Did you manually update your Secure Boot Keys ?


666pierog said:
Okay, thank you. So rn i shouldnt get that error in event viewer yea
Click to expand...
An 1801 error? I think it will persist since it's not generated from actually looking at firmware to see if you have the keys. I think it's generated from a Registry setting that's telling it something that makes it report that.

But it's irrelevant. Ignore it, like all the other errors and warnings we get for the things that Windows does wrong and then fails to another way of doing it. At some point it will probably go away too.
 

My Computers My Computers

System One System Two

  • At a glance

    Windows 11 ProRyzen 7 5800XGSkill 3200, 2x8GBMSI RX 6800 XT Gaming Z
    OS
    Windows 11 Pro
    Computer type
    PC/Desktop
    Manufacturer/Model
    DIY
    CPU
    Ryzen 7 5800X
    Motherboard
    Gigabyte B550M Aorus Pro
    Memory
    GSkill 3200, 2x8GB
    Graphics Card(s)
    MSI RX 6800 XT Gaming Z
    Sound Card
    on-board Realtek
    Monitor(s) Displays
    MSI 180hz
    Screen Resolution
    1440p
    Hard Drives
    Samsung 980 Pro, Samsung 870 Evo, generic PCIe NVME, WD 1TB 2.5" laptop spinner
    PSU
    Corsair RM 650
    Case
    mATX
    Cooling
    BeQuiet 240mm AIO and a bunch of case fans
    Keyboard
    one that clacks softly
    Mouse
    logitech
    Internet Speed
    bunches of bps
    Browser
    Firefox
    Antivirus
    Windows' own

  • At a glance

    Win11 ProRyzen 7 170016GB DDR4RX-480
    Operating System
    Win11 Pro
    Computer type
    PC/Desktop
    Manufacturer/Model
    DIY
    CPU
    Ryzen 7 1700
    Motherboard
    GA-AB350M G-3
    Memory
    16GB DDR4
    Graphics card(s)
    RX-480
    Sound Card
    In-Built Realtek
    Monitor(s) Displays
    Samsung
    Screen Resolution
    1440p
    Hard Drives
    NVME/SSD's
    PSU
    Thermaltake BX1 550W
    Case
    Some junky thing
    Cooling
    ThermalTake Assassin(?)
    Browser
    FF/Edge
    Antivirus
    Whatever Windows does
    Other Info
    Secure Boot enabled updated to 2023 CA keys, TPM2.0 enabled with system drive Bitlocker'd.
666pierog said:
Okay, thank you. So rn i shouldnt get that error in event viewer yea?
Click to expand...
If you're not having any problems, I'd recommend not looking at Event Logs. There is so much useless and misleading information presented that it's hard to separate the wheat from the chaff.
 

My Computers My Computers

System One System Two Other systems

  • At a glance

    Win 11 Pro 25H2, Build 26200.8737Intel Core i5 1450064GB DDR4GeForce RTX 4060
    OS
    Win 11 Pro 25H2, Build 26200.8737
    Computer type
    PC/Desktop
    Manufacturer/Model
    Home Brew
    CPU
    Intel Core i5 14500
    Motherboard
    Gigabyte B760M G P WIFI
    Memory
    64GB DDR4
    Graphics Card(s)
    GeForce RTX 4060
    Sound Card
    Chipset Realtek
    Monitor(s) Displays
    LG 45" Ultragear, Acer 24" 1080p
    Screen Resolution
    5120x1440, 1920x1080
    Hard Drives
    Crucial P310 2TB 2280 PCIe Gen4 3D NAND NVMe M.2 SSD (O/S)
    Silicon Power 2TB US75 NVMe PCIe Gen4 M.2 2280 SSD (backup)
    Crucial BX500 2TB 3D NAND (2nd backup)
    Seagate 4TB Ironwolf, rotating HDD archive files
    External off-line backup Drives: 2 NVMe 4TB drives in external enclosures
    PSU
    Thermaltake Toughpower GF3 750W
    Case
    LIAN LI LANCOOL 216 E-ATX PC Case
    Cooling
    Lots of fans!
    Keyboard
    Microsoft Comfort Curve 2000
    Mouse
    Logitech G305
    Internet Speed
    Verizon FiOS 1GB
    Browser
    Firefox
    Antivirus
    Malware Bytes & Windows Defender Security

  • At a glance

    Win 11 Pro 25H2, Build 26200.8655Intel Core i5 1440032GB DDR5Intel 700 Embedded GPU
    Operating System
    Win 11 Pro 25H2, Build 26200.8655
    Computer type
    PC/Desktop
    Manufacturer/Model
    Home Brew
    CPU
    Intel Core i5 14400
    Motherboard
    Gigabyte B760M DS3H AX
    Memory
    32GB DDR5
    Graphics card(s)
    Intel 700 Embedded GPU
    Sound Card
    Realtek Embedded
    Monitor(s) Displays
    27" HP 1080p
    Screen Resolution
    1920x1080
    Hard Drives
    Crucial P310 2TB 2280 PCIe Gen4 eD NAND PCIe SSD
    Samsung EVO 990 2TB NVMe Gen4 SSD
    Samsung 2TB SATA SSD
    PSU
    Thermaltake Smart BM3 650W
    Case
    Okinos Micro ATX Case
    Cooling
    Fans
    Keyboard
    Microsoft Comfort Curve 2000
    Mouse
    Logitech G305
    Internet Speed
    Verizon FiOS 1GB
    Browser
    Firefox
    Antivirus
    Malware Bytes & Windows Defender Security
  • Nimo N171 17" Laptop, (Intel i3-1215U, 16GB RAM, 2TB NVMe, Win11 Pro)
    Acemagic Vista Mini PC V1 (Intel N150, 16GB RAM, 1TB NVMe, Win11 Pro)
    HP ENVY h8-1540t, (24GB RAM, 2TB SSD, 2TB HDD, Win11 Pro)
Last edited:

My Computer My Computer

At a glance

Win 11 version DevRyzen 9 6900HX16 GB3060 Ti
OS
Win 11 version Dev
Computer type
Laptop
Manufacturer/Model
Asus
CPU
Ryzen 9 6900HX
Motherboard
ROG G513RM
Memory
16 GB
Graphics Card(s)
3060 Ti
Monitor(s) Displays
1, 165 Hz panel
Screen Resolution
2560 x 1440
Hard Drives
2 TB Samsung 990 PRO NVMe
alastairGreen_Nexus said:
Thank you for this thread, I have not updated my DBX yet since I am scared atm about the NVIDIA issue unless Asus or Nvidia provides a new GOP udpate for the RTX 3060 on ROG G513RM:
View attachment 153126
https://www.reddit.com/r/nvidia/comments/1n1jroi/psa_secure_boot_2026_june_cert_expiry_can_block
Click to expand...

Looks like you have all the 2023 certificates installed. Is your device running 24H2 or 25H2, my guess is 25H2 based on the last two lines of your screenshot? I wouldn't worry about the DBX, leave that to MS.
 

My Computer My Computer

At a glance

Windows 11
OS
Windows 11
Dirtyflash said:
Looks like you have all the 2023 certificates installed. Is your device running 24H2 or 25H2, my guess is 25H2 based on the last two lines of your screenshot? I wouldn't worry about the DBX, leave that to MS.
Click to expand...
Correct, I have installed 25H2 on my ROG G513RM:
1763255156663.webp
 

My Computer My Computer

At a glance

Win 11 version DevRyzen 9 6900HX16 GB3060 Ti
OS
Win 11 version Dev
Computer type
Laptop
Manufacturer/Model
Asus
CPU
Ryzen 9 6900HX
Motherboard
ROG G513RM
Memory
16 GB
Graphics Card(s)
3060 Ti
Monitor(s) Displays
1, 165 Hz panel
Screen Resolution
2560 x 1440
Hard Drives
2 TB Samsung 990 PRO NVMe
I have an HP Elitebook 8470P (10+ year old machine) that won't allow me to install the latest certs. I guess I'll simply have to disable Seure Boot on that machine.

Just out of curiosity, anyone else running into machines that cannot be updated?
 

My Computers My Computers

System One System Two

  • At a glance

    Win11 Pro 25H2 (RTM+)Intel i7-14650HX32 GBNo GPU - Built-in Intel Graphics
    OS
    Win11 Pro 25H2 (RTM+)
    Computer type
    PC/Desktop
    Manufacturer/Model
    Acemagic
    CPU
    Intel i7-14650HX
    Memory
    32 GB
    Graphics Card(s)
    No GPU - Built-in Intel Graphics
    Sound Card
    Integrated
    Monitor(s) Displays
    Varies as machine will often be moved to locations with different monitors
    Screen Resolution
    Varies
    Hard Drives
    1 x 1TB Gen 4 NVMe SSD
    PSU
    120W Power Brick
    Keyboard
    Corsair K70 Max RGB Magnetic Keyboard
    Mouse
    Logitech MX Master 3
    Internet Speed
    1Gb Up / 1 Gb Down
    Browser
    Edge
    Antivirus
    Windows Defender

  • At a glance

    Win11 Pro 25H2 (RTM+)Intel i7-1255U16 GBIntel Iris Xe Graphics
    Operating System
    Win11 Pro 25H2 (RTM+)
    Computer type
    Laptop
    Manufacturer/Model
    Lenovo ThinkBook 13x Gen 2
    CPU
    Intel i7-1255U
    Memory
    16 GB
    Graphics card(s)
    Intel Iris Xe Graphics
    Sound Card
    Realtek® ALC3306-CG codec
    Monitor(s) Displays
    13.3-inch IPS Display
    Screen Resolution
    WQXGA (2560 x 1600)
    Hard Drives
    2 TB 4 x 4 NVMe SSD
    PSU
    USB-C / Thunderbolt 4 Power / Charging
    Keyboard
    Backlit, spill resistant keyboard
    Mouse
    Buttonless Glass Precision Touchpad
    Internet Speed
    1Gb Up / 1Gb Down
    Browser
    Edge
    Antivirus
    Windows Defender
    Other Info
    WiFi 6e / Bluetooth 5.1 / Facial Recognition / Fingerprint Sensor / ToF (Time of Flight) Human Presence Sensor
itsme1 said:
Dell has published a knowledge base article about the 2011 certificate expiration (this concerns Windows 10 and 11):

In it, there's a list of computers that is updated monthly. Mine isn't there, but I hope it will be if things go wrong with Mosby.

I haven't read the entire thread, but I just saw that NVIDIA GPUs will be affected. After a quick search, there's a thread on Reddit. Someone contacted Palit, who replied that NVIDIA was working with Microsoft on this issue:
https://www.reddit.com/r/nvidia/comments/1n1jroi/psa_secure_boot_2026_june_cert_expiry_can_block
I also hope there will be a vBIOS with a 2023 certificate. My Dell has an NVIDIA 1060.

Disabling Secure Boot as a solution for computers that support Windows 11 is disappointing.

It's late, I'm going to sleep.
Click to expand...
Same, since for laptops GPU is not replaceable/soldered and this will cause more issues if OEMs and NVIDIA will not act quickly about providing new vBIOS that is signed with the 2023 certificate:
 

Attachments

  • 1763257481675.webp
    1763257481675.webp
    62.4 KB · Views: 3
Last edited:

My Computer My Computer

At a glance

Win 11 version DevRyzen 9 6900HX16 GB3060 Ti
OS
Win 11 version Dev
Computer type
Laptop
Manufacturer/Model
Asus
CPU
Ryzen 9 6900HX
Motherboard
ROG G513RM
Memory
16 GB
Graphics Card(s)
3060 Ti
Monitor(s) Displays
1, 165 Hz panel
Screen Resolution
2560 x 1440
Hard Drives
2 TB Samsung 990 PRO NVMe
hsehestedt said:
I have an HP Elitebook 8470P (10+ year old machine) that won't allow me to install the latest certs. I guess I'll simply have to disable Seure Boot on that machine.

Just out of curiosity, anyone else running into machines that cannot be updated?
Click to expand...
Someone posted yesterday about the same problem on an older HP machine. I'm thinking HP locks the BIOS down, and with no further updates, it's problematic.
 

My Computer My Computer

At a glance

Windows 11
OS
Windows 11
hsehestedt said:
I have an HP Elitebook 8470P (10+ year old machine) that won't allow me to install the latest certs. I guess I'll simply have to disable Secure Boot on that machine.

Just out of curiosity, anyone else running into machines that cannot be updated?
Click to expand...
Yep, My machine (My Computers, system 1), which is Secure Boot enabled, was made in 2016 and this HP page says "Platforms released in 2017 and earlier do not receive a BIOS update related to this change, because HP no longer supports those platforms."
 

My Computers My Computers

System One System Two

  • At a glance

    Windows 11 Home, ver 25H2 build 26200.8246Intel Core i5 5200U @ 2.20GH4 GBIntel HD Graphics 5500 on board
    OS
    Windows 11 Home, ver 25H2 build 26200.8246
    Computer type
    Laptop
    Manufacturer/Model
    Hewlett-Packard Spectre 13-4001 x360 convertable
    CPU
    Intel Core i5 5200U @ 2.20GH
    Motherboard
    Hewlett-Packard 802D
    Memory
    4 GB
    Graphics Card(s)
    Intel HD Graphics 5500 on board
    Sound Card
    Intel Smart Sound Technology (Intel SST)
    Hard Drives
    Micron 256GB M.2 2280 NGFF SSD MTFDDAV256TBN, (SATA 6.0 Gb/s)
    Keyboard
    Model # G01KB
    Antivirus
    Microsoft Defender
    Other Info
    born on date: 25 Feb 2016

  • At a glance

    Win 11 Home 25H2 build 26200.7922Intel Core i7 4th Gen 4790 (3.60GHz), Haswell...Samsung 16 GB DDR3 (8GB in 2 modules)NVIDIA GeForce GTX 760, 3GB, and on-board Int...
    Operating System
    Win 11 Home 25H2 build 26200.7922
    Computer type
    PC/Desktop
    Manufacturer/Model
    Asus Desktop model M32AD-US019S (DOM: 6/9/2014 )
    CPU
    Intel Core i7 4th Gen 4790 (3.60GHz), Haswell 22nm Technology, SOCKET 1150
    Motherboard
    H81M-E/M51AD/DP_MB
    Memory
    Samsung 16 GB DDR3 (8GB in 2 modules)
    Graphics card(s)
    NVIDIA GeForce GTX 760, 3GB, and on-board Intel HD Graphics 4600 Rev 6
    Monitor(s) Displays
    HP EliteDisplay E241i LED; HP EliteDisplay E243
    Hard Drives
    Samsung 500GB SSD, 870 EVO (SATA 6.0 )
    Micron 250GB SSD, CT250MX500
    Toshiba HDD, 3GB (original drive w/PC)
    Case
    ASUS
    Keyboard
    ASUS-------------------------
    Antivirus
    MS Defender
    Other Info
    Additional Laptops:

    HEWLETT PACKARD
    HP OmniBook X Flip NGAI (Next Gen AI),
    Model: 16-as0023dx
    PT# B5UH1UA#ABA Product #: B5UH1UA
    delivered and setup 7/25/25
    16" 2K Touch-Screen Laptop
    Intel Core Ultra 7 256V '24 Series 2 - CPU
    Boost Clock Frequency 4.8 gigahertz; Neural Processing Unit (NPU) Yes;
    16GB Memory, LPDDR5X
    1TB SSD PCIe 4.0
    Graphics: Intel Arc 140V
    1 x HDMI 2.1
    1 x Thunderbolt 4
    2K Touch-Screen display, LED, IPS; 1920 x 1200 (Full HD+)
    USB Ports: 1 x USB-C 3.1, 2 x USB-A 3.1
    Wi-Fi 6E
    weight 4.15 pounds

    DELL
    Model:I7591-7483BLK-PUS 2-in-1 (7000 Series)
    purchased 12/3/2019,
    15.6 inch 2-IN-1;
    4K Ultra HD Touch-Screen, 3840 x 2160,
    Intel Core i7 10510U CPU 1.80GHz,
    16GB RAM DDR4 SDRAM 2400 megahert (2 slots),
    dedicated graphics Nvidia GeForce MX250 2 GB Graphics,
    PCIe 512GB Intel SSD + 32GB Optane Memory (Intel Optane Memory H10 with solid-state storage),
    wireless-AX & Bluetooth
    Battery: 68wh, Type 4VGMP 4 cell
those with problems with updating there system to the new secure boot 2023 cert may want to try this.
it wont cause any harm to your system but it may also be able to update the system to the required 2023 cert.

Secure boot update HowTo

i have put this together as i had problems updating 2 desktops and 3 laptops. which have now all had their Secure Boot Certs updated to the new 2023 secure boot cert also the other post about this were getting very long and confusing. this is in two parts. part A and part B. edit by me. please...
www.elevenforum.com www.elevenforum.com

please follow the steps carefully one by one. the instructions are in two parts.
best of luck Steve ..
 

My Computers My Computers

System One System Two

  • At a glance

    Debian 13 KDE .. Windows 11 HomeRyzen 7 5825u64GB DDR4 3200Ryzen 7 5825u
    OS
    Debian 13 KDE .. Windows 11 Home
    Computer type
    PC/Desktop
    Manufacturer/Model
    HP 24" AiO
    CPU
    Ryzen 7 5825u
    Motherboard
    HP
    Memory
    64GB DDR4 3200
    Graphics Card(s)
    Ryzen 7 5825u
    Sound Card
    RealTek
    Monitor(s) Displays
    24" HP AiO
    Screen Resolution
    1920 x 1080 @60 Hz
    Hard Drives
    1TB WD Blue SN580 M2 SSD Partitioned.
    2x 1TB USB HDD External Backup/Storage.
    PSU
    90W external power brick
    Case
    24" All in One
    Cooling
    Default Air Cooling
    Keyboard
    HP WiFi UK extended
    Mouse
    HP WiFi 3 Button
    Internet Speed
    1GB full fibre
    Browser
    Edge & Firefox
    Antivirus
    AVG Internet Security/Windows Defender
    Other Info
    Mainly Open Source Software

  • At a glance

    Ubuntu 22.04.5 LTSi5 7200u16GB DDR4Intel
    Operating System
    Ubuntu 22.04.5 LTS
    Computer type
    Laptop
    Manufacturer/Model
    Dell 13" Latitude 2017
    CPU
    i5 7200u
    Motherboard
    Dell
    Memory
    16GB DDR4
    Graphics card(s)
    Intel
    Sound Card
    Intel
    Monitor(s) Displays
    13" Dell Laptop
    Hard Drives
    250GB Crucial 2.5" SSD
    Mouse
    Generic WiFi 3 button
    Internet Speed
    WiFi only
    Browser
    Firefox
    Antivirus
    ClamAV TK
    Other Info
    Mainly Open Source Software

My Computers My Computers

System One System Two

  • At a glance

    Win11 Pro 25H2 (RTM+)Intel i7-14650HX32 GBNo GPU - Built-in Intel Graphics
    OS
    Win11 Pro 25H2 (RTM+)
    Computer type
    PC/Desktop
    Manufacturer/Model
    Acemagic
    CPU
    Intel i7-14650HX
    Memory
    32 GB
    Graphics Card(s)
    No GPU - Built-in Intel Graphics
    Sound Card
    Integrated
    Monitor(s) Displays
    Varies as machine will often be moved to locations with different monitors
    Screen Resolution
    Varies
    Hard Drives
    1 x 1TB Gen 4 NVMe SSD
    PSU
    120W Power Brick
    Keyboard
    Corsair K70 Max RGB Magnetic Keyboard
    Mouse
    Logitech MX Master 3
    Internet Speed
    1Gb Up / 1 Gb Down
    Browser
    Edge
    Antivirus
    Windows Defender

  • At a glance

    Win11 Pro 25H2 (RTM+)Intel i7-1255U16 GBIntel Iris Xe Graphics
    Operating System
    Win11 Pro 25H2 (RTM+)
    Computer type
    Laptop
    Manufacturer/Model
    Lenovo ThinkBook 13x Gen 2
    CPU
    Intel i7-1255U
    Memory
    16 GB
    Graphics card(s)
    Intel Iris Xe Graphics
    Sound Card
    Realtek® ALC3306-CG codec
    Monitor(s) Displays
    13.3-inch IPS Display
    Screen Resolution
    WQXGA (2560 x 1600)
    Hard Drives
    2 TB 4 x 4 NVMe SSD
    PSU
    USB-C / Thunderbolt 4 Power / Charging
    Keyboard
    Backlit, spill resistant keyboard
    Mouse
    Buttonless Glass Precision Touchpad
    Internet Speed
    1Gb Up / 1Gb Down
    Browser
    Edge
    Antivirus
    Windows Defender
    Other Info
    WiFi 6e / Bluetooth 5.1 / Facial Recognition / Fingerprint Sensor / ToF (Time of Flight) Human Presence Sensor
hsehestedt said:
Interesting. I guess I got lucky on a couple of other machines. I have a 2016 HP and a 2017 HP both of which I was able to update successfully.
Click to expand...

Were you able to get the 2023 KEK certificate to install?
 

My Computer My Computer

At a glance

Windows 11
OS
Windows 11
Dirtyflash said:
Were you able to get the 2023 KEK certificate to install?
Click to expand...
i have managed to install and update the 2023 cert on two HP all in one desktops
and 3 Chuwi laptops which they all now are able to use the new secure boot 2023 cert.

best of luck Steve ..
 

My Computers My Computers

System One System Two

  • At a glance

    Debian 13 KDE .. Windows 11 HomeRyzen 7 5825u64GB DDR4 3200Ryzen 7 5825u
    OS
    Debian 13 KDE .. Windows 11 Home
    Computer type
    PC/Desktop
    Manufacturer/Model
    HP 24" AiO
    CPU
    Ryzen 7 5825u
    Motherboard
    HP
    Memory
    64GB DDR4 3200
    Graphics Card(s)
    Ryzen 7 5825u
    Sound Card
    RealTek
    Monitor(s) Displays
    24" HP AiO
    Screen Resolution
    1920 x 1080 @60 Hz
    Hard Drives
    1TB WD Blue SN580 M2 SSD Partitioned.
    2x 1TB USB HDD External Backup/Storage.
    PSU
    90W external power brick
    Case
    24" All in One
    Cooling
    Default Air Cooling
    Keyboard
    HP WiFi UK extended
    Mouse
    HP WiFi 3 Button
    Internet Speed
    1GB full fibre
    Browser
    Edge & Firefox
    Antivirus
    AVG Internet Security/Windows Defender
    Other Info
    Mainly Open Source Software

  • At a glance

    Ubuntu 22.04.5 LTSi5 7200u16GB DDR4Intel
    Operating System
    Ubuntu 22.04.5 LTS
    Computer type
    Laptop
    Manufacturer/Model
    Dell 13" Latitude 2017
    CPU
    i5 7200u
    Motherboard
    Dell
    Memory
    16GB DDR4
    Graphics card(s)
    Intel
    Sound Card
    Intel
    Monitor(s) Displays
    13" Dell Laptop
    Hard Drives
    250GB Crucial 2.5" SSD
    Mouse
    Generic WiFi 3 button
    Internet Speed
    WiFi only
    Browser
    Firefox
    Antivirus
    ClamAV TK
    Other Info
    Mainly Open Source Software
starchase said:
Yep, My machine (My Computers, system 1), which is Secure Boot enabled, was made in 2016 and this HP page says "Platforms released in 2017 and earlier do not receive a BIOS update related to this change, because HP no longer supports those platforms."
Click to expand...
I have an HP Pavilion laptop built in 2016 and Microsoft was was able to push 2023 keys into firmware, I'm pretty sure even the KEK which surprised me.

The BIOS's Secure Boot settings are extremely limited but I seem to recall it has one for deleting all keys and one for restoring defaults. So it also looks like I could use MOSBY, which is what I was planning if the Microsoft "push" hadn't worked, especially with the KEK.
 
Last edited:

My Computers My Computers

System One System Two

  • At a glance

    Windows 11 ProRyzen 7 5800XGSkill 3200, 2x8GBMSI RX 6800 XT Gaming Z
    OS
    Windows 11 Pro
    Computer type
    PC/Desktop
    Manufacturer/Model
    DIY
    CPU
    Ryzen 7 5800X
    Motherboard
    Gigabyte B550M Aorus Pro
    Memory
    GSkill 3200, 2x8GB
    Graphics Card(s)
    MSI RX 6800 XT Gaming Z
    Sound Card
    on-board Realtek
    Monitor(s) Displays
    MSI 180hz
    Screen Resolution
    1440p
    Hard Drives
    Samsung 980 Pro, Samsung 870 Evo, generic PCIe NVME, WD 1TB 2.5" laptop spinner
    PSU
    Corsair RM 650
    Case
    mATX
    Cooling
    BeQuiet 240mm AIO and a bunch of case fans
    Keyboard
    one that clacks softly
    Mouse
    logitech
    Internet Speed
    bunches of bps
    Browser
    Firefox
    Antivirus
    Windows' own

  • At a glance

    Win11 ProRyzen 7 170016GB DDR4RX-480
    Operating System
    Win11 Pro
    Computer type
    PC/Desktop
    Manufacturer/Model
    DIY
    CPU
    Ryzen 7 1700
    Motherboard
    GA-AB350M G-3
    Memory
    16GB DDR4
    Graphics card(s)
    RX-480
    Sound Card
    In-Built Realtek
    Monitor(s) Displays
    Samsung
    Screen Resolution
    1440p
    Hard Drives
    NVME/SSD's
    PSU
    Thermaltake BX1 550W
    Case
    Some junky thing
    Cooling
    ThermalTake Assassin(?)
    Browser
    FF/Edge
    Antivirus
    Whatever Windows does
    Other Info
    Secure Boot enabled updated to 2023 CA keys, TPM2.0 enabled with system drive Bitlocker'd.
Buddywh said:
I have an HP student model laptop built in 2016 and Microsoft was was able to push the keys into BIOS, I'm pretty sure even the KEK which surprised me.

The BIOS's Secure Boot settings are extremely limited but I think it has one for deleting all keys and one for restoring defaults. So it also looks like I could use MOSBY, which is what I was planning if the Microsoft "push" hadn't worked.
Click to expand...
I think MS can create all the keys and push them to devices, except the KEK, which requires an OEM to push a BIOS firmware update out. .
 

My Computer My Computer

At a glance

Windows 11
OS
Windows 11
Dirtyflash said:
I think MS can create all the keys and push them to devices, except the KEK, which requires an OEM to push a BIOS firmware update out. .
Click to expand...
MS can also push KEK as long as OEM has signed it with their PK and gave it back to MS.
 

My Computer My Computer

At a glance

Windows 11 Pro 64bit (release preview channel)i5 840016 GB DDR4RTX 3060 Ti
OS
Windows 11 Pro 64bit (release preview channel)
Computer type
PC/Desktop
Manufacturer/Model
Asus
CPU
i5 8400
Motherboard
ROG STRIX Z370-H GAMING
Memory
16 GB DDR4
Graphics Card(s)
RTX 3060 Ti
Sound Card
On Board
Monitor(s) Displays
Acer VG242Y P
Screen Resolution
1080p
Hard Drives
Intel 660p SSD
PSU
800w
Internet Speed
1000 Mbps
Dirtyflash said:
I think MS can create all the keys and push them to devices, except the KEK, which requires an OEM to push a BIOS firmware update out. .
Click to expand...
As I understand it, Microsoft provided 2023 KEK certificates to the OEM's who were to sign it with all of their machine PK's, then return it to Microsoft. Microsoft could then push it into firmware along with the others.

If the OEM provides a machine BIOS with full Secure Boot key control you can also append a public KEK (unsigned, downloaded from Microsoft's GitHub) and the BIOS will sign it with the machine's PK. But that's way too much to expect from HP.
 
Last edited:

My Computers My Computers

System One System Two

  • At a glance

    Windows 11 ProRyzen 7 5800XGSkill 3200, 2x8GBMSI RX 6800 XT Gaming Z
    OS
    Windows 11 Pro
    Computer type
    PC/Desktop
    Manufacturer/Model
    DIY
    CPU
    Ryzen 7 5800X
    Motherboard
    Gigabyte B550M Aorus Pro
    Memory
    GSkill 3200, 2x8GB
    Graphics Card(s)
    MSI RX 6800 XT Gaming Z
    Sound Card
    on-board Realtek
    Monitor(s) Displays
    MSI 180hz
    Screen Resolution
    1440p
    Hard Drives
    Samsung 980 Pro, Samsung 870 Evo, generic PCIe NVME, WD 1TB 2.5" laptop spinner
    PSU
    Corsair RM 650
    Case
    mATX
    Cooling
    BeQuiet 240mm AIO and a bunch of case fans
    Keyboard
    one that clacks softly
    Mouse
    logitech
    Internet Speed
    bunches of bps
    Browser
    Firefox
    Antivirus
    Windows' own

  • At a glance

    Win11 ProRyzen 7 170016GB DDR4RX-480
    Operating System
    Win11 Pro
    Computer type
    PC/Desktop
    Manufacturer/Model
    DIY
    CPU
    Ryzen 7 1700
    Motherboard
    GA-AB350M G-3
    Memory
    16GB DDR4
    Graphics card(s)
    RX-480
    Sound Card
    In-Built Realtek
    Monitor(s) Displays
    Samsung
    Screen Resolution
    1440p
    Hard Drives
    NVME/SSD's
    PSU
    Thermaltake BX1 550W
    Case
    Some junky thing
    Cooling
    ThermalTake Assassin(?)
    Browser
    FF/Edge
    Antivirus
    Whatever Windows does
    Other Info
    Secure Boot enabled updated to 2023 CA keys, TPM2.0 enabled with system drive Bitlocker'd.
You must log in or register to reply here.

Similar threads

Solved Secure boot update HowTo
31 32 33
Replies
640
Views
107K
riverofwind
R
  • Sticky
  • Article Article
Updating Microsoft Secure Boot keys before expiration in June 2026
26 27 28
Replies
557
Views
111K
Brink
Brink

Latest Support Threads

Latest Tutorials

Back
Top Bottom