For now, temporarily disable Secure Boot in BIOS and start Windows. Run the check script, and post the output.
I guess this reply was for me.
Can you try one last trick? Power off the system. Locate the motherboard battery, and remove it. Wait 10 min. and reinsert it. Power on.
Already tried the CMOS battery. When I start it I get the HP logo and in the bottom left of the screen it says 'entering set up menu' but then the pc just shuts down.
Have to admit I've never heard of shorting the terminals, I just drained the power and took the battery out for 5-10 minutes then replaced it. I'll give that a try now. Thanks.
www.howtogeek.com
Thanks. My PC is up to date with Microsoft updates and the BIOS I used for the repair drive from HP is dated December 2025. As for firmware updates, I have no way of entering the BIOS or any setting/recovery as previously explained. I really don't see how I can repair this mobo.@HerefordBull
This is from Microsoft
View attachment 161942
If you have HP Sure Start, you cannot change or add new certificates because Sure Start does not let you do it. There is a BIOS setting that protects certificates. You can disable this setting and than try to install new certificates but neither Microsoft nor HP recommends it.
If your HP PC is 2018 model year or later, HP will release BIOS updates. You should wait for it.
Hope this helps.
I used the desktop procedure with the 'b' key. The results of which I posted earlier. Also tried it with the 'v' key but nothing happens at all.Did you try this CMOS reset ?
HP Notebook PCs - Recovering the BIOS (Basic Input Output System) | HP® Customer Support
The BIOS is the first software to run after turning on the computer. If the BIOS on your computer becomes corrupted, the computer fails to boot to Windows.support.hp.com
I know some motherboards in the past would hold up the chip for quite a while just on the stored charge after disconnecting, and shorting the battery contacts was recommended. It's been years since I've had to reset my BIOS, so I don't know if that advice still holds. OTOH, shorting the terminals can't possibly hurt with the battery out and the system disconnected from any power, so it safe to do.
Thank you for creating this tool!
Downloading "KEKUpdate_Dell_PK4.bin" from GitHub.
ERROR: Failed to append "KEKUpdate_Dell_PK4.bin" to UEFI KEK.
Unexpected Result, status error: 0xC000000DSecure Boot: ON
Virtualization Based Security: ON
BitLocker on (C:) OFF
UEFI KEK Certs
--------------
Microsoft Corporation KEK CA 2011
UEFI DB Certs
-------------
Microsoft Corporation UEFI CA 2011
Microsoft Windows Production PCA 2011
Microsoft Option ROM UEFI CA 2023
Microsoft UEFI CA 2023
Windows UEFI CA 2023
UEFI DBX Certs
--------------
Microsoft Windows PCA 2010
EFI Files
---------
Disk 0: Windows Boot Manager [Production PCA 2011] is ALLOWED.
Registry: WindowsUEFICA2023Capable = 1
[Windows UEFI CA 2023] in UEFI DB.
Disk 0: SkuSiPolicy.p7b (for VBS) is NOT PRESENT.
REQUIRED ACTION
===============
Run the command:
Update_UEFI-CA2023.ps1 -Revoke
Finish the UEFI steps to manually add the [KEK CA 2023] cert, if the script provided instructions.Maybe. The script assumes you're in a Windows-only environment. Not that it's unfriendly to Linux, but it only does things from a Windows perspective.
The update script has determined your Dell's current Platform Key (PK) is supported by MS, because they submitted a signed KEK to the GitHub. But there's an unexpected error when trying to append the KEK CA 2023.
Yes, I think that’s what Expert Key Management in Custom Mode is about.
