Beginning June 24, three certificates that cryptographically verify that each piece of firmware and software that loads during system boot will expire. The Microsoft-signed certificates are the linchpins of Secure Boot, a Microsoft-designed chain of trust. Secure Boot checks the digital signatures of all firmware that loads during system startup to ensure it originates from a trusted provider, such as the manufacturer of the motherboard the system runs on. //
For those of you that need to do a manual update, and you have the latest firmware, and Microsoft Security Centre states there isn't enough information to update your certificate automatically, you can go here and grab the certificates: Microsoft UEFI Guidancehttps://learn.microsoft.com/en-us/windows-hardware/manufacture/desktop/windows-secure-boot-key-creation-and-management-guidance?view=windows-11#14-signature-databases-db-and-dbx
If you need a quick chart explanation of the different files, you can go Here.https://support.microsoft.com/en-gb/topic/windows-secure-boot-certificate-expiration-and-ca-updates-7ff40d33-95dc-4c3c-8725-a9b95457578e
If you need a certificate not on the guidance page, you can go to:
Microsoft Secure Boot Open Source Repository.
https://github.com/microsoft/secureboot_objects
