Embedded Files
The Deep-Dive Script (Lists All Certificate Names) -
Run this if you want to check the date that Certificates expire, or verify what is installed.
The Deep-Dive Script (Lists All Certificate Names) -
Run this if you want to check the date that Certificates expire, or verify what is installed.
To see a clean text dump of every single certificate authority currently written to the motherboard, copy and paste this custom script block into your elevated PowerShell terminal.
Not yet fully tested (as this was created on a PC with updated certs). See image for explanations (Gemini could be telling fibs). Also FAQs in regards to missing 2011 certs.
🔍 FAQ: Why does an updated machine show "MISSING" for the June 2011 Key?
🔍 FAQ: Why does an updated machine show "MISSING" for the June 2011 Key?
When running the deep-dive certificate audit, you might see a red [MISSING] status next to the Microsoft UEFI CA 2011 (Expiring June 2026) entry.
This is intentional, healthy behavior. > Once a machine has successfully migrated to Phase 2, the system actively drops or replaces the older 2011 trust anchors in favor of the Modern 2023 Keys (which will show as green [FOUND]).
Red Missing 2011 Key + Green Found 2023 Key = 🛡️ Fully Secure. The machine has already completed its transition.
Green Found 2011 Key + Red Missing 2023 Key = ⏳ Ticking Clock. The machine is fully reliant on the old key and will lose its servicing chain come June 2026.
Page updated
Report abuse