- After the Microsoft UEFI CA 2011 certification expires in 2026, PCs with older GPUs can’t boot into the OS with Secure Boot on.
- This issue could affect graphics cards as new as the RTX-30 Series.
- The only feasible solution is to hope that manufacturers release a new VBIOS update signed with the latest certification.
As an attempt to combat cheaters, many developers have now made it mandatory for systems to turn on Secure Boot in order to play their games. Games such as Valorant and the upcoming Battlefield 6 and Black Ops 7 have made Secure Boot a must-have option.
However, the requirement brings its fair share of problems. New information suggests that GPUs, as new as the RTX 3080 ti, could be soft-bricked after June 2026, when the Microsoft UEFI CA 2011 certification expires.
Why it matters: While the Secure Boot requirement is a hassle for gamers, it is a big step in the fight against cheaters. That said, developers were short-sighted and couldn’t see the problems it could bring in the future.
Every GPU has a small piece of firmware in its VBIOS called GOP. Secure Boot verifies the certificate with which the GOP is signed before loading the OS.
All GPUs made before 2023 were signed to the Microsoft UEFI CA 2011 certification, which expires in June next year. As such, cards as new as the RTX 30-series may not work with Secure Boot after the expiry.
As stated on the official Microsoft support page:
When the 2011 certificates expire, Windows devices that do not have the new 2023 certificates can no longer receive security fixes for pre-boot components, compromising Windows boot security.
Secure Boot would then block the GOPs with the expired certificate, failing to load the OS. However, the BIOS menu would still appear, and users could disable Secure Boot to load the OS.
It’s also important to note that this issue would affect AMD cards, too, all the ones that were signed with the Microsoft UEFI CA 2011 certification.
The only possible solution right now is for manufacturers and vendors, such as Asus, MSI, and others, to release a new VBIOS update for all these GPUs that are signed with the new 2023 certificate.
Another solution is to manually trust the SHA hash of your GOP ROM before the Microsoft UEFI CA 2011 certification expires. UEFI GOP updaters can refresh certificates and find a compatible GOP update.
What are your thoughts on this story? Let us know in the comments below, or at the official Tech4Gamers Forums.
Thank you! Please share your positive feedback. 🔋
How could we improve this post? Please Help us. 😔
[News Reporter]
Shaheer is currently pursuing a Business degree while also working as a part-time Content Writer. With his deep passion for both writing and video games, he has seamlessly transitioned into a role as a Journalist. Over the past two years, Shaheer has contributed as a freelancer to various websites and landed positions on acclaimed platforms like Gamerant. Currently, his role at Tech4gamers is as a Features Writer, but he also covers News occasionally. Shaheer’s favorite gaming franchises are Assassin’s Creed and the God of War series.
Get In Touch: shaheer@tech4gamers.com