
A time-sensitive update affecting Windows-based devices across your organisation.
What is Secure Boot?
Secure Boot is a critical security feature built into Unified Extensible Firmware Interface (UEFI) firmware. It ensures that only digitally verified, trusted software is permitted to run during a device’s boot sequence, acting as your system’s first line of defence before the operating system even loads.
It works by validating pre-boot software against a set of trusted digital certificates (Certificate Authorities / CAs) stored within the device’s firmware. As a globally recognised industry standard, UEFI Secure Boot governs how platform firmware manages these certificates, authenticates firmware integrity, and interfaces with the operating system.
What Is Changing And Why It Matters
Microsoft’s original 2011 Secure Boot certificates are reaching expiry in 2026 and are being replaced by updated 2023 certificates. Many supported Windows devices will receive these updates automatically through Windows Update, OEM firmware, or enterprise update tools.
However, healthcare and government organisations should verify that all endpoints have successfully transitioned, particularly older devices that may require manual review, including:
- Older 7th Gen and 8th Gen Intel devices
- Medical workstations and locked-down managed fleet devices
- Embedded PCs and offline or air-gapped systems
- Custom builds and devices requiring OEM firmware updates
Why Older Intel Platforms Warrant Closer Attention
It’s worth noting that older Intel platforms such as 7th Gen and 8th Gen devices, may be more likely to need review. This isn’t necessarily because of the processor itself, but because these devices are generally older and may have:
- Older UEFI firmware
- Lingering Windows 10 dependencies
- Unsupported configurations
- Slower OEM firmware support
Microsoft’s guidance confirms that while supported devices may receive updates automatically, some managed or specialised devices may require direct IT or OEM action.
Understanding the Real Risk
The risk is not that devices will suddenly stop working.
The concern is that devices which do not transition to the updated certificates may progressively fall behind in:
- Boot-level security protections
- Revocation updates
- Firmware compatibility
- Future Windows security requirements
Over time, this erodes your organisation’s security posture and may create compliance gaps under frameworks relevant to Australian healthcare, leaving critical clinical and administrative systems increasingly exposed to emerging threats.
HPA’s Recommendation: A Proactive Compliance Audit
HPA recommends a proactive Secure Boot compliance audit across your Windows-based medical and administrative fleets. This should:
✅ Confirm which devices have received the updated 2023 certificates
✅ Identify older or unsupported hardware
✅ Determine whether any OEM firmware updates or manual remediation steps are required
Our team of healthcare technology specialists can manage this process end-to-end, with zero disruption to your clinical workflows, so you can stay focused on delivering exceptional patient care.
Take Action Today
Don’t leave your device fleet, or your compliance posture to chance.
Contact the HPA team to arrange your Secure Boot compliance audit.
📞 Call us: 1300 472 878
📧 Email us: info@hpaust.com
🌐 Visit: hpaust.com
📅 Book a consultation: Please contact your local Business Development Manager
HPA proudly supports healthcare organisations across Australia. Early action ensures continuity of care, security compliance, and peace of mind.