Book4 Range.

Devices released prior to and including the Galaxy Book3 can update the certificate using the following two methods:

1 Automatic Update via Windows Update (Recommended)
2 Manual Update following the official Microsoft Guide

Please note: If manually updating a Windows Operating System PC with BitLocker enabled, please ensure to temporarily suspend or disable BitLocker before proceeding with the update.

If the PC fails to boot and displays the message “Secure Boot Violation: Invalid Signature Detected” or “ERROR: Verification Failed (0x1A) Security Violation”, this may indicate that the newly installed Secure Boot certificate is incompatible with the Secure Boot certificate stored on the device.

This issue can occur on models that do not support Microsoft's latest Secure Boot security updates.

"Secure Boot Violation" error message.
“Verification failed” error message.

If the above error appears, disable Secure Boot before attempting to start Windows and install the new certificate.

1 With your PC turned off, press and hold F2 while pressing the Power button to turn on your PC
2 Continue holding F2 until the logo screen appears, which will automatically take you into the BIOS settings
3 Select the Boot menu on the left side of the screen
4 Set the “Secure Boot Control” option to “Off”
5 Select Save on the right side of the screen or press F10 to save the settings and exit
6 When the Setup Confirmation window appears, select OK. The system will restart

Please note:

  • If BitLocker or device encryption is enabled, the BitLocker Recovery screen will be displayed.
  • The customer must enter the 48-digit recovery key (stored in a location specific to each user) and boot into Windows to disable BitLocker or device encryption.

Related Questions

Thank you for your feedback!

Contact Info

Samsung Account

Get connected with Samsung Account. Your gateway to all things Samsung
Sign in Create an account

Troubleshoot and book a repair

Support for your mobile devices, home appliances, TV and computing products
Learn more

Contact us

For support buying a product, help with an order or technical product support
Learn more
View more