Secure Boot Certificate Update for Windows 11 Virtual Machines
Secure Boot is a security standard that ensures your computer only starts using software trusted by its firmware. This trust is maintained through a hierarchy of digital certificates stored in UEFI (Unified Extensible Firmware Interface).
Microsoft's Secure Boot certificates, which have been in use since 2012, are scheduled to expire in 2026.
To maintain the integrity of the boot process and ensure Windows 11 virtual machines can continue receiving security updates, Parallels Desktop is updating the Secure Boot certificates in the virtual firmware for all Windows virtual machines.
What you need to know
All Windows 11 virtual machines in Parallels Desktop have Secure Boot enabled by default and are affected by this update.
Parallels is currently delivering the updated certificates automatically, in stages:
-
Version 26.3.1 and later: Newly created Windows virtual machines include the updated Secure Boot certificates.
-
Version 26.3.3 and later: Existing Windows 11 virtual machines will be updated to the new Secure Boot certificates automatically upon Windows restart after installing the Parallels Tools update.
-
Version 20.4.2: Newly created Windows virtual machines will include updated Secure Boot certificates, and existing virtual machines will be updated upon Windows restart after installing Parallels Tools update.
If you have BitLocker enabled
Parallels Desktop will not attempt to update the Secure Boot certificates until BitLocker protection is suspended. If your Windows 11 virtual machine has BitLocker enabled, and you are:
Individual user or IT admin with small amount of managed VM's: refer to this article
IT admin that uses a centralized management solution for VM's: refer to this article
Was this article helpful?
Tell us how we can improve it.