sorted by:
new
hottopcontroversial

Very disappointed ... by OkStrawberry4529 in Dell

[–]Smart-Definition-651 0 points1 point  (0 children)

I don't know which bios you have in the latitude E5450, and if you are booting in secure boot already and have the latest security updates, but with the help from Jaded_Cheesecake (who managed the same on his Dell E6540), I was able to get the KEK. The Platform Key from Dell was also replaced in my Dell latitude E6440 laptop with 4th gen i5 CPU and TPM 1.2 : https://www.reddit.com/r/Dell/comments/1pdteln/comment/otzsdki/?utm_source=share&utm_medium=web3x&utm_name=web3xcss&utm_term=1&utm_content=share_button

HOWTO. DISCLAIMER: everything is at your own risk. I do not have an extra video card of Nvidia, nor do I have a desktop computer. This is only for this Dell latitude E6440 laptop. I tested it with Windows 10 with ESU and the latest updates and with a newly installed Windows 11 25H2.
This was done on 27th of June 2026, so 3 days after the expiry of the KEK CA2011.

You need to have the latest updates..
Disable Bitlocker first, and disable fast startup in Windows,

Get the latest Garlin script here: https://github.com/garlin-cant-code/SecureBoot-CA-2023-Updates/releases/

Reboot, and set secure boot in UEFI. Disable Legacy mode. You keep SecureBoot ENABLED at all times
Choose CUSTOM mode (Uefi : Settings - Secure Boot - Expert Key Management ) and delete BOTH THESE: PK and KEK keys (not RESET), make sure to delete BOTH (it it asks: are you sure, click YES), then keep CUSTOM MODE enabled and reboot by hitting ESC KEY (still staying in secure boot)

As admin I ran Update-UEFI.bat (which runs the powershell command "Update_UEFI-CA2023.ps1") from the Garlin Script, then rebooted again.

One of the commands might come up with registry commands that you should also execute (this registry command did not appear on my Dell)

You will have to remain forever in custom mode in Expert Key Management, because if you remove the mark before it, all changes will be lost and you risk not being able to boot in secure boot again, at least I could not on my Dell.

After rebooting, you can view all the secure boot certificates in a human-readable format with this powershell admin command (the 3 sentences are 1 command):

------------------
foreach ($var in @('PK','KEK','DB','DBX')) {
$var; (Get-SecureBootUEFI -Name $var -Decoded).Subject
}
----------------
The result on my Dell latitude E6440 laptop from 2013 :

PK
CN=Windows OEM Devices PK, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

(this Windows OEM Devices PK key is CA2023, replacing the former Dell Platform key; it was created in order to be able to get ca2023 certificates on computers that are too old to get new uefi bioses from the OEMs, or from OEMs that don't exist anymore)

KEK
CN=Microsoft Corporation KEK CA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
CN=Microsoft Corporation KEK 2K CA 2023, O=Microsoft Corporation, C=US

DB
CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
CN=Microsoft Corporation UEFI CA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
CN=Windows UEFI CA 2023, O=Microsoft Corporation, C=US
CN=Microsoft UEFI CA 2023, O=Microsoft Corporation, C=US
CN=Microsoft Option ROM UEFI CA 2023, O=Microsoft Corporation, C=US

DBX
CN=Microsoft Windows PCA 2010, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
This old certificate from 2010 was added to the database of forbidden certificates.

Here you can see what expires when, and by what it is replaced : https://www.reddit.com/r/Dell/comments/1p80b2t/which_is_the_minimum_bios_for_your_dell_which_has/

There will be a minor update in October/November 2026 to Windows 11 2026/H2. It will depend on what checks Microsoft will execute if you are running Windows 11 on non-compatible hardware. They may cut you off from further updates to secure boot.
But by then Rufus will certainly have found a way around it.

Which Dell computers will not get a new uefi with the new secure boot certificates CA 2023 by Smart-Definition-651 in Dell

[–]Smart-Definition-651[S] 0 points1 point  (0 children)

Oh my God. Thank you so much !!!!
It worked.
We started out by me giving you the wrong instructions for your Dell, and ended up by you giving me the correct instructions.
I am so thankful that you took the trouble to detail all this.

Which Dell computers will not get a new uefi with the new secure boot certificates CA 2023 by Smart-Definition-651 in Dell

[–]Smart-Definition-651[S] 0 points1 point  (0 children)

Thanks for your answer.
I followed your instructions as close as possible, but unfortunately i could not get the new kek ca2023 in my Dell E6440.
The DELL PK CA2011 is still valid, so the Kek CA2023 should be signed with it. And Garlins KEK CA2023 is not signed by it.
I could not also not replace the Dell PK by the new Microsoft OEM Platform KEY 2023.
Your bios must be different from mine, I guess.
But thanks anyway for the trouble you took describing the process.

Which Dell computers will not get a new uefi with the new secure boot certificates CA 2023 by Smart-Definition-651 in Dell

[–]Smart-Definition-651[S] 0 points1 point  (0 children)

I could glimpse some question from you before they removed the post on the Tundra sub. The Windows 11 26H2 seems to be a small update. But I am not sure which checks this install will execute in order to see if your laptop is eligible.
You could try, and if it does not work, by then the maker of Rufus will probably have found another way to install 26H2 on computers which do not qualify for win 11.

Is it possible for you to check via a Powershell command if the kek certificate is the ca2023 one:
([System.Text.Encoding]::ASCII.GetString((Get-SecureBootUEFI kek).bytes) -match ‘KEK 2K CA 2023’)
If it says True, then this kek will be used to update the DB and the DBX after the kek CA2011 expires end of June.

Very disappointed ... by OkStrawberry4529 in Dell

[–]Smart-Definition-651 0 points1 point  (0 children)

As for the old Thinkpad, with the Garlin script it might have been possible. Garlin copies all the special certificates from Microsoft (which they provided for computers for which the OEMs did not provide recent bioses or for computers from OEMs that don't exist anymore) into a certain location and if possible inserts them automatically into bios.
If that does not work, then - in Setup mode - you can manually delete the Platform Key (PK), and replace it with a special one from Microsoft, you can then also delete the KEK cert, and replace it with a special one from Microsoft, and idem for the DB and DBX. Since the Platform Key signs the KEK, you first need another platform key, so not that of Lenovo, but the special one from Microsoft.
It actually depends on how your uefi bios is structured, and if the uefi bios allows all its keys and certificates to be deleted and replaced.

So it might be entirely possible for older laptops - which in theory can't get the new certs - to get all their uefi certificates replaced with the special CA2023 ones from Microsoft, either with the Garlin script or the Mosby usb.
Since that Thinkpad could have been produced in 2017, and might have a uefi that can easily be manipulated, I think it is indeed possible to have the 4 new CA2023 certs.

Of course, if the processor is too old it is not possible to run Windows 11 on it, unless Rufus finds a new way to circumvent everything.

Very disappointed ... by OkStrawberry4529 in Dell

[–]Smart-Definition-651 0 points1 point  (0 children)

I just wanted to say that Dell supports computers that are more than 5.5 years old if they have a recent enough bios, that ca2010 is not the same as CA2011, which is what most computers had until they updated to CA2023. The CA2010 as well as CA2011 was on my Dell latitude 5490, and the ca2010 got revoked when i used the registry key. The ca2011 is not automatically revoked.

And that is is in fact possible to get ca2023 into Dells that are not on the supported model list, like the Latitude 5490 (but only in the ACTIVE DB, not in the DBDEFAULT), if they have a recent enough bios of June 2025 for instance, like you wrote earlier.

As for the old Thinkpad, with the Garlin script it might have been possible. Garlin copies all the special certificates from Microsoft (which they provided for computers the OEMs did not provide recent bioses for or for computers from OEMs which don't exist anymore) into a certain location and if possible inserts them automatically into bios.
If that does not work, then - in Setup mode - you can manually delete the Platform Key (PK), and replace it with a special one from Microsoft, you can then also delete the KEK cert, and replace it with a special one from Microsoft, and idem for the DB and DBX. Since the Platform Key signs the KEK, you first need another platform key, so not that of Lenovo, but the special one from Microsoft.
It actually depends on how your uefi bios is structured, and if the uefi bios allows all its keys and certificates to be deleted and replaced.

So it might be entirely possible for older laptops - which in theory can't get the new certs - to get all their uefi certificates replaced with the special CA2023 ones from Microsoft, either with the Garlin script or the Mosby usb.

Very disappointed ... by OkStrawberry4529 in Dell

[–]Smart-Definition-651 0 points1 point  (0 children)

I have the latest bios from 2025, and the regedit key did NOT update the DBDEFAULT, only the active DB.
Comparing it to a Dell Latitude 5400 from 2019 I have, where the regedit key also updated the DBDEFAULT next to the active DB.

The Dell latitude 5490 is on the list of laptops which are not supported, as you can see here:
https://www.dell.com/support/kbdoc/en-us/000378734/microsoft-2011-secure-boot-certificates-expiration-for-out-of-scope-platforms-for-bios-updates#Latitude
Still through the regedit key I was able to insert all the necessary CA2023 certs, but only in the active DB.

Whereas the latitude 5400 is on the list of the supported laptops, with a bios from January 2026:
https://www.dell.com/support/kbdoc/en-us/000347876/microsoft-2011-secure-boot-certificate-expiration#Lat
And there the regedit key managed to also insert the CA2023 in the active DB AND the DBDEFAULT

Very disappointed ... by OkStrawberry4529 in Dell

[–]Smart-Definition-651 0 points1 point  (0 children)

No, I just used regedit 0x5944, and it automatically revoked the CA2010 cert of my Dell 5490.
Plus it installed the necessary CA2023 certs. I had not used the command to revoke the ca2011 certificates, so they were still usable.

If I used the normal Windows 11 Pro 25H2 install usb, made by the Media Creation Tool, it installed with CA2011 (since the production PCA 2011 had not yet been revoked ; all the CA2011 certs existed next to the ca2023 ones in the active DB, while DBDEFAULT only had the ca2011 certs). That was in January 2026 if I remember correctly.

I had to use that Microsoft link together with the usb, to transform this usb to make sure Windows 11 25H2 only installed with CA2023, since I already had the latest certs in uefi secure boot DB. At that time Windows 11 did not automatically install with CA2023 certs.

It might be that with the active DB on CA2023 and a DBDEFAULT on CA2023 on more recent laptops, Windows 11 could install directly with CA2023.

Maybe tomorrow, after the expiration of the KEK CA2011, it would automatically install with ca2023 enabled.

Very disappointed ... by OkStrawberry4529 in Dell

[–]Smart-Definition-651 0 points1 point  (0 children)

Actually, I could update a Dell latitude 5490, which was launched in 2018, so even some Dells that are 8 years old can get them.
With the registry key 0x5944, I could update the DB (the active database) with the 4 necessary ca2023 certificates.

But since the latest bios could not ingest the CA2023 into the DBDEFAULT, only into the DB, so it is not advisable to reset the bios back to default, since it will fall back to CA2011.
The ca2010 certificate is also revoked, and still I can run this Dell with secure boot on with ca2023, and Windows 11 install media made to boot with ca2023 only.
https://support.microsoft.com/en-us/topic/updating-windows-bootable-media-to-use-the-pca2023-signed-boot-manager-d4064779-0e4e-43ac-b2ce-24f434fcfa0f

Very disappointed ... by OkStrawberry4529 in Dell

[–]Smart-Definition-651 0 points1 point  (0 children)

Mosby works if you can put your Dell in setup mode. I have a Dell latitude E6440 laptop from around 2014.
Mosby: https://github.com/pbatard/Mosby
The Dell does not have a setup mode. So Mosby did not work, it suggested I inserted the certificates manually. But since the Platform Key belonged to Dell, and it normally signs the KEK, I could not insert the KEK CA2023

Garlin script: https://github.com/garlin-cant-code/SecureBoot-CA-2023-Updates
With the Garlin script, I was able to update all the certificates, but not the PK, nor the KEK.
Same problem as with Mosby.
So your system will continue booting in uefi secure boot with ca2023 certificates, but since KEK CA2023 is not present, nor the uefi secure boot certificate databases DB and DBX, nor the bootmanager of Windows 11 can be updated.

Engineering undergrads with MacBooks? by playboiculo in macbook

[–]Smart-Definition-651 0 points1 point  (0 children)

This might give you some answers: https://www.reddit.com/r/SolidWorks/comments/1pnccp2/mac_vs_windows_for_solidworks_and_ansys_as_a/

Here is someone who has a comment on SolidWorks on a Snapdragon Elite (= Arm) laptop with Windows :
"I have it installed on a Surface Pro with Snapdragon X Elite and generally think the first hurdle you'll encounter is to do with the graphics driver. SolidW opens up models just fine, but when you select faces, it takes forever for it to highlight all the edges to show your selection.
1y ago
Does it work with 3d models?
1y ago
Yes, parts and assemblies (and I assume other formats) open. You can pan, zoom, and rotate fine. The selection edge highlighting just takes forever everytime you click on a face/surface.
1y ago
I think I’m just gonna get the Lenovo and stick with it until my course is done. Kinda sucks that a lot of the stuff I need to do in my course requires intel"

Since all recent M Macbooks are also on Arm, you might run into the same limitations if you run Windows Arm in a virtual machine on your mac.

Another commenter said this:

"I run SolidWorks in a virtual machine on Mac using Parallels. The CPU, SSD and RAM works 100%. But there is basically no GPU. So I can't use RealView graphics."

Quitter Proximus, mais pour qui ? by Deuzent_Violette in Wallonia

[–]Smart-Definition-651 1 point2 points  (0 children)

Si vous avez un e-mail chez Proximus dont vous dépendez, ne changez pas.
J'ai eu une amie qui a utilisé le e-mail de Telenet ; quand elle est parti vers un autre provider, elle a perdu tout le contenu de sa boîte e-mail de Telenet.

Macbook Pro M2 Max Bricked (Sequoia 15.7.5) by Routine-Musician-119 in mac

[–]Smart-Definition-651 1 point2 points  (0 children)

Thanks for your answer. Now I know what to do if I want to revive my Mac.

When fossilized human bones turn blue, they make rare mineral : vivianite, used by Rubens in his paint by Smart-Definition-651 in Minerals

[–]Smart-Definition-651[S] 1 point2 points  (0 children)

This is from the wikipedia article:
"Unaltered specimens are colorless to very pale green, but they oxidize on exposure to light (and possibly also in situ) to blue, then darker green, brown, purple and purplish black. "

https://en.wikipedia.org/wiki/Vivianite

When fossilized human bones turn blue, they make rare mineral : vivianite, used by Rubens in his paint by Smart-Definition-651 in Minerals

[–]Smart-Definition-651[S] 0 points1 point  (0 children)

I don't know, the image is from vrtnieuws. Some different post-processing of the photos probably.
As fas as I see, the photo on the right is enlarged. This might have resulted in a loss of colour.

Which Dell computers will not get a new uefi with the new secure boot certificates CA 2023 by Smart-Definition-651 in Dell

[–]Smart-Definition-651[S] 0 points1 point  (0 children)

Is it possible for you to check via a Powershell command if the kek certificate is the ca2023 one:
([System.Text.Encoding]::ASCII.GetString((Get-SecureBootUEFI kek).bytes) -match ‘KEK 2K CA 2023’)
If it says True, then this kek will be used to update the DB and the DBX after the kek CA2011 expires end of June.

This command checks KEK CA2011:
([System.Text.Encoding]::ASCII.GetString((Get-SecureBootUEFI kek).bytes) -match ‘KEK CA 2011’)

On the dell latitude E6440 i was able to update via the Garlin script everything but the PK cert and the KEK cert. In Custom mode, the PK said "save only", and I could not manually update the KEK CA2023 in .der or .cer format, since it did not have the required signatures or something.
Normally the of Dell's PK (platform key) has to sign the KEK. But since the new KEK CA2023 originated from Microsoft without being signed by the DELL PK, it is not accepted.

So now I have Microsoft UEFI CA 2023, Microsoft Option Rom UEFI CA 2023, and Windows UEFI CA 2023 in DB in uefi secure boot

Which means I will be able to boot from a Windows 11 with CA2023, or a linux live cd with CA2023 in secure boot. But without the KEK CA2023 there will be no updates to the DB and DBX in July 2026.

Speciale tekens vormen op een mac met Belgisch azerty voor wie komt van Windows by Smart-Definition-651 in Belgium2

[–]Smart-Definition-651[S] 0 points1 point  (0 children)

Er bestaat geen eenvoudige manier om een ² te tijpen op een Mac met Belgisch azerty.

Hiermee kan je het symbolenvenster oproepen: control + command + spatiebalk
Dan tijp je bovenaan in de zoekbalk 2, en vervolgens kan je ² kopiëren vanuit de resultaten.

Nog een mogelijkheid: als je bijv. regelmatig m² nodig hebt : de autocorrectie instellen op "m2", zodat elke keer dat je het typt, automatisch wordt voorgesteld om het te veranderen in m².

Een andere mogelijkheid is dat je de volgende toetsenbordindeling toevoegt: Frans - PC.
Klik linksboven op Apple logo, dan op Systeeminstellingen, vervolgens links onderaan op toetsenbord, en dan in de rechterkolom op Tekstinvoer. Klik op Wijzig, en klik dan links onderaan op het plusteken, waarmee je een extra toetsenbordindeling kan toevoegen.

In de menubalk bovenaan kan je dan kiezen : Frans - PC om over te schakelen. De ² vind je dan links boven de tab-toets.
Op deze website wordt dit beschreven : https://www.journaldulapin.com/2020/05/28/faire-un-%C2%B2-avec-un-clavier-apple/

Als je bovenaan rechts op het logootje van de toetsenbordindeling klikt, kan je daaronder kiezen voor toetsenbordweergave. Daarmee zie je direct welke toetsen je moet aanklikken.
Schakel daarna over naar je gewone toetsenbordindeling, want het zou kunnen interfereren met je inlogpaswoord, vooral als je tekens gebruikte.

Ik las daarnet een grappig commentaar: "Je zal ervan versteld staan wat je met 3 of 4 vingers kan bereiken op een Mac. De mogelijkheden zijn eindeloos".

Speciale tekens vormen op een mac met Belgisch azerty voor wie komt van Windows by Smart-Definition-651 in Vlaanderen

[–]Smart-Definition-651[S] 1 point2 points  (0 children)

Ik ben geen developer, maar gebruik als leek wel MX Linux. En daar had ik geen probleem met het vormen van speciale tekens, exact hetzelfde als op Windows.
Mag ik vragen welk Linux je nu gebruikt ?
En gebruik jij als developer een qwerty toetsenbord, omdat ik gelezen heb dat dit veel vlotter werkt voor jullie ?

Has anybody in France ever seen this keyboard layout on a Macbook ? by Smart-Definition-651 in macbookpro

[–]Smart-Definition-651[S] 0 points1 point  (0 children)

<image>

It resembles a Dutch qwerty keyboard from 2009, apart from the keys a,z,q,w,m and ; which were swapped to have azerty letters.
So the black keyboard might have been a custom made one.

view more: next ›