Solved garlin's PowerShell scripts for updating Secure Boot CA 2023


Tried everything and can't get it to load the cert. Look at this screenshot at the bottom.
According to your screenshot, the PK key is the factory default. If you run the check script, does it continue to report "(NONE)" for the PK?
 

My Computer My Computer

At a glance

Windows 7
OS
Windows 7
According to your screenshot, the PK key is the factory default. If you run the check script, does it continue to report "(NONE)" for the PK?
Yes the output is still the same.

I don't know if this helps.

Untitled.webp

Should I run the update script and see what happens?

At the bottom in the bios it says this.
Untitled2.webp
 

My Computers My Computers

  • At a glance

    Windows 11 ProIntel Core i5-12600K 3.7 GHz 10-Core ProcessorCorsair Vengeance LPX 64 GB (2 x 32 GB) DDR4-...Integrated Intel UHD Graphics 770
    OS
    Windows 11 Pro
    Computer type
    PC/Desktop
    Manufacturer/Model
    Self built PC by me.
    CPU
    Intel Core i5-12600K 3.7 GHz 10-Core Processor
    Motherboard
    Gigabyte B760M H DDR4 Micro ATX LGA1700 Motherboard
    Memory
    Corsair Vengeance LPX 64 GB (2 x 32 GB) DDR4-3200 CL16 Memory
    Graphics Card(s)
    Integrated Intel UHD Graphics 770
    Sound Card
    Realtek
    Monitor(s) Displays
    LG
    Hard Drives
    Samsung 990 Pro 1 TB M.2-2280 PCIe 4.0 X4 NVME Solid State Drive
    Samsung 990 Pro 2 TB M.2-2280 PCIe 4.0 X4 NVME Solid State Drive
    PSU
    NZXT 850w ATX 3.1 Gold Fully Modular Power Supply
    Case
    Thermaltake Versa H25 ATX Mid Tower Case
    Cooling
    CPU Cooler Thermalright Assassin Spirit 120 EVO ARGB (ARGB Disabled) - Case Fans BlackThermalright TL-C12C-S X3 66.17 CFM 120 mm Fans 3-Pack (ARGB disabled)
    Internet Speed
    1 Gbps
    Other Info
    I hate ARGB.
  • At a glance

    Windows 11 Pro
    Operating System
    Windows 11 Pro
    Computer type
    Laptop
    Manufacturer/Model
    Lenovo ThinkBook 14 G2 ITL
New user chiming in who manually updated the DB; this look okay? Other than the command to revoke, of course.
You're good on the first part (adding CA 2023 certs and the boot manager). Revocation can be delayed until when MS makes it mandatory, later this year.
 

My Computer My Computer

At a glance

Windows 7
OS
Windows 7
You're good on the first part (adding CA 2023 certs and the boot manager). Revocation can be delayed until when MS makes it mandatory, later this year.
Good shout, thanks! 🫡

Anything related to UEFI peaks my anxiety pretty hard (don't want to potentially brick my board, after all), so it's great to put it to rest.
 

My Computer My Computer

At a glance

Windows 11 Pro 25H2AMD Ryzen 9 3950X64 GB DDR4-3600 CL18 (2x32 GB)MSI Ventus RTX 2060 Super
OS
Windows 11 Pro 25H2
Computer type
PC/Desktop
Manufacturer/Model
custom
CPU
AMD Ryzen 9 3950X
Motherboard
ASUS ROG Strix X570-E (first gen)
Memory
64 GB DDR4-3600 CL18 (2x32 GB)
Graphics Card(s)
MSI Ventus RTX 2060 Super
Sound Card
Audient iD4 Mk.I
Monitor(s) Displays
2x AOC 24G1 / 1x XP-Pen Artist Pro 16 Gen 2 2.5K
Screen Resolution
1080p / 2560x1600
Hard Drives
1TB WD/SanDisk SN850X (main) / 2TB Sabrent Rocket 4 / 6TB WD MyBook EE
PSU
Corsair RM850X 850W Gold (2019)
Case
Lian-Li O11-D
Cooling
EKWB EK-AIO 360 RGB
Keyboard
wooting Two HE fullsize
Mouse
some old mouse from an older PC
Internet Speed
Gigabit symmetric (fibre); Bell Fibe
Browser
Firefox
Antivirus
ol' reliable Windows Defender
Other Info
Other peripherals:

- Shure SM7B (Mexico)
- AKG K 240 Studio (calibrated flat)
- PDP FaceOff wired Switch gamepad
Good shout, thanks! 🫡

Anything related to UEFI peaks my anxiety pretty hard (don't want to potentially brick my board, after all), so it's great to put it to rest.
Usually if your last BIOS was released in 2024-2025, they added the CA 2023 certs to the factory defaults. It's the older PC's that have more issues.
 

My Computer My Computer

At a glance

Windows 7
OS
Windows 7
At the bottom in the bios it says this.
View attachment 165418
I would hold off on doing the update for now. I need to find a test script to extract your PK variable's data bytes, and figure out if the problem is with the script's parsing function for deciphering certs. Gimme an hour to figure it (or find the old script).
 

My Computer My Computer

At a glance

Windows 7
OS
Windows 7
Usually if your last BIOS was released in 2024-2025, they added the CA 2023 certs to the factory defaults. It's the older PC's that have more issues.
Hah! Let the only time I've forced myself to ignore my anxiety be the one time I needed to prove it wrong anyway. 5021 isn't the original version that shipped with the first-gen X570-E, I believe that was 440-something. I thiiiink I updated it around the time 5021 dropped, actually.

Regardless, thanks for the help, garlin. :)
 

My Computer My Computer

At a glance

Windows 11 Pro 25H2AMD Ryzen 9 3950X64 GB DDR4-3600 CL18 (2x32 GB)MSI Ventus RTX 2060 Super
OS
Windows 11 Pro 25H2
Computer type
PC/Desktop
Manufacturer/Model
custom
CPU
AMD Ryzen 9 3950X
Motherboard
ASUS ROG Strix X570-E (first gen)
Memory
64 GB DDR4-3600 CL18 (2x32 GB)
Graphics Card(s)
MSI Ventus RTX 2060 Super
Sound Card
Audient iD4 Mk.I
Monitor(s) Displays
2x AOC 24G1 / 1x XP-Pen Artist Pro 16 Gen 2 2.5K
Screen Resolution
1080p / 2560x1600
Hard Drives
1TB WD/SanDisk SN850X (main) / 2TB Sabrent Rocket 4 / 6TB WD MyBook EE
PSU
Corsair RM850X 850W Gold (2019)
Case
Lian-Li O11-D
Cooling
EKWB EK-AIO 360 RGB
Keyboard
wooting Two HE fullsize
Mouse
some old mouse from an older PC
Internet Speed
Gigabit symmetric (fibre); Bell Fibe
Browser
Firefox
Antivirus
ol' reliable Windows Defender
Other Info
Other peripherals:

- Shure SM7B (Mexico)
- AKG K 240 Studio (calibrated flat)
- PDP FaceOff wired Switch gamepad
I would hold off on doing the update for now. I need to find a test script to extract your PK variable's data bytes, and figure out if the problem is with the script's parsing function for deciphering certs. Gimme an hour to figure it (or find the old script).
I ran your script and got this in event viewer

Untitled.webp

still getting the same output in your script. where is the old one you mentioned?
 

My Computers My Computers

  • At a glance

    Windows 11 ProIntel Core i5-12600K 3.7 GHz 10-Core ProcessorCorsair Vengeance LPX 64 GB (2 x 32 GB) DDR4-...Integrated Intel UHD Graphics 770
    OS
    Windows 11 Pro
    Computer type
    PC/Desktop
    Manufacturer/Model
    Self built PC by me.
    CPU
    Intel Core i5-12600K 3.7 GHz 10-Core Processor
    Motherboard
    Gigabyte B760M H DDR4 Micro ATX LGA1700 Motherboard
    Memory
    Corsair Vengeance LPX 64 GB (2 x 32 GB) DDR4-3200 CL16 Memory
    Graphics Card(s)
    Integrated Intel UHD Graphics 770
    Sound Card
    Realtek
    Monitor(s) Displays
    LG
    Hard Drives
    Samsung 990 Pro 1 TB M.2-2280 PCIe 4.0 X4 NVME Solid State Drive
    Samsung 990 Pro 2 TB M.2-2280 PCIe 4.0 X4 NVME Solid State Drive
    PSU
    NZXT 850w ATX 3.1 Gold Fully Modular Power Supply
    Case
    Thermaltake Versa H25 ATX Mid Tower Case
    Cooling
    CPU Cooler Thermalright Assassin Spirit 120 EVO ARGB (ARGB Disabled) - Case Fans BlackThermalright TL-C12C-S X3 66.17 CFM 120 mm Fans 3-Pack (ARGB disabled)
    Internet Speed
    1 Gbps
    Other Info
    I hate ARGB.
  • At a glance

    Windows 11 Pro
    Operating System
    Windows 11 Pro
    Computer type
    Laptop
    Manufacturer/Model
    Lenovo ThinkBook 14 G2 ITL
I found a earlier script. Does this help?
Untitled.webp
 

My Computers My Computers

  • At a glance

    Windows 11 ProIntel Core i5-12600K 3.7 GHz 10-Core ProcessorCorsair Vengeance LPX 64 GB (2 x 32 GB) DDR4-...Integrated Intel UHD Graphics 770
    OS
    Windows 11 Pro
    Computer type
    PC/Desktop
    Manufacturer/Model
    Self built PC by me.
    CPU
    Intel Core i5-12600K 3.7 GHz 10-Core Processor
    Motherboard
    Gigabyte B760M H DDR4 Micro ATX LGA1700 Motherboard
    Memory
    Corsair Vengeance LPX 64 GB (2 x 32 GB) DDR4-3200 CL16 Memory
    Graphics Card(s)
    Integrated Intel UHD Graphics 770
    Sound Card
    Realtek
    Monitor(s) Displays
    LG
    Hard Drives
    Samsung 990 Pro 1 TB M.2-2280 PCIe 4.0 X4 NVME Solid State Drive
    Samsung 990 Pro 2 TB M.2-2280 PCIe 4.0 X4 NVME Solid State Drive
    PSU
    NZXT 850w ATX 3.1 Gold Fully Modular Power Supply
    Case
    Thermaltake Versa H25 ATX Mid Tower Case
    Cooling
    CPU Cooler Thermalright Assassin Spirit 120 EVO ARGB (ARGB Disabled) - Case Fans BlackThermalright TL-C12C-S X3 66.17 CFM 120 mm Fans 3-Pack (ARGB disabled)
    Internet Speed
    1 Gbps
    Other Info
    I hate ARGB.
  • At a glance

    Windows 11 Pro
    Operating System
    Windows 11 Pro
    Computer type
    Laptop
    Manufacturer/Model
    Lenovo ThinkBook 14 G2 ITL
I ran your script and got this in event viewer
What's logged is that Windows knows it wrote the other CA 2023 certs (good), but this task doesn't bother checking your for PK (because it presumes you always had a valid one).

still getting the same output in your script. where is the old one you mentioned?
Run this script, and attached the exported .bin files (as a ZIP). I need to download it and confirm whether it's a parsing error or something's weird in your UEFI variables.
 

Attachments

My Computer My Computer

At a glance

Windows 7
OS
Windows 7
What's logged is that Windows knows it wrote the other CA 2023 certs (good), but this task doesn't bother checking your for PK (because it presumes you always had a valid one).


Run this script, and attached the exported .bin files (as a ZIP). I need to download it and confirm whether it's a parsing error or something's weird in your UEFI variables.
How do I run it?
 

My Computers My Computers

  • At a glance

    Windows 11 ProIntel Core i5-12600K 3.7 GHz 10-Core ProcessorCorsair Vengeance LPX 64 GB (2 x 32 GB) DDR4-...Integrated Intel UHD Graphics 770
    OS
    Windows 11 Pro
    Computer type
    PC/Desktop
    Manufacturer/Model
    Self built PC by me.
    CPU
    Intel Core i5-12600K 3.7 GHz 10-Core Processor
    Motherboard
    Gigabyte B760M H DDR4 Micro ATX LGA1700 Motherboard
    Memory
    Corsair Vengeance LPX 64 GB (2 x 32 GB) DDR4-3200 CL16 Memory
    Graphics Card(s)
    Integrated Intel UHD Graphics 770
    Sound Card
    Realtek
    Monitor(s) Displays
    LG
    Hard Drives
    Samsung 990 Pro 1 TB M.2-2280 PCIe 4.0 X4 NVME Solid State Drive
    Samsung 990 Pro 2 TB M.2-2280 PCIe 4.0 X4 NVME Solid State Drive
    PSU
    NZXT 850w ATX 3.1 Gold Fully Modular Power Supply
    Case
    Thermaltake Versa H25 ATX Mid Tower Case
    Cooling
    CPU Cooler Thermalright Assassin Spirit 120 EVO ARGB (ARGB Disabled) - Case Fans BlackThermalright TL-C12C-S X3 66.17 CFM 120 mm Fans 3-Pack (ARGB disabled)
    Internet Speed
    1 Gbps
    Other Info
    I hate ARGB.
  • At a glance

    Windows 11 Pro
    Operating System
    Windows 11 Pro
    Computer type
    Laptop
    Manufacturer/Model
    Lenovo ThinkBook 14 G2 ITL
Run as Administrator:
Code:
powershell -ep bypass -f \folder\where\script\lives\Export-PKbytes.ps1

Replace the first part of the file path with the folder where the script lives.
 

My Computer My Computer

At a glance

Windows 7
OS
Windows 7
Run as Administrator:
Code:
powershell -ep bypass -f \folder\where\script\lives\Export-PKbytes.ps1

Replace the first part of the file path with the folder where the script lives.
Is this what you wanted?
 

Attachments

My Computers My Computers

  • At a glance

    Windows 11 ProIntel Core i5-12600K 3.7 GHz 10-Core ProcessorCorsair Vengeance LPX 64 GB (2 x 32 GB) DDR4-...Integrated Intel UHD Graphics 770
    OS
    Windows 11 Pro
    Computer type
    PC/Desktop
    Manufacturer/Model
    Self built PC by me.
    CPU
    Intel Core i5-12600K 3.7 GHz 10-Core Processor
    Motherboard
    Gigabyte B760M H DDR4 Micro ATX LGA1700 Motherboard
    Memory
    Corsair Vengeance LPX 64 GB (2 x 32 GB) DDR4-3200 CL16 Memory
    Graphics Card(s)
    Integrated Intel UHD Graphics 770
    Sound Card
    Realtek
    Monitor(s) Displays
    LG
    Hard Drives
    Samsung 990 Pro 1 TB M.2-2280 PCIe 4.0 X4 NVME Solid State Drive
    Samsung 990 Pro 2 TB M.2-2280 PCIe 4.0 X4 NVME Solid State Drive
    PSU
    NZXT 850w ATX 3.1 Gold Fully Modular Power Supply
    Case
    Thermaltake Versa H25 ATX Mid Tower Case
    Cooling
    CPU Cooler Thermalright Assassin Spirit 120 EVO ARGB (ARGB Disabled) - Case Fans BlackThermalright TL-C12C-S X3 66.17 CFM 120 mm Fans 3-Pack (ARGB disabled)
    Internet Speed
    1 Gbps
    Other Info
    I hate ARGB.
  • At a glance

    Windows 11 Pro
    Operating System
    Windows 11 Pro
    Computer type
    Laptop
    Manufacturer/Model
    Lenovo ThinkBook 14 G2 ITL
Thanks. I figured the problem, try this updated version of the check script.
I am not sure if this messed with your script but I updated everything while I was waiting and this is the output I get with the script you just gave me.

PS D:\temp> powershell -nop -ep bypass -f Check_UEFI-CA2023.ps1 -verbose
Windows 11 25H2 (26200.7840)

Secure Boot: ON
Virtualization Based Security: ON
BitLocker on (C:) OFF

BIOS Firmware
-------------
Gigabyte Technology Co. B760M H DDR4
Version: F14
Date: 2025-06-19

Factory Default UEFI PK Cert
----------------------------
(NONE)

UEFI PK Cert
------------
(NONE)

Factory Default UEFI KEK Certs
------------------------------
Microsoft Corporation KEK CA 2011
Microsoft Corporation KEK 2K CA 2023

UEFI KEK Certs
--------------
Microsoft Corporation KEK CA 2011
Microsoft Corporation KEK 2K CA 2023

Factory Default UEFI DB Certs
-----------------------------
Microsoft Corporation UEFI CA 2011
Microsoft Windows Production PCA 2011
Windows UEFI CA 2023

UEFI DB Certs
-------------
Microsoft Corporation UEFI CA 2011
Microsoft Windows Production PCA 2011
Microsoft Option ROM UEFI CA 2023
Microsoft UEFI CA 2023
Windows UEFI CA 2023

Factory Default UEFI DBX Certs
------------------------------
(NONE)
EFI_CERT_SHA256_GUID Signatures: 77

UEFI DBX Certs
--------------
Microsoft Windows Production PCA 2011
Windows BootMgr SVN 7.0
EFI_CERT_SHA256_GUID Signatures: 487

EFI Files
---------
Disk 0: Windows Boot Manager [Windows UEFI CA 2023] is ALLOWED.
bootmgfw.efi File version: 26100.30227

Registry: WindowsUEFICA2023Capable = 2
[Windows UEFI CA 2023] in UEFI DB, and Windows starting from CA 2023 Boot Manager.

Disk 0: SkuSiPolicy.p7b version: 33284.17421.33440.335 is CURRENT.

STATUS REPORT
-------------
Registry: UEFICA2023Status = Updated

SUCCESS: NO UPDATES ARE REQUIRED.

PS D:\temp>


I am done for today. I assume everything is working. The other script showed the UEFI PK Gigabyte

So I guess I am okay? Maybe some weird thing with my PC and your script?
 

My Computers My Computers

  • At a glance

    Windows 11 ProIntel Core i5-12600K 3.7 GHz 10-Core ProcessorCorsair Vengeance LPX 64 GB (2 x 32 GB) DDR4-...Integrated Intel UHD Graphics 770
    OS
    Windows 11 Pro
    Computer type
    PC/Desktop
    Manufacturer/Model
    Self built PC by me.
    CPU
    Intel Core i5-12600K 3.7 GHz 10-Core Processor
    Motherboard
    Gigabyte B760M H DDR4 Micro ATX LGA1700 Motherboard
    Memory
    Corsair Vengeance LPX 64 GB (2 x 32 GB) DDR4-3200 CL16 Memory
    Graphics Card(s)
    Integrated Intel UHD Graphics 770
    Sound Card
    Realtek
    Monitor(s) Displays
    LG
    Hard Drives
    Samsung 990 Pro 1 TB M.2-2280 PCIe 4.0 X4 NVME Solid State Drive
    Samsung 990 Pro 2 TB M.2-2280 PCIe 4.0 X4 NVME Solid State Drive
    PSU
    NZXT 850w ATX 3.1 Gold Fully Modular Power Supply
    Case
    Thermaltake Versa H25 ATX Mid Tower Case
    Cooling
    CPU Cooler Thermalright Assassin Spirit 120 EVO ARGB (ARGB Disabled) - Case Fans BlackThermalright TL-C12C-S X3 66.17 CFM 120 mm Fans 3-Pack (ARGB disabled)
    Internet Speed
    1 Gbps
    Other Info
    I hate ARGB.
  • At a glance

    Windows 11 Pro
    Operating System
    Windows 11 Pro
    Computer type
    Laptop
    Manufacturer/Model
    Lenovo ThinkBook 14 G2 ITL
Sorry, it's my script. One more try.
If you want to continue tomorrow, I'll be around.
 

Attachments

My Computer My Computer

At a glance

Windows 7
OS
Windows 7
Sorry, it's my script. One more try.
If you want to continue tomorrow, I'll be around.
Looks like you fixed it. Can you confirm I am all done and nothing else is wrong?


PS D:\Temp> powershell -nop -ep bypass -f Check_UEFI-CA2023.ps1 -verbose
Windows 11 25H2 (26200.7840)

Secure Boot: ON
Virtualization Based Security: ON
BitLocker on (C:) OFF

BIOS Firmware
-------------
Gigabyte Technology Co. B760M H DDR4
Version: F14
Date: 2025-06-19

Factory Default UEFI PK Cert
----------------------------
GIGABYTE

UEFI PK Cert
------------
GIGABYTE

Factory Default UEFI KEK Certs
------------------------------
Microsoft Corporation KEK CA 2011
Microsoft Corporation KEK 2K CA 2023
GIGABYTE

UEFI KEK Certs
--------------
Microsoft Corporation KEK CA 2011
Microsoft Corporation KEK 2K CA 2023
GIGABYTE

Factory Default UEFI DB Certs
-----------------------------
Microsoft Corporation UEFI CA 2011
Microsoft Windows Production PCA 2011
Windows UEFI CA 2023
GIGABYTE
GIGABYTE

UEFI DB Certs
-------------
Microsoft Corporation UEFI CA 2011
Microsoft Windows Production PCA 2011
Microsoft Option ROM UEFI CA 2023
Microsoft UEFI CA 2023
Windows UEFI CA 2023
GIGABYTE
GIGABYTE

Factory Default UEFI DBX Certs
------------------------------
(NONE)
EFI_CERT_SHA256_GUID Signatures: 77

UEFI DBX Certs
--------------
Microsoft Windows Production PCA 2011
Windows BootMgr SVN 7.0
EFI_CERT_SHA256_GUID Signatures: 487

EFI Files
---------
Disk 0: Windows Boot Manager [Windows UEFI CA 2023] is ALLOWED.
bootmgfw.efi File version: 26100.30227

Registry: WindowsUEFICA2023Capable = 2
[Windows UEFI CA 2023] in UEFI DB, and Windows starting from CA 2023 Boot Manager.

Disk 0: SkuSiPolicy.p7b version: 33284.17421.33440.335 is CURRENT.

STATUS REPORT
-------------
Registry: UEFICA2023Status = Updated

SUCCESS: NO UPDATES ARE REQUIRED.

PS D:\Temp>
 

My Computers My Computers

  • At a glance

    Windows 11 ProIntel Core i5-12600K 3.7 GHz 10-Core ProcessorCorsair Vengeance LPX 64 GB (2 x 32 GB) DDR4-...Integrated Intel UHD Graphics 770
    OS
    Windows 11 Pro
    Computer type
    PC/Desktop
    Manufacturer/Model
    Self built PC by me.
    CPU
    Intel Core i5-12600K 3.7 GHz 10-Core Processor
    Motherboard
    Gigabyte B760M H DDR4 Micro ATX LGA1700 Motherboard
    Memory
    Corsair Vengeance LPX 64 GB (2 x 32 GB) DDR4-3200 CL16 Memory
    Graphics Card(s)
    Integrated Intel UHD Graphics 770
    Sound Card
    Realtek
    Monitor(s) Displays
    LG
    Hard Drives
    Samsung 990 Pro 1 TB M.2-2280 PCIe 4.0 X4 NVME Solid State Drive
    Samsung 990 Pro 2 TB M.2-2280 PCIe 4.0 X4 NVME Solid State Drive
    PSU
    NZXT 850w ATX 3.1 Gold Fully Modular Power Supply
    Case
    Thermaltake Versa H25 ATX Mid Tower Case
    Cooling
    CPU Cooler Thermalright Assassin Spirit 120 EVO ARGB (ARGB Disabled) - Case Fans BlackThermalright TL-C12C-S X3 66.17 CFM 120 mm Fans 3-Pack (ARGB disabled)
    Internet Speed
    1 Gbps
    Other Info
    I hate ARGB.
  • At a glance

    Windows 11 Pro
    Operating System
    Windows 11 Pro
    Computer type
    Laptop
    Manufacturer/Model
    Lenovo ThinkBook 14 G2 ITL
This looks good, but I suspect Gigabyte cut a few corners when they issued their other certs.

Normally every cert's Subject line is supposed to have a descriptive title. But apparently Gigabyte simply chose to assign their name (CN=), but added nothing else. That's technically allowed, but not very helpful for debugging purposes. :(
 

My Computer My Computer

At a glance

Windows 7
OS
Windows 7
This looks good, but I suspect Gigabyte cut a few corners when they issued their other certs.

Normally every cert's Subject line is supposed to have a descriptive title. But apparently Gigabyte simply chose to assign their name (CN=), but added nothing else. That's technically allowed, but not very helpful for debugging purposes. :(
Is there a reason GIGABYTE is listed 2 times under
Factory Default UEFI DB Certs
and
UEFI DB Certs

All of the other times it says Gigabyte how do we know what year these are?

For example what needs to be revoked for this

UEFI KEK Certs
--------------
Microsoft Corporation KEK CA 2011
Microsoft Corporation KEK 2K CA 2023
GIGABYTE

Thanks Garlin.
 

My Computers My Computers

  • At a glance

    Windows 11 ProIntel Core i5-12600K 3.7 GHz 10-Core ProcessorCorsair Vengeance LPX 64 GB (2 x 32 GB) DDR4-...Integrated Intel UHD Graphics 770
    OS
    Windows 11 Pro
    Computer type
    PC/Desktop
    Manufacturer/Model
    Self built PC by me.
    CPU
    Intel Core i5-12600K 3.7 GHz 10-Core Processor
    Motherboard
    Gigabyte B760M H DDR4 Micro ATX LGA1700 Motherboard
    Memory
    Corsair Vengeance LPX 64 GB (2 x 32 GB) DDR4-3200 CL16 Memory
    Graphics Card(s)
    Integrated Intel UHD Graphics 770
    Sound Card
    Realtek
    Monitor(s) Displays
    LG
    Hard Drives
    Samsung 990 Pro 1 TB M.2-2280 PCIe 4.0 X4 NVME Solid State Drive
    Samsung 990 Pro 2 TB M.2-2280 PCIe 4.0 X4 NVME Solid State Drive
    PSU
    NZXT 850w ATX 3.1 Gold Fully Modular Power Supply
    Case
    Thermaltake Versa H25 ATX Mid Tower Case
    Cooling
    CPU Cooler Thermalright Assassin Spirit 120 EVO ARGB (ARGB Disabled) - Case Fans BlackThermalright TL-C12C-S X3 66.17 CFM 120 mm Fans 3-Pack (ARGB disabled)
    Internet Speed
    1 Gbps
    Other Info
    I hate ARGB.
  • At a glance

    Windows 11 Pro
    Operating System
    Windows 11 Pro
    Computer type
    Laptop
    Manufacturer/Model
    Lenovo ThinkBook 14 G2 ITL
Vendors are allowed to create their own Secure Boot certs, in order to self-sign software tools used to update BIOS'es.

HP and Dell are also known to self-issue certs. The problem here is Gigabyte is too lax in not following the formal ISO organization model for labeling the cert's Subject field. For example, here's two examples of a Dell PK:
Code:
CN=Dell Inc. Platform Key,O=Dell Inc.,L=Round Rock,ST=Texas,C=U
Code:
CN=Dell secure boot platform key 2022,O=Dell Technologies Inc.,L=Portland,ST=California,C=U

CN = Canonical Name​
O = Organization (company)​
L = Location​
ST = State​
C = Country​

For reasons known only to Gigabyte (but it's a common issue with Chinese or Taiwanese OEM's), they simply encode their PK as "CN=GIGABYTE". I'd imagine the other Gigabyte-issued KEK and DB certs share a basic lack of descriptive detail.

The cert's Subject field is only present for human consumption, since they're actually referenced using the cert's thumbprint (or hash value). I can't add more reporting if there wasn't enough details to begin.
 

My Computer My Computer

At a glance

Windows 7
OS
Windows 7
Back
Top Bottom