- Local time
- 10:44 PM
- Posts
- 598
- OS
- Windows 11 Pro build 26200.8524
After reading here in this forum or elsewhere that HP PC owners ran into some devastating trouble booting, I wanted to write this post.Please note I installed MS CA 2023 certs on my HP EliteBook 840 G5 notebook PC with flying colors.Some HP PCs did not receive BIOS updates to install Microsoft CA 2023 certificates because they are out of HP support cycle.Some HP PCs did not receive BIOS updates against HP's own promise to deliver BIOS updates for those PCs.Therefore, you should check if you have BIOS updates for new MS CA 2023 certs before proceeding.Whatever the situation is, most HP PCs will be able to install Microsoft CA 2023 certificates by @garlin 's scripts or by using procedures elsewhere.
Please refer to: garlin's PowerShell scripts for updating Secure Boot CA 2023
Some HP PCs (desktops or notebooks) with HP Sure Start Tech entered into continuous boot loop after installing Microsoft CA 2023 certificates.
For those that do wish to install new Microsoft CA 2023 certificates, please do note the following:
When you read "Disable some settings in EUFI firmware (BIOS)", do it for one setting only at one time and reboot into UEFI firmware (BIOS) again to continue disabling/enabling other settings.
Disable Secure Boot and reboot into BIOS.Disable (uncheck) Sure Start Secure Boot Keys Protection and reboot into BIOS.
.
.
Enable (check) Clear Secure Boot Keys (setup mode) and reboot into Windows (not BIOS. If you get into BIOS, clear Secure Boot Keys will be unchecked and you will get out of setup mode).Apply CA 2023 certificates by whatever means is available to you and reboot into BIOS. (If you get Signature Violation error when you set PK certificate, do not worry. HP PK works.) Enable Secure Boot (DO NOT ENABLE ANY OTHER SETTINGS IN BIOS) and reboot into Windows. (Clear Secure Boot Keys checkbox is unchecked by itself. )NOTE: If you enable (check) HP Sure Start Secure Boot Keys Protection along with Secure Boot, you may enter into a continuous boot loop of "Entering Setup Menu..." as some people did.Run your PC two or three days. This, in my opinion, will place new CA 2023 certs into the HP Sure Start NVRAM vault. Otherwise, HP Sure Start will think certs are tampered with and try to replace them with its previously protected old certs in NVRAM vault, ending up in continuous boot loop.Enable Sure Start Secure Boot Keys Protection after two-three days . Now new certs will be protected by HP Sure Start. Tampering of the new certs will be prohibited. Note: Disabling/enabling some settings may require Administrator BIOS password. Assign a password to BIOS (8-digit password is required), if not already assigned.I hope this post will help some HP PC owners.NOTE: If you decide to do anything on your PC, do it at your own risk.
Please refer to: garlin's PowerShell scripts for updating Secure Boot CA 2023
Some HP PCs (desktops or notebooks) with HP Sure Start Tech entered into continuous boot loop after installing Microsoft CA 2023 certificates.
For those that do wish to install new Microsoft CA 2023 certificates, please do note the following:
When you read "Disable some settings in EUFI firmware (BIOS)", do it for one setting only at one time and reboot into UEFI firmware (BIOS) again to continue disabling/enabling other settings.
Disable Secure Boot and reboot into BIOS.Disable (uncheck) Sure Start Secure Boot Keys Protection and reboot into BIOS.
.
.
Enable (check) Clear Secure Boot Keys (setup mode) and reboot into Windows (not BIOS. If you get into BIOS, clear Secure Boot Keys will be unchecked and you will get out of setup mode).Apply CA 2023 certificates by whatever means is available to you and reboot into BIOS. (If you get Signature Violation error when you set PK certificate, do not worry. HP PK works.) Enable Secure Boot (DO NOT ENABLE ANY OTHER SETTINGS IN BIOS) and reboot into Windows. (Clear Secure Boot Keys checkbox is unchecked by itself. )NOTE: If you enable (check) HP Sure Start Secure Boot Keys Protection along with Secure Boot, you may enter into a continuous boot loop of "Entering Setup Menu..." as some people did.Run your PC two or three days. This, in my opinion, will place new CA 2023 certs into the HP Sure Start NVRAM vault. Otherwise, HP Sure Start will think certs are tampered with and try to replace them with its previously protected old certs in NVRAM vault, ending up in continuous boot loop.Enable Sure Start Secure Boot Keys Protection after two-three days . Now new certs will be protected by HP Sure Start. Tampering of the new certs will be prohibited. Note: Disabling/enabling some settings may require Administrator BIOS password. Assign a password to BIOS (8-digit password is required), if not already assigned.I hope this post will help some HP PC owners.NOTE: If you decide to do anything on your PC, do it at your own risk.
My Computers
System One System Two
-
- OS
- Windows 11 Pro build 26200.8524
- Computer type
- PC/Desktop
- Manufacturer/Model
- Home Built
- CPU
- Intel i7-4790
- Motherboard
- Asus H97 Pro Gamer with add-on TPM1.2 module
- Memory
- Teams DDR3-1600 4x4 GB
- Graphics Card(s)
- MSI Nvidia GeForce GTX 1050Ti
- Sound Card
- Realtek ALC1150
- Monitor(s) Displays
- Dell P2425D
- Screen Resolution
- 2560 by 1440 pixels
- Hard Drives
- Corsair NVMe M.2 Core XT 1000 GB (Windows 11 v.25H2); Samsung SATA Evo 870 500 GB (Windows 11 v.25H2);
- PSU
- Corsair HX850
- Case
- Gigabyte Solo 210
- Cooling
- Zalman CNPS7X Tower
- Keyboard
- Microsoft AIO Wireless (includes touchpad)
- Mouse
- HP S1000 Plus Wireless
- Internet Speed
- 500 Mb fiber optic
- Browser
- Chrome; MS Edge
- Antivirus
- Windows Defender
-
- Operating System
- MacOS 12 Monterey
- Computer type
- Laptop
- Manufacturer/Model
- Apple Macbook Air
- CPU
- Intel Core i5
- Memory
- 8 GB
- Graphics card(s)
- Intel integrated
- Screen Resolution
- 1440 by 900 pixels
- Hard Drives
- 128 GB
- Keyboard
- Built-in
- Mouse
- Microsoft Wireless
- Internet Speed
- 802.11 ac
- Browser
- Chrome; Safari
- Antivirus
- N/A
