Secure Boot Problem.

acer54 · Sunday at 5:44 AM

In Device security, Secure Boot the following status message is displayed

"Secure Boot is on, but your device does not support the automated Secure Boot certificate update"

What are my options as the OEM (Acer) does not seem interested in addressing the problem with either a Bios or Firmware update?

My computer is an Acer Predator Orion 5000 PO5-600s

I'm hoping their is a work around to update the Secure Boot Certificates.

Try3 · Sunday at 6:15 AM

See these:
garlins PowerShell scripts for updating Secure Boot CA 2023 - ElevenForum
Updating Microsoft Secure Boot keys before expiration in June 2026 - ElevenForum
Secure boot update HowTo - XxXxX thread - ElevenForum

Denis

Welcome to ElevenForum.

It's really worth making time to browse through the ElevenForum Tutorial index - there's a shortcut to it at the top of every ElevenForum page [within the Tutorials dropdown list].
- At the foot of the ElevenForum Tutorial index is a shortcut to download it as a spreadsheet.
- I download a new copy each month.
- By downloading it as a spreadsheet I can benefit from Excel's excellent filtering capabilities when I search for topics of interest.
- ElevenForum tutorials are also listed at Tutorials and there's a shortcut to that at the top of every page.

You can search ElevenForum using the search box in the top-right corner of all ElevenForum webpages or using Advanced Search - ElevenForum
You can also search ElevenForum threads in many general search engines, such as Google, by adding site:elevenforum.com after your search term. For example,
Taskbar setup site:elevenforum.com

acer54 · Sunday at 7:04 AM

I've used these and non of them have worked, the same message in Device Security, Secure Boot.

"Secure Boot is on, but your device does not support the automated Secure Boot certificate update"

Try3 · Sunday at 7:25 AM

I can't help you.

@garlin
@XxXxX
Can you help this OP?

Denis

NormanF · Sunday at 8:08 AM

Its a very rare BIOS that can't be updated. Yours may be one of them. Usually, the script will work and everything will be ready for the new secure boot certificates to begin running when Microsoft is ready to activate them.

garlin · Sunday at 10:40 AM

The last BIOS was in 2020, which means it's unsupported for automatic updates. There's a good chance it can be manually updated.

Can you check the BIOS menus for Secure Boot? Is there support for "KEK manual key enrollment"? You may need to create an Admin or Supervisor password before allowed access.

XxXxX · Sunday at 11:01 AM

@acer54
open a PowerShell as Admin copy and paste this command

[System.Text.Encoding]::ASCII.GetString((Get-SecureBootUEFI db).bytes) -match "Windows UEFI CA 2023"

and post the output from that command please.

then open the Windows registry to this key

Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecureBoot\Servicing

and post the output of that key please.

best of luck Steve ..

garlin · Sunday at 11:19 AM

For automatic updates, there won't be "Windows UEFI CA 2023" unless there's an underlying KEK CA 2023.

That's the blocker for all unsupported PC's. The Secure Boot task proceeds in a specific order (KEK -> DB -> boot manager). It doesn't make sense to skip ahead, unless the user is forcing an arbitrary bitmask for AvailableUpdates.

XxXxX · Sunday at 11:36 AM

garlin said:
For automatic updates, there won't be "Windows UEFI CA 2023" unless there's an underlying KEK CA 2023.

That's the blocker for all unsupported PC's. The Secure Boot task proceeds in a specific order (KEK -> DB -> boot manager). It doesn't make sense to skip ahead, unless the user is forcing an arbitrary bitmask for AvailableUpdates.

its not that, i am trying to find the starting point. as in exactly where @acer54 system is before continuing
by either loading the certs to the data base and trying to update from there or move to 'Mosby's' and setup secure boot that way.
but first i need a starting point ..

best of luck Steve ..

acer54 · Sunday at 1:18 PM

The output from the first Powershell command was "True"
I have attached the registry output that you asked for.

XxXxX · Sunday at 1:33 PM

acer54 said:
The output from the first Powershell command was "True"
I have attached the registry output that you asked for.

the keys are there hence the output 'True'
your output for the reg key is 'In Progress'

everything is set for the system to be updated.

now in the HowTo there is this part B ..
>>> Note the 1st command is in a Administrator 'Command Prompt'
close the command prompt after the command has executed.

>>> then the second command is in a Administrator 'Powershell'
after this has executed close the Powershell and restart the computer.

Part B.
open a CMD Prompt as Admin
then copy and paste this command
thanks to @Scott

1. at the CMD Prompt as Admin
reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Secureboot /v AvailableUpdates /t REG_DWORD /d 0x5944 /f

press enter and now close the CMD Prompt terminal

then open a PowerShell as Admin

2. within the PowerShell
Start-ScheduledTask -TaskName "\Microsoft\Windows\PI\Secure-Boot-Update"

press enter and restart you computer.

after the restart please check the output of the commands in post #7
and post the output please.

best of luck Steve ..

acer54 · Sunday at 2:27 PM

Did Part B as requested:-

The output from the first Powershell command was "True" the same as before.
I have attached the registry output that you asked for.

XxXxX · Sunday at 3:40 PM

acer54 said:
Did Part B as requested:-

The output from the first Powershell command was "True" the same as before.
I have attached the registry output that you asked for.

your system is still In progress which could take several hours/days before the update completes
the system will now auto check ever 12 hours, so just keep an eye on it for the next few days to see if it goes from
'In Progress' to 'Updated'

best of luck Steve ..

acer54 · Sunday at 4:48 PM

XxXxX said:
your system is still In progress which could take several hours/days before the update completes
the system will now auto check ever 12 hours, so just keep an eye on it for the next few days to see if it goes from
'In Progress' to 'Updated'

best of luck Steve ..

Thanks for all your help, fingers crossed it updates correctly in the near future, I'll report back here the eventual outcome.

Reldel · Tuesday at 6:11 AM

acer54 said:
Thanks for all your help, fingers crossed it updates correctly in the near future, I'll report back here the eventual outcome.

I have been watching this thread with interest and while Acer54 hasn't yet posted an anticipated successful outcome, I thought I would share my successful Acer Secure boot outcome.

My wife has a 2022 Acer C24-1700 all in one that was not going to be given a 2023 Cert update from Acer. The computer was getting warnings from Microsoft Security Center that the machine was not eligible for the Secure Cert update.

I checked the Acer support website and found there was a 2025 bios update that had not been installed. I thought perhaps that update might unfreeze the eligibility. I installed it and then waited several days to see if anything changed. It did not.

My next step was to go into the bios and check the Secure Boot settings. The machine was set to Standard Secure Boot option; I believe that was the standard OEM delivery option. I was looking for anything that might have some KEK reference. The alternate setting option was Custom. Indeed, it had a KEK reference within the description. I changed the option to Custom and then was prepared to see if anything changed over time. Within 24 hours the update was installed from Microsoft and now the Secure Boot Certificate is accepted and issue resolved.

I hope this might help others with an unresolved Acer issue.

acer54 · Tuesday at 7:18 AM

Reldel said:
I have been watching this thread with interest and while Acer54 hasn't yet posted an anticipated successful outcome, I thought I would share my successful Acer Secure boot outcome.

My wife has a 2022 Acer C24-1700 all in one that was not going to be given a 2023 Cert update from Acer. The computer was getting warnings from Microsoft Security Center that the machine was not eligible for the Secure Cert update.

I checked the Acer support website and found there was a 2025 bios update that had not been installed. I thought perhaps that update might unfreeze the eligibility. I installed it and then waited several days to see if anything changed. It did not.

My next step was to go into the bios and check the Secure Boot settings. The machine was set to Standard Secure Boot option; I believe that was the standard OEM delivery option. I was looking for anything that might have some KEK reference. The alternate setting option was Custom. Indeed, it had a KEK reference within the description. I changed the option to Custom and then was prepared to see if anything changed over time. Within 24 hours the update was installed from Microsoft and now the Secure Boot Certificate is accepted and issue resolved.

I hope this might help others with an unresolved Acer issue.

I haven't managed to get mine updated yet, I do have the latest Bios installed but it's quite old.
I'll go into the Bios and check the secure boot settings and change them if necessary and then hopefully it will update like yours did.

acer54 · 2026-06-03T11:17:50-0400

Reldel said:
I have been watching this thread with interest and while Acer54 hasn't yet posted an anticipated successful outcome, I thought I would share my successful Acer Secure boot outcome.

My wife has a 2022 Acer C24-1700 all in one that was not going to be given a 2023 Cert update from Acer. The computer was getting warnings from Microsoft Security Center that the machine was not eligible for the Secure Cert update.

I checked the Acer support website and found there was a 2025 bios update that had not been installed. I thought perhaps that update might unfreeze the eligibility. I installed it and then waited several days to see if anything changed. It did not.

My next step was to go into the bios and check the Secure Boot settings. The machine was set to Standard Secure Boot option; I believe that was the standard OEM delivery option. I was looking for anything that might have some KEK reference. The alternate setting option was Custom. Indeed, it had a KEK reference within the description. I changed the option to Custom and then was prepared to see if anything changed over time. Within 24 hours the update was installed from Microsoft and now the Secure Boot Certificate is accepted and issue resolved.

I hope this might help others with an unresolved Acer issue.

Did you change anything else or just change to secure boot custom mode in the Bios?

Reldel · 2026-06-03T11:23:05-0400

acer54 said:
Did you change anything else or just change to secure boot custom mode in the Bios?

No. I didn't change anything else, but as I indicated I did first find a 2025 bios update on the Acer Support site that had never been installed on the system and that install was made at least 24 hours BEFORE messing with the bios. I thought perhaps the updated bios would trigger CERT activity, but it did not.

acer54 · 2026-06-03T12:05:36-0400

I've changed mine to custom mode, I'll leave it like that for a while and see what transpires.

Dirtyflash · 2026-06-03T12:36:56-0400

Reldel said:
I have been watching this thread with interest and while Acer54 hasn't yet posted an anticipated successful outcome, I thought I would share my successful Acer Secure boot outcome.

My wife has a 2022 Acer C24-1700 all in one that was not going to be given a 2023 Cert update from Acer. The computer was getting warnings from Microsoft Security Center that the machine was not eligible for the Secure Cert update.

I checked the Acer support website and found there was a 2025 bios update that had not been installed. I thought perhaps that update might unfreeze the eligibility. I installed it and then waited several days to see if anything changed. It did not.

My next step was to go into the bios and check the Secure Boot settings. The machine was set to Standard Secure Boot option; I believe that was the standard OEM delivery option. I was looking for anything that might have some KEK reference. The alternate setting option was Custom. Indeed, it had a KEK reference within the description. I changed the option to Custom and then was prepared to see if anything changed over time. Within 24 hours the update was installed from Microsoft and now the Secure Boot Certificate is accepted and issue resolved.

I hope this might help others with an unresolved Acer issue.

Did your BIOS Secure Boot settings change when you updated, or was the Custom setting with reference to the KEK something new?

Secure Boot Problem.

Well-known member

My Computer

Well-known member

My Computer

Well-known member

My Computer

Well-known member

My Computer

Well-known member

My Computers

Well-known member

My Computer

Just a Computer User

My Computers

Well-known member

My Computer

Just a Computer User

My Computers

Well-known member

Attachments

My Computer

Just a Computer User

My Computers

Well-known member

Attachments

My Computer

Just a Computer User

My Computers

Well-known member

My Computer

Well-known member

My Computers

Well-known member

My Computer

Well-known member

My Computer

Well-known member

My Computers

Well-known member

My Computer

Well-known member

My Computer

Similar threads