There are two important things you must do now: confirm you have Secure Boot enabled and that your system firmware is updated. The Windows System Information tool can show if Secure Boot is enabled. However, any firmware update should come from your PC manufacturer or the platform managing virtual firmware.

If your system is eligible, the update typically happens quietly in the background. You should pay more attention to devices with dual-boot setups or PCs with legacy boot remnants, as they are less likely to get automatic deployment. You may have to navigate to this registry path: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecureBoot and set the AvailableUpdates registry value to a nonzero value. //

You can view the current certificate on your PC by running this PowerShell command: (Get-AuthenticodeSignature "C:\Windows\Boot\EFI\bootmgfw.efi").SignerCertificate | Format-List Subject,Issuer,NotAfter,Thumbprint

You can run this command on PowerShell, and a non-zero value for AvailableUpdates would confirm your computer is eligible to receive certificate updates: Get-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\SecureBoot" | Format-List