Secure Boot Key update


jumanji

jumanji

Well-known member
Power User
VIP
Local time
8:26 PM
Posts
5,473
OS
Windows 11 Pro Version:25H2 OS Build: 26200.8524
Yesterday when I was using my Beelink Sei12 MiniPC running Windows 11 Pro, there was suddenly an update message requiring me to Restart the PC. I was surprised since I had paused updates for five weeks. Anyway I restarted my PC and then looked into the Windows Update History to find out what update was installed. It said "Secure Boot Allowed Key Exchange Key (KEK) update". Does it mean the new keys have been installed? Has any one else got this update? (I have not yet got this update on my Dell Inspiron 3280, running Windows 11 Home.)

31-01-2026 19-02-20.webp
 

My Computers

System One System Two

  • OS
    Windows 11 Pro Version:25H2 OS Build: 26200.8524
    Computer type
    PC/Desktop
    Manufacturer/Model
    Beelink Mini PC Model: SEi12
    CPU
    12th Gen Intel core i5-1235U(Alder
    Motherboard
    SEi (manufactured by AZW)
    Memory
    16*2 (32 GB) DDR 4-3200(1600MHz) Crucial Technology
    Graphics Card(s)
    Intel Iris Xe Graphics (Internal)
    Sound Card
    Internal
    Monitor(s) Displays
    BenQ GW2283
    Screen Resolution
    1920*1080
    Hard Drives
    500GB NVME (Kingston SNV2S500G)
    1TB (Crucial CT1000BX500SSD1)
    PSU
    Power Brick 19V-6.32A , 120.08W
    Keyboard
    Dell KB3322Wi (Wireless)
    Mouse
    Dell WM118t (Wireless)
    Internet Speed
    4G/5G
    Browser
    MS Edge, Chrome
    Antivirus
    Malwarebytes Premium - Subscription
  • Operating System
    Windows 11 Home Version 25H2 Build 26200.8524
    Computer type
    PC/Desktop
    Manufacturer/Model
    Dell Inspiron 3280 AIO 22"
    CPU
    Intel Core i3 8145U
    Motherboard
    Dell inc. 027W48
    Memory
    Intel Optane 16GB module + DDR 4 16GB (Optane disabled.)
    Graphics card(s)
    Intel UHD Graphics 620
    Sound Card
    Internal
    Monitor(s) Displays
    Dell Monitor 22"
    Screen Resolution
    1920x1080
    Hard Drives
    Crucial CT1000BX500SSD1 ; 1000,2 GB
    PSU
    Power Brick
    Case
    All-in one
    Keyboard
    Dell Wireless KM636
    Mouse
    Dell Wireless KM 636
    Internet Speed
    4G
    Browser
    Edge, Chrome
    Antivirus
    Malwarebytes
    Other Info
    Upgraded from Windows 10 Home to Windows 11 Home on 28 Oct 2023
Wonder what happens with Win 11 on unapproved equipment?? And will these keys update on my newer PC's automatically?
 

My Computer

System One

  • OS
    Windows 11 Pro 23H2
    Computer type
    PC/Desktop
    Manufacturer/Model
    MinisForum
    CPU
    Intel(R) Core(TM) i9-12900HK
    Memory
    32gb
    Graphics Card(s)
    Intel(R) Iris(R) Xe Graphics
    Sound Card
    Realtek 888
    Monitor(s) Displays
    Acer
    Screen Resolution
    1920x1080
    Hard Drives
    1TB SSD
    Keyboard
    Logitech
    Mouse
    Logitech MX Master 2X
    Internet Speed
    1GB
    Browser
    Firefox
    Antivirus
    Windows Defender
Have a read here

Secure boot update HowTo

i have put this together as i had problems updating 2 desktops and 3 laptops. which have now all had their Secure Boot Certs updated to the new 2023 secure boot cert also the other post about this were getting very long and confusing. this is in two parts. part A and part B. edit by me. please...
www.elevenforum.com www.elevenforum.com
 

My Computers

System One System Two

  • OS
    Windows 11 Enterprise 25H2 26200 7462
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom Build
    CPU
    Intel XEON E5-2699 v3
    Motherboard
    ASUS X99-A
    Memory
    64GB Teamgroup UD4-3600
    Graphics Card(s)
    NVIDIA GeForce GTX 1080 Ti
    Sound Card
    Integrated
    Monitor(s) Displays
    ACER X34 Predator
    Screen Resolution
    3440 x 1440
    Hard Drives
    Crucial CT1000P 3P SSD8 1TB
    Crucial CT1000 BX500 SSD 1TB
    PSU
    GameMax Pro
    Case
    Fractal Design
    Cooling
    Corsair H110iGT + 6 140mm Fans
    Keyboard
    Corsair K4
    Mouse
    G-Skill G502
    Internet Speed
    300MBs
    Browser
    Chrome
    Antivirus
    OEM
    Other Info
    ASUS RT-AC87U Router
  • Operating System
    25H2 26200.5074
    Computer type
    Laptop
    Manufacturer/Model
    ASUS X555LA
    Memory
    8GB
    Browser
    Chrome
    Antivirus
    OEM
flhthemi said:
Wonder what happens with Win 11 on unapproved equipment?? And will these keys update on my newer PC's automatically?
Click to expand...
Mine are ALL unapproved and are fully 23 compliant now.
 

My Computers

System One System Two

  • OS
    Windows 11 Enterprise 25H2 26200 7462
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom Build
    CPU
    Intel XEON E5-2699 v3
    Motherboard
    ASUS X99-A
    Memory
    64GB Teamgroup UD4-3600
    Graphics Card(s)
    NVIDIA GeForce GTX 1080 Ti
    Sound Card
    Integrated
    Monitor(s) Displays
    ACER X34 Predator
    Screen Resolution
    3440 x 1440
    Hard Drives
    Crucial CT1000P 3P SSD8 1TB
    Crucial CT1000 BX500 SSD 1TB
    PSU
    GameMax Pro
    Case
    Fractal Design
    Cooling
    Corsair H110iGT + 6 140mm Fans
    Keyboard
    Corsair K4
    Mouse
    G-Skill G502
    Internet Speed
    300MBs
    Browser
    Chrome
    Antivirus
    OEM
    Other Info
    ASUS RT-AC87U Router
  • Operating System
    25H2 26200.5074
    Computer type
    Laptop
    Manufacturer/Model
    ASUS X555LA
    Memory
    8GB
    Browser
    Chrome
    Antivirus
    OEM

My Computer

System One

  • OS
    Windows 11
    Computer type
    PC/Desktop
    Manufacturer/Model
    HP Pavilion
    CPU
    AMD Ryzen 7 5700G
    Motherboard
    Erica6
    Memory
    Micron Technology DDR4-3200 16GB
    Graphics Card(s)
    NVIDIA GeForce RTX 3060
    Sound Card
    Realtek ALC671
    Monitor(s) Displays
    Samsung SyncMaster U28E590
    Screen Resolution
    3840 x 2160
    Hard Drives
    SAMSUNG MZVLQ1T0HALB-000H1
Well...I'm on 23H2 so I guess until I update to at least 24H2 it won't happen VIA WU.
 

My Computer

System One

  • OS
    Windows 11 Pro 23H2
    Computer type
    PC/Desktop
    Manufacturer/Model
    MinisForum
    CPU
    Intel(R) Core(TM) i9-12900HK
    Memory
    32gb
    Graphics Card(s)
    Intel(R) Iris(R) Xe Graphics
    Sound Card
    Realtek 888
    Monitor(s) Displays
    Acer
    Screen Resolution
    1920x1080
    Hard Drives
    1TB SSD
    Keyboard
    Logitech
    Mouse
    Logitech MX Master 2X
    Internet Speed
    1GB
    Browser
    Firefox
    Antivirus
    Windows Defender
Thank you @FreeBooter. Yes, I was aware that the keys will be automatically updated but unaware the gradual roll out starts in Jan 2026. What surprised me is it was pushed into even when updates were paused for five weeks :-).

"Starting with the January 2026 Security Update, Microsoft has begun a gradual rollout of a new certificate that will allow your computer to continue booting correctly and receive security updates."
 

My Computers

System One System Two

  • OS
    Windows 11 Pro Version:25H2 OS Build: 26200.8524
    Computer type
    PC/Desktop
    Manufacturer/Model
    Beelink Mini PC Model: SEi12
    CPU
    12th Gen Intel core i5-1235U(Alder
    Motherboard
    SEi (manufactured by AZW)
    Memory
    16*2 (32 GB) DDR 4-3200(1600MHz) Crucial Technology
    Graphics Card(s)
    Intel Iris Xe Graphics (Internal)
    Sound Card
    Internal
    Monitor(s) Displays
    BenQ GW2283
    Screen Resolution
    1920*1080
    Hard Drives
    500GB NVME (Kingston SNV2S500G)
    1TB (Crucial CT1000BX500SSD1)
    PSU
    Power Brick 19V-6.32A , 120.08W
    Keyboard
    Dell KB3322Wi (Wireless)
    Mouse
    Dell WM118t (Wireless)
    Internet Speed
    4G/5G
    Browser
    MS Edge, Chrome
    Antivirus
    Malwarebytes Premium - Subscription
  • Operating System
    Windows 11 Home Version 25H2 Build 26200.8524
    Computer type
    PC/Desktop
    Manufacturer/Model
    Dell Inspiron 3280 AIO 22"
    CPU
    Intel Core i3 8145U
    Motherboard
    Dell inc. 027W48
    Memory
    Intel Optane 16GB module + DDR 4 16GB (Optane disabled.)
    Graphics card(s)
    Intel UHD Graphics 620
    Sound Card
    Internal
    Monitor(s) Displays
    Dell Monitor 22"
    Screen Resolution
    1920x1080
    Hard Drives
    Crucial CT1000BX500SSD1 ; 1000,2 GB
    PSU
    Power Brick
    Case
    All-in one
    Keyboard
    Dell Wireless KM636
    Mouse
    Dell Wireless KM 636
    Internet Speed
    4G
    Browser
    Edge, Chrome
    Antivirus
    Malwarebytes
    Other Info
    Upgraded from Windows 10 Home to Windows 11 Home on 28 Oct 2023
jumanji said:
It said "Secure Boot Allowed Key Exchange Key (KEK) update". Does it mean the new keys have been installed? Has any one else got this update? (I have not yet got this update on my Dell Inspiron 3280, running Windows 11 Home.)
Click to expand...
Yes, I have seen it on just one of my machines. It multi-boots RTM 25H2 and various Insider builds as native boot vhdx. I got it in the Dev build, but the 2023 KEK now seems to be available for all installed version of Windows.
KB5074157 Windows 11 Insider Dev build 26220.7653 (25H2) - Jan. 21 - post #3

None of my other machines have seen it.
 

My Computers

System One System Two

  • OS
    Windows 11 Home
    Computer type
    Laptop
    Manufacturer/Model
    Acer Aspire 3 A315-23-R9VY
    CPU
    AMD Athlon Silver 3050U
    Memory
    8GB
    Graphics Card(s)
    Radeon Graphics
    Monitor(s) Displays
    laptop screen
    Screen Resolution
    1366x768 native resolution, up to 2560x1440 with Radeon Virtual Super Resolution
    Hard Drives
    1TB Samsung EVO 870 SSD (from April 2026: 250GB EVO 850)
    Internet Speed
    150 Mbps
    Browser
    Edge, Firefox
    Antivirus
    Defender
    Other Info
    fully 'Windows 11 ready' laptop. Windows 10 C: partition migrated from my old unsupported 'main machine' then upgraded to 11. A test migration ran Insider builds for 2 months. When 11 was released on 5th October 2021 it was re-imaged back to 10 and was offered the upgrade in Windows Update on 20th October. Windows Update offered the 22H2 Feature Update on 20th September 2022. It got the 23H2 Feature Update on 4th November 2023 through Windows Update, 24H2 on 3rd October 2024 through Windows Update by setting the Target Release Version for 24H2, and 25H2 on 30th September 2025 through Windows Update by setting the Target Release Version for 25H2.

    UPDATE - 11 April 2026: due to mechanical deterioration this PC has been retired from active duty. The OS with all software and files has been migrated to my System Seven below to carry on as my general purpose 'main machine'.

    My SYSTEM THREE is a Dell Latitude 5410, i7-10610U, 32GB RAM, 512GB NVMe ssd, supported device running Windows 11 Pro.

    My SYSTEM FOUR is a 2-in-1 convertible Lenovo Yoga 11e 20DA, Celeron N2930, 8GB RAM, 256GB ssd. Unsupported device: currently running Win10 Pro, plus Win11 Pro RTM and Insider Dev, Beta, and RP 24H2 as native boot vhdx.

    My SYSTEM FIVE is a Dell Latitude 3190 2-in-1, Pentium Silver N5030, 8GB RAM, 1TB NVMe ssd, supported device running Windows 11 Pro, plus Insider Beta, Dev, and Canary builds (and a few others) as a native boot .vhdx.

    My SYSTEM SIX is a Dell Latitude 5550, Core Ultra 7 165H, 64GB RAM, 1TB NVMe SSD, supported device, Windows 11 Pro 24H2, Hyper-V host machine. Updated to 25H2 on 30th September 2025.

    My SYSTEM SEVEN is a Lenovo Thinkpad T580, Intel Core i7-8650U, 16GB RAM, 512GB NVMe SSD + 2nd 512GB NVMe SSD, a supported device for Windows 11. This is my current general purpose 'main machine'. The installed Windows 11 Home from my System One has been migrated to this machine.
  • Operating System
    Windows 11 Pro
    Computer type
    Laptop
    Manufacturer/Model
    Dell Latitude E4310
    CPU
    Intel® Core™ i5-520M
    Motherboard
    0T6M8G
    Memory
    8GB
    Graphics card(s)
    (integrated graphics) Intel HD Graphics
    Screen Resolution
    1366x768
    Hard Drives
    500GB Crucial MX500 SSD
    Browser
    Firefox, Edge
    Antivirus
    Defender
    Other Info
    unsupported machine: Legacy bios, MBR, TPM 1.2, upgraded from W10 to W11 using W10/W11 hybrid install media workaround. In-place upgrade to 22H2 using ISO and a workaround. Feature Update to 23H2 by manually installing the Enablement Package. In-place upgrade to 24H2 using hybrid 23H2/24H2 install media. Upgraded to 25H2 by Enablement Package. Also running Insider Dev, and Canary builds and Windows 10 as native boot .vhdx.

    My SYSTEM THREE is a Dell Latitude 5410, i7-10610U, 32GB RAM, 512GB NVMe ssd, supported device running Windows 11 Pro.

    My SYSTEM FOUR is a 2-in-1 convertible Lenovo Yoga 11e 20DA, Celeron N2930, 8GB RAM, 256GB ssd. Unsupported device: currently running Win10 Pro, plus Win11 Pro RTM and Insider Dev, Beta, and RP 24H2 as native boot vhdx.

    My SYSTEM FIVE is a Dell Latitude 3190 2-in-1, Pentium Silver N5030, 8GB RAM, 1TB NVMe ssd, supported device running Windows 11 Pro, plus Insider Beta, Dev, and Canary builds (and a few others) as a native boot .vhdx.

    My SYSTEM SIX is a Dell Latitude 5550, Core Ultra 7 165H, 64GB RAM, 1TB NVMe SSD, supported device, Windows 11 Pro 24H2, Hyper-V host machine. Updated to 25H2 on 30th September 2025.

    My SYSTEM SEVEN is a Lenovo Thinkpad T580, Intel Core i7-8650U, 16GB RAM, 512GB NVMe SSD + 2nd 512GB NVMe SSD, a supported device for Windows 11. This is my current general purpose 'main machine'. The installed Windows 11 Home from my System One has been migrated to this machine.
I think the update released before 2026 i remember installing it few weeks ago.
 

My Computer

System One

  • OS
    Windows 11
    Computer type
    PC/Desktop
    Manufacturer/Model
    HP Pavilion
    CPU
    AMD Ryzen 7 5700G
    Motherboard
    Erica6
    Memory
    Micron Technology DDR4-3200 16GB
    Graphics Card(s)
    NVIDIA GeForce RTX 3060
    Sound Card
    Realtek ALC671
    Monitor(s) Displays
    Samsung SyncMaster U28E590
    Screen Resolution
    3840 x 2160
    Hard Drives
    SAMSUNG MZVLQ1T0HALB-000H1
I have already updated all my machines to the 2023 certs, revoked the 2011 certs, and they're all using secure boot. I sincerely hope that Microsoft doesn't screw around and break things on any of them!
 

My Computers

System One System Two

  • OS
    Win 11 Pro 25H2, Build 26200.8524
    Computer type
    PC/Desktop
    Manufacturer/Model
    Home Brew
    CPU
    Intel Core i5 14500
    Motherboard
    Gigabyte B760M G P WIFI
    Memory
    64GB DDR4
    Graphics Card(s)
    GeForce RTX 4060
    Sound Card
    Chipset Realtek
    Monitor(s) Displays
    LG 45" Ultragear, Acer 24" 1080p
    Screen Resolution
    5120x1440, 1920x1080
    Hard Drives
    Crucial P310 2TB 2280 PCIe Gen4 3D NAND NVMe M.2 SSD (O/S)
    Silicon Power 2TB US75 NVMe PCIe Gen4 M.2 2280 SSD (backup)
    Crucial BX500 2TB 3D NAND (2nd backup)
    Seagate 4TB Ironwolf, rotating HDD archive files
    External off-line backup Drives: 2 NVMe 4TB drives in external enclosures
    PSU
    Thermaltake Toughpower GF3 750W
    Case
    LIAN LI LANCOOL 216 E-ATX PC Case
    Cooling
    Lots of fans!
    Keyboard
    Microsoft Comfort Curve 2000
    Mouse
    Logitech G305
    Internet Speed
    Verizon FiOS 1GB
    Browser
    Firefox
    Antivirus
    Malware Bytes & Windows Defender Security
  • Operating System
    Win 11 Pro 25H2, Build 26200.8524
    Computer type
    PC/Desktop
    Manufacturer/Model
    Home Brew
    CPU
    Intel Core i5 14400
    Motherboard
    Gigabyte B760M DS3H AX
    Memory
    32GB DDR5
    Graphics card(s)
    Intel 700 Embedded GPU
    Sound Card
    Realtek Embedded
    Monitor(s) Displays
    27" HP 1080p
    Screen Resolution
    1920x1080
    Hard Drives
    Crucial P310 2TB 2280 PCIe Gen4 eD NAND PCIe SSD
    Samsung EVO 990 2TB NVMe Gen4 SSD
    Samsung 2TB SATA SSD
    PSU
    Thermaltake Smart BM3 650W
    Case
    Okinos Micro ATX Case
    Cooling
    Fans
    Keyboard
    Microsoft Comfort Curve 2000
    Mouse
    Logitech G305
    Internet Speed
    Verizon FiOS 1GB
    Browser
    Firefox
    Antivirus
    Malware Bytes & Windows Defender Security
jumanji said:
Thank you @FreeBooter. Yes, I was aware that the keys will be automatically updated but unaware the gradual roll out starts in Jan 2026. What surprised me is it was pushed into even when updates were paused for five weeks :-).

"Starting with the January 2026 Security Update, Microsoft has begun a gradual rollout of a new certificate that will allow your computer to continue booting correctly and receive security updates."
Click to expand...


Use method three, here, to find out...

How to check if your Secure Boot certs are updated. (three methods)

Method One Download cjee21's files, attached to the bottom of this post. 1. Save the file to your desktop. 2. Extract the contents to your desktop. 3. Open: Check-UEFISecureBootVariables-main 4. Right click: Check UEFI PK, KEK, DB and DBX.cmd ...and choose: Run as administrator. Your...
www.elevenforum.com www.elevenforum.com
 

My Computers

System One System Two

  • OS
    Win 11 Home ♦♦♦26200.8457 ♦♦♦♦♦♦♦25H2
    Computer type
    PC/Desktop
    Manufacturer/Model
    Built by Ghot® [May 2020]
    CPU
    AMD Ryzen 7 3700X
    Motherboard
    Asus Pro WS X570-ACE (BIOS 5302)
    Memory
    G.Skill (F4-3200C14D-16GTZKW)
    Graphics Card(s)
    EVGA RTX 2070 (08G-P4-2171-KR)
    Sound Card
    Realtek ALC1220P / ALC S1220A
    Monitor(s) Displays
    Dell U3011 30"
    Screen Resolution
    2560 x 1600
    Hard Drives
    2x Samsung 860 EVO 500GB,
    WD 4TB Black FZBX - SATA III,
    WD 8TB Black FZBX - SATA III,
    DRW-24B1ST CD/DVD Burner
    PSU
    PC Power & Cooling 750W Quad EPS12V
    Case
    Cooler Master ATCS 840 Tower
    Cooling
    CM Hyper 212 EVO (push/pull)
    Keyboard
    Ducky DK9008 Shine II Blue LED
    Mouse
    Logitech Optical M-100
    Internet Speed
    300/300
    Browser
    Firefox (latest)
    Antivirus
    Bitdefender Total Security
    Other Info
    Speakers: Klipsch Pro Media 2.1
  • Operating System
    Windows XP Pro 32bit w/SP3
    Computer type
    PC/Desktop
    Manufacturer/Model
    Built by Ghot® (not in use)
    CPU
    AMD Athlon 64 X2 5000+ (OC'd @ 3.2Ghz)
    Motherboard
    ASUS M2N32-SLI Deluxe Wireless Edition
    Memory
    TWIN2X2048-6400C4DHX (2 x 1GB, DDR2 800)
    Graphics card(s)
    EVGA 256-P2-N758-TR GeForce 8600GT SSC
    Sound Card
    Onboard
    Monitor(s) Displays
    ViewSonic G90FB Black 19" Professional (CRT)
    Screen Resolution
    up to 2048 x 1536
    Hard Drives
    WD 36GB 10,000rpm Raptor SATA
    Seagate 80GB 7200rpm SATA
    Lite-On LTR-52246S CD/RW
    Lite-On LH-18A1P CD/DVD Burner
    PSU
    PC Power & Cooling Silencer 750 Quad EPS12V
    Case
    Generic Beige case, 80mm fans
    Cooling
    ZALMAN 9500A 92mm CPU Cooler
    Keyboard
    Logitech Classic Keybooard 200
    Mouse
    Logitech Optical M-BT96a
    Internet Speed
    300/300
    Browser
    Firefox 3.x ??
    Antivirus
    Symantec (Norton)
    Other Info
    Still assembled, still runs. Haven't turned it on for 15 years?
jumanji said:
Yesterday when I was using my Beelink Sei12 MiniPC running Windows 11 Pro, there was suddenly an update message requiring me to Restart the PC. I was surprised since I had paused updates for five weeks. Anyway I restarted my PC and then looked into the Windows Update History to find out what update was installed. It said "Secure Boot Allowed Key Exchange Key (KEK) update". Does it mean the new keys have been installed? Has any one else got this update? (I have not yet got this update on my Dell Inspiron 3280, running Windows 11 Home.)

View attachment 161757
Click to expand...
Beelink (or the BIOS licensed by Beelink) has co-operated with MS and signed the KEK CA 2023 cert using their Platform Key. So Windows could now live install the KEK CA 2023 cert that's appropriate for your BIOS.

Installing an UEFI cert can be done from live Windows, but requires a restart for the KEK key to take effect. So you're good to go, on the CA 2023 update process. If you haven't done anything yourself, this system now has everything that's required for Windows to finish the task later this year.
 

My Computer

System One

  • OS
    Windows 7
I also received this update on two of my PCs. However, Event Viewer still shows event 1801... Updated certs are available but have not yet been applied.
 

My Computer

System One

  • OS
    Windows 11
    Computer type
    PC/Desktop
rick99 said:
I also received this update on two of my PCs. However, Event Viewer still shows event 1801... Updated certs are available but have not yet been applied.
Click to expand...
Have the same problem on an
ASUS TUF Gaming A15 FA506IV_FA506IV

secure boot is activated
 

My Computer

System One

  • OS
    Windows 11
    Computer type
    Laptop
    Manufacturer/Model
    Asus TUF A15
    CPU
    4800H
    Memory
    16GB
    Graphics Card(s)
    GeForce RTX 2060
    Screen Resolution
    1920x1080
    Browser
    Microsoft Edge
    Antivirus
    AVG free edition
After getting the KEK 2023 update last week, I used to get Event 1808:

This device has updated Secure Boot CA/keys. This device signature information is included here.
DeviceAttributes: BaseBoardManufacturer:ASUSTeK COMPUTER INC.;FirmwareManufacturer:American Megatrends Inc.;FirmwareVersion:3004;OEMModelNumber:System Product Name;OEMModelBaseBoard:TUF Z370-PLUS GAMING;OEMModelSystemFamily:To be filled by O.E.M.;OEMManufacturerName:System manufacturer;OEMModelSKU:SKU;OSArchitecture:amd64;
BucketId: 636bf0e73554d99b6b78301444f59a42726b3ab96d4d6788a4e3d20ee3212b49
BucketConfidenceLevel:
UpdateType: Windows UEFI CA 2023 (DB), Option ROM CA 2023 (DB), 3P UEFI CA 2023 (DB), KEK 2023, Boot Manager (2023)
For more information, please see https://go.microsoft.com/fwlink/?linkid=2301018.

And, after today's Windows Cum update, I still get the same Event 1808, except the BucketConfidenceLevel has changed to:

BucketConfidenceLevel: Under Observation - More Data Needed

This is an informational event that indicates that the device has the required new Secure Boot certificates applied to the device’s firmware. This event will be logged when all needed certificates have been applied to the firmware, and the boot manager has been updated to the boot manager signed by the “Windows UEFI CA 2023” certificate.
( Secure Boot DB and DBX variable update events - Microsoft Support )
 

My Computer

System One

  • OS
    Win 11 25H2
    Computer type
    PC/Desktop
    Manufacturer/Model
    custom
    CPU
    intel i7-8700
    Motherboard
    Asus Z370 TUF Gaming
    Memory
    32Gb
    Graphics Card(s)
    Intel iGPU
    Sound Card
    Realtek
    Hard Drives
    Samsung
    PSU
    Corsair
    Cooling
    Fans
Bucket Confidence is MS's attempt at predicting whether your PC will have the CA 2023 certs successfully applied.

They aggregate data from similar model PC's (same motherboard, same BIOS) that have opted-in on Secure Boot telemetry, checking if the pushed cert update worked or failed for them. Based on the averaged results for everyone in the same bucket, they can predict whether another identical PC will succeed or fail.

For the more popular PC models, MS can quickly collect enough opt-in results to get a high or low confidence.

Right now, enterprises can use this confidence level to change their Secure Boot update policies to allow the updates to run right away. If there's a low confidence (high failure rate), they can block the updates until the OEM works it out the problem with MS.

Windows will report the Bucket Confidence in your event logs, even if you're not in an enterprise, because everyone gets them. It's just an FYI. If you've already updated your Secure Boot certs, then you can ignore BucketConfidenceLevel messages.

In reality, the biggest predictor of whether the Secure Boot update will work is your UEFI's Platform Key. If the PK has been submitted to MS's Secure Boot GitHub list, there's a high probability that Windows can update your PC without any errors or outside help.
 

My Computer

System One

  • OS
    Windows 7
You must log in or register to reply here.

Similar threads

Secure boot violation after deleted the secure boot keys
Replies
10
Views
2K
Winback
W
OEM's and their Secure Boot Keys (2023) BIOS Update Policy
2 3
Replies
45
Views
6K
Akeo
Akeo
Update "Secure Boot Allowed Key Exchange Key (KEK)" - Causing Problems
Replies
10
Views
8K
garlin
G
Solved Windows Secure Boot certificates expiring in 2026
Replies
13
Views
767
jdUnionngarden
jdUnionngarden
Strange things happening with updated Secure Boot certificates and files
2
Replies
36
Views
2K
suatcini54
suatcini54

Latest Support Threads

Latest Tutorials

Back
Top Bottom