Personally I found it easier to just follow what
Microsoft has posted.
No need to put secure boot into setup mode to accomplish the task.
Microsoft's instructions will only get you one key, the Windows UEFI 2023 CA, you will still be missing the other three keys as Step 1 only does Windows UEFI 2023 CA. Step 2 does the bootmanager 2023, step 3 is for the DBX and step 4 is to enable the SVN. Mosby is way easier and faster as it requires you to do nothing other than booting the USB Flash Drive and type "Mosby" if you want to excluse step 3 or "Mosby -x" if you want to include step 3.
Even Microsoft tells you at
Windows Secure Boot certificate expiration and CA updates - Microsoft Support that there are 4 keys that needs to be installed, Microsoft only showed you how to install 1 with step 1 and for a certificate that expires on October 31, 2026 which is still 13 months away, you still are missing 3 of them which Microsoft still did not provide any instructions for when they expire in 9 months or 4 months before the one Microsoft told you how to install so you can wait and hope Microsoft throws you a bone to get the other 3 keys which may or may not happen as the only thing in life that is guaranteed with certainty is death and taxes, add it on your own to the BIOS yourself or use a tool like Mosby.
You still have 9 months, Mosby takes less than 2 minutes flat and you will also learn something at the same time. and while Mosby does not do the Option ROM yet, that is already included with Windows and it's just going into the bios, append from file, point it at the .bin file which takes 2 seconds, reboot and you already have it. You can wait until the next version of Mosby which will have the option ROM if you want it easier.
And just like anything, hard is only if you have never tried it. You have to learn to walk before you can run. The first time for anything will of course be more challenging but once you have done it once, you can do it with your eyes closed. I have already installed all the keys, deleted all the keys, used Mosby, deleted the keys to see what the default PK shows and then installed Mosby again. Only the first time was hard as the hard part was figuring out how to get the UEFI Secure Keys into Setup Mode. The Mosby part is easy. It's just like any other command prompt. Whether it's Unix, DOS, Windows, it's all the same and you were already told to type in Mosby. Creating the USB Flash Drive is the hard part and I'm a Rufus newbie. Besides, a script is always easier than copying and pasting a bunch of things where there is a higher chance of errors plus rebooting. Basically, a lot of people spent way more time than needed to ask the same questions over and over like a broken recording. It would be different if the question is new and not something someone already asked before. Asking questions is one thing but as the saying goes, when you have to explain something and draw the intestines, that is really bad.
