Solved garlin's PowerShell scripts for updating Secure Boot CA 2023


cool59 said:
Here's my output in case it can help:

PS C:\WINDOWS\system32> C:\Users\Desktop\WhatsMyPK.ps1
Subject : CN=Dell Inc. UEFI Platform Key, OU=Signing, OU=1, DC=dell, DC=com
Issuer : CN=Dell Inc. Issuing CA 1, CN=AIA, CN=Public Key Services, CN=Services, CN=Configuration, DC=dell,
DC=com
Thanks ;-)
Click to expand...
Thanks. I have enough samples now, as I found the MS KEK list has the Subject: line for most vendors.
Some of the vendors submitted some weird looking strings.
 

My Computer

System One

  • OS
    Windows 7
gunrunnerjohn said:
@garlin Hi,

Is there an alternate way to install the SkuSiPolicy.p7b? I've tried the following several times, but I still get the same error. I'm running Win 11 Pro 25H2, Build 26220.7523.

View attachment 158768
Click to expand...
Don't use the AvailableUpdates = 0x20 method. I borrowed that from cjee21's posted chart of AvailableUpdates bitmasks, and it doesn't appear to work.

The file copy method mentioned will work.
 

My Computer

System One

  • OS
    Windows 7
@garlin When you update your scripts are you going to put the new script in the Reserved FAQ post or put the version # in the file name?
 

My Computers

System One System Two

  • OS
    Windows 11 Home, ver 25H2 build 26200.8246
    Computer type
    Laptop
    Manufacturer/Model
    Hewlett-Packard Spectre 13-4001 x360 convertable
    CPU
    Intel Core i5 5200U @ 2.20GH
    Motherboard
    Hewlett-Packard 802D
    Memory
    4 GB
    Graphics Card(s)
    Intel HD Graphics 5500 on board
    Sound Card
    Intel Smart Sound Technology (Intel SST)
    Hard Drives
    Micron 256GB M.2 2280 NGFF SSD MTFDDAV256TBN, (SATA 6.0 Gb/s)
    Keyboard
    Model # G01KB
    Antivirus
    Microsoft Defender
    Other Info
    born on date: 25 Feb 2016
  • Operating System
    Win 11 Home 25H2 build 26200.7922
    Computer type
    PC/Desktop
    Manufacturer/Model
    Asus Desktop model M32AD-US019S (DOM: 6/9/2014 )
    CPU
    Intel Core i7 4th Gen 4790 (3.60GHz), Haswell 22nm Technology, SOCKET 1150
    Motherboard
    H81M-E/M51AD/DP_MB
    Memory
    Samsung 16 GB DDR3 (8GB in 2 modules)
    Graphics card(s)
    NVIDIA GeForce GTX 760, 3GB, and on-board Intel HD Graphics 4600 Rev 6
    Monitor(s) Displays
    HP EliteDisplay E241i LED; HP EliteDisplay E243
    Hard Drives
    Samsung 500GB SSD, 870 EVO (SATA 6.0 )
    Micron 250GB SSD, CT250MX500
    Toshiba HDD, 3GB (original drive w/PC)
    Case
    ASUS
    Keyboard
    ASUS-------------------------
    Antivirus
    MS Defender
    Other Info
    Additional Laptops:

    HEWLETT PACKARD
    HP OmniBook X Flip NGAI (Next Gen AI),
    Model: 16-as0023dx
    PT# B5UH1UA#ABA Product #: B5UH1UA
    delivered and setup 7/25/25
    16" 2K Touch-Screen Laptop
    Intel Core Ultra 7 256V '24 Series 2 - CPU
    Boost Clock Frequency 4.8 gigahertz; Neural Processing Unit (NPU) Yes;
    16GB Memory, LPDDR5X
    1TB SSD PCIe 4.0
    Graphics: Intel Arc 140V
    1 x HDMI 2.1
    1 x Thunderbolt 4
    2K Touch-Screen display, LED, IPS; 1920 x 1200 (Full HD+)
    USB Ports: 1 x USB-C 3.1, 2 x USB-A 3.1
    Wi-Fi 6E
    weight 4.15 pounds

    DELL
    Model:I7591-7483BLK-PUS 2-in-1 (7000 Series)
    purchased 12/3/2019,
    15.6 inch 2-IN-1;
    4K Ultra HD Touch-Screen, 3840 x 2160,
    Intel Core i7 10510U CPU 1.80GHz,
    16GB RAM DDR4 SDRAM 2400 megahert (2 slots),
    dedicated graphics Nvidia GeForce MX250 2 GB Graphics,
    PCIe 512GB Intel SSD + 32GB Optane Memory (Intel Optane Memory H10 with solid-state storage),
    wireless-AX & Bluetooth
    Battery: 68wh, Type 4VGMP 4 cell
Phil_C said:
See post #69. Worked for me.
Click to expand...
Thanks, I missed that one, but it worked fine. I though this was simple, but way better to check before nuking myself. :lmao:
 

My Computers

System One System Two

  • OS
    Win 11 Pro 25H2, Build 26200.8524
    Computer type
    PC/Desktop
    Manufacturer/Model
    Home Brew
    CPU
    Intel Core i5 14500
    Motherboard
    Gigabyte B760M G P WIFI
    Memory
    64GB DDR4
    Graphics Card(s)
    GeForce RTX 4060
    Sound Card
    Chipset Realtek
    Monitor(s) Displays
    LG 45" Ultragear, Acer 24" 1080p
    Screen Resolution
    5120x1440, 1920x1080
    Hard Drives
    Crucial P310 2TB 2280 PCIe Gen4 3D NAND NVMe M.2 SSD (O/S)
    Silicon Power 2TB US75 NVMe PCIe Gen4 M.2 2280 SSD (backup)
    Crucial BX500 2TB 3D NAND (2nd backup)
    Seagate 4TB Ironwolf, rotating HDD archive files
    External off-line backup Drives: 2 NVMe 4TB drives in external enclosures
    PSU
    Thermaltake Toughpower GF3 750W
    Case
    LIAN LI LANCOOL 216 E-ATX PC Case
    Cooling
    Lots of fans!
    Keyboard
    Microsoft Comfort Curve 2000
    Mouse
    Logitech G305
    Internet Speed
    Verizon FiOS 1GB
    Browser
    Firefox
    Antivirus
    Malware Bytes & Windows Defender Security
  • Operating System
    Win 11 Pro 25H2, Build 26200.8524
    Computer type
    PC/Desktop
    Manufacturer/Model
    Home Brew
    CPU
    Intel Core i5 14400
    Motherboard
    Gigabyte B760M DS3H AX
    Memory
    32GB DDR5
    Graphics card(s)
    Intel 700 Embedded GPU
    Sound Card
    Realtek Embedded
    Monitor(s) Displays
    27" HP 1080p
    Screen Resolution
    1920x1080
    Hard Drives
    Crucial P310 2TB 2280 PCIe Gen4 eD NAND PCIe SSD
    Samsung EVO 990 2TB NVMe Gen4 SSD
    Samsung 2TB SATA SSD
    PSU
    Thermaltake Smart BM3 650W
    Case
    Okinos Micro ATX Case
    Cooling
    Fans
    Keyboard
    Microsoft Comfort Curve 2000
    Mouse
    Logitech G305
    Internet Speed
    Verizon FiOS 1GB
    Browser
    Firefox
    Antivirus
    Malware Bytes & Windows Defender Security
Each script has a -Version flag, and I will update the thread and GitHub when a newer version is released.
Code: 
PS C:\Users\GARLIN\Downloads> powershell -nop -ep bypass -f .\Check_UEFI-CA2023.ps1 -version
Check_UEFI-CA2023.ps1 version (2026.01.02)

PS C:\Users\GARLIN\Downloads> powershell -nop -ep bypass -f .\Update_UEFI-CA2023.ps1 -version
Update_UEFI-CA2023.ps1 version (2026.01.02)
 

My Computer

System One

  • OS
    Windows 7
I could not get any of these scripts to work, as my BIOS would not allow the keys to be read. But once I deleted all the keys, I was able to run the update scripts successfully.
On another laptop, I saw the SecureBootUpdates folder had a dozen files dated November 2025. So I used Regedit to schedule the updates and that worked.
 
Last edited:

My Computers

System One System Two

  • OS
    Windows 11 Pro 25H2 26200.8524
    Computer type
    Laptop
    Manufacturer/Model
    Acemagic LX15PRO
    CPU
    AMD Ryzen 7 5825U with Radeon Graphics
    Memory
    16GB
    Screen Resolution
    1920 x 1080
    Hard Drives
    SSD 2TB
    Internet Speed
    30 Mbps
    Browser
    Brave
    Antivirus
    Webroot Secure Anywhere
    Other Info
    System 3

    Acer Swift SF114-34 laptop
    OS Windows 11 Pro 26200.8524
    CPU Pentium Silver N6000
    RAM 4GB
    SSD Samsung 970 EVO Plus SSD 2TB (an upgrade)
  • Operating System
    Windows 11 Pro 23H2 22631.2506
    Computer type
    Laptop
    Manufacturer/Model
    HP Mini 210-1090NR PC (bought in late 2009!)
    CPU
    Atom N450 1.66GHz
    Memory
    2GB
    Browser
    Brave
    Antivirus
    Webroot
garlin said:
Each script has a -Version flag, and I will update the thread and GitHub when a newer version is released.
Code: 
PS C:\Users\GARLIN\Downloads> powershell -nop -ep bypass -f .\Check_UEFI-CA2023.ps1 -version
Check_UEFI-CA2023.ps1 version (2026.01.02)

PS C:\Users\GARLIN\Downloads> powershell -nop -ep bypass -f .\Update_UEFI-CA2023.ps1 -version
Update_UEFI-CA2023.ps1 version (2026.01.02)
Click to expand...
Sorry, I'm not that tech savvy - I don't know how to run these scripts.
 

My Computer

System One

  • OS
    Windows 11 Intel i5 10400 HD630 graphics chip
    Computer type
    PC/Desktop
    Manufacturer/Model
    HP
    CPU
    i5-10400
    Memory
    12 gb
    Graphics Card(s)
    HD630 chipset
    Monitor(s) Displays
    LG 24inch
    Hard Drives
    SSD, external usb drive 1tb for files/backups
    Keyboard
    wireless Logi
    Mouse
    ms 4000 wireless mouse
    Internet Speed
    10meg
    Browser
    Firefox
    Antivirus
    Defender
    Other Info
    Win11 Home 25h2 26200.8524 05/26/2026
Open a Command Prompt window as admin and change to the folder of the PS script. Then run the following command

powershell -nop -ep bypass -f .\Check_UEFI-CA2023.ps1 -version

This will give you the version. Do the same with the other script.
 

My Computers

System One System Two

  • OS
    Windows 11 Pro build 26200.8524
    Computer type
    PC/Desktop
    Manufacturer/Model
    Home Built
    CPU
    Intel i7-4790
    Motherboard
    Asus H97 Pro Gamer with add-on TPM1.2 module
    Memory
    Teams DDR3-1600 4x4 GB
    Graphics Card(s)
    MSI Nvidia GeForce GTX 1050Ti
    Sound Card
    Realtek ALC1150
    Monitor(s) Displays
    Dell P2425D
    Screen Resolution
    2560 by 1440 pixels
    Hard Drives
    Corsair NVMe M.2 Core XT 1000 GB (Windows 11 v.25H2); Samsung SATA Evo 870 500 GB (Windows 11 v.25H2);
    PSU
    Corsair HX850
    Case
    Gigabyte Solo 210
    Cooling
    Zalman CNPS7X Tower
    Keyboard
    Microsoft AIO Wireless (includes touchpad)
    Mouse
    HP S1000 Plus Wireless
    Internet Speed
    500 Mb fiber optic
    Browser
    Chrome; MS Edge
    Antivirus
    Windows Defender
  • Operating System
    MacOS 12 Monterey
    Computer type
    Laptop
    Manufacturer/Model
    Apple Macbook Air
    CPU
    Intel Core i5
    Memory
    8 GB
    Graphics card(s)
    Intel integrated
    Screen Resolution
    1440 by 900 pixels
    Hard Drives
    128 GB
    Keyboard
    Built-in
    Mouse
    Microsoft Wireless
    Internet Speed
    802.11 ac
    Browser
    Chrome; Safari
    Antivirus
    N/A
Several weeks ago I followed the older PS scripts to update my 2 systems and was successful. As a double-check, I just ran this newer Check script and got this same result on both systems. All looks okay but I wanted to verify one thing. Under Required Action, it says to revoke the 2011 certificates, but from what I've read in other threads, it's not absolutely necessary to revoke them right now, that there is no problem with just leaving them there as MS will remove them later this year. Is that correct?

CheckUEFI.webp
 

My Computers

System One System Two

  • OS
    Windows 11 Pro 25H2
    Computer type
    Laptop
    Manufacturer/Model
    Lenovo T490 (2020 Hardware)
    CPU
    i7-8565U
    Motherboard
    20N20028US
    Memory
    16GB
    Graphics Card(s)
    Intel UHD Graphics 620
    Sound Card
    Realtec Audio
    Monitor(s) Displays
    ASUS VE248
    Screen Resolution
    1920 X 1080
    Hard Drives
    Samsung SSD 970 PRO 512GB NVMe
    Internet Speed
    Frontier fiber 1GB
    Browser
    Chrome, Firefox, Edge
    Antivirus
    Norton 360 Deluxe Plus
    Other Info
    Supported hardware, upgraded from Windows 10 Pro to Windows 11 Pro version 24H2 on 06/01/2025 using the Windows 11 ISO file. Used the enablement package to upgrade to version 25H2 on 10/07/2025. Secure boot enabled.
  • Operating System
    Windows 11 Pro 25H2
    Computer type
    PC/Desktop
    Manufacturer/Model
    Lenovo ThinkCentre M83 (2014 Hardware)
    CPU
    i7-4770 (with SSE4.2, and POPCNT)
    Motherboard
    10AL000GUS
    Memory
    16GB
    Graphics card(s)
    Intel HD Graphics 4600
    Sound Card
    Realtec High Definition Audio
    Monitor(s) Displays
    ASUS VE248
    Screen Resolution
    1920 X 1080
    Hard Drives
    Samsung SSD 860 PRO 1TB SATA
    Internet Speed
    Frontier fiber 1GB
    Browser
    Chrome, Firefox, Edge
    Antivirus
    Norton 360 Deluxe Plus
    Other Info
    Unsupported hardware, upgraded from Windows 10 Pro (TPM 1.2 & unsupported CPU, but does have SSE4.2, and POPCNT) to Windows 11 Pro version 24H2 on 06/15/2025. Added Registry Key HKEY_LOCAL_MACHINE\SYSTEM\Setup\MoSetup – AllowUpgradesWithUnsupportedTPMOrCPU=1 to allow installation using the Windows 11 ISO file. Used the enablement package to upgrade to version 25H2 on 10/08/2025. Secure boot enabled.
Good question. I believe the 2011 certificates are really only a problem for enterprise, but I may be wrong.
 

My Computers

System One System Two

  • OS
    Windows 11 Pro 25H2 26200.8524
    Computer type
    Laptop
    Manufacturer/Model
    Acemagic LX15PRO
    CPU
    AMD Ryzen 7 5825U with Radeon Graphics
    Memory
    16GB
    Screen Resolution
    1920 x 1080
    Hard Drives
    SSD 2TB
    Internet Speed
    30 Mbps
    Browser
    Brave
    Antivirus
    Webroot Secure Anywhere
    Other Info
    System 3

    Acer Swift SF114-34 laptop
    OS Windows 11 Pro 26200.8524
    CPU Pentium Silver N6000
    RAM 4GB
    SSD Samsung 970 EVO Plus SSD 2TB (an upgrade)
  • Operating System
    Windows 11 Pro 23H2 22631.2506
    Computer type
    Laptop
    Manufacturer/Model
    HP Mini 210-1090NR PC (bought in late 2009!)
    CPU
    Atom N450 1.66GHz
    Memory
    2GB
    Browser
    Brave
    Antivirus
    Webroot
Revoking the old certs is no different from installing the new certs. Just run the reg file and the scheduled task. That's it.

When you can do it yourself, why wait for MS to do it for you. But it's your call, of course.

I take great pride and enjoyment in doing my chores myself.

Please do not forget to update your backups and recovery disks if you have them.
 

My Computers

System One System Two

  • OS
    Windows 11 Pro build 26200.8524
    Computer type
    PC/Desktop
    Manufacturer/Model
    Home Built
    CPU
    Intel i7-4790
    Motherboard
    Asus H97 Pro Gamer with add-on TPM1.2 module
    Memory
    Teams DDR3-1600 4x4 GB
    Graphics Card(s)
    MSI Nvidia GeForce GTX 1050Ti
    Sound Card
    Realtek ALC1150
    Monitor(s) Displays
    Dell P2425D
    Screen Resolution
    2560 by 1440 pixels
    Hard Drives
    Corsair NVMe M.2 Core XT 1000 GB (Windows 11 v.25H2); Samsung SATA Evo 870 500 GB (Windows 11 v.25H2);
    PSU
    Corsair HX850
    Case
    Gigabyte Solo 210
    Cooling
    Zalman CNPS7X Tower
    Keyboard
    Microsoft AIO Wireless (includes touchpad)
    Mouse
    HP S1000 Plus Wireless
    Internet Speed
    500 Mb fiber optic
    Browser
    Chrome; MS Edge
    Antivirus
    Windows Defender
  • Operating System
    MacOS 12 Monterey
    Computer type
    Laptop
    Manufacturer/Model
    Apple Macbook Air
    CPU
    Intel Core i5
    Memory
    8 GB
    Graphics card(s)
    Intel integrated
    Screen Resolution
    1440 by 900 pixels
    Hard Drives
    128 GB
    Keyboard
    Built-in
    Mouse
    Microsoft Wireless
    Internet Speed
    802.11 ac
    Browser
    Chrome; Safari
    Antivirus
    N/A
My backups and recovery USB drives (Macrium Reflect Free 8.0) and my Windows Recovery USB drives are my concern.
 

My Computers

System One System Two

  • OS
    Windows 11 Pro 25H2
    Computer type
    Laptop
    Manufacturer/Model
    Lenovo T490 (2020 Hardware)
    CPU
    i7-8565U
    Motherboard
    20N20028US
    Memory
    16GB
    Graphics Card(s)
    Intel UHD Graphics 620
    Sound Card
    Realtec Audio
    Monitor(s) Displays
    ASUS VE248
    Screen Resolution
    1920 X 1080
    Hard Drives
    Samsung SSD 970 PRO 512GB NVMe
    Internet Speed
    Frontier fiber 1GB
    Browser
    Chrome, Firefox, Edge
    Antivirus
    Norton 360 Deluxe Plus
    Other Info
    Supported hardware, upgraded from Windows 10 Pro to Windows 11 Pro version 24H2 on 06/01/2025 using the Windows 11 ISO file. Used the enablement package to upgrade to version 25H2 on 10/07/2025. Secure boot enabled.
  • Operating System
    Windows 11 Pro 25H2
    Computer type
    PC/Desktop
    Manufacturer/Model
    Lenovo ThinkCentre M83 (2014 Hardware)
    CPU
    i7-4770 (with SSE4.2, and POPCNT)
    Motherboard
    10AL000GUS
    Memory
    16GB
    Graphics card(s)
    Intel HD Graphics 4600
    Sound Card
    Realtec High Definition Audio
    Monitor(s) Displays
    ASUS VE248
    Screen Resolution
    1920 X 1080
    Hard Drives
    Samsung SSD 860 PRO 1TB SATA
    Internet Speed
    Frontier fiber 1GB
    Browser
    Chrome, Firefox, Edge
    Antivirus
    Norton 360 Deluxe Plus
    Other Info
    Unsupported hardware, upgraded from Windows 10 Pro (TPM 1.2 & unsupported CPU, but does have SSE4.2, and POPCNT) to Windows 11 Pro version 24H2 on 06/15/2025. Added Registry Key HKEY_LOCAL_MACHINE\SYSTEM\Setup\MoSetup – AllowUpgradesWithUnsupportedTPMOrCPU=1 to allow installation using the Windows 11 ISO file. Used the enablement package to upgrade to version 25H2 on 10/08/2025. Secure boot enabled.
nikki605 said:
My backups and recovery USB drives (Macrium Reflect Free 8.0) and my Windows Recovery USB drives are my concern.
Click to expand...
Make another recovery drive on a different USB stick and follow that up with a new backup. I think the only difference is the bootloader, the old one is 2011 and the new one is 2023 as it relates to your question. It's a simple task to switch back and forth to update the bootloader firmware to match your previous backups and recovery drive. There's no urgency for you to revoke the 2011 certificates, you have several months to either do it yourself, or leave it to MS, just think things through before doing so. If you put things in perspective, you'll realize this security issue has existed since 2023, mostly likely prior, in a sense, it's a little like trying to close the barn doors after the horses have bolted.
 

My Computer

System One

  • OS
    Windows 11
Dirtyflash said:
Make another recovery drive on a different USB stick and follow that up with a new backup. I think the only difference is the bootloader, the old one is 2011 and the new one is 2023 as it relates to your question. It's a simple task to switch back and forth to update the bootloader firmware to match your previous backups and recovery drive. There's no urgency for you to revoke the 2011 certificates, you have several months to either do it yourself, or leave it to MS, just think things through before doing so. If you put things in perspective, you'll realize this security issue has existed since 2023, mostly likely prior, in a sense, it's a little like trying to close the barn doors after the horses have bolted.
Click to expand...
Since running the original scripts several weeks ago that added the 2023 certs to the 2011 certs on both my PCs as the scripts show, I have created new Macrium Reflect boot sticks and run several new backups. I have also recreated new Windows Recovery sticks. If I understand all these threads correctly, all the boot sticks should have been created with both the 2011 and 2023 certs. Yes? No?
 

My Computers

System One System Two

  • OS
    Windows 11 Pro 25H2
    Computer type
    Laptop
    Manufacturer/Model
    Lenovo T490 (2020 Hardware)
    CPU
    i7-8565U
    Motherboard
    20N20028US
    Memory
    16GB
    Graphics Card(s)
    Intel UHD Graphics 620
    Sound Card
    Realtec Audio
    Monitor(s) Displays
    ASUS VE248
    Screen Resolution
    1920 X 1080
    Hard Drives
    Samsung SSD 970 PRO 512GB NVMe
    Internet Speed
    Frontier fiber 1GB
    Browser
    Chrome, Firefox, Edge
    Antivirus
    Norton 360 Deluxe Plus
    Other Info
    Supported hardware, upgraded from Windows 10 Pro to Windows 11 Pro version 24H2 on 06/01/2025 using the Windows 11 ISO file. Used the enablement package to upgrade to version 25H2 on 10/07/2025. Secure boot enabled.
  • Operating System
    Windows 11 Pro 25H2
    Computer type
    PC/Desktop
    Manufacturer/Model
    Lenovo ThinkCentre M83 (2014 Hardware)
    CPU
    i7-4770 (with SSE4.2, and POPCNT)
    Motherboard
    10AL000GUS
    Memory
    16GB
    Graphics card(s)
    Intel HD Graphics 4600
    Sound Card
    Realtec High Definition Audio
    Monitor(s) Displays
    ASUS VE248
    Screen Resolution
    1920 X 1080
    Hard Drives
    Samsung SSD 860 PRO 1TB SATA
    Internet Speed
    Frontier fiber 1GB
    Browser
    Chrome, Firefox, Edge
    Antivirus
    Norton 360 Deluxe Plus
    Other Info
    Unsupported hardware, upgraded from Windows 10 Pro (TPM 1.2 & unsupported CPU, but does have SSE4.2, and POPCNT) to Windows 11 Pro version 24H2 on 06/15/2025. Added Registry Key HKEY_LOCAL_MACHINE\SYSTEM\Setup\MoSetup – AllowUpgradesWithUnsupportedTPMOrCPU=1 to allow installation using the Windows 11 ISO file. Used the enablement package to upgrade to version 25H2 on 10/08/2025. Secure boot enabled.
Anibor_11 said:
MS owns the problem, they created this mess. These things should be totally transparent to the user.
Click to expand...

I feel your pain... you, me and most everyone else here are not all that thrilled with these certificate changes. I mean not to sound condescending, (you and I are in the same boat, I really do feel your pain). But my take on this is that Microsoft are not the ones who "created this mess", but more like the ones trying to do the clean-up on aisle 5, that others created.

Microsoft wrote the code and created the operating system software, that part is true. But then, after-the-fact, nefarious others jumped in later and created a way to mess things up by writing malicious code like BlackLotus, Frankenstein, Godzilla 🤣 and whatever else they can cook-up to make everyone's life miserable. Those are the ones who are responsible for the creation of Secure Boot and other security measures like new certificates.
 

My Computers

System One System Two

  • OS
    Windows 11 Pro 25H2 26200.8457
    Computer type
    PC/Desktop
    Manufacturer/Model
    Dell Tower Plus EBT2250, DOB: 06/15/2025
    CPU
    Intel® Core™ Ultra 7 265 1.8GHz to 5.3GHz (Arrow Lake)
    Motherboard
    Dell Inc. 02D3NT A00 (U3E1)
    Memory
    SK Hynix 32GB DDR5 5600 Desktop RAM UDIMM Non-ECC PC5-5600B
    Graphics Card(s)
    Dell NVIDIA® GeForce RTX™ 4060 8GB GDDR6 & (iGPU) Integrated Intel® UHD Graphics
    Sound Card
    Chipset Realtek High-Definition Audio with Dolby Atmos
    Monitor(s) Displays
    Dell Ultra Sharp U2515H 25-Inch Screen LED-Lit
    Screen Resolution
    2560 X 1440
    Hard Drives
    Samsung (NVMe PM9C1a 1024GB) M.2 PCIe NVMe Solid State Drive (OS), with Samsung Piccolo (S4LY022) 6-Core 4 Channel Controller.

    Samsung T7 500GB SSD, USB-C External Drive
    PSU
    Dell 460W
    Case
    Dell Tower Plus EBT 2250
    Cooling
    Fan
    Keyboard
    Dell Wired Keyboard - KB216
    Mouse
    Logitech M510
    Internet Speed
    Intel Killer E3100G 2.5 Gigabit Ethernet Controller
    Browser
    Microsoft Edge
    Antivirus
    Microsoft Windows Security
    Other Info
    The Samsung NVMe PM9C1a 1024GB SSD does not use a Phison NAND controller. Instead, it uses Samsung's in-house developed Piccolo (S4LY022) 6-Core 4 Channel Controller. The PM9C1a utilizes a controller built using Samsung's 5-nanometer process and seventh-generation V-NAND technology. 🤔
  • Operating System
    Windows 11 Pro 25H2 26200.8457
    Computer type
    Laptop
    Manufacturer/Model
    Dell Inspiron 15 7000 (7591) 2-in-1, DOB: 11/30/2019
    CPU
    10th Generation Intel Core i7-10510U Processor (8MB Cache, up to 4.9 GHz) Comet Lake
    Motherboard
    Dell 0NNW5N
    Memory
    16GB DDR4 RAM
    Graphics card(s)
    NVIDIA® GeForce® MX250 with 2GB GDDR5 graphics memory
    Sound Card
    Chipset Realtek ALC3254 🤔🤣
    Monitor(s) Displays
    Dell 15.6-inch UHD Truelife Touch Narrow Border WVA Display with Active Pen support
    Screen Resolution
    3840 x 2160
    Hard Drives
    Intel NVME 512GB SSD with 32GB Intel Optane Memory, M.2 80mm PCIe 3.0 RAID

    SanDisk 256GB Extreme microSDXC UHS-I Memory Card
    PSU
    Dell 4-Cell Battery, 68 Whr (Integrated), 90 Watt AC Adapter
    Case
    Dell Inspiron 15 7000 2-in-1 (7591)
    Cooling
    Standard Dell Case Fan & Havit HV-F2056 USB Powered (3 Fans) Laptop Cooling Pad.
    Keyboard
    Dell
    Mouse
    Logitech Wireless Mouse M650L
    Internet Speed
    Wireless/Wired connectivity (WiFi 6 - 802.11 ax)
    Browser
    Microsoft Edge
    Antivirus
    Microsoft Windows Security
    Other Info
    From Dell: 512GB NVME Solid State Drive accelerated by 32GB Intel Optane Memory are the fastest as compared to NAND SSDs. Intel Optane H10 with SSD offers speedy storage and accelerates opening your programs.
nikki605 said:
My backups and recovery USB drives (Macrium Reflect Free 8.0) and my Windows Recovery USB drives are my concern.
Click to expand...
For most common bootable USB drives, certainly the Windows Recovery drive, you can copy the 2023 certs to them to allow them to boot with Secure Boot.

@garlin posted the script below, I'm showing the contents. I used it to update my Acronis Recovery Drive and the Windows Recovery drive, they boot fine with the 2011 cert revoked.

Code: 
set /p id=Enter Destination Drive Letter with a colon:
echo %id%
pause

COPY %id%\EFI\MICROSOFT\BOOT\BCD %id%\EFI\MICROSOFT\BOOT\BCD.BAK
pause

bcdboot c:\windows /f UEFI /s %id% /bootex
pause

COPY %id%\EFI\MICROSOFT\BOOT\BCD.BAK %id%\EFI\MICROSOFT\BOOT\BCD
pause
 

My Computers

System One System Two

  • OS
    Win 11 Pro 25H2, Build 26200.8524
    Computer type
    PC/Desktop
    Manufacturer/Model
    Home Brew
    CPU
    Intel Core i5 14500
    Motherboard
    Gigabyte B760M G P WIFI
    Memory
    64GB DDR4
    Graphics Card(s)
    GeForce RTX 4060
    Sound Card
    Chipset Realtek
    Monitor(s) Displays
    LG 45" Ultragear, Acer 24" 1080p
    Screen Resolution
    5120x1440, 1920x1080
    Hard Drives
    Crucial P310 2TB 2280 PCIe Gen4 3D NAND NVMe M.2 SSD (O/S)
    Silicon Power 2TB US75 NVMe PCIe Gen4 M.2 2280 SSD (backup)
    Crucial BX500 2TB 3D NAND (2nd backup)
    Seagate 4TB Ironwolf, rotating HDD archive files
    External off-line backup Drives: 2 NVMe 4TB drives in external enclosures
    PSU
    Thermaltake Toughpower GF3 750W
    Case
    LIAN LI LANCOOL 216 E-ATX PC Case
    Cooling
    Lots of fans!
    Keyboard
    Microsoft Comfort Curve 2000
    Mouse
    Logitech G305
    Internet Speed
    Verizon FiOS 1GB
    Browser
    Firefox
    Antivirus
    Malware Bytes & Windows Defender Security
  • Operating System
    Win 11 Pro 25H2, Build 26200.8524
    Computer type
    PC/Desktop
    Manufacturer/Model
    Home Brew
    CPU
    Intel Core i5 14400
    Motherboard
    Gigabyte B760M DS3H AX
    Memory
    32GB DDR5
    Graphics card(s)
    Intel 700 Embedded GPU
    Sound Card
    Realtek Embedded
    Monitor(s) Displays
    27" HP 1080p
    Screen Resolution
    1920x1080
    Hard Drives
    Crucial P310 2TB 2280 PCIe Gen4 eD NAND PCIe SSD
    Samsung EVO 990 2TB NVMe Gen4 SSD
    Samsung 2TB SATA SSD
    PSU
    Thermaltake Smart BM3 650W
    Case
    Okinos Micro ATX Case
    Cooling
    Fans
    Keyboard
    Microsoft Comfort Curve 2000
    Mouse
    Logitech G305
    Internet Speed
    Verizon FiOS 1GB
    Browser
    Firefox
    Antivirus
    Malware Bytes & Windows Defender Security
Please download the latest version of the ZIP file (bottom of post #1), or from GitHub:
Release v2026.01.03 · garlin-cant-code/SecureBoot-CA-2023-Updates

This release has an important bug fix for HP and Lenovo PC's (and others), by correcting the cert parsing which incorrectly returned (NONE) for some UEFI's.

Update_UEFI-CA2023.ps1 now has a new -SkuSiPolicy option to install the SkuSiPolicy file. Don't follow the old instructions to use the reg key, as it's been confirmed as no longer working.
Code: 
Update_UEFI-CA2023.ps1 -SkuSiPolicy

The revised Check_UEFI-CA2023.ps1 script will provide you the same command.
 

My Computer

System One

  • OS
    Windows 7
Well i already used the registry add option for SkuSiPolicy? So now what is recommended thing to do now?
 

My Computers

System One System Two

  • OS
    Windows 11 Pro 25H2 26200.8037
    Computer type
    PC/Desktop
    Manufacturer/Model
    PreBuilt
    CPU
    AMD Ryzen 7700X
    Motherboard
    MSI B650 VC WIfi Rev 1.0
    Memory
    32GB DDR 5 RGB 5600Mhz
    Graphics Card(s)
    Radeon 7800XT
    Sound Card
    Onboard Audio
    Monitor(s) Displays
    Asus VG245H
    Screen Resolution
    1920x1080
    Hard Drives
    Samsung 990 Evo Plus NVMe Boot
    Samsung 990 Pro 1TB Game NVMe



    External
    Western Digital Elements 500GB
    Western Digital My Passport 2TB Blue
    Western Digital My Passport 2TB Red
    Toshiba 2TB in External Enclosure
    Seagate 8TB in External Enclosure
    Seagate 1TB Portable USB 3 External Drive
    Western Digital My Book 8TB (Primary Backup drive)
    Western Digital Black 4TB In External Enclosure
    PSU
    750 Watt High Power
    Case
    Lian Li Lan Cool 216 ARGB Airflow
    Cooling
    2 160MM Front, 1 140MM Rear Exhaust
    Keyboard
    Logitech G513
    Mouse
    Logitech G502 X
    Internet Speed
    Gigabit 1100Mb/35 Upload
    Browser
    MS Edge Chromium and Bing Search
    Antivirus
    Windows Defender, Malwarebytes Premium
    Other Info
    UEFI, Secure Boot, TPM 2.0, Macrium Reflect X
  • Operating System
    Windows 11 Pro 25H2 26200.8037
    Computer type
    Laptop
    Manufacturer/Model
    Asus TUF A16 Advantage Edition FA617NT.A16.R7700
    CPU
    Ryzen 7 7735HS
    Motherboard
    OEM Asus Motherboard
    Memory
    16GB DDR 5
    Graphics card(s)
    AMD Radeon™ 680M & Radeon 7700S
    Sound Card
    Onboard
    Monitor(s) Displays
    16inch FHD 165hz
    Screen Resolution
    1920x1080
    Hard Drives
    512GB NVMe Boot Drive
    PSU
    Laptop PSU
    Case
    Laptop Case
    Cooling
    OEM Cooling
    Keyboard
    OEM Laptop Keyboard
    Mouse
    Touchpad & G502 Hero
    Internet Speed
    Gigabit 1100 Download/35 Upload
    Browser
    MS Edge with Bing search
    Antivirus
    Windows Defender & Malwarebytes Premium
    Other Info
    Macrium Reflect X
Just downloaded the new script, nice job and well documented now!
 

My Computers

System One System Two

  • OS
    Win 11 Pro 25H2, Build 26200.8524
    Computer type
    PC/Desktop
    Manufacturer/Model
    Home Brew
    CPU
    Intel Core i5 14500
    Motherboard
    Gigabyte B760M G P WIFI
    Memory
    64GB DDR4
    Graphics Card(s)
    GeForce RTX 4060
    Sound Card
    Chipset Realtek
    Monitor(s) Displays
    LG 45" Ultragear, Acer 24" 1080p
    Screen Resolution
    5120x1440, 1920x1080
    Hard Drives
    Crucial P310 2TB 2280 PCIe Gen4 3D NAND NVMe M.2 SSD (O/S)
    Silicon Power 2TB US75 NVMe PCIe Gen4 M.2 2280 SSD (backup)
    Crucial BX500 2TB 3D NAND (2nd backup)
    Seagate 4TB Ironwolf, rotating HDD archive files
    External off-line backup Drives: 2 NVMe 4TB drives in external enclosures
    PSU
    Thermaltake Toughpower GF3 750W
    Case
    LIAN LI LANCOOL 216 E-ATX PC Case
    Cooling
    Lots of fans!
    Keyboard
    Microsoft Comfort Curve 2000
    Mouse
    Logitech G305
    Internet Speed
    Verizon FiOS 1GB
    Browser
    Firefox
    Antivirus
    Malware Bytes & Windows Defender Security
  • Operating System
    Win 11 Pro 25H2, Build 26200.8524
    Computer type
    PC/Desktop
    Manufacturer/Model
    Home Brew
    CPU
    Intel Core i5 14400
    Motherboard
    Gigabyte B760M DS3H AX
    Memory
    32GB DDR5
    Graphics card(s)
    Intel 700 Embedded GPU
    Sound Card
    Realtek Embedded
    Monitor(s) Displays
    27" HP 1080p
    Screen Resolution
    1920x1080
    Hard Drives
    Crucial P310 2TB 2280 PCIe Gen4 eD NAND PCIe SSD
    Samsung EVO 990 2TB NVMe Gen4 SSD
    Samsung 2TB SATA SSD
    PSU
    Thermaltake Smart BM3 650W
    Case
    Okinos Micro ATX Case
    Cooling
    Fans
    Keyboard
    Microsoft Comfort Curve 2000
    Mouse
    Logitech G305
    Internet Speed
    Verizon FiOS 1GB
    Browser
    Firefox
    Antivirus
    Malware Bytes & Windows Defender Security
You must log in or register to reply here.

Latest Support Threads

Latest Tutorials

Back
Top Bottom