www.it-connect.fr
Ventoy 1.1.14 Prepares for the UEFI CA 2023 Secure Boot Transition
Ventoy has been updated to version 1.1.14, a maintenance release published on June 24, 2026 for this popular open source multiboot USB creation tool. The main change concerns the Secure Boot shim, which has been updated to keep pace with Microsoft's transition to the UEFI CA 2023 certificate. What does this mean in practice? Here's what you need to know.
A new Secure Boot shim to keep up with the UEFI CA 2023 transition
For several months now, computers with UEFI have been migrating to the Microsoft UEFI CA 2023 certificate, replacing the old certification authority that expires starting in June 2026 (one first certificate actually expired on June 24, 2026). Boot tools that rely on an older-generation shim boot loader may then run into problems on machines where Secure Boot is enabled.
Ventoy 1.1.14 is therefore a chance to get in line and avoid unpleasant surprises. According to the official changelog published on GitHub, this new version now relies on the new certification authority (or at least the most recent one). Reading it makes it clear that this comes with a consequence: "The new version uses a new certification authority, so you must enroll the new key at first boot."
In other words, on the first boot after the update, you will need to enroll the new key so that Secure Boot will allow the USB drive to boot. A one-time step, but an unavoidable one. Still, if you use Ventoy, you are probably already familiar with the process!
The developer states: "I chose a Rocky Linux shim file because it was signed by both UEFI CA 2011 and UEFI CA 2023.
This update is part of a broader trend we have been following for some time on the Windows side, with the scheduled expiration of Secure Boot certificates in 2026.
VentoyPlugson and a new VTOY_SECURE_BOOT_POLICY option
Beyond this important change, Ventoy 1.1.14 also brings two other updates:
- VentoyPlugson has been updated in sync. As a reminder, this is the web-based tool that lets you configure Ventoy's plugin system through a graphical interface instead of manually editing JSON files.
- The global control plugin now includes a new option called
VTOY_SECURE_BOOT_POLICY.
This option controls Ventoy's Secure Boot policy. According to the official Ventoy documentation, its behavior is as follows:
"0": Ventoy bypasses Secure Boot verification,"1": Ventoy follows the verification defined by the UEFI Secure Boot policy.
Note: the default value is "0". By default, Ventoy therefore continues to attempt to bypass Secure Boot verification. Linux, Windows, and LiveCD builds of Ventoy 1.1.14 are available on the project's releases page on GitHub.
Want to get started with this tool? Our step-by-step tutorial explains how to create a multiboot USB drive with Ventoy to host all your ISO images on a single medium, and even customize it with a theme and a Windows answer file.
