Thanks. I figured the problem, try this updated version of the check script.
I am not sure if this messed with your script but I updated everything while I was waiting and this is the output I get with the script you just gave me.
PS D:\temp> powershell -nop -ep bypass -f Check_UEFI-CA2023.ps1 -verbose
Windows 11 25H2 (26200.7840)
Secure Boot: ON
Virtualization Based Security: ON
BitLocker on (C:) OFF
BIOS Firmware
-------------
Gigabyte Technology Co. B760M H DDR4
Version: F14
Date: 2025-06-19
Factory Default UEFI PK Cert
----------------------------
(NONE)
UEFI PK Cert
------------
(NONE)
Factory Default UEFI KEK Certs
------------------------------
Microsoft Corporation KEK CA 2011
Microsoft Corporation KEK 2K CA 2023
UEFI KEK Certs
--------------
Microsoft Corporation KEK CA 2011
Microsoft Corporation KEK 2K CA 2023
Factory Default UEFI DB Certs
-----------------------------
Microsoft Corporation UEFI CA 2011
Microsoft Windows Production PCA 2011
Windows UEFI CA 2023
UEFI DB Certs
-------------
Microsoft Corporation UEFI CA 2011
Microsoft Windows Production PCA 2011
Microsoft Option ROM UEFI CA 2023
Microsoft UEFI CA 2023
Windows UEFI CA 2023
Factory Default UEFI DBX Certs
------------------------------
(NONE)
EFI_CERT_SHA256_GUID Signatures: 77
UEFI DBX Certs
--------------
Microsoft Windows Production PCA 2011
Windows BootMgr SVN 7.0
EFI_CERT_SHA256_GUID Signatures: 487
EFI Files
---------
Disk 0: Windows Boot Manager [Windows UEFI CA 2023] is ALLOWED.
bootmgfw.efi File version: 26100.30227
Registry: WindowsUEFICA2023Capable = 2
[Windows UEFI CA 2023] in UEFI DB, and Windows starting from CA 2023 Boot Manager.
Disk 0: SkuSiPolicy.p7b version: 33284.17421.33440.335 is CURRENT.
STATUS REPORT
-------------
Registry: UEFICA2023Status = Updated
SUCCESS: NO UPDATES ARE REQUIRED.
PS D:\temp>
I am done for today. I assume everything is working. The other script showed the UEFI PK Gigabyte
So I guess I am okay? Maybe some weird thing with my PC and your script?