This part is tricky, because it depends on the BIOS your OEM sourced from their BIOS supplier. Honestly, I don't know because my experience is on Dell and Lenovo PC's.Although my AM5 B850 system is showing event 1808, I noted my AM4 B550 PC is just showing 1801. I understand updating is an ongoing process, and haven't looked further than the event or run any scripts etc, but I thought I'd ask a few questions-
I don't often update mb BIOS but did last September to get an update that added TPM-B FW as well various other fixes - but it made no mention of whether it includes new SB certs.
A Gigabyte AM4 board defaults to SB Not Active after a BIOS update. The method to get SB to show as Active is to select Custom and then either a) restore factory keys and stay in Custom or b) switch back to Standard which also loads defaults
1) there's a post above about whether a BIOS update overwrites keys - even if it doesn't those steps to change SB to Active would seem to overwrite them with those from the BIOS - what happens then?
2) I chose method b) so I'm not in Custom any more - is there any chance this is preventing Windows from installing the certs - i.e is there some some of read-only state?
The confidence buckets are grouped by motherboard (model) and BIOS version. You're correct that some users are behind on firmware. It's possible to have many combinations of them. Unless MS or the OEM is going to test every combination (which they can't do because of time), the strategy appears to be creating a confidence level for any bucket combo, once they reach a certain sample size and the results are conclusive.3) over time there are many BIOS versions - including interim 'beta' releases - so each user might end up with a different one - is the exact BIOS version used by the telemetry in deciding whether Windows will go ahead with the update?
It's simply a numbers game. They will try first migrate the buckets with high success numbers. All stragglers might have to wait until MS changes the selection criteria (not enough sample count, but high success). The problem comes with the low confidence/high failure buckets, at some point MS will declare they're too risky.
Then it's a finger pointing game. MS isn't responsible for your BIOS. They have to be careful in not "throwing the OEM under the bus". Some BIOS'es have a good history of successful updates, others seem to break PC's. For old models, a factory swap of the motherboard isn't available.
The end game is they may simply tell you to never enable Secure Boot (leaving it insecure), or upgrade to a new PC. It's not the users' fault, some of these vendor firmwares were bad in the first place.
My Computer
At a glance
Windows 7
- OS
- Windows 7










