AndreIsComputn
Well-known member
- Local time
- 3:38 PM
- Posts
- 32
- OS
- Windows 10, Windows 11
Hi guys :) .. this is something I posted in the acer forums but I thought I'd post it here hoping for some more general advice far as anyone else is experiencing this problem far as a laptop.. or heck even a premanufactured PC made by the same folks who make laptops :) , not necessarily acer as a manufacturer.. or who's heard of someone experiencing both the 1803 and 1801 error codes in event viewer for said PC? Thanks in advance to anyone who reads and replies :)
(copy and paste of my post in the acer forums follows)
Hi there :) .. having a problem with two acer aspire laptops, the newer one is an Acer Aspire A315-44P model manufactured June 2024 and the older one is a Acer Aspire A515-45 model.
I've applied a BIOS update to both laptops where the bios update specifically mentions a "Update MSFT Secure Boot Certificate" feature, BIOS update says it updated the laptop successfully.. it's very strange, on the one hand both acer laptops are saying they got a "secure boot allowed signature database update" in windows update.. I'm seeing an error code 1801 in event viewer but from what online research is telling me it's good news in a way because the notes for it say ""BucketConfidenceLevel: Under Observation – More Data Needed" which apparently means Microsoft and the acer laptops need to "talk more" to each other to make sure any Microsoft security updates don't create any problems for the laptops.. heck even my non acer "yep secure boot is on and all security certificates have been updated" computer is giving that 1801 error message.
What's really confusing is that both laptops are also giving an "1803" error message in event viewer which means the laptop has not been provided with a KEK file by Acer such that updating the security certificates is impossible
Secure Boot troubleshooting guide - Microsoft Support
"The System event log repeatedly records Event ID 1803, indicating that the KEK update couldn’t be applied.
Why it happens
Updating the Secure Boot KEK requires authorization from the device’s Platform Key (PK), which is owned by the OEM.
For the update to succeed, the device manufacturer must provide Microsoft with a PK-signed KEK for that specific platform. This OEM-signed KEK is included in Windows updates and allows Windows to update the firmware KEK variable.
If the OEM hasn’t provided a PK-signed KEK for the device, Windows cannot complete the KEK update. In this state:
Secure Boot updates are blocked by design.
Windows cannot work around the missing authorization.
The device can remain permanently unable to complete Secure Boot certificate servicing.
This can occur on older or out-of-support devices where the OEM no longer provides firmware or key updates. There’s no supported manual recovery path for this condition."
I tried applying the same BIOS update again to one of the laptops, no good in that the laptop just complained "You already installed this BIOS on me why are you trying to do it again?"
Even more confusing is the newer laptop's manufacture date of June 2024… the security certificates that we're supposed to update to were released year 2023.. so the June 2024 manufactured laptop with the 1803 error code can't handle the year 2023 security certificates?
I have no problem waiting for Acer to (hopefully!) roll out some kind of windows update to solve the issue … but I'm wondering if that's the correct thing to do? From what I'm seeing though it sounds like the issue is out of my hands and I have no choice but to wait for Acer to release the appropriate KEK file to the laptops.
Both acer laptops if you click on "windows security" and "device security" complain about secure boot having outdated security certificates… in contrast the non acer PC I mentioned doesn't do that as I noted above - the non acer PC also is not displaying the 1803 error that the acer laptops are in event viewer.
Thanks in advance to anyone who reads this and replies :)
(copy and paste of my post in the acer forums follows)
Hi there :) .. having a problem with two acer aspire laptops, the newer one is an Acer Aspire A315-44P model manufactured June 2024 and the older one is a Acer Aspire A515-45 model.
I've applied a BIOS update to both laptops where the bios update specifically mentions a "Update MSFT Secure Boot Certificate" feature, BIOS update says it updated the laptop successfully.. it's very strange, on the one hand both acer laptops are saying they got a "secure boot allowed signature database update" in windows update.. I'm seeing an error code 1801 in event viewer but from what online research is telling me it's good news in a way because the notes for it say ""BucketConfidenceLevel: Under Observation – More Data Needed" which apparently means Microsoft and the acer laptops need to "talk more" to each other to make sure any Microsoft security updates don't create any problems for the laptops.. heck even my non acer "yep secure boot is on and all security certificates have been updated" computer is giving that 1801 error message.
What's really confusing is that both laptops are also giving an "1803" error message in event viewer which means the laptop has not been provided with a KEK file by Acer such that updating the security certificates is impossible
Secure Boot troubleshooting guide - Microsoft Support
"The System event log repeatedly records Event ID 1803, indicating that the KEK update couldn’t be applied.
Why it happens
Updating the Secure Boot KEK requires authorization from the device’s Platform Key (PK), which is owned by the OEM.
For the update to succeed, the device manufacturer must provide Microsoft with a PK-signed KEK for that specific platform. This OEM-signed KEK is included in Windows updates and allows Windows to update the firmware KEK variable.
If the OEM hasn’t provided a PK-signed KEK for the device, Windows cannot complete the KEK update. In this state:
Secure Boot updates are blocked by design.
Windows cannot work around the missing authorization.
The device can remain permanently unable to complete Secure Boot certificate servicing.
This can occur on older or out-of-support devices where the OEM no longer provides firmware or key updates. There’s no supported manual recovery path for this condition."
I tried applying the same BIOS update again to one of the laptops, no good in that the laptop just complained "You already installed this BIOS on me why are you trying to do it again?"
Even more confusing is the newer laptop's manufacture date of June 2024… the security certificates that we're supposed to update to were released year 2023.. so the June 2024 manufactured laptop with the 1803 error code can't handle the year 2023 security certificates?
I have no problem waiting for Acer to (hopefully!) roll out some kind of windows update to solve the issue … but I'm wondering if that's the correct thing to do? From what I'm seeing though it sounds like the issue is out of my hands and I have no choice but to wait for Acer to release the appropriate KEK file to the laptops.
Both acer laptops if you click on "windows security" and "device security" complain about secure boot having outdated security certificates… in contrast the non acer PC I mentioned doesn't do that as I noted above - the non acer PC also is not displaying the 1803 error that the acer laptops are in event viewer.
Thanks in advance to anyone who reads this and replies :)
My Computer
System One
-
- OS
- Windows 10, Windows 11
- Computer type
- PC/Desktop
- Manufacturer/Model
- Built the PC myself :)
- CPU
- AMD Ryzen 7, 5700x
- Motherboard
- Asus Tuf Gaming B550
- Memory
- 32 GB corsair vengeance
- Graphics Card(s)
- Nvidia Geoforce GTX 1060, 6 GB
- Sound Card
- using sound built into motherboard
- Screen Resolution
- 1080
- Hard Drives
- Samsung 970 Evo Plus, Crucial MX500 1 TB drive x 2
- PSU
- Thermaltake Toughpower RGB 850 watt
- Case
- Phanteks Pro M
- Cooling
- two 140 mm case fans front, one 120 mm case fan back, one 140 mm case fan top
- Browser
- Chrome, Edge sometimes
- Antivirus
- Norton Security
