..
Senior Techies SIG
Central Resource Library
9875 West 87th Street
Overland Park, KS 66212
Conference Room 02
Wednesday, June 10, 2026, 2:30 ~ 4:00 pm
Topic:
Windows Secure Boot Certificate Expirations
(affects Windows and Linux)
The Senior Techies are a small group of senior citizens who desire to share and discuss computer and other technology issues with each other to help expand their knowledge. SenCom members who seek to discuss computer and/or technology issues in a smaller group setting, regardless of current knowledge, are encouraged to attend. The Senior Techies SIG always meets on the 2nd Wednesday of the month.
Note: This will be a hybrid meeting. You can join in person or remotely via Free Conference Call, as referenced in the Revised Virtual Meeting Procedure shown below.
Joe Callison convenes the Senior Techies SIG
jcallison@kcsenior.net
Revised Virtual Meeting Procedure:
We miss seeing our members. If you have been having problems joining our virtual meetings using Free Conference Call, please contact a Board Member, and one of us will work with you before the meeting you are interested in joining. Board Members’ email addresses are under the “About Us” tab of SenCom’s website.
QUICK ACCESS TO A SENCOM MEETING
If you have the FreeConferenceCall (FCC) app, please start the app to join our meeting with audio and video. If you do not have the FCC app and do not want to install the FCC app, please click on this link below to enter the virtual meeting, and participate with audio only (your picture will not be available to anyone):
https://www.freeconferencecall.com/wall/sencomuser00/viewer
You will still need to tell Free Conference Call to use the audio either on your computer or through a separate phone call. If you are using the FCC app on a computer, smartphone, or tablet, turn on your video by clicking on the icon of a video camera so that we can see you. On a phone or tablet, you may need to tap your screen to see the icon.
Here are the complete instructions for our virtual meeting procedure:
We are using a service called Free Conference Call that allows all of us to be on at one time through video/audio conferencing or just audio conferencing. If you have a camera and speakers on your desktop computer or a laptop computer with a camera and speakers, you will find that using your PC or Mac computer along with the FCC app will probably give you the best experience. To use your computer to conference into the meeting, follow the instructions that I have assembled in this PDF:
Using your computer to access the Free Conference Call (PDF)→ (Revised)
Also available on our Free Conference Call page → (Revised)
When using the Chrome browser to access a video conference, you may see a message that your browser has blocked access to your camera or audio. Look at the icons in the top right area of your browser for an icon with a red X, like the following:
Click on the icon and then click on the button to allow access, and then click the Done button. If the red X does not disappear after a few seconds, you may need to refresh your browser by clicking on the icon near the top left of your browser that looks like the following:
The settings for the site will be saved in your Chrome browser Privacy and security settings so you will not need to do this the next time you access the site.
Although Chrome is the preferred browser, others have used Firefox without any problems.
For those who wish to use their Android devices (either tablet or phone), we are using an app called FreeConferenceCall that you can download from the Google Play Store (note that there are no spaces in the app name). Bob Bowser has assembled a set of instructions that you can print and follow to join the meeting:
Using your Android device to access the FreeConferenceCall (PDF)→
Apple iPad/iPhone users can find the same app (Free Conference Call) on the Apple App Store. Installing and using it should be very similar to the Android instructions above.
.
Do you have a computer that can’t be upgraded to Windows 11, and don’t know what to do with it?
Would you like to learn about a different Operating System called Linux?
If you’re a senior using a Windows 10 computer, now is a great time to consider switching to Linux. Windows 10 has reached the end of its support, which means no more security updates – leaving your system more vulnerable unless you enroll in Microsoft’s Extended Security Updates for one more year of support. Linux is a free, secure, and easy-to-use alternative that runs well on older machines, helping you avoid the cost and hassle of buying a new computer. Many versions of Linux, like Linux Mint or Zorin OS, are designed to feel familiar to Windows users, making the transition smoother. With Linux, you can continue browsing the internet, sending emails, watching videos, and more – without worrying about viruses or forced updates. It’s a smart, budget-friendly choice for staying safe and productive online. If everything you do on your computer is done inside a browser (Edge, Chrome, Firefox, etc.), Linux can easily handle your needs.
Please let us know your interest! SenCom is considering holding workshops and developing classes on Linux. Contact either Joe Callison (jcallison@kcsenior.net) or Frank Mundt (fmundt@kcsenior.net).
.
.
SenCom is on Facebook. See the access instructions below to find our Facebook Group page (SenComKC). Check it out! Share your favorite SenCom moment or interaction.
To access the group page:
- Log in to your Facebook account.
- On your computer, click “Search Facebook” in the left-hand corner (to the left of the home icon, or on your mobile device, in the middle of the screen on top, then type SenComKC (not case sensitive).
- Search results should give you “Groups,” and under that, you will see SenComKC. To the right of your search results, you should see a “Join” button. Click the button to request to be a member of this Facebook group.
.
* Volunteers Needed *
SOS! NEEDED NOW! — Volunteers to help our Board of Directors fill the board positions of Vice President, Program Director, and Hospitality Director. If interested, please email me or another Board Member. Our email addresses are on the “Board of Directors” page under the “About Us” menu. Remember, this is your organization; please help us keep it healthy and growing!!
LITTLE OR NO COMPUTER SKILLS REQUIRED.
Lou Risley, 913-298-0575 or sencomprez@gmail.com
.
GEEK FREE
By Joe Callison
4 June, 2026
Check Your Windows Secure Boot and Device Encryption Status!
Secure Boot:
Secure Boot is a UEFI firmware (modern version of BIOS) that was introduced with Windows 8 in 2012. It requires Secure Boot Certificates for any software that loads during the boot process, before the Windows operating system and other software are loaded. Some third-party drivers and antimalware processes may load during the boot process and would require these certificates. The certificate validation data is stored in the firmware and was published in 2011. The certificates begin expiring in June 2026, and new data needs to be updated for certificates published in 2023. This update process is being done beginning with the April 2026 Windows updates. Some computers are having issues with the updates, notably Lenovo Yoga and, more recently, many of the HP models. In trying to perform the necessary UEFI changes, the computers may boot up with a message to enter the BitLocker Recovery Key. Even after entering the valid key stored in the user’s Microsoft account, the computer may be stuck in a boot loop with the same message. The problem seems to be a difficulty in completing the UEFI firmware changes necessary for the new certificates. Other means of updating the firmware might be needed unless there is a Windows update fix for the affected models.
If your computer has not been affected, you can verify that the updated Secure Boot Certificates have been received by going to Settings, Privacy & Security, Windows Security, Device Security, and reading the Secure Boot description. It should indicate that the certificate updates have been completed and no further changes are needed.
If Secure Boot is not listed in Device Security, the feature may have been turned off in the firmware. Normally, it is on by default.
Device Encryption:
Device Encryption is provided for Windows Home users, similar to BitLocker Device Encryption for Windows Professional users, but limited to turning on or off for management, and only applicable for internal storage drives. It requires being signed into a Microsoft account, not a local account, and both the TPM Security and Secure Boot features must be turned on in the UEFI firmware. If the requirements were met when Windows was first set up, Device Encryption would have been turned on by default, and a BitLocker recovery key would have been stored in the online Microsoft Account. The internal drives would then be encrypted unless the toggle is later turned off in the Windows settings. Turning off encryption would begin the process of decrypting the drives, which could take considerable time to complete. If turned on again, the encryption process would begin, and a new BitLocker recovery key would be stored in the Microsoft Account. It is highly recommended to keep a copy of the current key stored in a safe place, as well as the Microsoft Account user name (typically an email address) and password.
For normal home use, unless you travel with your laptop or have very sensitive information stored on it, I would discourage encrypting your internal drives. I would instead keep sensitive information on an encrypted external drive.
Like Secure Boot, Device Encryption can be found on the Device Security settings page. A text link to manage the device encryption will open another settings page with a toggle to turn it on or off.
FOR~GO
(For Geeks Only)
By Joe Callison
4 June 2026
Updating Secure Boot Certificates in Linux Terminal
If you run Linux on a computer with Secure Boot enabled in the UEFI, your distro may or may not automatically update the firmware for the Secure Boot Certificates from 2011 that are expiring in June 2026 and being replaced with the new 2023 Secure Boot Certificates.
Linux Terminal Commands:
To check the status of the Secure Boot state-
sudo mokutil –sb-state
To check the current certificates and public keys in the Key Exchange Key database-
sudo mokutil –kek
To check the current certificates and keys enrolled in the allowed database-
sudo mokutil –db
To download the list of the latest firmware updates-
sudo fwupdmgr refresh
To get the latest firmware updates-
sudo fwupdmgr get-updates
To install the downloaded updates-
sudo fwupdmgr update
.
SenCom gratefully acknowledges the following organizations for their support:
Google Fiber
City of Shawnee:
Parks & Recreation Department
Johnson County Library:
Central Resource, Oak Park
SENCOM IS A NOT-FOR-PROFIT KANSAS CORPORATION
UNDER THE IRS 501(C)(3) RULES
