I have a fine framework 11 system, but framework 11 systems are not to be found here on the framework website. Windows Security tells me a have a deficiency in relation to “automated Secure Boot certificate update due to hardware or firmware limitations. Contact [framework],” but I can’t find my framework 11 or any clear, direct support related to my system’s firmware. It’s as if my framework 11 no longer exists.
Um. Is FW 11 a typo.
Did you mean a different one?
Maybe, FW13, intel 11th gen?
Yes, it turns out I meant Intel 11th gen FW13. In younger days, I could keep more of this information in my head. Now, not so easy. Thanks for speaking up so promptly.
I am guessing, but maybe you are looking for the latest BIOS (includes updated certificates)
Maybe this will help:
And look for the “Framework Laptop 13 Generation” → “11th Gen Intel® Core” and then download and install it. There are 3 methods. One for windows, which is probably the one you want, one for Linux, and one for EFI.
Note: I am just another user like you.
As much as the media would love to portray that systems are going to be vulnerable basically overnight after the secure boot certificates expire; it is simply not true.
Spent some time the other night trying to update the secure boot certificates with the Framework Laptop 13 11th gen. Only to find out that there are known Issues with updating the secure boot certificates on v3.24.
If bitlocker is turned on make sure the recovery key is accessible.
This will likely be addressed by Framework in a guide or post soon as many users are going to be running into the same issues and want to update the certificates.
You might want consider using Linux instead of Windows. Framework supports the use of Linux on all Framework models and many different Linux distros work very well on Framework computers.
Linux does not require the use of secure boot. You can run Linux with secure boot enabled, but you can also turn secure boot off and Linux will run just as well and be very secure if you keep it up to date with the latest Linux kernel and other security patches. You can run the latest versions of all the major web browsers.
Most people can do everything they were doing on Windows on Linux. Most Windows games will run on Linux using the Steam store. There are free Linux application programs that can do what similar Windows programs do.
You can try using Linux without making any changes to your existing computer by downloading Linux Mint (LMDE) or MX-Linux or KDE Plasma Fedora, installing one of them on a 8 Gigabyte or larger USB 3.0 flash drive and booting up Linux from the USB flash drive. Linux will run in RAM and won’t make any changes to the drive in your Framework.
For considerably faster performance, you can buy a $4 USB 3.0 to SATA adapter and a 128 Gigabyte 2.5" SATA SSD for around $35, plug it into your Framework and install one of the Linux distros onto the 2.5" SATA SSD. A 128 Gigabyte 2.5" SATA SSD will give you plenty of room to install a Linux distro, Firefox, Vivaldi, Chromium or other current up to date web browsers, the LibreOffice suite, VLC, Digikam, and a bunch of other apps and still have room for music, photos, and some videos. You can boot from the 2.5" SATA SSD and it will run quite nicely in 8 Gigabytes of RAM or more. Linux will not force AI on you. If you want AI, you can use AI in Linux but you only use it if you want it.
For even faster performance get a USB 3.0 to NVMe M.2 adapter and a 128 Gigabyte M.2 NVMe SSD to install Linux on.
Try using that for a while and if you find it can do everything you want, wipe Windows and install Linux on your internal drive and never have to worry about secure boot or TPM ever again.
You can do all this on any of the Framework models from the Framework 12 on up.
Thanks. I rely on a variety of legacy apps where the Windows-to-Linux transition is uncertain. (Although I have tested out a few Linux iterations, now and then, in the past.) At my age, I find that the various set-up and re-tooling and re-learning of paradigm shifts costs almost as much valuable time as the end result ought to provide, as a benefit—if the “end result” stands still—in ways that technology in our time does not. With each new phone, each new camera, each new app, each new computer system, each new car, I (and my sympathetic peer group) notice that, the older you get, the quicker each new iteration of each new device comes at you. When you’re young, you likely wonder why Old People seem to be That Way. If you live long-enough, you’re lucky-enough to find out, first hand. I’m sorry: what were we talking about? 
Thanks, another user! It was the 11th Gen Intel Core that confused me. I was able to download/install in two steps.
I don’t know about “known issues with updating.” It did take two steps: first, to v3.22, then to v3.24. So far, so good.
As for the quality of the media’s dire warning, at my advanced age, I’m no longer able to keep up with such things on my own. Now, it’s my own, adult kids who keep up. That’s how I got to my framework system. I couldn’t be happier.
Thanks.
Others have had the same issue that was experienced going from older bios versions and updating to v3.24 where no matter what is done in the BIOS or with the TPM it will not update the certificates from the 2011 versions.
The only “fix” I came across was someone digging into and finding a similar problem with v3.22 and Framework issued a separate BIOS to clear variables which that version and THEN it would update the certificates if all the proper steps were followed.
Not excited about having to roll back the BIOS, use a special CLEAR variables BIOS flash file in v3.22, then apply v3.23 BIOS and then apply v3.24.
A cleaner fix hopefully will be coming instead of jumping through hoops to fix what was thought to have been fixed before but actually is not.
I’m fairly old myself, so I can appreciate that changing an operating system is a major effort.
My suggestion to try Linux was primarily as way to avoid having to use secure boot or TPM which Windows requires.
At some point in the future, it may not be technically possible to install the new set of secure boot keys that Microsoft will continue to release. At that point, you would no longer be able to run Windows on your existing Intel motherboard. Or Microsoft will release a new version of Windows which will no longer support your current Intel cpu.
Fortunately, with a Framework PC, you would be able to upgrade to a newer motherboard and cpu which would work with the new version of Windows.
But, if you were running Linux, you wouldn’t have to buy a new motherboard and you continue to be able to use your existing Framework configuration.
I think it’s quite possible that you would actually benefit from transitioning from Windows to Linux.
By switching to Linux, you could potentially use the same Linux distro for the next 15 to 20 years unlike Windows where you would go through two or three new versions of Windows and quite likely will have to upgrade your motherboard and cpu to meet the requirements of a new version of Windows.
I’m not saying that there wouldn’t be any changes in the user interface or Linux operating system programs but the changes would probably be less dramatic and much more under your control.
Age is certainly no limitation to using Linux. I have helped many people in their 80s and 90s make the transition to Linux and use Linux. The stability and security of Linux, once they became familiar with it, were much less stressful than using Windows. As long as a person is capable of using a computer, I think they can use Linux. If they reach a point where their memory or their cognition make it difficult or impossible to use Linux, they are unlikely to be able to use Windows or the Mac OS.