Solved Successful manual update of Secure Boot on Dell XPS8930 with older BIOS that will never update.

so actually my secure boot setting is disabled and to be able to append thee keys i need it to be enabled. Then I append the keys. When I save it will immediately boot and im not sure if multiple attempts to fix the missing or old keys would cause a catastrophic failure that might require a windows reinstall.

You never have to re-install Windows, if you're only updating the Secure Boot certs. Depending on which signed version of the boot manager you have present on the EFI volume, it may or may not pass Secure Boot authorization.

Which means you temporarily disable Secure Boot mode until you figure out the problem or get the right combination of certs. There's several CA 2023 certs, but the most important one is KEK CA 2023 which undersigns all of the other CA 2023 certs.

The OP in this thread indicated manual key enrollment was possible. Once KEK CA 2023 is onboard, then you have can have the upgrade script install the remaining certs. Focus on that problem (KEK CA 2023 added to the KEK variable).