Microsoft Secure Boot CA 2011 End-of-Life: Transition to 2023 Certificates

Microsoft has announced that the Secure Boot CA (Certificate Authority) 2011 certificates will expire in June 2026. After these dates, Windows devices relying solely on these certificates will no longer receive security updates for the Windows Boot Manager and related Secure Boot components, potentially increasing vulnerability to boot-level threats (such as bootkits).

To address this, Microsoft is transitioning to new 2023 certificates. Supermicro already released BIOS firmware updates to prepare the Secure Boot database for the new certificates.

Here are BIOS versions for the Intel-based affected motherboards:

Intel-based Motherboards
X12-CedarIslandBIOS version with the fix
X12QCH+by request
X12/C9-Comet LakeBIOS version with the fix
X12SAE/X12SCA-Fv 3.6
X12SCQv 3.6
X12SCV-LVDSv 3.6
X12SCV-Wv 3.6
X12SCZ-TLN4F/QF/Fv 3.6
C9Z490-PGWv 3.6
X12-IdavilleBIOS version with the fix
X12SDV-SPT4Fv 2.3
X12SDV-SP6Fv 2.3
X12SDV-SPT8Fv 2.3
B3SD1v 2.3
X12-TatlowBIOS version with the fix
X12STWv 2.5
X12STHv 2.5
X12STDv 2.5
X12STEv 2.5
X12STL-IFv 2.5
X12STL-Fv 2.5
B3ST1v 2.5
X12-TigerLakeBIOS version with the fix
X12STNv 2.0
X12/C9-RocketlakeBIOS version with the fix
X12SAE-5by request
X12SCA-5Fby request
C9Z590-CG(W)by request
X12-WhitleyBIOS version with the fix
B12DPE-6v 2.6
B12DPT-6v 2.6
B12SPE-CPUv 2.6
X12DAi-N6v 2.6
X12DGO-6v 2.6
X12DGQ-Rv 2.6
X12DPG-ARv 2.6
X12DPG-OA6v 2.6
X12DPG-OA6-GD2v 2.6
X12DPG-QRv 2.6
X12DPG-QBT6v 2.6
X12DPG-QT6v 2.6
X12DPG-U6v 2.6
X12DPi-N(T)6v 2.6
X12DPL-i6/NT6v 2.6
X12DDW-A6v 2.6
X12DGUv 2.6
X12DHM-6v 2.6
X12DPD-A/AM25v 2.6
X12DPFR-AN6v 2.6
X12DPT-B6v 2.6
X12DPT-PT6/-PT46v 2.6
X12DPU-6v 2.6
X12DSC-6v 2.6
X12DSC-A6v 2.6
X12SPO-(NT)Fv 2.6
X12SPM Seriesv 2.6
X12SPW-(T)Fv 2.6
X12SPL-LN4Fv 2.6
X12SPZ-SPLN6F/LN4Fv 2.6
X12SPi-TFv 2.6
X12SPA-TFv 2.6
X12SPED-Fv 2.6
X12SPG-NFv 2.6
X12SPT-PTv 2.6
X12SPT-G(C)v 2.6
X12DPiv 2.6
X13-AlderLakeBIOS version with the fix
B4SA1-CPUv 5.3
X13SAEv 5.3
X13SAE-Fv 5.3
X13SAN-H/-E/-L/-Cv 5.3
X13SAQv 5.3
X13SAV-LVDSv 5.3
X13SAV-PSv 5.3
X13SAZ-Fv 5.3
X13SAZ-Qv 5.3
X13-CatlowBIOS version with the fix
X13SCL-IFv2.4
X13SCL-Fv2.4
X13SCHv2.4
X13SCD-Fv2.4
X13SCWv2.4
B4SC1v2.4
X13-Eagle StreamBIOS version with the fix
X13DEHv 3.0
X13DEG-OADv 3.0
X13DEG-OAv 3.0
X13DGUv 3.0
X13QEH+v 3.0
X13DAi-Tv 3.0
X13DDWv 3.0
B13DEEv 3.0
B13DETv 3.0
B13SEE-CPU-25Gv 3.0
B13SEGv 3.0
X13DEG-Mv 3.0
X13DEG-QTv 3.0
X13DEG-Rv 3.0
X13DEG-PVCv 3.0
X13DEi(-T)v 3.0
X13DEMv 3.0
X13DET-Bv 3.0
X13DSF-Av 3.0
X13SEDW-Fv 3.0
X13SEED-F/SFv 3.0
X13SEFR-Av 3.0
X13SEI-TF/-Fv 3.0
X13SEM-TFv 3.0
X13SET-G/-GCv 3.0
X13SET-PTv 3.0
X13SEVR-SP13Fv 3.0
X13SEWv 3.0
X13SEW-TF-OS1v 3.0
X13OEiv 3.0
X13-FishHawk FallsBIOS version with the fix
X13SRA-TFv 2.6
X13SWA-T(F)v 2.6
X13-Raptor LakeBIOS version with the fix
X13SRN-H/-E/-WOHSv 5.3
X14-Birch StreamBIOS version with the fix
X14SBW-F/-TFv 1.6
X14SBT-Gv 1.6
X14SBHMv 1.6
X14SBSCv 1.6
X14SBI-(T)Fv 1.6
X14SBH-APv 1.6
X14SBT-GAPv 1.6
X14SBM-TF/TP4Fv 1.6
X14DBG-GDv 1.6
X14DBI-(T)v 1.6
X14DBG-XAPv 1.6
X14DBM-APv 1.6
X14DBM-SPv 1.6
X14DBT-Bv 1.6
X14DBHMv 1.6
X14DBG-MAPv 1.6
X14DBT-FAP / X14DBT-FLAPv 1.6
X14-Arrow lakeBIOS version with the fix
X14SAEv 2.0
X14SAE-Fv 2.0
X14SAV-LVDSv 2.0
X14SAV-TLN4F/Fv 2.0
X14SAZ-TLN4F/Fv 2.0
X14-KaseyvilleBIOS version with the fix
X14SDV-SP3Fv 1.4
X14SDW-SP9Fv 1.4

The information for AMD-based motherboards will be published shortly.

What You Should Do

  • Keep Secure Boot enabled – it remains effective and important for system security.
  • Install all available updates:
    • Install the latest BIOS/firmware updates.
  • No immediate action required for most systems – the transition is proactive and will complete automatically on supported devices.

This change does not prevent devices from booting after 2026, but staying updated ensures ongoing protection.

For further details, please refer to the Microsoft announcement: