Monika1491
New member
- Local time
- 5:39 PM
- Posts
- 7
- OS
- Windows 11
Solved garlin's PowerShell scripts for updating Secure Boot CA 2023
- Thread starter garlin
- Start date
- Local time
- 9:39 AM
- Posts
- 1,190
- OS
- Windows 11 Education For 25H2
Use O&O 10 Shutup Secure Boot Status tab to verify your 2023 Secure Boot certificates were installed and you're good to go.
My Computers
-
At a glance
Windows 11 Education For 25H2Intel® Core i7 5500u8 GBIntel HD Family Graphics 5500 AMD Firepro 4150M- OS
- Windows 11 Education For 25H2
- Computer type
- Laptop
- Manufacturer/Model
- HP ZBook G2
- CPU
- Intel® Core i7 5500u
- Motherboard
- HP
- Memory
- 8 GB
- Graphics Card(s)
- Intel HD Family Graphics 5500 AMD Firepro 4150M
- Sound Card
- Realtek High Audio
- Hard Drives
- 1 TB SSD
- Mouse
- HP USB Mouse
- Antivirus
- Windows Defender
-
At a glance
Windows 11 Pro For Workstations 25H2Xeon 1535m v632 GBAMD Quadro Pro 4100- Operating System
- Windows 11 Pro For Workstations 25H2
- Computer type
- Laptop
- Manufacturer/Model
- HP Zbook G4
- CPU
- Xeon 1535m v6
- Motherboard
- HP
- Memory
- 32 GB
- Graphics card(s)
- AMD Quadro Pro 4100
- Sound Card
- Bang and Olufson Audio
- Hard Drives
- 1TB SSD
- Mouse
- HP USB Mouse
- Antivirus
- Windows Defender
@Celery, you have Rufus to simplify all of that.
But not everyone's using the "CA 2023" option, or realizing the key point: if the boot manager changes after a Monthly Update (like in June 2026), then you need to run MCT or UUP dump to get a newer image which matches the last time the boot manager (and SVN) changed.
Technically you could just copy the bare minimum files, but if there are security changes for Windows, you should get all of them.
But not everyone's using the "CA 2023" option, or realizing the key point: if the boot manager changes after a Monthly Update (like in June 2026), then you need to run MCT or UUP dump to get a newer image which matches the last time the boot manager (and SVN) changed.
Technically you could just copy the bare minimum files, but if there are security changes for Windows, you should get all of them.
My Computer
At a glance
Windows 7
- OS
- Windows 7
Monika1491
New member
- Local time
- 5:39 PM
- Posts
- 7
- OS
- Windows 11
@iFX_Legacy
Since my post in which I gave you detailed advice was deleted, I'll simplify it again.
The solution to your problem with SVN 7 is the current installation media with June Windows 11 25H2 26200.8655 or 26200.8737, because June Windows 11 has efi files with SVN 9.
= bootmgfw_EX.efi must be SVN 9 (install.wim/boot.wim)
Since my post in which I gave you detailed advice was deleted, I'll simplify it again.
The solution to your problem with SVN 7 is the current installation media with June Windows 11 25H2 26200.8655 or 26200.8737, because June Windows 11 has efi files with SVN 9.
= bootmgfw_EX.efi must be SVN 9 (install.wim/boot.wim)
Last edited:
My Computer
At a glance
Windows 11AMD32 GB
- OS
- Windows 11
- Computer type
- PC/Desktop
- Manufacturer/Model
- Gigabyte
- CPU
- AMD
- Motherboard
- Gigabyte
- Memory
- 32 GB
O&O doesn't inform you about SVN, after the CA 2023 certs have been installed.
If you like the product so much, why don't you make a feedback suggestion to add this feature?
A PC can be updated to CA 2023, and yet fail the SVN test because of a mismatch over boot manager versions.
Users won't begin to experience issues with SVN until the CA 2011 revocation has been done. Which not everyone has elected to revoke, since MS hasn't made it mandatory yet.
My Computer
At a glance
Windows 7
- OS
- Windows 7
- Local time
- 9:39 AM
- Posts
- 1,190
- OS
- Windows 11 Education For 25H2
SVN isn't exposed to the end user. Microsoft is going to revoke the old certificates eventually and for the moment, while I have the 2023 installed, they haven't been activated yet.
There are reasons SVN isn't visible:
Why Microsoft hides SVN
Three reasons:A. Prevent rollback tampering
If users could see or modify SVN, attackers could too.B. OEM variability
Different firmware vendors implement SVN differently.C. Avoid support nightmares
Imagine millions of users asking why their SVN is “wrong.”Microsoft avoids this by hiding it.
My Computers
-
At a glance
Windows 11 Education For 25H2Intel® Core i7 5500u8 GBIntel HD Family Graphics 5500 AMD Firepro 4150M- OS
- Windows 11 Education For 25H2
- Computer type
- Laptop
- Manufacturer/Model
- HP ZBook G2
- CPU
- Intel® Core i7 5500u
- Motherboard
- HP
- Memory
- 8 GB
- Graphics Card(s)
- Intel HD Family Graphics 5500 AMD Firepro 4150M
- Sound Card
- Realtek High Audio
- Hard Drives
- 1 TB SSD
- Mouse
- HP USB Mouse
- Antivirus
- Windows Defender
-
At a glance
Windows 11 Pro For Workstations 25H2Xeon 1535m v632 GBAMD Quadro Pro 4100- Operating System
- Windows 11 Pro For Workstations 25H2
- Computer type
- Laptop
- Manufacturer/Model
- HP Zbook G4
- CPU
- Xeon 1535m v6
- Motherboard
- HP
- Memory
- 32 GB
- Graphics card(s)
- AMD Quadro Pro 4100
- Sound Card
- Bang and Olufson Audio
- Hard Drives
- 1TB SSD
- Mouse
- HP USB Mouse
- Antivirus
- Windows Defender
Windows Security doesn't display it. Run this command as Admin:
FirmwareSVN <-- UEFI's current value
BootManagerSVN <-- boot manager's current value
StagedSVN <-- latest possible value from \Windows\System32\SecureBootUpdates\DBXUpdateSVN.bin, if you haven't applied revocation or recent Secure Boot updates
To check the boot file on an USB device:
Code:
C:\Windows\System32>powershell Get-SecureBootSVN
FirmwareSVN : 9.0
BootManagerSVN : 9.0
StagedSVN : 9.0
ComplianceStatus : Compliant (Boot Manager SVN meets staged SVN)
BootManagerPath : \\.\HarddiskVolume1\EFI\Microsoft\Boot\bootmgfw.efiFirmwareSVN <-- UEFI's current value
BootManagerSVN <-- boot manager's current value
StagedSVN <-- latest possible value from \Windows\System32\SecureBootUpdates\DBXUpdateSVN.bin, if you haven't applied revocation or recent Secure Boot updates
To check the boot file on an USB device:
Code:
C:\Windows\System32>powershell Get-SecureBootSVN -BootManagerPath D:\EFI\Boot\bootx64.efi
FirmwareSVN : 9.0
BootManagerSVN : 9.0
StagedSVN : 9.0
ComplianceStatus : Compliant (Boot Manager SVN meets staged SVN)
BootManagerPath : D:\EFI\Boot\bootx64.efiMy Computer
At a glance
Windows 7
- OS
- Windows 7
Latest Support Threads
-
-
windows 10 iso file with ca 2023- Started by FIREMEDIC2700
- Replies: 3
-
After system failure my laptop restarts when I press the power button.
- Started by LAPIII
- Replies: 5
-
-
How to stop Brave on Android showing "Swipe for next story"- Started by wiganken
- Replies: 0
Latest Tutorials
-
Backup and Restore Delete Restore Points for System Restore and Point-in-time Restore in Windows 11- Started by Brink
- Replies: 0
-
Browsers and Mail Enable or Disable On-device Generative AI models in Google Chrome on Windows 11- Started by Brink
- Replies: 0
-
Personalization Enable Clear Transparent Taskbar with TranslucentTB in Windows 11- Started by Brink
- Replies: 11
-
System Add or Remove "Processor performance boost mode" in Power Options on Windows 11- Started by Brink
- Replies: 29
