Is My Certificate Situation Secure?


S

Secrios

New member
Local time
5:50 AM
Posts
26
OS
Windows 11
After the most recent update I am still receiving this error message. 1801

"Updated Secure Boot certificates are available on this device but have not yet been applied to the firmware. Review the published guidance to complete the update and maintain full protection. This device signature information is included here.
DeviceAttributes: BaseBoardManufacturer:ASUSTeK COMPUTER INC.;FirmwareManufacturer:American Megatrends Inc.;FirmwareVersion:2002;OEMModelBaseBoard:ProArt X570-CREATOR WIFI;OEMManufacturerName:ASUS;OSArchitecture:amd64;
BucketId: 9e57fe3c0cb76b5a1d724137bc082b9cb634d35d5d7ee43b1889f7c2529b1a7e
BucketConfidenceLevel: Under Observation - More Data Needed
UpdateType:
For more information, please see Windows Secure Boot certificate expiration and CA updates - Microsoft Support."

Compared to before, I now receive it with "Under Observation - More Data Needed"
My powershell command does still come up as true in regards to 2023 ca

With that said is there something I am missing or needing to do to get this cleared up?
 
Windows Build/Version
Windows 11 25h2 26200

My Computer My Computer

At a glance

Windows 11
OS
Windows 11
Computer type
PC/Desktop
Manufacturer/Model
Asus
Have you checked the ASUS website to see if there is a new bios update for your Board?
If you there is a Bios Update make sure you have the appropriate backups, if you are using Bitlocker have the Bitlocker Key Handy to so you can input it after the Bios Update or disable Bitlocker before updating the Bios.
If you are using a Pin with Windows 11 have your Microsoft Account Email address and password available as you have to reset your Pin.
 

My Computer My Computer

At a glance

Windows 11AMD Ryzen 8700G64 GBOnboard
OS
Windows 11
Computer type
PC/Desktop
Manufacturer/Model
Generic
CPU
AMD Ryzen 8700G
Motherboard
Gigabyte B650 UD AC
Memory
64 GB
Graphics Card(s)
Onboard
Sound Card
Onboard
Monitor(s) Displays
Del U2723QE
Screen Resolution
3840 x 2160
Hard Drives
Corsiar MP600 1TB
PSU
Silverstone 750 GOLD
Case
Silverstone FARA 513
EB2XR6 said:
Have you checked the ASUS website to see if there is a new bios update for your Board?
If you there is a Bios Update make sure you have the appropriate backups, if you are using Bitlocker have the Bitlocker Key Handy to so you can input it after the Bios Update or disable Bitlocker before updating the Bios.
If you are using a Pin with Windows 11 have your Microsoft Account Email address and password available as you have to reset your Pin.
Click to expand...
They haven't updated it yet.
 

My Computer My Computer

At a glance

Windows 11
OS
Windows 11
Computer type
PC/Desktop
Manufacturer/Model
Asus

garlin's PowerShell scripts for updating Secure Boot CA 2023

INTRO For the last two months, I've been working on new PowerShell scripts to automate the Secure Boot CA 2023 update process. A number of contributed scripts or guides presented on various ElevenForum threads (including a few of my earlier scripts) are lacking in clarity. There's simply too...
www.elevenforum.com www.elevenforum.com

Check this thread if you wanna fully update and forget about it. Garlin is super nice and helps a lot, and many people too!
Thanks to Him I'm fully updated, my 3 systems, no issues.

Ask him, you won't regret it.
 

My Computers My Computers

System One System Two

  • At a glance

    Windows 11 Pro 25H2AMD Ryzen 5 5600G @ 3.9/4.4Ghz2 x 16 GB DDR4 Kingston Fury Beast 3200 MhzAMD Radeon RX 6600 XT MSI Mech 2X OC Edition ...
    OS
    Windows 11 Pro 25H2
    Computer type
    PC/Desktop
    Manufacturer/Model
    Built PC
    CPU
    AMD Ryzen 5 5600G @ 3.9/4.4Ghz
    Motherboard
    MSI B550M-PRO-WiFi Ver. 1.4
    Memory
    2 x 16 GB DDR4 Kingston Fury Beast 3200 Mhz
    Graphics Card(s)
    AMD Radeon RX 6600 XT MSI Mech 2X OC Edition 8 GB
    Sound Card
    Realtek High Definition Audio (Integrated)
    Monitor(s) Displays
    Samsung C50Rx 27" LED / HP S2031 20" LCD
    Screen Resolution
    1920 x 1080 px / 1600 x 900 px
    Hard Drives
    WD Blue SN570 NVME M.2 SSD [1 TB] -- External Drives: - WD Scorpion Blue 250 GB 5400 RPM (Data Backup) - Hitachi 500 GB 5400 RPM (Software / ISOs Backup) - Toshiba MQ01ABD100 1 TB 5400 RPM (OS Images) - HGST TravelStar 7K1000 1 TB, 7200 RPM USB 3.0 - ADATA SU800 2TB SSD USB 3.0
    PSU
    Corsair RM750e 750W Fully Modular
    Case
    Naceb Hydra NA-1602
    Cooling
    Naceb Orpheus x 3 (Front) + Naceb Cepheus 1200 RPM Max (Rear) + ThemalRight Assasin X 90 SE (CPU)
    Keyboard
    Logitech MK470 Wireless
    Mouse
    Logitech MK470 Wireless
    Internet Speed
    120 MB Symetrical
    Browser
    Firefox / Brave / Edge
    Antivirus
    Windows Defender
    Other Info
    - VMs: WMware Player - Windows 8.1 Pro x64 / Windows 11 Pro
    - Wacom Intuos Pro Small Tablet PTH-460

  • At a glance

    Windows 11 Pro 25H2AMD Ryzen 7 7730U @ 2.0/4.5 Ghz2 x 16 GB Kingston Fury Impact DDR4 3200 MhzRadeon (tm) Graphics Vega 8 (512 MB)
    Operating System
    Windows 11 Pro 25H2
    Computer type
    Laptop
    Manufacturer/Model
    HP Pavilion 15-eh3000la (80M53LA)
    CPU
    AMD Ryzen 7 7730U @ 2.0/4.5 Ghz
    Motherboard
    HP 8BC7
    Memory
    2 x 16 GB Kingston Fury Impact DDR4 3200 Mhz
    Graphics card(s)
    Radeon (tm) Graphics Vega 8 (512 MB)
    Sound Card
    Realtek High Definition Audio (Integrated)
    Monitor(s) Displays
    AU Optronics
    Screen Resolution
    1920 x 1080 px (125% size)
    Hard Drives
    WD Blue SN570 1TB NVME M.2 Drive
    PSU
    45 Watt Charger
    Cooling
    Laptop Cooling Pad
    Keyboard
    Free Wolf Foldable Portable Keyboard
    Mouse
    Free Wolf Wireless Mouse
    Internet Speed
    120 MB Symetrical
    Browser
    Firefox / Brave / Edge
    Antivirus
    Windows Defender
    Other Info
    - 41mWh battery.
    - Wacom Intuos Pro Small Tablet PTH-460
Secrios said:
After the most recent update I am still receiving this error message. 1801
Click to expand...
Unfortunately, MS is categorizing every Secure Boot informational message as a priority error. Probably to make it easier to pick it out of your event logs, but nothing is actually bad here.

Secrios said:
"Updated Secure Boot certificates are available on this device but have not yet been applied to the firmware. Review the published guidance to complete the update and maintain full protection. This device signature information is included here.
Click to expand...
Windows Update has been pushing the required files in order to perform a Secure Boot to your system. But it hasn't applied them, out of caution.

Secrios said:
Code: 
DeviceAttributes: BaseBoardManufacturer:ASUSTeK COMPUTER INC.;FirmwareManufacturer:American Megatrends Inc.;FirmwareVersion:2002;OEMModelBaseBoard:ProArt X570-CREATOR WIFI;OEMManufacturerName:ASUS;OSArchitecture:amd64;
BucketId: 9e57fe3c0cb76b5a1d724137bc082b9cb634d35d5d7ee43b1889f7c2529b1a7e
BucketConfidenceLevel: Under Observation - More Data Needed
Click to expand...
Windows looked up your motherboard's model and BIOS version and sent that data back to MS.

MS is collecting data on everyone who has this exact same model and BIOS, and trying to figure out if other people have successfully done the update, or it's failed. Based on the success rate of everyone in the same data bucket, a decision will made if it's safe for Windows to apply the Secure Boot updates for you right now, or wait for later.

MS is thinking "if the update works for everyone else, it will probably work for you."

If everyone is failing the update, you and everyone in the same bucket will be blocked until MS investigates the reason. It might need some technical work between MS and the vendor (ASUS or whoever).

You have the option of trying to force a Secure Boot update now, or just wait. If you want to apply the updates, there's several ElevenForum guides or a script you can use to update everything right now.

The last BIOS update for X570-CREATOR WIFI was in October 2025, so your PC is probably ready for the Secure Boot transition. End of last year was the deadline MS was asking vendors to finish adding CA 2023 support to firmware.
 

My Computer My Computer

At a glance

Windows 7
OS
Windows 7
garlin said:
Unfortunately, MS is categorizing every Secure Boot informational message as a priority error. Probably to make it easier to pick it out of your event logs, but nothing is actually bad here.


Windows Update has been pushing the required files in order to perform a Secure Boot to your system. But it hasn't applied them, out of caution.


Windows looked up your motherboard's model and BIOS version and sent that data back to MS.

MS is collecting data on everyone who has this exact same model and BIOS, and trying to figure out if other people have successfully done the update, or it's failed. Based on the success rate of everyone in the same data bucket, a decision will made if it's safe for Windows to apply the Secure Boot updates for you right now, or wait for later.

MS is thinking "if the update works for everyone else, it will probably work for you."

If everyone is failing the update, you and everyone in the same bucket will be blocked until MS investigates the reason. It might need some technical work between MS and the vendor (ASUS or whoever).

You have the option of trying to force a Secure Boot update now, or just wait. If you want to apply the updates, there's several ElevenForum guides or a script you can use to update everything right now.

The last BIOS update for X570-CREATOR WIFI was in October 2025, so your PC is probably ready for the Secure Boot transition. End of last year was the deadline MS was asking vendors to finish adding CA 2023 support to firmware.
Click to expand...
How do I do this forced update?
 

My Computer My Computer

At a glance

Windows 11
OS
Windows 11
Computer type
PC/Desktop
Manufacturer/Model
Asus
If know how to run a PS script as Admin, run Update_UEFI-CA2023.ps1 from:
garlin's PowerShell scripts for updating Secure Boot CA 2023

Otherwise, as Admin run the commands:
Code: 
manage-bde -Protectors -Disable C: -RebootCount 1
reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Secureboot /v AvailableUpdates /t REG_DWORD /d 0x5944 /f
powershell Start-ScheduledTask -TaskName "\Microsoft\Windows\PI\Secure-Boot-Update"

If you don't have BitLocker enabled on C: drive, you can skip the first command line.

Then you wait a while, the native Windows scheduled task is a bit slow to finish doing its work. My update script completes all the tasks in about 3-4 seconds.
 

My Computer My Computer

At a glance

Windows 7
OS
Windows 7
garlin said:
Unfortunately, MS is categorizing every Secure Boot informational message as a priority error. Probably to make it easier to pick it out of your event logs, but nothing is actually bad here.


Windows Update has been pushing the required files in order to perform a Secure Boot to your system. But it hasn't applied them, out of caution.


Windows looked up your motherboard's model and BIOS version and sent that data back to MS.

MS is collecting data on everyone who has this exact same model and BIOS, and trying to figure out if other people have successfully done the update, or it's failed. Based on the success rate of everyone in the same data bucket, a decision will made if it's safe for Windows to apply the Secure Boot updates for you right now, or wait for later.

MS is thinking "if the update works for everyone else, it will probably work for you."

If everyone is failing the update, you and everyone in the same bucket will be blocked until MS investigates the reason. It might need some technical work between MS and the vendor (ASUS or whoever).

You have the option of trying to force a Secure Boot update now, or just wait. If you want to apply the updates, there's several ElevenForum guides or a script you can use to update everything right now.

The last BIOS update for X570-CREATOR WIFI was in October 2025, so your PC is probably ready for the Secure Boot transition. End of last year was the deadline MS was asking vendors to finish adding CA 2023 support to firmware.
Click to expand...
So long and short, it looks like it is in hand and I should wait till those two sort it out?
 

My Computer My Computer

At a glance

Windows 11
OS
Windows 11
Computer type
PC/Desktop
Manufacturer/Model
Asus
Your PC isn’t too old, and probably won’t have any problems if you wait for MS. The same process is happening to other users with newer PC’s. Data is being collected for now.
 

My Computer My Computer

At a glance

Windows 7
OS
Windows 7
No problems ( so far) on my legacy ASUS-bios .
Secure boot not enabled , no bios-updates available , only the boottime went to 40 seconds..........
 

My Computers My Computers

System One System Two

  • At a glance

    Windows11 Pro 25H2i732GBnVidia
    OS
    Windows11 Pro 25H2
    Computer type
    PC/Desktop
    Manufacturer/Model
    Asus
    CPU
    i7
    Motherboard
    z97k
    Memory
    32GB
    Graphics Card(s)
    nVidia
    Sound Card
    Realtek
    Hard Drives
    3
    Cooling
    air
    Browser
    Edge
    Antivirus
    ESET

  • At a glance

    Windows11 ProIntel i516GBIntel
    Operating System
    Windows11 Pro
    Computer type
    PC/Desktop
    Manufacturer/Model
    ASUS
    CPU
    Intel i5
    Motherboard
    ASUS Basic
    Memory
    16GB
    Graphics card(s)
    Intel
    Sound Card
    Realtek
    Monitor(s) Displays
    Samsung
    Hard Drives
    one intern , 0ne extern, OS on SSD
    Cooling
    air
    Keyboard
    wireless Logitech
    Mouse
    wireless Logitech
    Internet Speed
    1GB
    Browser
    Edge
    Antivirus
    ESET
FerchogtX said:

garlin's PowerShell scripts for updating Secure Boot CA 2023

INTRO For the last two months, I've been working on new PowerShell scripts to automate the Secure Boot CA 2023 update process. A number of contributed scripts or guides presented on various ElevenForum threads (including a few of my earlier scripts) are lacking in clarity. There's simply too...
www.elevenforum.com www.elevenforum.com

Check this thread if you wanna fully update and forget about it. Garlin is super nice and helps a lot, and many people too!
Thanks to Him I'm fully updated, my 3 systems, no issues.

Ask him, you won't regret it.
Click to expand...
Beware of running such scripts on old PCs which are unable to install the 2023 certificates. See Secure Boot Update Issue for 2014 Dell Laptop
 

My Computer My Computer

At a glance

Windows 11 ProCore i7-13700K64 GB Kingston Fury Beast DDR5Gigabyte GeForce RTX 2060 Super Gaming OC 8G
OS
Windows 11 Pro
Computer type
PC/Desktop
Manufacturer/Model
Self build
CPU
Core i7-13700K
Motherboard
Asus TUF Gaming Plus WiFi Z790
Memory
64 GB Kingston Fury Beast DDR5
Graphics Card(s)
Gigabyte GeForce RTX 2060 Super Gaming OC 8G
Sound Card
Realtek S1200A
Monitor(s) Displays
Viewsonic VP2770 & Dell (secondary)
Screen Resolution
2560 x 1440
Hard Drives
Kingston KC3000 2TB NVME SSD & SATA HDDs & SSD
PSU
EVGA SuperNova G2 850W
Case
Nanoxia Deep Silence 1
Cooling
Noctua NH-D14
Keyboard
Microsoft Digital Media Pro
Mouse
Logitech Wireless
Internet Speed
80 Mb / s
Browser
Chrome
Antivirus
Defender, Malwarebytes Free & AdwCleaner
You must log in or register to reply here.

Similar threads

Solved Secure boot certificate 2023 valid but event present
3 4 5
Replies
83
Views
13K
666pierog
666pierog

Latest Support Threads

Latest Tutorials

Back
Top Bottom