Solved garlin's PowerShell scripts for updating Secure Boot CA 2023


@garlin

My very elderly neighbors got a new Dell Laptop, and I set it up for them this morning and then ran your script. I guess there is more that I could do but it looks like Microsoft will take over from here don't you think?

Thank you...




Windows PowerShell
Copyright (C) Microsoft Corporation. All rights reserved.

Install the latest PowerShell for new features and improvements! Windows PowerShell update message FAQ - PowerShell

PS C:\Users\Beverley\Documents\Secure Boot UEFI\New Garlin Scripts\New Garlin Jan 15> .\Check_UEFI-CA2023
Secure Boot: ON
Virtualization Based Security: ON
BitLocker on (C:) OFF

UEFI KEK Certs
--------------
Microsoft Corporation KEK CA 2011
Microsoft Corporation KEK 2K CA 2023

UEFI DB Certs
-------------
Microsoft Corporation UEFI CA 2011
Microsoft Windows Production PCA 2011
Microsoft UEFI CA 2023
Windows UEFI CA 2023

UEFI DBX Certs
--------------
Microsoft Windows PCA 2010

EFI Files
---------
Disk 0: Windows Boot Manager [Windows UEFI CA 2023] is ALLOWED.

Registry: WindowsUEFICA2023Capable = 2
[Windows UEFI CA 2023] in UEFI DB, and Windows starting from CA 2023 Boot Manager.

Disk 0: SkuSiPolicy.p7b (for VBS) is NOT PRESENT.


REQUIRED ACTION
===============

OPTION 1: DO NOTHING. Windows will apply the UEFI updates in 2026 (supported BIOS).

OPTION 2: To install [UEFI CA 2023] certs WITHOUT REVOKING the [PCA 2011] cert, run the commands:

reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Secureboot /v AvailableUpdates /t REG_DWORD /d 0x4800 /f
powershell Start-ScheduledTask -TaskName "\Microsoft\Windows\PI\Secure-Boot-Update"

OPTION 3: To install [UEFI CA 2023] certs and REVOKE the [PCA 2011] cert, run the commands:

reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Secureboot /v AvailableUpdates /t REG_DWORD /d 0x4a80 /f
powershell Start-ScheduledTask -TaskName "\Microsoft\Windows\PI\Secure-Boot-Update"

To install SkuSiPolicy.p7b, run the command:
Update_UEFI-CA2023.ps1 -SkuSiPolicy

PS C:\Users\Beverley\Documents\Secure Boot UEFI\New Garlin Scripts\New Garlin Jan 15>
 

My Computers My Computers

  • At a glance

    Windows 11 Pro 25H2 26200.8655Intel® Core™ Ultra 7 265 1.8GHz to 5.3GHz (Ar...SK Hynix 32GB DDR5 5600 Desktop RAM UDIMM Non...Dell NVIDIA® GeForce RTX™ 4060 8GB GDDR6 & (i...
    OS
    Windows 11 Pro 25H2 26200.8655
    Computer type
    PC/Desktop
    Manufacturer/Model
    Dell Tower Plus EBT2250, DOB: 06/15/2025
    CPU
    Intel® Core™ Ultra 7 265 1.8GHz to 5.3GHz (Arrow Lake)
    Motherboard
    Dell Inc. 02D3NT A00 (U3E1)
    Memory
    SK Hynix 32GB DDR5 5600 Desktop RAM UDIMM Non-ECC PC5-5600B
    Graphics Card(s)
    Dell NVIDIA® GeForce RTX™ 4060 8GB GDDR6 & (iGPU) Integrated Intel® UHD Graphics
    Sound Card
    Chipset Realtek High-Definition Audio with Dolby Atmos
    Monitor(s) Displays
    Dell Ultra Sharp U2515H 25-Inch Screen LED-Lit
    Screen Resolution
    2560 X 1440
    Hard Drives
    Samsung (NVMe PM9C1a 1024GB) M.2 PCIe NVMe Solid State Drive (OS), with Samsung Piccolo (S4LY022) 6-Core 4 Channel Controller.

    Samsung T7 500GB SSD, USB-C External Drive
    PSU
    Dell 460W
    Case
    Dell Tower Plus EBT 2250
    Cooling
    Fan
    Keyboard
    Dell Wired Keyboard - KB216
    Mouse
    Logitech M510
    Internet Speed
    Intel Killer E3100G 2.5 Gigabit Ethernet Controller
    Browser
    Microsoft Edge
    Antivirus
    Microsoft Windows Security
    Other Info
    The Samsung NVMe PM9C1a 1024GB SSD does not use a Phison NAND controller. Instead, it uses Samsung's in-house developed Piccolo (S4LY022) 6-Core 4 Channel Controller. The PM9C1a utilizes a controller built using Samsung's 5-nanometer process and seventh-generation V-NAND technology. 🤔
  • At a glance

    Windows 11 Pro 25H2 26200.865510th Generation Intel Core i7-10510U Processo...16GB DDR4 RAMNVIDIA® GeForce® MX250 with 2GB GDDR5 graphic...
    Operating System
    Windows 11 Pro 25H2 26200.8655
    Computer type
    Laptop
    Manufacturer/Model
    Dell Inspiron 15 7000 (7591) 2-in-1, DOB: 11/30/2019
    CPU
    10th Generation Intel Core i7-10510U Processor (8MB Cache, up to 4.9 GHz) Comet Lake
    Motherboard
    Dell 0NNW5N
    Memory
    16GB DDR4 RAM
    Graphics card(s)
    NVIDIA® GeForce® MX250 with 2GB GDDR5 graphics memory
    Sound Card
    Chipset Realtek ALC3254 🤔🤣
    Monitor(s) Displays
    Dell 15.6-inch UHD Truelife Touch Narrow Border WVA Display with Active Pen support
    Screen Resolution
    3840 x 2160
    Hard Drives
    Intel NVME 512GB SSD with 32GB Intel Optane Memory, M.2 80mm PCIe 3.0 RAID

    SanDisk 256GB Extreme microSDXC UHS-I Memory Card
    PSU
    Dell 4-Cell Battery, 68 Whr (Integrated), 90 Watt AC Adapter
    Case
    Dell Inspiron 15 7000 2-in-1 (7591)
    Cooling
    Standard Dell Case Fan & Havit HV-F2056 USB Powered (3 Fans) Laptop Cooling Pad.
    Keyboard
    Dell
    Mouse
    Logitech Wireless Mouse M650L
    Internet Speed
    Wireless/Wired connectivity (WiFi 6 - 802.11 ax)
    Browser
    Microsoft Edge
    Antivirus
    Microsoft Windows Security
    Other Info
    From Dell: 512GB NVME Solid State Drive accelerated by 32GB Intel Optane Memory are the fastest as compared to NAND SSDs. Intel Optane H10 with SSD offers speedy storage and accelerates opening your programs.
It's a br
@garlin

My very elderly neighbors got a new Dell Laptop, and I set it up for them this morning and then ran your script. I guess there is more that I could do but it looks like Microsoft will take over from here don't you think?
REQUIRED ACTION
===============

OPTION 1: DO NOTHING. Windows will apply the UEFI updates in 2026 (supported BIOS).
Brand new PC's from the major brands are shipping with the CA 2023 certs already installed.

In this case, Windows will eventually install the Option ROM cert (mostly needed for some 3rd-party graphics cards, but since it's a laptop that doesn't apply here), and add the PCA 2011 cert to DBX later this year (banning the old boot manager).

You can run the commands for Option 1, or allow Windows to do its thing. One advantage of completing Option 1 is you (or your friend) won't see any confusing notifications about Secure Boot since all the work in the first phase would be done.
 
Last edited:

My Computer My Computer

At a glance

Windows 7
OS
Windows 7
It's a br


Brand new PC's from the major brands are shipping with the CA 2023 certs already installed.

In this case, Windows will eventually install the Option ROM cert (mostly needed for some 3rd-party graphics cards, but since it's a laptop that doesn't apply here), and add the PCA 2010 cert to DBX later this year (banning the old boot manager).

You can run the commands for Option 1, or allow Windows to do its thing. One advantage of completing Option 1 is you (or your friend) won't see any confusing notifications about Secure Boot since all the work in the first phase would be done.
Thank you sir... :cool:
 

My Computers My Computers

  • At a glance

    Windows 11 Pro 25H2 26200.8655Intel® Core™ Ultra 7 265 1.8GHz to 5.3GHz (Ar...SK Hynix 32GB DDR5 5600 Desktop RAM UDIMM Non...Dell NVIDIA® GeForce RTX™ 4060 8GB GDDR6 & (i...
    OS
    Windows 11 Pro 25H2 26200.8655
    Computer type
    PC/Desktop
    Manufacturer/Model
    Dell Tower Plus EBT2250, DOB: 06/15/2025
    CPU
    Intel® Core™ Ultra 7 265 1.8GHz to 5.3GHz (Arrow Lake)
    Motherboard
    Dell Inc. 02D3NT A00 (U3E1)
    Memory
    SK Hynix 32GB DDR5 5600 Desktop RAM UDIMM Non-ECC PC5-5600B
    Graphics Card(s)
    Dell NVIDIA® GeForce RTX™ 4060 8GB GDDR6 & (iGPU) Integrated Intel® UHD Graphics
    Sound Card
    Chipset Realtek High-Definition Audio with Dolby Atmos
    Monitor(s) Displays
    Dell Ultra Sharp U2515H 25-Inch Screen LED-Lit
    Screen Resolution
    2560 X 1440
    Hard Drives
    Samsung (NVMe PM9C1a 1024GB) M.2 PCIe NVMe Solid State Drive (OS), with Samsung Piccolo (S4LY022) 6-Core 4 Channel Controller.

    Samsung T7 500GB SSD, USB-C External Drive
    PSU
    Dell 460W
    Case
    Dell Tower Plus EBT 2250
    Cooling
    Fan
    Keyboard
    Dell Wired Keyboard - KB216
    Mouse
    Logitech M510
    Internet Speed
    Intel Killer E3100G 2.5 Gigabit Ethernet Controller
    Browser
    Microsoft Edge
    Antivirus
    Microsoft Windows Security
    Other Info
    The Samsung NVMe PM9C1a 1024GB SSD does not use a Phison NAND controller. Instead, it uses Samsung's in-house developed Piccolo (S4LY022) 6-Core 4 Channel Controller. The PM9C1a utilizes a controller built using Samsung's 5-nanometer process and seventh-generation V-NAND technology. 🤔
  • At a glance

    Windows 11 Pro 25H2 26200.865510th Generation Intel Core i7-10510U Processo...16GB DDR4 RAMNVIDIA® GeForce® MX250 with 2GB GDDR5 graphic...
    Operating System
    Windows 11 Pro 25H2 26200.8655
    Computer type
    Laptop
    Manufacturer/Model
    Dell Inspiron 15 7000 (7591) 2-in-1, DOB: 11/30/2019
    CPU
    10th Generation Intel Core i7-10510U Processor (8MB Cache, up to 4.9 GHz) Comet Lake
    Motherboard
    Dell 0NNW5N
    Memory
    16GB DDR4 RAM
    Graphics card(s)
    NVIDIA® GeForce® MX250 with 2GB GDDR5 graphics memory
    Sound Card
    Chipset Realtek ALC3254 🤔🤣
    Monitor(s) Displays
    Dell 15.6-inch UHD Truelife Touch Narrow Border WVA Display with Active Pen support
    Screen Resolution
    3840 x 2160
    Hard Drives
    Intel NVME 512GB SSD with 32GB Intel Optane Memory, M.2 80mm PCIe 3.0 RAID

    SanDisk 256GB Extreme microSDXC UHS-I Memory Card
    PSU
    Dell 4-Cell Battery, 68 Whr (Integrated), 90 Watt AC Adapter
    Case
    Dell Inspiron 15 7000 2-in-1 (7591)
    Cooling
    Standard Dell Case Fan & Havit HV-F2056 USB Powered (3 Fans) Laptop Cooling Pad.
    Keyboard
    Dell
    Mouse
    Logitech Wireless Mouse M650L
    Internet Speed
    Wireless/Wired connectivity (WiFi 6 - 802.11 ax)
    Browser
    Microsoft Edge
    Antivirus
    Microsoft Windows Security
    Other Info
    From Dell: 512GB NVME Solid State Drive accelerated by 32GB Intel Optane Memory are the fastest as compared to NAND SSDs. Intel Optane H10 with SSD offers speedy storage and accelerates opening your programs.
Okay, done. Thanks



Windows PowerShell
Copyright (C) Microsoft Corporation. All rights reserved.

Install the latest PowerShell for new features and improvements! Windows PowerShell update message FAQ - PowerShell

PS C:\Users\Beverley\Documents\Dell DC16250 Laptop\neldog\Secure Boot UEFI\New Garlin Scripts\New Garlin Jan 15> .\Check_UEFI-CA2023
Secure Boot: ON
Virtualization Based Security: ON
BitLocker on (C:) OFF

UEFI KEK Certs
--------------
Microsoft Corporation KEK CA 2011
Microsoft Corporation KEK 2K CA 2023

UEFI DB Certs
-------------
Microsoft Corporation UEFI CA 2011
Microsoft Windows Production PCA 2011
Microsoft Option ROM UEFI CA 2023
Microsoft UEFI CA 2023
Windows UEFI CA 2023

UEFI DBX Certs
--------------
Microsoft Windows PCA 2010

EFI Files
---------
Disk 0: Windows Boot Manager [Windows UEFI CA 2023] is ALLOWED.

Registry: WindowsUEFICA2023Capable = 2
[Windows UEFI CA 2023] in UEFI DB, and Windows starting from CA 2023 Boot Manager.

Disk 0: SkuSiPolicy.p7b (for VBS) is NOT PRESENT.


REQUIRED ACTION
===============

To revoke the [PCA 2011] cert, run the commands, run the commands:

reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Secureboot /v AvailableUpdates /t REG_DWORD /d 0x280 /f
powershell Start-ScheduledTask -TaskName "\Microsoft\Windows\PI\Secure-Boot-Update"

To install SkuSiPolicy.p7b, run the command:
Update_UEFI-CA2023.ps1 -SkuSiPolicy

PS C:\Users\Beverley\Documents\Dell DC16250 Laptop\neldog\Secure Boot UEFI\New Garlin Scripts\New Garlin Jan 15>
 

My Computers My Computers

  • At a glance

    Windows 11 Pro 25H2 26200.8655Intel® Core™ Ultra 7 265 1.8GHz to 5.3GHz (Ar...SK Hynix 32GB DDR5 5600 Desktop RAM UDIMM Non...Dell NVIDIA® GeForce RTX™ 4060 8GB GDDR6 & (i...
    OS
    Windows 11 Pro 25H2 26200.8655
    Computer type
    PC/Desktop
    Manufacturer/Model
    Dell Tower Plus EBT2250, DOB: 06/15/2025
    CPU
    Intel® Core™ Ultra 7 265 1.8GHz to 5.3GHz (Arrow Lake)
    Motherboard
    Dell Inc. 02D3NT A00 (U3E1)
    Memory
    SK Hynix 32GB DDR5 5600 Desktop RAM UDIMM Non-ECC PC5-5600B
    Graphics Card(s)
    Dell NVIDIA® GeForce RTX™ 4060 8GB GDDR6 & (iGPU) Integrated Intel® UHD Graphics
    Sound Card
    Chipset Realtek High-Definition Audio with Dolby Atmos
    Monitor(s) Displays
    Dell Ultra Sharp U2515H 25-Inch Screen LED-Lit
    Screen Resolution
    2560 X 1440
    Hard Drives
    Samsung (NVMe PM9C1a 1024GB) M.2 PCIe NVMe Solid State Drive (OS), with Samsung Piccolo (S4LY022) 6-Core 4 Channel Controller.

    Samsung T7 500GB SSD, USB-C External Drive
    PSU
    Dell 460W
    Case
    Dell Tower Plus EBT 2250
    Cooling
    Fan
    Keyboard
    Dell Wired Keyboard - KB216
    Mouse
    Logitech M510
    Internet Speed
    Intel Killer E3100G 2.5 Gigabit Ethernet Controller
    Browser
    Microsoft Edge
    Antivirus
    Microsoft Windows Security
    Other Info
    The Samsung NVMe PM9C1a 1024GB SSD does not use a Phison NAND controller. Instead, it uses Samsung's in-house developed Piccolo (S4LY022) 6-Core 4 Channel Controller. The PM9C1a utilizes a controller built using Samsung's 5-nanometer process and seventh-generation V-NAND technology. 🤔
  • At a glance

    Windows 11 Pro 25H2 26200.865510th Generation Intel Core i7-10510U Processo...16GB DDR4 RAMNVIDIA® GeForce® MX250 with 2GB GDDR5 graphic...
    Operating System
    Windows 11 Pro 25H2 26200.8655
    Computer type
    Laptop
    Manufacturer/Model
    Dell Inspiron 15 7000 (7591) 2-in-1, DOB: 11/30/2019
    CPU
    10th Generation Intel Core i7-10510U Processor (8MB Cache, up to 4.9 GHz) Comet Lake
    Motherboard
    Dell 0NNW5N
    Memory
    16GB DDR4 RAM
    Graphics card(s)
    NVIDIA® GeForce® MX250 with 2GB GDDR5 graphics memory
    Sound Card
    Chipset Realtek ALC3254 🤔🤣
    Monitor(s) Displays
    Dell 15.6-inch UHD Truelife Touch Narrow Border WVA Display with Active Pen support
    Screen Resolution
    3840 x 2160
    Hard Drives
    Intel NVME 512GB SSD with 32GB Intel Optane Memory, M.2 80mm PCIe 3.0 RAID

    SanDisk 256GB Extreme microSDXC UHS-I Memory Card
    PSU
    Dell 4-Cell Battery, 68 Whr (Integrated), 90 Watt AC Adapter
    Case
    Dell Inspiron 15 7000 2-in-1 (7591)
    Cooling
    Standard Dell Case Fan & Havit HV-F2056 USB Powered (3 Fans) Laptop Cooling Pad.
    Keyboard
    Dell
    Mouse
    Logitech Wireless Mouse M650L
    Internet Speed
    Wireless/Wired connectivity (WiFi 6 - 802.11 ax)
    Browser
    Microsoft Edge
    Antivirus
    Microsoft Windows Security
    Other Info
    From Dell: 512GB NVME Solid State Drive accelerated by 32GB Intel Optane Memory are the fastest as compared to NAND SSDs. Intel Optane H10 with SSD offers speedy storage and accelerates opening your programs.
Looks good enough to me... WU can take it from here.


Screenshot 2026-03-07 121734.webp
 

My Computers My Computers

  • At a glance

    Windows 11 Pro 25H2 26200.8655Intel® Core™ Ultra 7 265 1.8GHz to 5.3GHz (Ar...SK Hynix 32GB DDR5 5600 Desktop RAM UDIMM Non...Dell NVIDIA® GeForce RTX™ 4060 8GB GDDR6 & (i...
    OS
    Windows 11 Pro 25H2 26200.8655
    Computer type
    PC/Desktop
    Manufacturer/Model
    Dell Tower Plus EBT2250, DOB: 06/15/2025
    CPU
    Intel® Core™ Ultra 7 265 1.8GHz to 5.3GHz (Arrow Lake)
    Motherboard
    Dell Inc. 02D3NT A00 (U3E1)
    Memory
    SK Hynix 32GB DDR5 5600 Desktop RAM UDIMM Non-ECC PC5-5600B
    Graphics Card(s)
    Dell NVIDIA® GeForce RTX™ 4060 8GB GDDR6 & (iGPU) Integrated Intel® UHD Graphics
    Sound Card
    Chipset Realtek High-Definition Audio with Dolby Atmos
    Monitor(s) Displays
    Dell Ultra Sharp U2515H 25-Inch Screen LED-Lit
    Screen Resolution
    2560 X 1440
    Hard Drives
    Samsung (NVMe PM9C1a 1024GB) M.2 PCIe NVMe Solid State Drive (OS), with Samsung Piccolo (S4LY022) 6-Core 4 Channel Controller.

    Samsung T7 500GB SSD, USB-C External Drive
    PSU
    Dell 460W
    Case
    Dell Tower Plus EBT 2250
    Cooling
    Fan
    Keyboard
    Dell Wired Keyboard - KB216
    Mouse
    Logitech M510
    Internet Speed
    Intel Killer E3100G 2.5 Gigabit Ethernet Controller
    Browser
    Microsoft Edge
    Antivirus
    Microsoft Windows Security
    Other Info
    The Samsung NVMe PM9C1a 1024GB SSD does not use a Phison NAND controller. Instead, it uses Samsung's in-house developed Piccolo (S4LY022) 6-Core 4 Channel Controller. The PM9C1a utilizes a controller built using Samsung's 5-nanometer process and seventh-generation V-NAND technology. 🤔
  • At a glance

    Windows 11 Pro 25H2 26200.865510th Generation Intel Core i7-10510U Processo...16GB DDR4 RAMNVIDIA® GeForce® MX250 with 2GB GDDR5 graphic...
    Operating System
    Windows 11 Pro 25H2 26200.8655
    Computer type
    Laptop
    Manufacturer/Model
    Dell Inspiron 15 7000 (7591) 2-in-1, DOB: 11/30/2019
    CPU
    10th Generation Intel Core i7-10510U Processor (8MB Cache, up to 4.9 GHz) Comet Lake
    Motherboard
    Dell 0NNW5N
    Memory
    16GB DDR4 RAM
    Graphics card(s)
    NVIDIA® GeForce® MX250 with 2GB GDDR5 graphics memory
    Sound Card
    Chipset Realtek ALC3254 🤔🤣
    Monitor(s) Displays
    Dell 15.6-inch UHD Truelife Touch Narrow Border WVA Display with Active Pen support
    Screen Resolution
    3840 x 2160
    Hard Drives
    Intel NVME 512GB SSD with 32GB Intel Optane Memory, M.2 80mm PCIe 3.0 RAID

    SanDisk 256GB Extreme microSDXC UHS-I Memory Card
    PSU
    Dell 4-Cell Battery, 68 Whr (Integrated), 90 Watt AC Adapter
    Case
    Dell Inspiron 15 7000 2-in-1 (7591)
    Cooling
    Standard Dell Case Fan & Havit HV-F2056 USB Powered (3 Fans) Laptop Cooling Pad.
    Keyboard
    Dell
    Mouse
    Logitech Wireless Mouse M650L
    Internet Speed
    Wireless/Wired connectivity (WiFi 6 - 802.11 ax)
    Browser
    Microsoft Edge
    Antivirus
    Microsoft Windows Security
    Other Info
    From Dell: 512GB NVME Solid State Drive accelerated by 32GB Intel Optane Memory are the fastest as compared to NAND SSDs. Intel Optane H10 with SSD offers speedy storage and accelerates opening your programs.
If you use "Check_UEFI-CA2023.ps1 -Verbose", it will report the same details but in a different layout that's easier to digest.
 

My Computer My Computer

At a glance

Windows 7
OS
Windows 7
How did you get the report output from above? Did you run the batch file instead?

For the batch file:
Code:
Check-UEFI.bat -Verbose
This is the only way I could save the info sorry,after running the command
Adobe Express - file.webp
 

My Computer My Computer

At a glance

windows 11Intel i5-10600kf32gb corsair vengerance proAMD RX 6500XT
OS
windows 11
Computer type
PC/Desktop
Manufacturer/Model
Antec/Case
CPU
Intel i5-10600kf
Motherboard
GIGABYTE Z590 UD AC
Memory
32gb corsair vengerance pro
Graphics Card(s)
AMD RX 6500XT
Sound Card
onboard
Monitor(s) Displays
40" Hisense
Hard Drives
Samsung 850
Samsung 870
Seagate 2TB
PSU
EVGA GQ 750
If you use "Check_UEFI-CA2023.ps1 -Verbose", it will report the same details but in a different layout that's easier to digest.
Okay, just a few minutes, I'll be back. I am doing this on someone else's laptop, and I have to go back and forth with a USB stick - I am not networked to it.
 

My Computers My Computers

  • At a glance

    Windows 11 Pro 25H2 26200.8655Intel® Core™ Ultra 7 265 1.8GHz to 5.3GHz (Ar...SK Hynix 32GB DDR5 5600 Desktop RAM UDIMM Non...Dell NVIDIA® GeForce RTX™ 4060 8GB GDDR6 & (i...
    OS
    Windows 11 Pro 25H2 26200.8655
    Computer type
    PC/Desktop
    Manufacturer/Model
    Dell Tower Plus EBT2250, DOB: 06/15/2025
    CPU
    Intel® Core™ Ultra 7 265 1.8GHz to 5.3GHz (Arrow Lake)
    Motherboard
    Dell Inc. 02D3NT A00 (U3E1)
    Memory
    SK Hynix 32GB DDR5 5600 Desktop RAM UDIMM Non-ECC PC5-5600B
    Graphics Card(s)
    Dell NVIDIA® GeForce RTX™ 4060 8GB GDDR6 & (iGPU) Integrated Intel® UHD Graphics
    Sound Card
    Chipset Realtek High-Definition Audio with Dolby Atmos
    Monitor(s) Displays
    Dell Ultra Sharp U2515H 25-Inch Screen LED-Lit
    Screen Resolution
    2560 X 1440
    Hard Drives
    Samsung (NVMe PM9C1a 1024GB) M.2 PCIe NVMe Solid State Drive (OS), with Samsung Piccolo (S4LY022) 6-Core 4 Channel Controller.

    Samsung T7 500GB SSD, USB-C External Drive
    PSU
    Dell 460W
    Case
    Dell Tower Plus EBT 2250
    Cooling
    Fan
    Keyboard
    Dell Wired Keyboard - KB216
    Mouse
    Logitech M510
    Internet Speed
    Intel Killer E3100G 2.5 Gigabit Ethernet Controller
    Browser
    Microsoft Edge
    Antivirus
    Microsoft Windows Security
    Other Info
    The Samsung NVMe PM9C1a 1024GB SSD does not use a Phison NAND controller. Instead, it uses Samsung's in-house developed Piccolo (S4LY022) 6-Core 4 Channel Controller. The PM9C1a utilizes a controller built using Samsung's 5-nanometer process and seventh-generation V-NAND technology. 🤔
  • At a glance

    Windows 11 Pro 25H2 26200.865510th Generation Intel Core i7-10510U Processo...16GB DDR4 RAMNVIDIA® GeForce® MX250 with 2GB GDDR5 graphic...
    Operating System
    Windows 11 Pro 25H2 26200.8655
    Computer type
    Laptop
    Manufacturer/Model
    Dell Inspiron 15 7000 (7591) 2-in-1, DOB: 11/30/2019
    CPU
    10th Generation Intel Core i7-10510U Processor (8MB Cache, up to 4.9 GHz) Comet Lake
    Motherboard
    Dell 0NNW5N
    Memory
    16GB DDR4 RAM
    Graphics card(s)
    NVIDIA® GeForce® MX250 with 2GB GDDR5 graphics memory
    Sound Card
    Chipset Realtek ALC3254 🤔🤣
    Monitor(s) Displays
    Dell 15.6-inch UHD Truelife Touch Narrow Border WVA Display with Active Pen support
    Screen Resolution
    3840 x 2160
    Hard Drives
    Intel NVME 512GB SSD with 32GB Intel Optane Memory, M.2 80mm PCIe 3.0 RAID

    SanDisk 256GB Extreme microSDXC UHS-I Memory Card
    PSU
    Dell 4-Cell Battery, 68 Whr (Integrated), 90 Watt AC Adapter
    Case
    Dell Inspiron 15 7000 2-in-1 (7591)
    Cooling
    Standard Dell Case Fan & Havit HV-F2056 USB Powered (3 Fans) Laptop Cooling Pad.
    Keyboard
    Dell
    Mouse
    Logitech Wireless Mouse M650L
    Internet Speed
    Wireless/Wired connectivity (WiFi 6 - 802.11 ax)
    Browser
    Microsoft Edge
    Antivirus
    Microsoft Windows Security
    Other Info
    From Dell: 512GB NVME Solid State Drive accelerated by 32GB Intel Optane Memory are the fastest as compared to NAND SSDs. Intel Optane H10 with SSD offers speedy storage and accelerates opening your programs.
If you use "Check_UEFI-CA2023.ps1 -Verbose", it will report the same details but in a different layout that's easier to digest.

Okay as you asked...


Windows PowerShell
Copyright (C) Microsoft Corporation. All rights reserved.

Install the latest PowerShell for new features and improvements! Windows PowerShell update message FAQ - PowerShell

PS C:\Users\Beverley\Documents\Dell DC16250 Laptop\neldog\Secure Boot UEFI\New Garlin Scripts\New Garlin Jan 15> .\Check_UEFI-CA2023.ps1 -Verbose
Windows 11 25H2 (26200.7922)

Secure Boot: ON
Virtualization Based Security: ON
BitLocker on (C:) OFF

BIOS Firmware
-------------
Dell Inc. Dell 16 DC16250
Version: 1.8.1
Date: 2026-01-04

Factory Default UEFI PK Cert
----------------------------
Dell Inc. Platform Key

UEFI PK Cert
------------
Dell Inc. Platform Key

Factory Default UEFI KEK Certs
------------------------------
Microsoft Corporation KEK CA 2011
Microsoft Corporation KEK 2K CA 2023
Dell Inc. Key Exchange Key
Dell Inc. Key Exchange Key

UEFI KEK Certs
--------------
Microsoft Corporation KEK CA 2011
Microsoft Corporation KEK 2K CA 2023
Dell Inc. Key Exchange Key
Dell Inc. Key Exchange Key

Factory Default UEFI DB Certs
-----------------------------
Microsoft Corporation UEFI CA 2011
Microsoft Windows Production PCA 2011
Dell Bios FW Aux Authority 2018
Microsoft Option ROM UEFI CA 2023
Microsoft UEFI CA 2023
Windows UEFI CA 2023
Dell Bios DB Key

UEFI DB Certs
-------------
Microsoft Corporation UEFI CA 2011
Microsoft Windows Production PCA 2011
Dell Bios FW Aux Authority 2018
Microsoft Option ROM UEFI CA 2023
Microsoft UEFI CA 2023
Windows UEFI CA 2023
Dell Bios DB Key

Factory Default UEFI DBX Certs
------------------------------
Microsoft Windows PCA 2010
EFI_CERT_SHA256_GUID Signatures: 371

UEFI DBX Certs
--------------
Microsoft Windows PCA 2010
Windows BootMgr SVN is MISSING.
EFI_CERT_SHA256_GUID Signatures: 431

EFI Files
---------
Disk 0: Windows Boot Manager [Windows UEFI CA 2023] is ALLOWED.
bootmgfw.efi File version: 26100.30227

Registry: WindowsUEFICA2023Capable = 2
[Windows UEFI CA 2023] in UEFI DB, and Windows starting from CA 2023 Boot Manager.

Disk 0: SkuSiPolicy.p7b (for VBS) is NOT PRESENT.


REQUIRED ACTION
===============

To revoke the [PCA 2011] cert, run the commands, run the commands:

reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Secureboot /v AvailableUpdates /t REG_DWORD /d 0x280 /f
powershell Start-ScheduledTask -TaskName "\Microsoft\Windows\PI\Secure-Boot-Update"

To install SkuSiPolicy.p7b, run the command:
Update_UEFI-CA2023.ps1 -SkuSiPolicy

PS C:\Users\Beverley\Documents\Dell DC16250 Laptop\neldog\Secure Boot UEFI\New Garlin Scripts\New Garlin Jan 15>
 

My Computers My Computers

  • At a glance

    Windows 11 Pro 25H2 26200.8655Intel® Core™ Ultra 7 265 1.8GHz to 5.3GHz (Ar...SK Hynix 32GB DDR5 5600 Desktop RAM UDIMM Non...Dell NVIDIA® GeForce RTX™ 4060 8GB GDDR6 & (i...
    OS
    Windows 11 Pro 25H2 26200.8655
    Computer type
    PC/Desktop
    Manufacturer/Model
    Dell Tower Plus EBT2250, DOB: 06/15/2025
    CPU
    Intel® Core™ Ultra 7 265 1.8GHz to 5.3GHz (Arrow Lake)
    Motherboard
    Dell Inc. 02D3NT A00 (U3E1)
    Memory
    SK Hynix 32GB DDR5 5600 Desktop RAM UDIMM Non-ECC PC5-5600B
    Graphics Card(s)
    Dell NVIDIA® GeForce RTX™ 4060 8GB GDDR6 & (iGPU) Integrated Intel® UHD Graphics
    Sound Card
    Chipset Realtek High-Definition Audio with Dolby Atmos
    Monitor(s) Displays
    Dell Ultra Sharp U2515H 25-Inch Screen LED-Lit
    Screen Resolution
    2560 X 1440
    Hard Drives
    Samsung (NVMe PM9C1a 1024GB) M.2 PCIe NVMe Solid State Drive (OS), with Samsung Piccolo (S4LY022) 6-Core 4 Channel Controller.

    Samsung T7 500GB SSD, USB-C External Drive
    PSU
    Dell 460W
    Case
    Dell Tower Plus EBT 2250
    Cooling
    Fan
    Keyboard
    Dell Wired Keyboard - KB216
    Mouse
    Logitech M510
    Internet Speed
    Intel Killer E3100G 2.5 Gigabit Ethernet Controller
    Browser
    Microsoft Edge
    Antivirus
    Microsoft Windows Security
    Other Info
    The Samsung NVMe PM9C1a 1024GB SSD does not use a Phison NAND controller. Instead, it uses Samsung's in-house developed Piccolo (S4LY022) 6-Core 4 Channel Controller. The PM9C1a utilizes a controller built using Samsung's 5-nanometer process and seventh-generation V-NAND technology. 🤔
  • At a glance

    Windows 11 Pro 25H2 26200.865510th Generation Intel Core i7-10510U Processo...16GB DDR4 RAMNVIDIA® GeForce® MX250 with 2GB GDDR5 graphic...
    Operating System
    Windows 11 Pro 25H2 26200.8655
    Computer type
    Laptop
    Manufacturer/Model
    Dell Inspiron 15 7000 (7591) 2-in-1, DOB: 11/30/2019
    CPU
    10th Generation Intel Core i7-10510U Processor (8MB Cache, up to 4.9 GHz) Comet Lake
    Motherboard
    Dell 0NNW5N
    Memory
    16GB DDR4 RAM
    Graphics card(s)
    NVIDIA® GeForce® MX250 with 2GB GDDR5 graphics memory
    Sound Card
    Chipset Realtek ALC3254 🤔🤣
    Monitor(s) Displays
    Dell 15.6-inch UHD Truelife Touch Narrow Border WVA Display with Active Pen support
    Screen Resolution
    3840 x 2160
    Hard Drives
    Intel NVME 512GB SSD with 32GB Intel Optane Memory, M.2 80mm PCIe 3.0 RAID

    SanDisk 256GB Extreme microSDXC UHS-I Memory Card
    PSU
    Dell 4-Cell Battery, 68 Whr (Integrated), 90 Watt AC Adapter
    Case
    Dell Inspiron 15 7000 2-in-1 (7591)
    Cooling
    Standard Dell Case Fan & Havit HV-F2056 USB Powered (3 Fans) Laptop Cooling Pad.
    Keyboard
    Dell
    Mouse
    Logitech Wireless Mouse M650L
    Internet Speed
    Wireless/Wired connectivity (WiFi 6 - 802.11 ax)
    Browser
    Microsoft Edge
    Antivirus
    Microsoft Windows Security
    Other Info
    From Dell: 512GB NVME Solid State Drive accelerated by 32GB Intel Optane Memory are the fastest as compared to NAND SSDs. Intel Optane H10 with SSD offers speedy storage and accelerates opening your programs.
A quick breakdown of the verbose output (for instructional purposes):

BIOS Firmware
-------------
Dell Inc. Dell 16 DC16250
Version: 1.8.1
Date: 2026-01-04
Factory Default UEFI KEK Certs
------------------------------
Microsoft Corporation KEK CA 2011
Microsoft Corporation KEK 2K CA 2023
Dell Inc. Key Exchange Key
Dell Inc. Key Exchange Key
Any major PC that's been shipped since 2024 will have the KEK CA 2023 cert added to the factory defaults. The KEK CA 2023 is required to validate all the other CA 2023 certs. Dell introduces their own private KEK keys, because they provide remote management tools for enterprise customers.

A normal home user doesn't need the "Dell Inc." KEK keys, but every Dell gets them anyway (so they don't have to make two different versions of the BIOS). Those certs you can ignore.

Factory Default UEFI DB Certs
-----------------------------
Microsoft Corporation UEFI CA 2011
Microsoft Windows Production PCA 2011
Dell Bios FW Aux Authority 2018
Microsoft Option ROM UEFI CA 2023
Microsoft UEFI CA 2023
Windows UEFI CA 2023
Dell Bios DB Key
Same with other Dell-specific keys...

UEFI DBX Certs
--------------
Microsoft Windows PCA 2010
Windows BootMgr SVN is MISSING.
EFI_CERT_SHA256_GUID Signatures: 431
Dell always bans the PCA 2010 out of the box. This isn't the same cert as PCA 2011.

Some earlier Linux distros used to work from PCA 2010, but most of them have migrated to the newer MS UEFI certs. You can tell a system is a Dell because out of all the major PC makers, they always ban PCA 2010. If you're in Windows-only situation, then you can safely ignore PCA 2010 being listed.

But remember, PCA 2010 is not the same as PCA 2011.

As for the SkuSiPolicy, in the next version of the scripts I'm changing the instructions to make this an optional step. MS suggests you roll it out, but it might interfere booting with certain forms of USB recovery drives (like Macrium). Rather than add unneeded confusion, for now, we can slip the SkuSiPolicy deployment. It can always be added later, since basically it's a file copy to the EFI partition.
 

My Computer My Computer

At a glance

Windows 7
OS
Windows 7
As for the SkuSiPolicy, in the next version of the scripts I'm changing the instructions to make this an optional step. MS suggests you roll it out, but it might interfere booting with certain forms of USB recovery drives (like Macrium). Rather than add unneeded confusion, for now, we can slip the SkuSiPolicy deployment. It can always be added later, since basically it's a file copy to the EFI partition.
I don't know that much about this, but I was thinking that about the SkuSiPolicy part too, I wasn't going to worry about that part for now. I am thinking that when updates get around to invoking revocations, I'm hoping/thinking they will address SkuSiPolicy at the same time. I would think they would, but who knows. Thank you...
 

My Computers My Computers

  • At a glance

    Windows 11 Pro 25H2 26200.8655Intel® Core™ Ultra 7 265 1.8GHz to 5.3GHz (Ar...SK Hynix 32GB DDR5 5600 Desktop RAM UDIMM Non...Dell NVIDIA® GeForce RTX™ 4060 8GB GDDR6 & (i...
    OS
    Windows 11 Pro 25H2 26200.8655
    Computer type
    PC/Desktop
    Manufacturer/Model
    Dell Tower Plus EBT2250, DOB: 06/15/2025
    CPU
    Intel® Core™ Ultra 7 265 1.8GHz to 5.3GHz (Arrow Lake)
    Motherboard
    Dell Inc. 02D3NT A00 (U3E1)
    Memory
    SK Hynix 32GB DDR5 5600 Desktop RAM UDIMM Non-ECC PC5-5600B
    Graphics Card(s)
    Dell NVIDIA® GeForce RTX™ 4060 8GB GDDR6 & (iGPU) Integrated Intel® UHD Graphics
    Sound Card
    Chipset Realtek High-Definition Audio with Dolby Atmos
    Monitor(s) Displays
    Dell Ultra Sharp U2515H 25-Inch Screen LED-Lit
    Screen Resolution
    2560 X 1440
    Hard Drives
    Samsung (NVMe PM9C1a 1024GB) M.2 PCIe NVMe Solid State Drive (OS), with Samsung Piccolo (S4LY022) 6-Core 4 Channel Controller.

    Samsung T7 500GB SSD, USB-C External Drive
    PSU
    Dell 460W
    Case
    Dell Tower Plus EBT 2250
    Cooling
    Fan
    Keyboard
    Dell Wired Keyboard - KB216
    Mouse
    Logitech M510
    Internet Speed
    Intel Killer E3100G 2.5 Gigabit Ethernet Controller
    Browser
    Microsoft Edge
    Antivirus
    Microsoft Windows Security
    Other Info
    The Samsung NVMe PM9C1a 1024GB SSD does not use a Phison NAND controller. Instead, it uses Samsung's in-house developed Piccolo (S4LY022) 6-Core 4 Channel Controller. The PM9C1a utilizes a controller built using Samsung's 5-nanometer process and seventh-generation V-NAND technology. 🤔
  • At a glance

    Windows 11 Pro 25H2 26200.865510th Generation Intel Core i7-10510U Processo...16GB DDR4 RAMNVIDIA® GeForce® MX250 with 2GB GDDR5 graphic...
    Operating System
    Windows 11 Pro 25H2 26200.8655
    Computer type
    Laptop
    Manufacturer/Model
    Dell Inspiron 15 7000 (7591) 2-in-1, DOB: 11/30/2019
    CPU
    10th Generation Intel Core i7-10510U Processor (8MB Cache, up to 4.9 GHz) Comet Lake
    Motherboard
    Dell 0NNW5N
    Memory
    16GB DDR4 RAM
    Graphics card(s)
    NVIDIA® GeForce® MX250 with 2GB GDDR5 graphics memory
    Sound Card
    Chipset Realtek ALC3254 🤔🤣
    Monitor(s) Displays
    Dell 15.6-inch UHD Truelife Touch Narrow Border WVA Display with Active Pen support
    Screen Resolution
    3840 x 2160
    Hard Drives
    Intel NVME 512GB SSD with 32GB Intel Optane Memory, M.2 80mm PCIe 3.0 RAID

    SanDisk 256GB Extreme microSDXC UHS-I Memory Card
    PSU
    Dell 4-Cell Battery, 68 Whr (Integrated), 90 Watt AC Adapter
    Case
    Dell Inspiron 15 7000 2-in-1 (7591)
    Cooling
    Standard Dell Case Fan & Havit HV-F2056 USB Powered (3 Fans) Laptop Cooling Pad.
    Keyboard
    Dell
    Mouse
    Logitech Wireless Mouse M650L
    Internet Speed
    Wireless/Wired connectivity (WiFi 6 - 802.11 ax)
    Browser
    Microsoft Edge
    Antivirus
    Microsoft Windows Security
    Other Info
    From Dell: 512GB NVME Solid State Drive accelerated by 32GB Intel Optane Memory are the fastest as compared to NAND SSDs. Intel Optane H10 with SSD offers speedy storage and accelerates opening your programs.
I got to figure out what happen with my laptop, no boot, tried backups, tried disable secure boot...must have hosed something while trying to update keys
 

My Computer My Computer

At a glance

windows 11Intel i5-10600kf32gb corsair vengerance proAMD RX 6500XT
OS
windows 11
Computer type
PC/Desktop
Manufacturer/Model
Antec/Case
CPU
Intel i5-10600kf
Motherboard
GIGABYTE Z590 UD AC
Memory
32gb corsair vengerance pro
Graphics Card(s)
AMD RX 6500XT
Sound Card
onboard
Monitor(s) Displays
40" Hisense
Hard Drives
Samsung 850
Samsung 870
Seagate 2TB
PSU
EVGA GQ 750
1. Disable Secure Boot.

2. Reset UEFI certs to factory defaults.

3. Boot from a Windows ISO, remove the SkuSiPolicy.p7b file if you used that update option.
Code:
mountvol S: /s
del S:\EFI\Microsoft\Boot\SkuSiPolicy.p7b
 

My Computer My Computer

At a glance

Windows 7
OS
Windows 7
Okay as you asked...


Windows PowerShell
Copyright (C) Microsoft Corporation. All rights reserved.

Install the latest PowerShell for new features and improvements! Windows PowerShell update message FAQ - PowerShell

PS C:\Users\Beverley\Documents\Dell DC16250 Laptop\neldog\Secure Boot UEFI\New Garlin Scripts\New Garlin Jan 15> .\Check_UEFI-CA2023.ps1 -Verbose
Windows 11 25H2 (26200.7922)

Secure Boot: ON
Virtualization Based Security: ON
BitLocker on (C:) OFF

BIOS Firmware
-------------
Dell Inc. Dell 16 DC16250
Version: 1.8.1
Date: 2026-01-04

Factory Default UEFI PK Cert
----------------------------
Dell Inc. Platform Key

UEFI PK Cert
------------
Dell Inc. Platform Key

Factory Default UEFI KEK Certs
------------------------------
Microsoft Corporation KEK CA 2011
Microsoft Corporation KEK 2K CA 2023
Dell Inc. Key Exchange Key
Dell Inc. Key Exchange Key

UEFI KEK Certs
--------------
Microsoft Corporation KEK CA 2011
Microsoft Corporation KEK 2K CA 2023
Dell Inc. Key Exchange Key
Dell Inc. Key Exchange Key

Factory Default UEFI DB Certs
-----------------------------
Microsoft Corporation UEFI CA 2011
Microsoft Windows Production PCA 2011
Dell Bios FW Aux Authority 2018
Microsoft Option ROM UEFI CA 2023
Microsoft UEFI CA 2023
Windows UEFI CA 2023
Dell Bios DB Key

UEFI DB Certs
-------------
Microsoft Corporation UEFI CA 2011
Microsoft Windows Production PCA 2011
Dell Bios FW Aux Authority 2018
Microsoft Option ROM UEFI CA 2023
Microsoft UEFI CA 2023
Windows UEFI CA 2023
Dell Bios DB Key

Factory Default UEFI DBX Certs
------------------------------
Microsoft Windows PCA 2010
EFI_CERT_SHA256_GUID Signatures: 371

UEFI DBX Certs
--------------
Microsoft Windows PCA 2010
Windows BootMgr SVN is MISSING.
EFI_CERT_SHA256_GUID Signatures: 431

EFI Files
---------
Disk 0: Windows Boot Manager [Windows UEFI CA 2023] is ALLOWED.
bootmgfw.efi File version: 26100.30227

Registry: WindowsUEFICA2023Capable = 2
[Windows UEFI CA 2023] in UEFI DB, and Windows starting from CA 2023 Boot Manager.

Disk 0: SkuSiPolicy.p7b (for VBS) is NOT PRESENT.


REQUIRED ACTION
===============

To revoke the [PCA 2011] cert, run the commands, run the commands:

reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Secureboot /v AvailableUpdates /t REG_DWORD /d 0x280 /f
powershell Start-ScheduledTask -TaskName "\Microsoft\Windows\PI\Secure-Boot-Update"

To install SkuSiPolicy.p7b, run the command:
Update_UEFI-CA2023.ps1 -SkuSiPolicy

PS C:\Users\Beverley\Documents\Dell DC16250 Laptop\neldog\Secure Boot UEFI\New Garlin Scripts\New Garlin Jan 15>
How did you capture all that screen? I used snipping tool print screen only get half the info
 

My Computer My Computer

At a glance

windows 11Intel i5-10600kf32gb corsair vengerance proAMD RX 6500XT
OS
windows 11
Computer type
PC/Desktop
Manufacturer/Model
Antec/Case
CPU
Intel i5-10600kf
Motherboard
GIGABYTE Z590 UD AC
Memory
32gb corsair vengerance pro
Graphics Card(s)
AMD RX 6500XT
Sound Card
onboard
Monitor(s) Displays
40" Hisense
Hard Drives
Samsung 850
Samsung 870
Seagate 2TB
PSU
EVGA GQ 750
How did you capture all that screen? I used snipping tool print screen only get half the info

I Left clicked on the top right of the screen at the first word, then while holding that click, drag all the way down to the last word, then let go of the right click. That will make everything selected white and at the same time copying all that to the clipboard. Open a word pad new document and select; Edit - Past.

EDIT: So sorry - it's a left click... 🤔
 
Last edited:

My Computers My Computers

  • At a glance

    Windows 11 Pro 25H2 26200.8655Intel® Core™ Ultra 7 265 1.8GHz to 5.3GHz (Ar...SK Hynix 32GB DDR5 5600 Desktop RAM UDIMM Non...Dell NVIDIA® GeForce RTX™ 4060 8GB GDDR6 & (i...
    OS
    Windows 11 Pro 25H2 26200.8655
    Computer type
    PC/Desktop
    Manufacturer/Model
    Dell Tower Plus EBT2250, DOB: 06/15/2025
    CPU
    Intel® Core™ Ultra 7 265 1.8GHz to 5.3GHz (Arrow Lake)
    Motherboard
    Dell Inc. 02D3NT A00 (U3E1)
    Memory
    SK Hynix 32GB DDR5 5600 Desktop RAM UDIMM Non-ECC PC5-5600B
    Graphics Card(s)
    Dell NVIDIA® GeForce RTX™ 4060 8GB GDDR6 & (iGPU) Integrated Intel® UHD Graphics
    Sound Card
    Chipset Realtek High-Definition Audio with Dolby Atmos
    Monitor(s) Displays
    Dell Ultra Sharp U2515H 25-Inch Screen LED-Lit
    Screen Resolution
    2560 X 1440
    Hard Drives
    Samsung (NVMe PM9C1a 1024GB) M.2 PCIe NVMe Solid State Drive (OS), with Samsung Piccolo (S4LY022) 6-Core 4 Channel Controller.

    Samsung T7 500GB SSD, USB-C External Drive
    PSU
    Dell 460W
    Case
    Dell Tower Plus EBT 2250
    Cooling
    Fan
    Keyboard
    Dell Wired Keyboard - KB216
    Mouse
    Logitech M510
    Internet Speed
    Intel Killer E3100G 2.5 Gigabit Ethernet Controller
    Browser
    Microsoft Edge
    Antivirus
    Microsoft Windows Security
    Other Info
    The Samsung NVMe PM9C1a 1024GB SSD does not use a Phison NAND controller. Instead, it uses Samsung's in-house developed Piccolo (S4LY022) 6-Core 4 Channel Controller. The PM9C1a utilizes a controller built using Samsung's 5-nanometer process and seventh-generation V-NAND technology. 🤔
  • At a glance

    Windows 11 Pro 25H2 26200.865510th Generation Intel Core i7-10510U Processo...16GB DDR4 RAMNVIDIA® GeForce® MX250 with 2GB GDDR5 graphic...
    Operating System
    Windows 11 Pro 25H2 26200.8655
    Computer type
    Laptop
    Manufacturer/Model
    Dell Inspiron 15 7000 (7591) 2-in-1, DOB: 11/30/2019
    CPU
    10th Generation Intel Core i7-10510U Processor (8MB Cache, up to 4.9 GHz) Comet Lake
    Motherboard
    Dell 0NNW5N
    Memory
    16GB DDR4 RAM
    Graphics card(s)
    NVIDIA® GeForce® MX250 with 2GB GDDR5 graphics memory
    Sound Card
    Chipset Realtek ALC3254 🤔🤣
    Monitor(s) Displays
    Dell 15.6-inch UHD Truelife Touch Narrow Border WVA Display with Active Pen support
    Screen Resolution
    3840 x 2160
    Hard Drives
    Intel NVME 512GB SSD with 32GB Intel Optane Memory, M.2 80mm PCIe 3.0 RAID

    SanDisk 256GB Extreme microSDXC UHS-I Memory Card
    PSU
    Dell 4-Cell Battery, 68 Whr (Integrated), 90 Watt AC Adapter
    Case
    Dell Inspiron 15 7000 2-in-1 (7591)
    Cooling
    Standard Dell Case Fan & Havit HV-F2056 USB Powered (3 Fans) Laptop Cooling Pad.
    Keyboard
    Dell
    Mouse
    Logitech Wireless Mouse M650L
    Internet Speed
    Wireless/Wired connectivity (WiFi 6 - 802.11 ax)
    Browser
    Microsoft Edge
    Antivirus
    Microsoft Windows Security
    Other Info
    From Dell: 512GB NVME Solid State Drive accelerated by 32GB Intel Optane Memory are the fastest as compared to NAND SSDs. Intel Optane H10 with SSD offers speedy storage and accelerates opening your programs.
I Left clicked on the top right of the screen at the first word, then while holding that click, drag all the way down to the last word, then let go of the right click. That will make everything selected white and at the same time copying all that to the clipboard. Open a word pad new document and select; Edit - Past.

EDIT: So sorry - it's a left click... 🤔
Thanks
 

My Computer My Computer

At a glance

windows 11Intel i5-10600kf32gb corsair vengerance proAMD RX 6500XT
OS
windows 11
Computer type
PC/Desktop
Manufacturer/Model
Antec/Case
CPU
Intel i5-10600kf
Motherboard
GIGABYTE Z590 UD AC
Memory
32gb corsair vengerance pro
Graphics Card(s)
AMD RX 6500XT
Sound Card
onboard
Monitor(s) Displays
40" Hisense
Hard Drives
Samsung 850
Samsung 870
Seagate 2TB
PSU
EVGA GQ 750
My guess is your current BIOS has factory support for CA 2023 (but hasn't been reset to factory defaults). Normally the firmware update should populate all missing certs. But if that didn't happen, the good news is they would have registered their signed KEK CA 2023 with MS.

June 2025 would have been in the middle of MS's final push for OEM's to include CA 2023 in firmware.

You can run the check script in verbose mode:
Code:
Check_UEFI-CA2023.ps1 -Verbose

If you see the words "Update is available from Gigabyte or Microsoft.", the update script should work without problems.

PS C:\> cd .\Temp\
PS C:\Temp> powershell -nop -ep bypass -f Check_UEFI-CA2023.ps1 -Verbose
Windows 11 25H2 (26200.7840)

Secure Boot: ON
Virtualization Based Security: ON
BitLocker on (C:) OFF

BIOS Firmware
-------------
Gigabyte Technology Co. B760M H DDR4
Version: F14
Date: 2025-06-19

Factory Default UEFI PK Cert
----------------------------
(NONE)

UEFI PK Cert
------------
(NONE)

Factory Default UEFI KEK Certs
------------------------------
Microsoft Corporation KEK CA 2011
Microsoft Corporation KEK 2K CA 2023

UEFI KEK Certs
--------------
Microsoft Corporation KEK CA 2011
Microsoft Corporation KEK 2K CA 2023

Factory Default UEFI DB Certs
-----------------------------
Microsoft Corporation UEFI CA 2011
Microsoft Windows Production PCA 2011
Windows UEFI CA 2023

UEFI DB Certs
-------------
Microsoft Corporation UEFI CA 2011
Microsoft Windows Production PCA 2011

Factory Default UEFI DBX Certs
------------------------------
(NONE)
EFI_CERT_SHA256_GUID Signatures: 77

UEFI DBX Certs
--------------
(NONE)
Windows BootMgr SVN is MISSING.
EFI_CERT_SHA256_GUID Signatures: 481

EFI Files
---------
Disk 0: Windows Boot Manager [Production PCA 2011] is ALLOWED.
bootmgfw.efi File version: 26100.30227

Registry: WindowsUEFICA2023Capable = 0
[Windows UEFI CA 2023] not in UEFI DB.

Disk 0: SkuSiPolicy.p7b (for VBS) is NOT PRESENT.


REQUIRED ACTION
===============

OPTION 1: DO NOTHING. Windows will apply the UEFI updates in 2026 (supported BIOS).

OPTION 2: To install [UEFI CA 2023] certs WITHOUT REVOKING the [PCA 2011] cert, run the commands:

reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Secureboot /v AvailableUpdates /t REG_DWORD /d 0x5940 /f
powershell Start-ScheduledTask -TaskName "\Microsoft\Windows\PI\Secure-Boot-Update"

OPTION 3: To install [UEFI CA 2023] certs and REVOKE the [PCA 2011] cert, run the commands:

reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Secureboot /v AvailableUpdates /t REG_DWORD /d 0x5bc0 /f
powershell Start-ScheduledTask -TaskName "\Microsoft\Windows\PI\Secure-Boot-Update"

To install SkuSiPolicy.p7b, run the command:
Update_UEFI-CA2023.ps1 -SkuSiPolicy

PS C:\Temp>





It is telling me to add the "UEFI CA" certs but what about the UEFI PK which says NONE and the UEFI DBX and UEFI DB? or is it all the same thing?
Thanking you Garlin.
 
Last edited:

My Computers My Computers

  • At a glance

    Windows 11 ProIntel Core i5-12600K 3.7 GHz 10-Core ProcessorCorsair Vengeance LPX 64 GB (2 x 32 GB) DDR4-...Integrated Intel UHD Graphics 770
    OS
    Windows 11 Pro
    Computer type
    PC/Desktop
    Manufacturer/Model
    Self built PC by me.
    CPU
    Intel Core i5-12600K 3.7 GHz 10-Core Processor
    Motherboard
    Gigabyte B760M H DDR4 Micro ATX LGA1700 Motherboard
    Memory
    Corsair Vengeance LPX 64 GB (2 x 32 GB) DDR4-3200 CL16 Memory
    Graphics Card(s)
    Integrated Intel UHD Graphics 770
    Sound Card
    Realtek
    Monitor(s) Displays
    LG
    Hard Drives
    Samsung 990 Pro 1 TB M.2-2280 PCIe 4.0 X4 NVME Solid State Drive
    Samsung 990 Pro 2 TB M.2-2280 PCIe 4.0 X4 NVME Solid State Drive
    PSU
    NZXT 850w ATX 3.1 Gold Fully Modular Power Supply
    Case
    Thermaltake Versa H25 ATX Mid Tower Case
    Cooling
    CPU Cooler Thermalright Assassin Spirit 120 EVO ARGB (ARGB Disabled) - Case Fans BlackThermalright TL-C12C-S X3 66.17 CFM 120 mm Fans 3-Pack (ARGB disabled)
    Internet Speed
    1 Gbps
    Other Info
    I hate ARGB.
  • At a glance

    Windows 11 Pro
    Operating System
    Windows 11 Pro
    Computer type
    Laptop
    Manufacturer/Model
    Lenovo ThinkBook 14 G2 ITL
BIOS Firmware
-------------
Gigabyte Technology Co. B760M H DDR4
Version: F14
Date: 2025-06-19
Your BIOS is recent. Almost all BIOS releases from 2024 onward will add the CA 2023 certs.

Factory Default UEFI PK Cert
----------------------------
(NONE)

UEFI PK Cert
------------
(NONE)
That's going to be a problem. Whether or not you have a factory copy of the PK (everyone should), you definitely need a current PK cert. Unless you cleared the certs by going into Setup Mode, something went wrong when you applied the last BIOS update.

Try this:
1. Temporarily disable Secure Boot mode.
2. Reset the Secure Boot keys to the factory settings. This should restore your PK cert (which is required).
3. Run the check script again, and confirm you have an UEFI PK. Assuming your BIOS is recent enough, most of the CA 2011 and CA 2023 certs should have been added. If there are some missing, we can try to update process again. But a PK is always required to make Secure Boot work.
 

My Computer My Computer

At a glance

Windows 7
OS
Windows 7
Your BIOS is recent. Almost all BIOS releases from 2024 onward will add the CA 2023 certs.


That's going to be a problem. Whether or not you have a factory copy of the PK (everyone should), you definitely need a current PK cert. Unless you cleared the certs by going into Setup Mode, something went wrong when you applied the last BIOS update.

Try this:
1. Temporarily disable Secure Boot mode.
2. Reset the Secure Boot keys to the factory settings. This should restore your PK cert (which is required).
3. Run the check script again, and confirm you have an UEFI PK. Assuming your BIOS is recent enough, most of the CA 2011 and CA 2023 certs should have been added. If there are some missing, we can try to update process again. But a PK is always required to make Secure Boot work.

Tried everything and can't get it to load the cert. Look at this screenshot at the bottom.
IMG_3450.webp

IMG_3451.webp
 

My Computers My Computers

  • At a glance

    Windows 11 ProIntel Core i5-12600K 3.7 GHz 10-Core ProcessorCorsair Vengeance LPX 64 GB (2 x 32 GB) DDR4-...Integrated Intel UHD Graphics 770
    OS
    Windows 11 Pro
    Computer type
    PC/Desktop
    Manufacturer/Model
    Self built PC by me.
    CPU
    Intel Core i5-12600K 3.7 GHz 10-Core Processor
    Motherboard
    Gigabyte B760M H DDR4 Micro ATX LGA1700 Motherboard
    Memory
    Corsair Vengeance LPX 64 GB (2 x 32 GB) DDR4-3200 CL16 Memory
    Graphics Card(s)
    Integrated Intel UHD Graphics 770
    Sound Card
    Realtek
    Monitor(s) Displays
    LG
    Hard Drives
    Samsung 990 Pro 1 TB M.2-2280 PCIe 4.0 X4 NVME Solid State Drive
    Samsung 990 Pro 2 TB M.2-2280 PCIe 4.0 X4 NVME Solid State Drive
    PSU
    NZXT 850w ATX 3.1 Gold Fully Modular Power Supply
    Case
    Thermaltake Versa H25 ATX Mid Tower Case
    Cooling
    CPU Cooler Thermalright Assassin Spirit 120 EVO ARGB (ARGB Disabled) - Case Fans BlackThermalright TL-C12C-S X3 66.17 CFM 120 mm Fans 3-Pack (ARGB disabled)
    Internet Speed
    1 Gbps
    Other Info
    I hate ARGB.
  • At a glance

    Windows 11 Pro
    Operating System
    Windows 11 Pro
    Computer type
    Laptop
    Manufacturer/Model
    Lenovo ThinkBook 14 G2 ITL
PS C:\Users\dark> powershell -nop -ep bypass -f C:\Users\dark\Downloads\SecureBoot-CA-2023-Updates\Check_UEFI-CA2023.ps1 -Verbose
Windows 11 25H2 (26200.7840)

Secure Boot: ON
Virtualization Based Security: OFF
BitLocker on (C:) OFF

BIOS Firmware
-------------
System manufacturer System Product Name
Version: 5021
Date: 2024-09-28

Factory Default UEFI PK Cert
----------------------------
ASUSTeK MotherBoard PK Certificate

UEFI PK Cert
------------
ASUSTeK MotherBoard PK Certificate

Factory Default UEFI KEK Certs
------------------------------
Microsoft Corporation KEK CA 2011
Microsoft Corporation KEK 2K CA 2023
ASUSTeK MotherBoard KEK Certificate

UEFI KEK Certs
--------------
Microsoft Corporation KEK CA 2011
Microsoft Corporation KEK 2K CA 2023
Canonical Ltd. Master Certificate Authority
ASUSTeK MotherBoard KEK Certificate

Factory Default UEFI DB Certs
-----------------------------
Microsoft Corporation UEFI CA 2011
Microsoft Windows Production PCA 2011
Microsoft UEFI CA 2023
Windows UEFI CA 2023
ASUSTeK MotherBoard SW Key Certificate
ASUSTeK Notebook SW Key Certificate

UEFI DB Certs
-------------
Microsoft Corporation UEFI CA 2011
Microsoft Windows Production PCA 2011
Microsoft Option ROM UEFI CA 2023
Microsoft UEFI CA 2023
Windows UEFI CA 2023
Canonical Ltd. Master Certificate Authority
ASUSTeK MotherBoard SW Key Certificate
ASUSTeK Notebook SW Key Certificate

Factory Default UEFI DBX Certs
------------------------------
(NONE)
EFI_CERT_SHA256_GUID Signatures: 77

UEFI DBX Certs
--------------
(NONE)
Windows BootMgr SVN is MISSING.
EFI_CERT_SHA256_GUID Signatures: 483

EFI Files
---------
Disk 0: Windows Boot Manager [Windows UEFI CA 2023] is ALLOWED.
bootmgfw.efi File version: 26100.30227

Registry: WindowsUEFICA2023Capable = 2
[Windows UEFI CA 2023] in UEFI DB, and Windows starting from CA 2023 Boot Manager.


REQUIRED ACTION
===============

To revoke the [PCA 2011] cert, run the commands, run the commands:

reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Secureboot /v AvailableUpdates /t REG_DWORD /d 0x280 /f
powershell Start-ScheduledTask -TaskName "\Microsoft\Windows\PI\Secure-Boot-Update"

New user chiming in who manually updated the DB; this look okay? Other than the command to revoke, of course.
 

My Computer My Computer

At a glance

Windows 11 Pro 25H2AMD Ryzen 9 3950X64 GB DDR4-3600 CL18 (2x32 GB)MSI Ventus RTX 2060 Super
OS
Windows 11 Pro 25H2
Computer type
PC/Desktop
Manufacturer/Model
custom
CPU
AMD Ryzen 9 3950X
Motherboard
ASUS ROG Strix X570-E (first gen)
Memory
64 GB DDR4-3600 CL18 (2x32 GB)
Graphics Card(s)
MSI Ventus RTX 2060 Super
Sound Card
Audient iD4 Mk.I
Monitor(s) Displays
2x AOC 24G1 / 1x XP-Pen Artist Pro 16 Gen 2 2.5K
Screen Resolution
1080p / 2560x1600
Hard Drives
1TB WD/SanDisk SN850X (main) / 2TB Sabrent Rocket 4 / 6TB WD MyBook EE
PSU
Corsair RM850X 850W Gold (2019)
Case
Lian-Li O11-D
Cooling
EKWB EK-AIO 360 RGB
Keyboard
wooting Two HE fullsize
Mouse
some old mouse from an older PC
Internet Speed
Gigabit symmetric (fibre); Bell Fibe
Browser
Firefox
Antivirus
ol' reliable Windows Defender
Other Info
Other peripherals:

- Shure SM7B (Mexico)
- AKG K 240 Studio (calibrated flat)
- PDP FaceOff wired Switch gamepad
Back
Top Bottom