Hello David Yeom, thank you for posting in the Microsoft Q&A community.
To directly answer your question: Yes, the PC will boot normally after the Secure Boot certificate update, as long as the device firmware (BIOS) correctly supports and applies the new certificates. If the certificates are not updated before the deadline, the device will still boot and operate, but with a degraded security posture.
Here is the officially recommended approach to perform the update safely:
- Ensure the device is fully updated with the latest Windows 10 cumulative updates.
- Open PowerShell as an Administrator.
- Run the following command to manually trigger the Secure Boot servicing task:
Start-ScheduledTask -TaskName "\Microsoft\Windows\PI\Secure-Boot-Update"
- Restart the computer twice to ensure it boots up with the updated database.
Could you please provide some additional data? First, please open PowerShell as Administrator, run the following command, and share the output:
[System.Text.Encoding]::ASCII.GetString((Get-SecureBootUEFI db).bytes) -match 'Windows UEFI CA 2023'
(Note: If this returns True, your system has already successfully applied the new certificate).
Second, could you press Windows + R, type msinfo32, press Enter, and let me know the BIOS Version/Date currently installed?