Hi there peeps, you are one of my last hopes to get info on this matter... I have two Desktop PCs using a MSI B550M-Pro-VHD WiFI motherboard. They are in Bios version 7C95v2D0 and 7C95v2F0 respectively. I recently followed some tutorials and scripts in W11 forums to update the certificates, but as it's expected, these MoBos are lacking the certs in the BIOS itself, which makes it risky to make a BIOS reset, because I¿ll lose the certs and be forced to update again, with all the mess that will cause with Secure Boot. So... I'm looking information from people using MSI Motherboards to see which BIOS revision in their page includes the 2023 Certs... nope, the current BIOS I have don't include them, so there should be somewhere around 2025... Is anybody able to confirm since when / which revision, circa 2025, MSI started adding this certs? (Or if I have no choice to install the beta version... but I'm really hesitant to install beta software in my system...) I've been asking MSI themselves... but they haven't been... let's say open with the info at best... I'll be really thankful with your info guys. Cheers!
It's common between vendors that they NEVER tell you about the important stuff... apparently some with other models got the certs with the latest 2025 September update... But being a beta BIOS... I dunno in my case. That's why I am patiently waiting for some kind soul that knows about MSI BIOS or has installed an update to see if the latest (or some from around 2025) has the certs... Microsoft and their mess lol
Oh yes, that's how they are gonna do it, the problem is they are installed, but they aren't in the ROM per say... Supposedly there are 2 databases for certs: The one MS can modify to add and revoke certificates, and a default one, contained in your bios and used in case you reinstall windows, otherwise you need to disable secure boot to do it in case you ever reset your BIOS for whatever reason. That's the thing lol
Some BIOS firmware's will have factory support for CA 2023 certs. Meaning if you install the firmware, CA 2023 certs will be automatically added for you in BIOS. If you need to reset UEFI, then the CA 2023 certs will be restored. If your last firmware doesn't include them as factory defaults, don't panic! This just means you temporarily turn off Secure Boot mode, and boot back into Windows. Re-run the Secure Boot update process (or the scheduled task will periodically check if there's something to do), and Windows will re-install the CA 2023 certs again. After the process is done, you can safely turn on Secure Boot again. It all depends on whether your OEM has provided a signed KEK CA 2023 cert or not. If they have signed it for MS, then Windows can install/re-install the CA 2023 certs without your help.
Apparently MSI should have what is needed... the only thing I need to know is which revision from 2025 includes the new certs by default... I'm just hopping it's not included in the beta BIOS only (the latest) or I'll maybe have to bite the bullet and update to that one... BUt I wanna be sure, I don't like messing with BIOS updates until I'm sure I need it. I know I can just turn off Secure Boot to restore things... but it's just something I would like to avoid if I can just have the certs in BIOS and forget about it like I have during all this years of using PC's lol
Well, I had to raise a ticket because chat is pretty useless lol... So yes, in my case, there was a beta BIOS dated 2025-09-23, which contained the new certs by default. Today I flashed the two machines I have using this MoBo and problem solved. I was hesitant to install a beta BIOS, but seems that's the way MSI labels something "new" or "latest", which can be misleading. Anyways, problem solved. Thanks for the help guys!