Did you manually update your Secure Boot Keys ?


FIREMEDIC2700 said:
om;y issue is that card is a ddr 5 and mine is ddr 3 .
Click to expand...
That's the better VRAM. GDDR5 is not related to DDR5 system RAM. GDDR5 was from long before DDR5 came out. We're talking about the later-2010s!

DDR5=late-GDDR6-era and GDDR7 era.

Chronology-wise, it's like this:

GDDR5=When DDR4 started, pretty much.

And when a video card has GDDR5, and you have DDR3, that's perfectly OK. Because that's the RAM on the discrete graphics.

The numbers of VRAM generations don't align with system RAM generations.
 

My Computers

System One System Two

  • OS
    Windows 11 Pro x64 24H2
    Computer type
    PC/Desktop
    CPU
    Ryzen 9 5900X
    Motherboard
    ASRock B550 PG Velocita (UEFI-BIOS 3.90)
    Memory
    64 GB G.Skill RipJaws V F4-3200C16D-64GVK
    Graphics Card(s)
    ASRock Steel Legend Arc B580 12 GB
    Monitor(s) Displays
    Alienware AW3423DWF OLED ultrawide
    Hard Drives
    Samsung 990 Pro 1 TB NVMe SSD
    PSU
    eVGA Supernova 750 G3
    Case
    Corsair 275R
    Internet Speed
    VTel FTTH 1 Gb down and 1 Gb up
  • Computer type
    PC/Desktop
    CPU
    Ryzen 7 5800X3D
    Motherboard
    Asus ROG Strix B550-F Gaming (UEFI-BIOS version 3607)
    Memory
    32 GB (2x16 GB G.Skill TridentZ Neo)
    Graphics card(s)
    Sapphire Nitro+ Radeon RX 6750 XT
    Hard Drives
    Samsung 970 Pro 512 GB NVMe SSD
    PSU
    Corsair RM850x
    Case
    Fractal Focus G
Secure boot seems more like a backhanded way of creating a kill switch than a security measure. Just my opinion, but still glad I just got a new laptop and got rid of the dinosaur from 2010. (A Thinkpad with a 1st gen i7)
 

My Computer

System One

  • OS
    Windows 11 22H2 Pro (X-lite Micro 11 version)
    Computer type
    Laptop
    Manufacturer/Model
    Dell/ Precision 7680
    CPU
    i7 13850HX (20 cores, 28 threads)
    Motherboard
    Dell
    Memory
    32GB DDR5
    Graphics Card(s)
    Intel UHD/ RTX 1000 ADA
    Sound Card
    Realtek
    Monitor(s) Displays
    4K UHD Touchscreen
    Screen Resolution
    3840 x 2400
    Hard Drives
    Samsung 512GB system drive
    WD Blue 1TB game drive
    PSU
    240W AC adapter, 1800W when docked
    Internet Speed
    1 gigabit symmetrical
    Browser
    Firefox, Librewolf
    Antivirus
    None. Manully configured so nobody except me can change any critical system files. (Don't ask how, it's probably against some rule somewhere)
garlin said:
Run this PowerShell script as Admin:
Code: 
powershell -nop -ep bypass -f Check_EFIBootFile.ps1

The script will report which CA certificates have been added to the DB & DBX lists, and which boot file you currently have installed for the system drive.
Click to expand...

I've updated my check script with several changes:
1. Fixed a few bugs related to the correct path of EFI files
2. Added reporting for KEK certs
3. Replaced the registry check of AvailableUpdates with WindowsUEFICA2023Capable (which is more useful)
4. Added scanning of boot file and boot manager files on mounted DVD or USB drives with Windows install media

Code: 
PS C:\Users\GARLIN\Downloads> .\Check_EFIBootFile.ps1
Secure Boot: OFF
BitLocker on (C:) OFF

UEFI KEK Certs
--------------
    Microsoft Corporation KEK CA 2011

UEFI DB Certs
-------------
    Microsoft Corporation UEFI CA 2011
    Microsoft Windows Production PCA 2011

UEFI DBX Certs
--------------

EFI Files
---------
    Disk 0: Boot Manager [Production PCA 2011] is ALLOWED.

    Registry: WindowsUEFICA2023Capable = 0
        [Windows UEFI CA 2023] is not in UEFI DB.

Code: 
PS C:\Users\GARLIN\Downloads> .\Check_EFIBootFile.ps1
Secure Boot: ON
BitLocker on (C:) OFF

UEFI KEK Certs
--------------
    Microsoft Corporation KEK CA 2011
    Microsoft Corporation KEK 2K CA 2023

UEFI DB Certs
-------------
    Microsoft Corporation UEFI CA 2011
    Microsoft Windows Production PCA 2011
    Microsoft UEFI CA 2023
    Windows UEFI CA 2023

UEFI DBX Certs
--------------
    Microsoft Windows Production PCA 2011

EFI Files
---------
    Disk 0: Boot Manager [Windows UEFI CA 2023] is ALLOWED.

    Registry: WindowsUEFICA2023Capable = 2
        [Windows UEFI CA 2023] is in UEFI DB, and Windows is starting from CA 2023 Boot Manager.

Bootable Media
--------------
    DVD D: "26200.5733"
        Boot File [Windows UEFI CA 2023] is ALLOWED.
        boot.wim:2    Boot Manager [Windows UEFI CA 2023] is PRESENT.
        install.wim:1 Boot Manager [Windows UEFI CA 2023] is PRESENT.
 

Attachments

My Computer

System One

  • OS
    Windows 7
Here is my result from just now:

Code: 
Windows PowerShell
Copyright (C) Microsoft Corporation. All rights reserved.
                                                                                                                        Install the latest PowerShell for new features and improvements! https://aka.ms/PSWindows                                                                                                                                                       PS C:\WINDOWS\system32> cd c:\temp                                                                                      PS C:\temp> powershell -nop -ep bypass -f Check_EFIBootFile_ver_2.ps1
Secure Boot: ON
BitLocker on (C:) OFF

UEFI KEK Certs
--------------
    Microsoft Corporation KEK CA 2011

UEFI DB Certs
-------------
    Microsoft Corporation UEFI CA 2011
    Microsoft Windows Production PCA 2011
    Windows UEFI CA 2023

UEFI DBX Certs
--------------

EFI Files
---------
    Disk 0: Boot Manager [Production PCA 2011] is ALLOWED.

    Registry: WindowsUEFICA2023Capable = 1
        [Windows UEFI CA 2023] is in UEFI DB.

Bootable Media
--------------
    USB D: "MACRIUMBOOT"
        Boot File [Production PCA 2011] is ALLOWED.

PS C:\temp>
 

My Computers

System One System Two

  • OS
    Windows 11 Home, ver 25H2 build 26200.8246
    Computer type
    Laptop
    Manufacturer/Model
    Hewlett-Packard Spectre 13-4001 x360 convertable
    CPU
    Intel Core i5 5200U @ 2.20GH
    Motherboard
    Hewlett-Packard 802D
    Memory
    4 GB
    Graphics Card(s)
    Intel HD Graphics 5500 on board
    Sound Card
    Intel Smart Sound Technology (Intel SST)
    Hard Drives
    Micron 256GB M.2 2280 NGFF SSD MTFDDAV256TBN, (SATA 6.0 Gb/s)
    Keyboard
    Model # G01KB
    Antivirus
    Microsoft Defender
    Other Info
    born on date: 25 Feb 2016
  • Operating System
    Win 11 Home 25H2 build 26200.7922
    Computer type
    PC/Desktop
    Manufacturer/Model
    Asus Desktop model M32AD-US019S (DOM: 6/9/2014 )
    CPU
    Intel Core i7 4th Gen 4790 (3.60GHz), Haswell 22nm Technology, SOCKET 1150
    Motherboard
    H81M-E/M51AD/DP_MB
    Memory
    Samsung 16 GB DDR3 (8GB in 2 modules)
    Graphics card(s)
    NVIDIA GeForce GTX 760, 3GB, and on-board Intel HD Graphics 4600 Rev 6
    Monitor(s) Displays
    HP EliteDisplay E241i LED; HP EliteDisplay E243
    Hard Drives
    Samsung 500GB SSD, 870 EVO (SATA 6.0 )
    Micron 250GB SSD, CT250MX500
    Toshiba HDD, 3GB (original drive w/PC)
    Case
    ASUS
    Keyboard
    ASUS-------------------------
    Antivirus
    MS Defender
    Other Info
    Additional Laptops:

    HEWLETT PACKARD
    HP OmniBook X Flip NGAI (Next Gen AI),
    Model: 16-as0023dx
    PT# B5UH1UA#ABA Product #: B5UH1UA
    delivered and setup 7/25/25
    16" 2K Touch-Screen Laptop
    Intel Core Ultra 7 256V '24 Series 2 - CPU
    Boost Clock Frequency 4.8 gigahertz; Neural Processing Unit (NPU) Yes;
    16GB Memory, LPDDR5X
    1TB SSD PCIe 4.0
    Graphics: Intel Arc 140V
    1 x HDMI 2.1
    1 x Thunderbolt 4
    2K Touch-Screen display, LED, IPS; 1920 x 1200 (Full HD+)
    USB Ports: 1 x USB-C 3.1, 2 x USB-A 3.1
    Wi-Fi 6E
    weight 4.15 pounds

    DELL
    Model:I7591-7483BLK-PUS 2-in-1 (7000 Series)
    purchased 12/3/2019,
    15.6 inch 2-IN-1;
    4K Ultra HD Touch-Screen, 3840 x 2160,
    Intel Core i7 10510U CPU 1.80GHz,
    16GB RAM DDR4 SDRAM 2400 megahert (2 slots),
    dedicated graphics Nvidia GeForce MX250 2 GB Graphics,
    PCIe 512GB Intel SSD + 32GB Optane Memory (Intel Optane Memory H10 with solid-state storage),
    wireless-AX & Bluetooth
    Battery: 68wh, Type 4VGMP 4 cell
And Here is My Results

Code: 
Secure Boot: ON
BitLocker on (C:) OFF

UEFI KEK Certs
--------------
    Microsoft Corporation KEK CA 2011
    Microsoft Corporation KEK 2K CA 2023

UEFI DB Certs
-------------
    Microsoft Corporation UEFI CA 2011
    Microsoft Windows Production PCA 2011
    Microsoft Option ROM UEFI CA 2023
    Microsoft UEFI CA 2023
    Windows UEFI CA 2023

UEFI DBX Certs
--------------
    Microsoft Windows Production PCA 2011

EFI Files
---------
    Disk 0: Boot Manager [Windows UEFI CA 2023] is ALLOWED.

    Registry: WindowsUEFICA2023Capable = 2
        [Windows UEFI CA 2023] is in UEFI DB, and Windows is starting from CA 2023 Boot Manager.
 

My Computers

System One System Two

  • OS
    Windows 11 Pro 25H2 26200.8037
    Computer type
    PC/Desktop
    Manufacturer/Model
    PreBuilt
    CPU
    AMD Ryzen 7700X
    Motherboard
    MSI B650 VC WIfi Rev 1.0
    Memory
    32GB DDR 5 RGB 5600Mhz
    Graphics Card(s)
    Radeon 7800XT
    Sound Card
    Onboard Audio
    Monitor(s) Displays
    Asus VG245H
    Screen Resolution
    1920x1080
    Hard Drives
    Samsung 990 Evo Plus NVMe Boot
    Samsung 990 Pro 1TB Game NVMe



    External
    Western Digital Elements 500GB
    Western Digital My Passport 2TB Blue
    Western Digital My Passport 2TB Red
    Toshiba 2TB in External Enclosure
    Seagate 8TB in External Enclosure
    Seagate 1TB Portable USB 3 External Drive
    Western Digital My Book 8TB (Primary Backup drive)
    Western Digital Black 4TB In External Enclosure
    PSU
    750 Watt High Power
    Case
    Lian Li Lan Cool 216 ARGB Airflow
    Cooling
    2 160MM Front, 1 140MM Rear Exhaust
    Keyboard
    Logitech G513
    Mouse
    Logitech G502 X
    Internet Speed
    Gigabit 1100Mb/35 Upload
    Browser
    MS Edge Chromium and Bing Search
    Antivirus
    Windows Defender, Malwarebytes Premium
    Other Info
    UEFI, Secure Boot, TPM 2.0, Macrium Reflect X
  • Operating System
    Windows 11 Pro 25H2 26200.8037
    Computer type
    Laptop
    Manufacturer/Model
    Asus TUF A16 Advantage Edition FA617NT.A16.R7700
    CPU
    Ryzen 7 7735HS
    Motherboard
    OEM Asus Motherboard
    Memory
    16GB DDR 5
    Graphics card(s)
    AMD Radeon™ 680M & Radeon 7700S
    Sound Card
    Onboard
    Monitor(s) Displays
    16inch FHD 165hz
    Screen Resolution
    1920x1080
    Hard Drives
    512GB NVMe Boot Drive
    PSU
    Laptop PSU
    Case
    Laptop Case
    Cooling
    OEM Cooling
    Keyboard
    OEM Laptop Keyboard
    Mouse
    Touchpad & G502 Hero
    Internet Speed
    Gigabit 1100 Download/35 Upload
    Browser
    MS Edge with Bing search
    Antivirus
    Windows Defender & Malwarebytes Premium
    Other Info
    Macrium Reflect X

Code: 
PS C:\chkuefi> .\Check_EFIBootFile.ps1
Secure Boot: ON
BitLocker on (C:) OFF

UEFI KEK Certs
--------------
    Microsoft Corporation KEK CA 2011

UEFI DB Certs
-------------
    Microsoft Corporation UEFI CA 2011
    Microsoft Windows Production PCA 2011
    Windows UEFI CA 2023

UEFI DBX Certs
--------------

EFI Files
---------
    Disk 0: Boot Manager [Production PCA 2011] is ALLOWED.

    Registry: WindowsUEFICA2023Capable = 1
        [Windows UEFI CA 2023] is in UEFI DB.
PS C:\chkuefi>
 

My Computers

System One System Two

  • OS
    Windows 11 Pro x64 24H2
    Computer type
    PC/Desktop
    CPU
    Ryzen 9 5900X
    Motherboard
    ASRock B550 PG Velocita (UEFI-BIOS 3.90)
    Memory
    64 GB G.Skill RipJaws V F4-3200C16D-64GVK
    Graphics Card(s)
    ASRock Steel Legend Arc B580 12 GB
    Monitor(s) Displays
    Alienware AW3423DWF OLED ultrawide
    Hard Drives
    Samsung 990 Pro 1 TB NVMe SSD
    PSU
    eVGA Supernova 750 G3
    Case
    Corsair 275R
    Internet Speed
    VTel FTTH 1 Gb down and 1 Gb up
  • Computer type
    PC/Desktop
    CPU
    Ryzen 7 5800X3D
    Motherboard
    Asus ROG Strix B550-F Gaming (UEFI-BIOS version 3607)
    Memory
    32 GB (2x16 GB G.Skill TridentZ Neo)
    Graphics card(s)
    Sapphire Nitro+ Radeon RX 6750 XT
    Hard Drives
    Samsung 970 Pro 512 GB NVMe SSD
    PSU
    Corsair RM850x
    Case
    Fractal Focus G
can some one tell me what this means and how do i fix it

secure Boot: OFF
BitLocker on (C:) OFF

UEFI KEK Certs
--------------
Microsoft Corporation KEK CA 2011

UEFI DB Certs
-------------
Microsoft Corporation UEFI CA 2011
Microsoft Windows Production PCA 2011

UEFI DBX Certs
--------------

EFI Files
---------
Disk 0: Boot Manager [Production PCA 2011] is ALLOWED.

Registry: WindowsUEFICA2023Capable = 0
[Windows UEFI CA 2023] is not in UEFI DB.
 

My Computer

System One

  • OS
    WINDOWS 11 WINDOWS 10
    Computer type
    PC/Desktop
    Manufacturer/Model
    HP H8 1360T
    CPU
    Intel(R) Core(TM) i7 -3770K CPU 3.50 GZ 3501 4 CORE
    Motherboard
    PEGATRON 2AD5
    Memory
    32.0 GB (31.9 GB usable)
    Graphics Card(s)
    AMD RADEON TM R5240 INTELL HD GRAPHICS 4600 TIGER 1+1 USB
    Sound Card
    AMD HD . IDT
    Monitor(s) Displays
    AOC WAL MART SPECIAL . HP 2311 IX IPS LED DELL 1708 FP
    Screen Resolution
    1920 X 1080 1600X900 1280X940
    Hard Drives
    1 FAXING S 100 512GB 1 KINGSTON 120 GB SSD 1 X12 SSD 512 GB
    PSU
    300 WATT HP
    Case
    FULL
    Cooling
    ON BOARD FAN
    Keyboard
    LOGITEC K 520 WIRELESS
    Mouse
    LOGITEC M 510 WIRELESS
    Internet Speed
    55 UP 11.2 DOWN
    Browser
    CHROME EDGE
    Antivirus
    WINDOWS SECUIRTY
    Other Info
    NON SUPPORTED HARDWARE FOR WINDOWS 11
bikemanAMD said:
And Here is My Results
Click to expand...
@bikemanAMD is done with CA 2023 migrations. Congrats!

@starchase and @RJARRRPCGP are halfway thru the process. They've entrusted CA 2023, but haven't banned CA 2011. But this is exactly where MS expects most users to be.

Some users will receive a "Microsoft KEK 2K CA 2023" certificate from a recent BIOS update.

Some users won't, because their vendor has abandoned their PC or motherboard model. You can manually add the Microsoft CA 2023 KEK, but generally its better if your vendor provides it.
 

My Computer

System One

  • OS
    Windows 7
garlin said:
@starchase and @RJARRRPCGP are halfway thru the process. They've entrusted CA 2023, but haven't banned CA 2011. But this is exactly where MS expects most users to be.
Click to expand...
I don't! Does this mean I'm toast?! I don't know where to go next, due to risk of running wrong script.
 

My Computers

System One System Two

  • OS
    Windows 11 Pro x64 24H2
    Computer type
    PC/Desktop
    CPU
    Ryzen 9 5900X
    Motherboard
    ASRock B550 PG Velocita (UEFI-BIOS 3.90)
    Memory
    64 GB G.Skill RipJaws V F4-3200C16D-64GVK
    Graphics Card(s)
    ASRock Steel Legend Arc B580 12 GB
    Monitor(s) Displays
    Alienware AW3423DWF OLED ultrawide
    Hard Drives
    Samsung 990 Pro 1 TB NVMe SSD
    PSU
    eVGA Supernova 750 G3
    Case
    Corsair 275R
    Internet Speed
    VTel FTTH 1 Gb down and 1 Gb up
  • Computer type
    PC/Desktop
    CPU
    Ryzen 7 5800X3D
    Motherboard
    Asus ROG Strix B550-F Gaming (UEFI-BIOS version 3607)
    Memory
    32 GB (2x16 GB G.Skill TridentZ Neo)
    Graphics card(s)
    Sapphire Nitro+ Radeon RX 6750 XT
    Hard Drives
    Samsung 970 Pro 512 GB NVMe SSD
    PSU
    Corsair RM850x
    Case
    Fractal Focus G

My Computer

System One

  • OS
    Windows 7
garlin said:
Give me about a day, I'll go figure out how to safely script this for your orphaned PC's.
Click to expand...
No 2023 KEK showing! I got a new BIOS update, too! In fact, updating the BIOS, also resulted in any 2023 key getting removed!

It showed "False" last night, after updating the BIOS. I added those commands again (at Microsoft web site) last night and it's now showing "True".

Looked at the batch file. No KEK being added. It doesn't look any different than the commands I already used days ago.

Feels almost like they think mine's a pre-Pinnacle Ridge! If that's the case, then they are as wrong as they can be! :mad:

I would expect this to happen on a B450 gen motherboard. Getting left out, even with a B550 motherboard!
 
Last edited:

My Computers

System One System Two

  • OS
    Windows 11 Pro x64 24H2
    Computer type
    PC/Desktop
    CPU
    Ryzen 9 5900X
    Motherboard
    ASRock B550 PG Velocita (UEFI-BIOS 3.90)
    Memory
    64 GB G.Skill RipJaws V F4-3200C16D-64GVK
    Graphics Card(s)
    ASRock Steel Legend Arc B580 12 GB
    Monitor(s) Displays
    Alienware AW3423DWF OLED ultrawide
    Hard Drives
    Samsung 990 Pro 1 TB NVMe SSD
    PSU
    eVGA Supernova 750 G3
    Case
    Corsair 275R
    Internet Speed
    VTel FTTH 1 Gb down and 1 Gb up
  • Computer type
    PC/Desktop
    CPU
    Ryzen 7 5800X3D
    Motherboard
    Asus ROG Strix B550-F Gaming (UEFI-BIOS version 3607)
    Memory
    32 GB (2x16 GB G.Skill TridentZ Neo)
    Graphics card(s)
    Sapphire Nitro+ Radeon RX 6750 XT
    Hard Drives
    Samsung 970 Pro 512 GB NVMe SSD
    PSU
    Corsair RM850x
    Case
    Fractal Focus G
garlin : that script did not do nothing. does secure boot have to be enabled to run the script. i know have the current bios installed its a old computer. i know hp and the motherboard mfgr are done with it
or is it time to set it the backyard and empty some 45 acp rounds from tustry MR glock into it for some long over due stress relief .
 

My Computer

System One

  • OS
    WINDOWS 11 WINDOWS 10
    Computer type
    PC/Desktop
    Manufacturer/Model
    HP H8 1360T
    CPU
    Intel(R) Core(TM) i7 -3770K CPU 3.50 GZ 3501 4 CORE
    Motherboard
    PEGATRON 2AD5
    Memory
    32.0 GB (31.9 GB usable)
    Graphics Card(s)
    AMD RADEON TM R5240 INTELL HD GRAPHICS 4600 TIGER 1+1 USB
    Sound Card
    AMD HD . IDT
    Monitor(s) Displays
    AOC WAL MART SPECIAL . HP 2311 IX IPS LED DELL 1708 FP
    Screen Resolution
    1920 X 1080 1600X900 1280X940
    Hard Drives
    1 FAXING S 100 512GB 1 KINGSTON 120 GB SSD 1 X12 SSD 512 GB
    PSU
    300 WATT HP
    Case
    FULL
    Cooling
    ON BOARD FAN
    Keyboard
    LOGITEC K 520 WIRELESS
    Mouse
    LOGITEC M 510 WIRELESS
    Internet Speed
    55 UP 11.2 DOWN
    Browser
    CHROME EDGE
    Antivirus
    WINDOWS SECUIRTY
    Other Info
    NON SUPPORTED HARDWARE FOR WINDOWS 11
FIREMEDIC2700 said:
garlin : that script did not do nothing. does secure boot have to be enabled to run the script. i know have the current bios installed its a old computer. i know hp and the motherboard mfgr are done with it
or is it time to set it the backyard and empty some 45 acp rounds from tustry MR glock into it for some long over due stress relief .
Click to expand...
Of course, they won't update diddly squat! Because it's a 4th-gen Core i system. Microsoft doesn't even support anything less than 8th-gen Intel.
 

My Computers

System One System Two

  • OS
    Windows 11 Pro x64 24H2
    Computer type
    PC/Desktop
    CPU
    Ryzen 9 5900X
    Motherboard
    ASRock B550 PG Velocita (UEFI-BIOS 3.90)
    Memory
    64 GB G.Skill RipJaws V F4-3200C16D-64GVK
    Graphics Card(s)
    ASRock Steel Legend Arc B580 12 GB
    Monitor(s) Displays
    Alienware AW3423DWF OLED ultrawide
    Hard Drives
    Samsung 990 Pro 1 TB NVMe SSD
    PSU
    eVGA Supernova 750 G3
    Case
    Corsair 275R
    Internet Speed
    VTel FTTH 1 Gb down and 1 Gb up
  • Computer type
    PC/Desktop
    CPU
    Ryzen 7 5800X3D
    Motherboard
    Asus ROG Strix B550-F Gaming (UEFI-BIOS version 3607)
    Memory
    32 GB (2x16 GB G.Skill TridentZ Neo)
    Graphics card(s)
    Sapphire Nitro+ Radeon RX 6750 XT
    Hard Drives
    Samsung 970 Pro 512 GB NVMe SSD
    PSU
    Corsair RM850x
    Case
    Fractal Focus G
Code: 
D:\Users\FerchogtX\Downloads>powershell -nop -ep bypass -f .\Check_EFIBootFile.ps1
Secure Boot: ON
BitLocker on (C:) OFF

UEFI KEK Certs
--------------
    Microsoft Corporation KEK CA 2011

UEFI DB Certs
-------------
    Microsoft Corporation UEFI CA 2011
    Microsoft Windows Production PCA 2011
    Windows UEFI CA 2023

UEFI DBX Certs
--------------

EFI Files
---------
    Disk 0: Boot Manager [Production PCA 2011] is ALLOWED.

    Registry: WindowsUEFICA2023Capable = 1
        [Windows UEFI CA 2023] is in UEFI DB.

D:\Users\FerchogtX\Downloads>

Does this mean I'm good? I used the bat script posted few messages above mine...
Any other step I need to do? This is for my HP 15 eh3000la laptop...
Good thing is, that error 1796 about TPM is now gone from event viewer... but I dunno if this is good or not...
 

My Computers

System One System Two

  • OS
    Windows 11 Pro 25H2
    Computer type
    PC/Desktop
    Manufacturer/Model
    Built PC
    CPU
    AMD Ryzen 5 5600G @ 3.9/4.4Ghz
    Motherboard
    MSI B550M-PRO-WiFi Ver. 1.4
    Memory
    2 x 16 GB DDR4 Kingston Fury Beast 3200 Mhz
    Graphics Card(s)
    AMD Radeon RX 6600 XT MSI Mech 2X OC Edition 8 GB
    Sound Card
    Realtek High Definition Audio (Integrated)
    Monitor(s) Displays
    Samsung C50Rx 27" LED / HP S2031 20" LCD
    Screen Resolution
    1920 x 1080 px / 1600 x 900 px
    Hard Drives
    WD Blue SN570 NVME M.2 SSD [1 TB] -- External Drives: - WD Scorpion Blue 250 GB 5400 RPM (Data Backup) - Hitachi 500 GB 5400 RPM (Software / ISOs Backup) - Toshiba MQ01ABD100 1 TB 5400 RPM (OS Images) - HGST TravelStar 7K1000 1 TB, 7200 RPM USB 3.0 - ADATA SU800 2TB SSD USB 3.0
    PSU
    Corsair RM750e 750W Fully Modular
    Case
    Naceb Hydra NA-1602
    Cooling
    Naceb Orpheus x 3 (Front) + Naceb Cepheus 1200 RPM Max (Rear) + ThemalRight Assasin X 90 SE (CPU)
    Keyboard
    Logitech MK470 Wireless
    Mouse
    Logitech MK470 Wireless
    Internet Speed
    120 MB Symetrical
    Browser
    Firefox / Brave / Edge
    Antivirus
    Windows Defender
    Other Info
    - VMs: WMware Player - Windows 8.1 Pro x64 / Windows 11 Pro
    - Wacom Intuos Pro Small Tablet PTH-460
  • Operating System
    Windows 11 Pro 25H2
    Computer type
    Laptop
    Manufacturer/Model
    HP Pavilion 15-eh3000la (80M53LA)
    CPU
    AMD Ryzen 7 7730U @ 2.0/4.5 Ghz
    Motherboard
    HP 8BC7
    Memory
    2 x 16 GB Kingston Fury Impact DDR4 3200 Mhz
    Graphics card(s)
    Radeon (tm) Graphics Vega 8 (512 MB)
    Sound Card
    Realtek High Definition Audio (Integrated)
    Monitor(s) Displays
    AU Optronics
    Screen Resolution
    1920 x 1080 px (125% size)
    Hard Drives
    WD Blue SN570 1TB NVME M.2 Drive
    PSU
    45 Watt Charger
    Cooling
    Laptop Cooling Pad
    Keyboard
    Free Wolf Foldable Portable Keyboard
    Mouse
    Free Wolf Wireless Mouse
    Internet Speed
    120 MB Symetrical
    Browser
    Firefox / Brave / Edge
    Antivirus
    Windows Defender
    Other Info
    - 41mWh battery.
    - Wacom Intuos Pro Small Tablet PTH-460
FerchogtX said:
Code: 
D:\Users\FerchogtX\Downloads>powershell -nop -ep bypass -f .\Check_EFIBootFile.ps1
Secure Boot: ON
BitLocker on (C:) OFF

UEFI KEK Certs
--------------
    Microsoft Corporation KEK CA 2011

UEFI DB Certs
-------------
    Microsoft Corporation UEFI CA 2011
    Microsoft Windows Production PCA 2011
    Windows UEFI CA 2023

UEFI DBX Certs
--------------

EFI Files
---------
    Disk 0: Boot Manager [Production PCA 2011] is ALLOWED.

    Registry: WindowsUEFICA2023Capable = 1
        [Windows UEFI CA 2023] is in UEFI DB.

D:\Users\FerchogtX\Downloads>

Does this mean I'm good? I used the bat script posted few messages above mine...
Any other step I need to do? This is for my HP 15 eh3000la laptop
Click to expand...
It's the same as mine.
 

My Computers

System One System Two

  • OS
    Windows 11 Pro x64 24H2
    Computer type
    PC/Desktop
    CPU
    Ryzen 9 5900X
    Motherboard
    ASRock B550 PG Velocita (UEFI-BIOS 3.90)
    Memory
    64 GB G.Skill RipJaws V F4-3200C16D-64GVK
    Graphics Card(s)
    ASRock Steel Legend Arc B580 12 GB
    Monitor(s) Displays
    Alienware AW3423DWF OLED ultrawide
    Hard Drives
    Samsung 990 Pro 1 TB NVMe SSD
    PSU
    eVGA Supernova 750 G3
    Case
    Corsair 275R
    Internet Speed
    VTel FTTH 1 Gb down and 1 Gb up
  • Computer type
    PC/Desktop
    CPU
    Ryzen 7 5800X3D
    Motherboard
    Asus ROG Strix B550-F Gaming (UEFI-BIOS version 3607)
    Memory
    32 GB (2x16 GB G.Skill TridentZ Neo)
    Graphics card(s)
    Sapphire Nitro+ Radeon RX 6750 XT
    Hard Drives
    Samsung 970 Pro 512 GB NVMe SSD
    PSU
    Corsair RM850x
    Case
    Fractal Focus G
RJARRRPCGP said:
It's the same as mine.
Click to expand...
i would assume all of yall are good since it shows installed .
however looks like a might have to stick a fork in mine and say its done lol.
only other option is to try it with secure boot enabled if that dont work i am u know what lol.
garlin seems to be really up to date with this .
 

My Computer

System One

  • OS
    WINDOWS 11 WINDOWS 10
    Computer type
    PC/Desktop
    Manufacturer/Model
    HP H8 1360T
    CPU
    Intel(R) Core(TM) i7 -3770K CPU 3.50 GZ 3501 4 CORE
    Motherboard
    PEGATRON 2AD5
    Memory
    32.0 GB (31.9 GB usable)
    Graphics Card(s)
    AMD RADEON TM R5240 INTELL HD GRAPHICS 4600 TIGER 1+1 USB
    Sound Card
    AMD HD . IDT
    Monitor(s) Displays
    AOC WAL MART SPECIAL . HP 2311 IX IPS LED DELL 1708 FP
    Screen Resolution
    1920 X 1080 1600X900 1280X940
    Hard Drives
    1 FAXING S 100 512GB 1 KINGSTON 120 GB SSD 1 X12 SSD 512 GB
    PSU
    300 WATT HP
    Case
    FULL
    Cooling
    ON BOARD FAN
    Keyboard
    LOGITEC K 520 WIRELESS
    Mouse
    LOGITEC M 510 WIRELESS
    Internet Speed
    55 UP 11.2 DOWN
    Browser
    CHROME EDGE
    Antivirus
    WINDOWS SECUIRTY
    Other Info
    NON SUPPORTED HARDWARE FOR WINDOWS 11
I like to run Garlin's script but I have a couple questions, perhaps someone can answer. Is Double clicking the script the way to run it? And question 2: Are the results auto generated into a text file that is created at the desktop, or how do I get them. Thank's.

Bo
 

My Computer

System One

  • OS
    Windows11
    Computer type
    PC/Desktop
    Manufacturer/Model
    HP
    Memory
    16GB
    Keyboard
    HP 310
    Mouse
    HP
    Browser
    Firefox
Here's a PowerShell script for downloading & copying the Microsoft KEK CA 2023 (DER) certificate to your system drive's EFI partition. You could copy the same file to a mounted USB drive, but that's more of a hassle since the file is tiny (less than 2K).

After the script is successful, shutdown your PC and enter the BIOS setup screens.

Under Secure Boot, there should be a menu option to add KEK certificates. From the selection, browse the available filesystems. One of them should be your system drive's EFI partition. Under the path \EFI\Microsoft\Boot, find the "Microsoft Corporation KEK 2K CA 2023" certificate and add it.

Restart Windows, and you should see KEK CA 2023 reported now.

Code: 
PS C:\Users\GARLIN\Downloads> .\CopyKEK2023_to_EFI.ps1
Successful copy of KEK CA 2023 cert to the EFI partition.

Shutdown Windows, and enter your BIOS's Secure Boot setup screen.
Browse the system drive's EFI partition.

Look under the "EFI\Microsoft\Boot" folder, and select "Microsoft Corporation KEK 2K CA 2023.der" cert.
Restart Windows.

PS C:\Users\GARLIN\Downloads>
 

Attachments

My Computer

System One

  • OS
    Windows 7
You must log in or register to reply here.

Similar threads

Solved Secure boot update HowTo
30 31 32
Replies
622
Views
101K
XxXxX
XxXxX
  • Sticky
  • Article Article
Updating Microsoft Secure Boot keys before expiration in June 2026
26 27 28
Replies
556
Views
108K
Phirevixen
P

Latest Support Threads

Latest Tutorials

Back
Top Bottom