FOR~GO
(For Geeks Only)
By Joe Callison
4 June 2026
Updating Secure Boot Certificates in Linux Terminal
If you run Linux on a computer with Secure Boot enabled in the UEFI, your distro may or may not automatically update the firmware for the Secure Boot Certificates from 2011 that are expiring in June 2026 and being replaced with the new 2023 Secure Boot Certificates.
Linux Terminal Commands:
To check the status of the Secure Boot state-
sudo mokutil –sb-state
To check the current certificates and public keys in the Key Exchange Key database-
sudo mokutil –kek
To check the current certificates and keys enrolled in the allowed database-
sudo mokutil –db
To download the list of the latest firmware updates-
sudo fwupdmgr refresh
To get the latest firmware updates-
sudo fwupdmgr get-updates
To install the downloaded updates-
sudo fwupdmgr update
