Owners of certain older NVIDIA graphics cards may encounter boot problems with Windows Secure Boot enabled starting in June 2026. This is due to the expiration of the security certificates used by the UEFI GOP (Graphics Output Protocol) on these cards. Without a valid certificate, Secure Boot may prevent the graphics card from initializing, potentially leading to a black screen and an unbootable system for users without integrated graphics.
Key Takeaways
- Older NVIDIA GPUs with UEFI-capable VBIOS may fail to boot with Windows Secure Boot enabled after June 2026.
- The issue stems from the expiration of the UEFI GOP security certificate.
- This could result in a “soft brick” scenario for systems relying on a discrete GPU for POST.
- NVIDIA or add-in-board partners may need to issue VBIOS updates with newer certificates.
- Disabling Secure Boot is a workaround but compromises system security and may prevent some games from running.
The Technical Challenge
The core of the problem lies in the expiration of the security certificate for the UEFI GOP, which is crucial for displaying output during the boot process. Windows Secure Boot is designed to only load software with valid, time-sensitive certificates. When these certificates expire, Secure Boot can block the loading of the graphics card’s VBIOS, leading to a black screen before the BIOS even appears. For users whose motherboards or processors lack integrated graphics, this could render their systems unbootable until the VBIOS is updated or the graphics card is replaced.
Potential Solutions and Mitigation
GPU vendors like NVIDIA and their add-in-board (AIC) partners, such as ASUS, MSI, and Gigabyte, may need to re-sign the affected GOPs with newer Microsoft certificates. Ideally, dual-signing with both older (2011) and newer (2023) certificates would ensure broader compatibility. NVIDIA has previously provided user-friendly, Windows-based tools for critical VBIOS updates.
The most straightforward user-level mitigation is disabling Windows Secure Boot. However, this is not ideal as it reduces pre-boot security and can prevent certain games with strict DRM or anti-cheat software from running, some of which may even require features like Virtualization-Based Security (VBS).
Users on older platforms can proactively update their motherboard firmware and Windows to incorporate the newer 2023 certificates into their UEFI databases. A more technical workaround involves manually trusting the SHA hash of the VBIOS before the certificate expires, but this is not practical for most consumers.
Impact and User Concerns
Concerns have been raised about how this will affect specific older cards, such as the GTX 1080 Ti. While some argue that older hardware is inherently unsupported and requires extra effort, others point out that this issue could render functional hardware unusable. There’s also a question of whether AMD GPUs might be similarly affected, as the certificates are provided by Microsoft.
Microsoft’s ability to revoke certificates via Windows Update could also lead to premature issues. While some users are confident that Microsoft will provide updated certificates through Windows Update, others worry about the implications of Microsoft’s control over hardware compatibility and the potential for forced obsolescence.
Via Reddit
