how to fix this Secure Boot certificates | Razer Insider
Skip to main content
Question

how to fix this Secure Boot certificates

  • December 8, 2025
  • 6 replies
  • 5425 views
P

!--startfragment>

how to fix this Secure Boot certificates have been updated but are not yet applied to the device firmware. Review the published guidance to complete the update and ensure full protection. This device signature information is included here. DeviceAttributes: BaseBoardManufacturer:Razer;FirmwareManufacturer:Razer;FirmwareVersion:1.03;OEMModelNumber:Blade 16 - RZ09-0510;OEMModelBaseBoard:SO6100;OEMModelSystemFamily:1A58300A Razer Blade;OEMManufacturerName:Razer;OEMModelSKU:RZ09-051021N4;OSArchitecture:amd64; BucketId: 121954a5453464cf5283ad543028942483c61fd6aae2ef6a7c25d4fd1b3a8ed8 BucketConfidenceLevel:

!--endfragment>

I’m on the latest bios update from 2023

!--startfragment>

Quick Fix: To resolve the Secure Boot certificate warning on your Razer Blade 16, you need to apply the latest BIOS and firmware updates from Razer, and ensure the Microsoft Secure Boot certificate update is installed and committed to the device firmware. This requires both vendor firmware updates and Windows-side certificate application.

 

🔧 Step-by-Step Guidance

1. Understand the Issue

  • The message means Windows has downloaded new Secure Boot certificates, but they are not yet written into your UEFI firmware.
  • Without applying them, your system may not be fully protected against revoked or expired bootloaders.

2. Apply Razer Firmware Updates

Razer has published specific updates for the Blade 16 series:

  • BIOS Updater (latest version v2.03 or newer)
  • Customer Firmware Updater (v3)
  • EC/Keyboard/vBIOS Firmware Updater (v2.01)
  • PD Firmware Updater (09v4)

👉 You can find these on Razer’s support page for Blade 16(6).
Make sure to install all required firmware packages in sequence, starting with BIOS, then EC/Customer Firmware, then PD.

3. Apply Microsoft Secure Boot Certificate Update

  • Microsoft has issued Secure Boot certificate updates to replace expiring 2011-era certificates with the 2023 chain.
  • Run Windows Update and ensure KB5062710 or later Secure Boot updates are installed.
  • After installation, reboot your system. Windows will attempt to commit the new certificates into UEFI.

4. Verify Certificate Status

You can check if the certificates are applied:

 

Confirm-SecureBootUEFI

5. If Still Not Applied

 

✅ Summary Table

 

     
     
     
  Confirm-SecureBootUEFI  
     

 

Action for you: Download and apply the latest BIOS and firmware updates from Razer, then make sure Windows Update has installed the Secure Boot certificate patch. After reboot, confirm Secure Boot is active and certificates are committed.

Would you like me to walk you through the exact download links and update order for your Blade 16 (RZ09-0510) so you can apply them without missing a step?

  • Run PowerShell with admin rights:
    • This should return True if Secure Boot is active.
    • To check certificate status, use Microsoft’s guidance or scripts like Check_EFIBootFile.ps1.
    • Event ID 1801 warnings may persist if the firmware update hasn’t committed the DBX (forbidden signature database).
    • In that case:
    • Re-run the Razer firmware updater.
    • Ensure BitLocker is suspended before BIOS updates.
    • Perform a full shutdown and cold boot after updates.
    !--endfragment>

    6 Replies

    J
    • james_97
    • Insider Mini
    • January 30, 2026

    This warning means Windows has the new Secure Boot certificates but your UEFI firmware hasn’t committed them yet. Make sure all Razer firmware updates (BIOS + EC/Customer firmware) are installed, then install the latest Microsoft Secure Boot update, reboot, and verify with Confirm-SecureBootUEFI; if it still persists, a firmware refresh or Razer support is required.

    P
    • prosenba
    • Author
    • Insider Mini
    • February 5, 2026

    I have the latest firmware form razer and the problem still persists

    Updated Secure Boot certificates are available on this device but have not yet been applied to the firmware. Review the published guidance to complete the update and maintain full protection. This device signature information is included here.
    DeviceAttributes: BaseBoardManufacturer:Razer;FirmwareManufacturer:Razer;FirmwareVersion:1.03;OEMModelNumber:Blade 16 - RZ09-0510;OEMModelBaseBoard:SO6100;OEMModelSystemFamily:1A58300A Razer Blade;OEMManufacturerName:Razer;OEMModelSKU:RZ09-051021N4;OSArchitecture:amd64;
    BucketId: 121954a5453464cf5283ad543028942483c61fd6aae2ef6a7c25d4fd1b3a8ed8
    BucketConfidenceLevel: 
    UpdateType: 
    For more information, please see https://go.microsoft.com/fwlink/?linkid=2301018.

    P
    • prosenba
    • Author
    • Insider Mini
    • February 5, 2026

    4000 dollar pc and this is happening, why is razer not updating the firmware any more

     

    NabuEQ2
    • NabuEQ2
    • Insider
    • February 11, 2026

    Just run the bios updater and it has caused a signature violation, but the bios will not get past the warning. 

     

    V2.03 has caused a signature violation on a Razer RZ09-0483X 16” blade. 

    How can I get past this? 

    P
    • prosenba
    • Author
    • Insider Mini
    • February 12, 2026

    This is what AI said to do, but I also read razer disabled to keep customers from bricking there pc, so i have not tried it.

    The "Supervisor Password" Trick

    Razer often hides advanced Secure Boot options until a BIOS password is set.

    1. In BIOS, go to the Security tab.

    2. Select Set Supervisor Password and create a simple one (e.g., "razer").

    3. Save and Exit, then immediately re-enter the BIOS.

    4. Check the Secure Boot menu again. Options like "Delete All Secure Boot Variables" or "Restore Factory Keys" often magically appear.

      • Note: Once you're done fixing the keys, you can clear the password by "changing" it to a blank entry.

        The "Supervisor Password" Trick

        Razer often hides advanced Secure Boot options until a BIOS password is set.

      • In BIOS, go to the Security tab.

      • Select Set Supervisor Password and create a simple one (e.g., "razer").

      • Save and Exit, then immediately re-enter the BIOS.

      • Check the Secure Boot menu again. Options like "Delete All Secure Boot Variables" or "Restore Factory Keys" often magically appear.

        • Note: Once you're done fixing the keys, you can clear the password by "changing" it to a blank entry.

      NabuEQ2
      • NabuEQ2
      • Insider
      • February 12, 2026

      Thanks for this.  
       

      I should have said I tried this already and nada.  No options to change even after creating an administrator password in the bios.

       

      Here is where I am at in detail.  
       

      BIOS status:

      • Secure Boot: Enabled

      • Vendor Keys: Active

      • System Mode: Deployed

      • No access to Key Management, OS Type, or Secure Boot Mode options (greyed out even after setting Administrator password).

       

      Troubleshooting already completed:

      • Loaded BIOS defaults

      • EC power reset performed

      • Windows 11 USB media boots successfully via F12

      • Ran Startup Repair — no change

      • Rebuilt EFI boot files manually using bcdboot from recovery environment — issue persists

      • Internal Windows installation confirmed healthy

       

      Apparent conclusion that I can get to:

      Secure Boot database appears corrupted or mismatched after the BIOS update.

      Firmware is rejecting valid Microsoft-signed bootloaders.

       

      Requested from Razer:

      Either or both:

      The BIOS recovery reflash procedure or,

      The recovery firmware package for RZ09-0483x to reset Secure Boot keys / platform state.

      The public BIOS EXE cannot be used because Windows will not boot.

       

      CookiesCookie settingsAccessibility statement