Solved Update Secure Boot Keys (BIOS Update)


My Computers

System One System Two

  • OS
    Win 11 Pro 25H2, Build 26200.8524
    Computer type
    PC/Desktop
    Manufacturer/Model
    Home Brew
    CPU
    Intel Core i5 14500
    Motherboard
    Gigabyte B760M G P WIFI
    Memory
    64GB DDR4
    Graphics Card(s)
    GeForce RTX 4060
    Sound Card
    Chipset Realtek
    Monitor(s) Displays
    LG 45" Ultragear, Acer 24" 1080p
    Screen Resolution
    5120x1440, 1920x1080
    Hard Drives
    Crucial P310 2TB 2280 PCIe Gen4 3D NAND NVMe M.2 SSD (O/S)
    Silicon Power 2TB US75 NVMe PCIe Gen4 M.2 2280 SSD (backup)
    Crucial BX500 2TB 3D NAND (2nd backup)
    Seagate 4TB Ironwolf, rotating HDD archive files
    External off-line backup Drives: 2 NVMe 4TB drives in external enclosures
    PSU
    Thermaltake Toughpower GF3 750W
    Case
    LIAN LI LANCOOL 216 E-ATX PC Case
    Cooling
    Lots of fans!
    Keyboard
    Microsoft Comfort Curve 2000
    Mouse
    Logitech G305
    Internet Speed
    Verizon FiOS 1GB
    Browser
    Firefox
    Antivirus
    Malware Bytes & Windows Defender Security
  • Operating System
    Win 11 Pro 25H2, Build 26200.8524
    Computer type
    PC/Desktop
    Manufacturer/Model
    Home Brew
    CPU
    Intel Core i5 14400
    Motherboard
    Gigabyte B760M DS3H AX
    Memory
    32GB DDR5
    Graphics card(s)
    Intel 700 Embedded GPU
    Sound Card
    Realtek Embedded
    Monitor(s) Displays
    27" HP 1080p
    Screen Resolution
    1920x1080
    Hard Drives
    Crucial P310 2TB 2280 PCIe Gen4 eD NAND PCIe SSD
    Samsung EVO 990 2TB NVMe Gen4 SSD
    Samsung 2TB SATA SSD
    PSU
    Thermaltake Smart BM3 650W
    Case
    Okinos Micro ATX Case
    Cooling
    Fans
    Keyboard
    Microsoft Comfort Curve 2000
    Mouse
    Logitech G305
    Internet Speed
    Verizon FiOS 1GB
    Browser
    Firefox
    Antivirus
    Malware Bytes & Windows Defender Security

My Computers

System One System Two

  • OS
    Windows 11 Pro 25H2 Build 26200.8524
    Computer type
    PC/Desktop
    Manufacturer/Model
    Sin-built 2013
    CPU
    Intel(R) Core(TM) i7-4770K CPU @ 3.50GHz
    Motherboard
    ASUS ROG Maximus VI Formula
    Memory
    32.0 GB of I forget and the box is in storage.
    Graphics Card(s)
    Gigabyte nVidia GeForce GTX 1660 Super OC 6GB
    Sound Card
    Onboard thingy
    Monitor(s) Displays
    5 x LG 25MS500-B - 1 x 24MK430H-B - 1 x Wacom Pro 22" Touch Screen Tablet
    Screen Resolution
    All over the place
    Hard Drives
    Too many to list.
    OS on Samsung 1TB 870 QVO SATA
    PSU
    Silverstone 1500
    Case
    NZXT Phantom 820 Full-Tower Case
    Cooling
    Noctua NH-D15 Elite Class Dual Tower CPU Cooler / 6 x EziDIY 120mm / 2 x Corsair 140mm somethings / 1 x 140mm Thermaltake something / 2 x 200mm Corsair.
    Keyboard
    Corsair K95 / Logitech diNovo Edge Wireless
    Mouse
    Logitech: G402 / G502 / Mx Masters / Mx Air Cordless
    Internet Speed
    2000/500Mbps
    Browser
    All sorts
    Antivirus
    Kaspersky Premium
    Other Info
    ㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤ⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
    TP-Link BE9300 WiFi 7 Bluetooth 5.4 (Archer TBE550E)
    TP-Link TX201 V1 2.5GB Lan

    Grandstream HT812 - VoIP
    ASUS DSL-AX82U - Mesh
    ASUS RT-AC68U - Mesh
    ASUS RT-BE88U Router

    Brother MFC-L2880DW Printer

    I’m on a horse.
  • Operating System
    Windows 11 Pro 25H2 Build 26200.8524
    Computer type
    Laptop
    Manufacturer/Model
    LENOVO Yoga 7 14IRL8 - 7i EVO OLED 14" Touchscreen i5 12 Core 16GB/512GB
    CPU
    Intel Core 12th Gen i5-1240P Processor (1.7 - 4.4GHz)
    Memory
    16GB LPDDR5 RAM
    Graphics card(s)
    Intel Iris Xe Graphics Processor
    Sound Card
    Optimized with Dolby Atmos®
    Screen Resolution
    QHD 2880 x 1800 OLED
    Hard Drives
    M.2 512GB
    Antivirus
    Defender / Malwarebytes
    Other Info
    …still on a horse.
Sheikh said:
No, they are the same. After updating your bios, you can verify new secure boot keys installation with this command in powershell(admin):

Powershell: 
[System.Text.Encoding]::ASCII.GetString((Get-SecureBootUEFI db).bytes) -match ‘Windows UEFI CA 2023’

If it says "true" then you can make sure everything's working fine with the latest updates.
Click to expand...
This is an FYI for others that want to run your script and try to use copy and paste. I used copy and paste to run your command in PowerShell and it wouldn't run. I forgot that when using copy and paste the( ' ) gets left out. Once I entered the two ' the script ran and I got a true on my old PowerSpec G156 desktop. I'll check my other computers later. Copy and paste does work in PowerShell ISE.
 

My Computers

System One System Two

  • OS
    Windows 11 Pro 25H2
    Computer type
    PC/Desktop
    Manufacturer/Model
    PowerSpec B746
    CPU
    Intel Core i7-10700K
    Motherboard
    ASRock Z490 Phantom Gaming 4/ax
    Memory
    16GB (8GB PC4-19200 DDR4 SDRAM x2)
    Graphics Card(s)
    NVIDIA GeForce GTX 1050 TI
    Sound Card
    Realtek Audio
    Monitor(s) Displays
    #1. LG ULTRAWIDE 34" #2. AOC Q32G2WG3 32"
    Screen Resolution
    #1. 3440 X 1440 #2. 1920 x 1080
    Hard Drives
    NVMe WDC WDS100T2B0C-00PXH0 1TB
    Samsung SSD 860 EVO 1TB
    PSU
    750 Watts (62.5A)
    Case
    PowerSpec/Lian Li ATX 205
    Keyboard
    Logitech K270
    Mouse
    Logitech M185
    Browser
    Microsoft Edge and Firefox
    Antivirus
    Webroot SecureAnywhere CE 26.1
  • Operating System
    Windows 11 Canary Channel
    Computer type
    PC/Desktop
    Manufacturer/Model
    PowerSpec G156
    CPU
    Intel Core i5-8400 CPU @ 2.80GHz
    Motherboard
    AsusTeK Prime B360M-A
    Memory
    16 MB DDR 4-2666
    Monitor(s) Displays
    23" Speptre HDMI 75Hz
    Screen Resolution
    1920x1080
    Hard Drives
    Samsung 970 EVO 500GB NVMe
    Keyboard
    Logitek K270
    Mouse
    Logitek M185
    Browser
    Firefox, Edge and Edge Canary
    Antivirus
    Windows Defender
Sheikh said:
No, they are the same. After updating your bios, you can verify new secure boot keys installation with this command in powershell(admin):

Powershell: 
[System.Text.Encoding]::ASCII.GetString((Get-SecureBootUEFI db).bytes) -match ‘Windows UEFI CA 2023’

If it says "true" then you can make sure everything's working fine with the latest updates.
Click to expand...


Powershell: 
PS C:\Users\essen> [System.Text.Encoding]::ASCII.GetString((Get-SecureBootUEFI db).bytes) -match ‘Windows UEFI CA 2023’
True

🙏 🙏 🙏 🙏 🙏 🙏
 

My Computers

System One System Two

  • OS
    Windows 11 Pro 25H2 Build 26200.8524
    Computer type
    PC/Desktop
    Manufacturer/Model
    Sin-built 2013
    CPU
    Intel(R) Core(TM) i7-4770K CPU @ 3.50GHz
    Motherboard
    ASUS ROG Maximus VI Formula
    Memory
    32.0 GB of I forget and the box is in storage.
    Graphics Card(s)
    Gigabyte nVidia GeForce GTX 1660 Super OC 6GB
    Sound Card
    Onboard thingy
    Monitor(s) Displays
    5 x LG 25MS500-B - 1 x 24MK430H-B - 1 x Wacom Pro 22" Touch Screen Tablet
    Screen Resolution
    All over the place
    Hard Drives
    Too many to list.
    OS on Samsung 1TB 870 QVO SATA
    PSU
    Silverstone 1500
    Case
    NZXT Phantom 820 Full-Tower Case
    Cooling
    Noctua NH-D15 Elite Class Dual Tower CPU Cooler / 6 x EziDIY 120mm / 2 x Corsair 140mm somethings / 1 x 140mm Thermaltake something / 2 x 200mm Corsair.
    Keyboard
    Corsair K95 / Logitech diNovo Edge Wireless
    Mouse
    Logitech: G402 / G502 / Mx Masters / Mx Air Cordless
    Internet Speed
    2000/500Mbps
    Browser
    All sorts
    Antivirus
    Kaspersky Premium
    Other Info
    ㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤ⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
    TP-Link BE9300 WiFi 7 Bluetooth 5.4 (Archer TBE550E)
    TP-Link TX201 V1 2.5GB Lan

    Grandstream HT812 - VoIP
    ASUS DSL-AX82U - Mesh
    ASUS RT-AC68U - Mesh
    ASUS RT-BE88U Router

    Brother MFC-L2880DW Printer

    I’m on a horse.
  • Operating System
    Windows 11 Pro 25H2 Build 26200.8524
    Computer type
    Laptop
    Manufacturer/Model
    LENOVO Yoga 7 14IRL8 - 7i EVO OLED 14" Touchscreen i5 12 Core 16GB/512GB
    CPU
    Intel Core 12th Gen i5-1240P Processor (1.7 - 4.4GHz)
    Memory
    16GB LPDDR5 RAM
    Graphics card(s)
    Intel Iris Xe Graphics Processor
    Sound Card
    Optimized with Dolby Atmos®
    Screen Resolution
    QHD 2880 x 1800 OLED
    Hard Drives
    M.2 512GB
    Antivirus
    Defender / Malwarebytes
    Other Info
    …still on a horse.
Winuser said:
This is an FYI for others that want to run your script and try to use copy and paste. I used copy and paste to run your command in PowerShell and it wouldn't run. I forgot that when using copy and paste the( ' ) gets left out. Once I entered the two ' the script ran and I got a true on my old PowerSpec G156 desktop. I'll check my other computers later. Copy and paste does work in PowerShell ISE.
Click to expand...
It’s better to run this script instead of copy and paste because it restarts twice and creates some temp files which are necessary to be deleted when it finished the job
 

My Computers

System One System Two

  • OS
    Windows 11 Pro 25H2
    Computer type
    Laptop
    Manufacturer/Model
    Huawei MateBook D15
    CPU
    Ryzen 5 3500U
    Memory
    8GB
    Graphics Card(s)
    Vega 8
    Screen Resolution
    FHD
    Hard Drives
    256GB Samsung SSD + 1TB HDD
    Browser
    Microsoft Edge
    Antivirus
    ESET Smart Security Premium
  • Operating System
    Windows 10 Enterprise LTSC 21H2
    Computer type
    Laptop
    Manufacturer/Model
    MSI GS73 6RF Stealth Pro
    CPU
    intel core i7 6700HQ
    Memory
    16GB
    Graphics card(s)
    Nvidia Geforce GTX1060 (6GB)
    Screen Resolution
    FHD
    Hard Drives
    128GB SSD + 1TB HDD
    Browser
    Microsoft Edge
    Antivirus
    Windows Defender
Sheikh said:
It’s better to run this script instead of copy and paste because it restarts twice and creates some temp files which are necessary to be deleted when it finished the job
Click to expand...
I tried it both ways and got the same results. When I hit the enter key it comes up as being True. There is no restart. Where do I look for the Temp files?
 

My Computers

System One System Two

  • OS
    Windows 11 Pro 25H2
    Computer type
    PC/Desktop
    Manufacturer/Model
    PowerSpec B746
    CPU
    Intel Core i7-10700K
    Motherboard
    ASRock Z490 Phantom Gaming 4/ax
    Memory
    16GB (8GB PC4-19200 DDR4 SDRAM x2)
    Graphics Card(s)
    NVIDIA GeForce GTX 1050 TI
    Sound Card
    Realtek Audio
    Monitor(s) Displays
    #1. LG ULTRAWIDE 34" #2. AOC Q32G2WG3 32"
    Screen Resolution
    #1. 3440 X 1440 #2. 1920 x 1080
    Hard Drives
    NVMe WDC WDS100T2B0C-00PXH0 1TB
    Samsung SSD 860 EVO 1TB
    PSU
    750 Watts (62.5A)
    Case
    PowerSpec/Lian Li ATX 205
    Keyboard
    Logitech K270
    Mouse
    Logitech M185
    Browser
    Microsoft Edge and Firefox
    Antivirus
    Webroot SecureAnywhere CE 26.1
  • Operating System
    Windows 11 Canary Channel
    Computer type
    PC/Desktop
    Manufacturer/Model
    PowerSpec G156
    CPU
    Intel Core i5-8400 CPU @ 2.80GHz
    Motherboard
    AsusTeK Prime B360M-A
    Memory
    16 MB DDR 4-2666
    Monitor(s) Displays
    23" Speptre HDMI 75Hz
    Screen Resolution
    1920x1080
    Hard Drives
    Samsung 970 EVO 500GB NVMe
    Keyboard
    Logitek K270
    Mouse
    Logitek M185
    Browser
    Firefox, Edge and Edge Canary
    Antivirus
    Windows Defender
Winuser said:
I tried it both ways and got the same results. When I hit the enter key it comes up as being True. There is no restart. Where do I look for the Temp files?
Click to expand...
Batch: 
DEL "%TEMP%\CurrentSBKU.txt" /S /F /Q
DEL "%TEMP%\OutputSBKU.txt" /S /F /Q
 

My Computers

System One System Two

  • OS
    Windows 11 Pro 25H2
    Computer type
    Laptop
    Manufacturer/Model
    Huawei MateBook D15
    CPU
    Ryzen 5 3500U
    Memory
    8GB
    Graphics Card(s)
    Vega 8
    Screen Resolution
    FHD
    Hard Drives
    256GB Samsung SSD + 1TB HDD
    Browser
    Microsoft Edge
    Antivirus
    ESET Smart Security Premium
  • Operating System
    Windows 10 Enterprise LTSC 21H2
    Computer type
    Laptop
    Manufacturer/Model
    MSI GS73 6RF Stealth Pro
    CPU
    intel core i7 6700HQ
    Memory
    16GB
    Graphics card(s)
    Nvidia Geforce GTX1060 (6GB)
    Screen Resolution
    FHD
    Hard Drives
    128GB SSD + 1TB HDD
    Browser
    Microsoft Edge
    Antivirus
    Windows Defender
@Sheikh, I'm now on my newer PowerSpec B746 desktop and ran your script and this computer also came up true so I guess both of my desktops are good to go.
 

My Computers

System One System Two

  • OS
    Windows 11 Pro 25H2
    Computer type
    PC/Desktop
    Manufacturer/Model
    PowerSpec B746
    CPU
    Intel Core i7-10700K
    Motherboard
    ASRock Z490 Phantom Gaming 4/ax
    Memory
    16GB (8GB PC4-19200 DDR4 SDRAM x2)
    Graphics Card(s)
    NVIDIA GeForce GTX 1050 TI
    Sound Card
    Realtek Audio
    Monitor(s) Displays
    #1. LG ULTRAWIDE 34" #2. AOC Q32G2WG3 32"
    Screen Resolution
    #1. 3440 X 1440 #2. 1920 x 1080
    Hard Drives
    NVMe WDC WDS100T2B0C-00PXH0 1TB
    Samsung SSD 860 EVO 1TB
    PSU
    750 Watts (62.5A)
    Case
    PowerSpec/Lian Li ATX 205
    Keyboard
    Logitech K270
    Mouse
    Logitech M185
    Browser
    Microsoft Edge and Firefox
    Antivirus
    Webroot SecureAnywhere CE 26.1
  • Operating System
    Windows 11 Canary Channel
    Computer type
    PC/Desktop
    Manufacturer/Model
    PowerSpec G156
    CPU
    Intel Core i5-8400 CPU @ 2.80GHz
    Motherboard
    AsusTeK Prime B360M-A
    Memory
    16 MB DDR 4-2666
    Monitor(s) Displays
    23" Speptre HDMI 75Hz
    Screen Resolution
    1920x1080
    Hard Drives
    Samsung 970 EVO 500GB NVMe
    Keyboard
    Logitek K270
    Mouse
    Logitek M185
    Browser
    Firefox, Edge and Edge Canary
    Antivirus
    Windows Defender
Winuser said:
@Sheikh, I'm now on my newer PowerSpec B746 desktop and ran your script and this computer also came up true so I guess both of my desktops are good to go.
Click to expand...
Yeah, buddy! Enjoy ’em.
 

My Computers

System One System Two

  • OS
    Windows 11 Pro 25H2
    Computer type
    Laptop
    Manufacturer/Model
    Huawei MateBook D15
    CPU
    Ryzen 5 3500U
    Memory
    8GB
    Graphics Card(s)
    Vega 8
    Screen Resolution
    FHD
    Hard Drives
    256GB Samsung SSD + 1TB HDD
    Browser
    Microsoft Edge
    Antivirus
    ESET Smart Security Premium
  • Operating System
    Windows 10 Enterprise LTSC 21H2
    Computer type
    Laptop
    Manufacturer/Model
    MSI GS73 6RF Stealth Pro
    CPU
    intel core i7 6700HQ
    Memory
    16GB
    Graphics card(s)
    Nvidia Geforce GTX1060 (6GB)
    Screen Resolution
    FHD
    Hard Drives
    128GB SSD + 1TB HDD
    Browser
    Microsoft Edge
    Antivirus
    Windows Defender
One thing I don't see is how to invalidate the old 2011 certificate. I just want to make sure that Windows is using the 2023 certificate before I do that! :LOL:
 

My Computers

System One System Two

  • OS
    Win 11 Pro 25H2, Build 26200.8524
    Computer type
    PC/Desktop
    Manufacturer/Model
    Home Brew
    CPU
    Intel Core i5 14500
    Motherboard
    Gigabyte B760M G P WIFI
    Memory
    64GB DDR4
    Graphics Card(s)
    GeForce RTX 4060
    Sound Card
    Chipset Realtek
    Monitor(s) Displays
    LG 45" Ultragear, Acer 24" 1080p
    Screen Resolution
    5120x1440, 1920x1080
    Hard Drives
    Crucial P310 2TB 2280 PCIe Gen4 3D NAND NVMe M.2 SSD (O/S)
    Silicon Power 2TB US75 NVMe PCIe Gen4 M.2 2280 SSD (backup)
    Crucial BX500 2TB 3D NAND (2nd backup)
    Seagate 4TB Ironwolf, rotating HDD archive files
    External off-line backup Drives: 2 NVMe 4TB drives in external enclosures
    PSU
    Thermaltake Toughpower GF3 750W
    Case
    LIAN LI LANCOOL 216 E-ATX PC Case
    Cooling
    Lots of fans!
    Keyboard
    Microsoft Comfort Curve 2000
    Mouse
    Logitech G305
    Internet Speed
    Verizon FiOS 1GB
    Browser
    Firefox
    Antivirus
    Malware Bytes & Windows Defender Security
  • Operating System
    Win 11 Pro 25H2, Build 26200.8524
    Computer type
    PC/Desktop
    Manufacturer/Model
    Home Brew
    CPU
    Intel Core i5 14400
    Motherboard
    Gigabyte B760M DS3H AX
    Memory
    32GB DDR5
    Graphics card(s)
    Intel 700 Embedded GPU
    Sound Card
    Realtek Embedded
    Monitor(s) Displays
    27" HP 1080p
    Screen Resolution
    1920x1080
    Hard Drives
    Crucial P310 2TB 2280 PCIe Gen4 eD NAND PCIe SSD
    Samsung EVO 990 2TB NVMe Gen4 SSD
    Samsung 2TB SATA SSD
    PSU
    Thermaltake Smart BM3 650W
    Case
    Okinos Micro ATX Case
    Cooling
    Fans
    Keyboard
    Microsoft Comfort Curve 2000
    Mouse
    Logitech G305
    Internet Speed
    Verizon FiOS 1GB
    Browser
    Firefox
    Antivirus
    Malware Bytes & Windows Defender Security
I just have one little question : Do you think that Microsoft will not do anything and millions of PCs will stop working or this issue will be addressed in one the updates before the due date ?
 

My Computer

System One

  • OS
    Windows
    Computer type
    Laptop
    Manufacturer/Model
    Lenovo Legion 7i
    CPU
    Intel i7-12800HX
    Memory
    32 GB DDR5 4800 MHz dual-channel
    Graphics Card(s)
    NVIDIA® GeForce RTX™ 3070 Ti
    Sound Card
    Steinberg UR44
    Hard Drives
    1 TB SSD (M.2 NVMe PCIe 4.0 x4
    2 TB SSD Samsung 980 PRO NNMe
    Browser
    Firefox
    Antivirus
    Windows Defender + Malwarebytes

My Computers

System One System Two

  • OS
    Windows 11 Pro 25H2 Build 26200.8524
    Computer type
    PC/Desktop
    Manufacturer/Model
    Sin-built 2013
    CPU
    Intel(R) Core(TM) i7-4770K CPU @ 3.50GHz
    Motherboard
    ASUS ROG Maximus VI Formula
    Memory
    32.0 GB of I forget and the box is in storage.
    Graphics Card(s)
    Gigabyte nVidia GeForce GTX 1660 Super OC 6GB
    Sound Card
    Onboard thingy
    Monitor(s) Displays
    5 x LG 25MS500-B - 1 x 24MK430H-B - 1 x Wacom Pro 22" Touch Screen Tablet
    Screen Resolution
    All over the place
    Hard Drives
    Too many to list.
    OS on Samsung 1TB 870 QVO SATA
    PSU
    Silverstone 1500
    Case
    NZXT Phantom 820 Full-Tower Case
    Cooling
    Noctua NH-D15 Elite Class Dual Tower CPU Cooler / 6 x EziDIY 120mm / 2 x Corsair 140mm somethings / 1 x 140mm Thermaltake something / 2 x 200mm Corsair.
    Keyboard
    Corsair K95 / Logitech diNovo Edge Wireless
    Mouse
    Logitech: G402 / G502 / Mx Masters / Mx Air Cordless
    Internet Speed
    2000/500Mbps
    Browser
    All sorts
    Antivirus
    Kaspersky Premium
    Other Info
    ㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤ⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
    TP-Link BE9300 WiFi 7 Bluetooth 5.4 (Archer TBE550E)
    TP-Link TX201 V1 2.5GB Lan

    Grandstream HT812 - VoIP
    ASUS DSL-AX82U - Mesh
    ASUS RT-AC68U - Mesh
    ASUS RT-BE88U Router

    Brother MFC-L2880DW Printer

    I’m on a horse.
  • Operating System
    Windows 11 Pro 25H2 Build 26200.8524
    Computer type
    Laptop
    Manufacturer/Model
    LENOVO Yoga 7 14IRL8 - 7i EVO OLED 14" Touchscreen i5 12 Core 16GB/512GB
    CPU
    Intel Core 12th Gen i5-1240P Processor (1.7 - 4.4GHz)
    Memory
    16GB LPDDR5 RAM
    Graphics card(s)
    Intel Iris Xe Graphics Processor
    Sound Card
    Optimized with Dolby Atmos®
    Screen Resolution
    QHD 2880 x 1800 OLED
    Hard Drives
    M.2 512GB
    Antivirus
    Defender / Malwarebytes
    Other Info
    …still on a horse.
Brilliant! Good job, @Sheikh. If I may, I have 2 suggestions:

1) Rather than simply show the user the BitLocker key, you could simply suspend BitLocker for 2 boots in your batch file. That way, it will cause no request for the key.

To do so, run this powershell command early in your batch file (before making the changes):

Suspend-BitLocker -MountPoint "C:" -RebootCount 2

EDIT: Ignore the below comment. I just tested it and powershell doesn't give a hoot about those being Smart Quotes. Maybe that's just a batch file thing.

2) In post number 2 of this thread, the powershell command you show uses single quote marks that are "smart quotes". If I am not mistaken, the powershell command won't like that. Those should be straight quotes rather than Smart quotes. This usually happens in programs such as Word that automatically substitute straight quotes with smart quotes. It's the first thing I turn off when I install Microsoft 365 anywhere :-).
 

My Computers

System One System Two

  • OS
    Win11 Pro 25H2 (RTM+)
    Computer type
    PC/Desktop
    Manufacturer/Model
    Acemagic
    CPU
    Intel i7-14650HX
    Memory
    32 GB
    Graphics Card(s)
    No GPU - Built-in Intel Graphics
    Sound Card
    Integrated
    Monitor(s) Displays
    Varies as machine will often be moved to locations with different monitors
    Screen Resolution
    Varies
    Hard Drives
    1 x 1TB Gen 4 NVMe SSD
    PSU
    120W Power Brick
    Keyboard
    Corsair K70 Max RGB Magnetic Keyboard
    Mouse
    Logitech MX Master 3
    Internet Speed
    1Gb Up / 1 Gb Down
    Browser
    Edge
    Antivirus
    Windows Defender
  • Operating System
    Win11 Pro 25H2 (RTM+)
    Computer type
    Laptop
    Manufacturer/Model
    Lenovo ThinkBook 13x Gen 2
    CPU
    Intel i7-1255U
    Memory
    16 GB
    Graphics card(s)
    Intel Iris Xe Graphics
    Sound Card
    Realtek® ALC3306-CG codec
    Monitor(s) Displays
    13.3-inch IPS Display
    Screen Resolution
    WQXGA (2560 x 1600)
    Hard Drives
    2 TB 4 x 4 NVMe SSD
    PSU
    USB-C / Thunderbolt 4 Power / Charging
    Keyboard
    Backlit, spill resistant keyboard
    Mouse
    Buttonless Glass Precision Touchpad
    Internet Speed
    1Gb Up / 1Gb Down
    Browser
    Edge
    Antivirus
    Windows Defender
    Other Info
    WiFi 6e / Bluetooth 5.1 / Facial Recognition / Fingerprint Sensor / ToF (Time of Flight) Human Presence Sensor
hsehestedt said:
To do so, run this powershell command early in your batch file (before making the changes):
Click to expand...
Alright I will add this command to make sure bitlocker is suspended during the update. Thank you.

Is there anyway to open bitlocker backup page so users can backup their bitlocker key easier? I think many users can’t find backup option.

I’m afraid of loosing those keys after an update.
 

My Computers

System One System Two

  • OS
    Windows 11 Pro 25H2
    Computer type
    Laptop
    Manufacturer/Model
    Huawei MateBook D15
    CPU
    Ryzen 5 3500U
    Memory
    8GB
    Graphics Card(s)
    Vega 8
    Screen Resolution
    FHD
    Hard Drives
    256GB Samsung SSD + 1TB HDD
    Browser
    Microsoft Edge
    Antivirus
    ESET Smart Security Premium
  • Operating System
    Windows 10 Enterprise LTSC 21H2
    Computer type
    Laptop
    Manufacturer/Model
    MSI GS73 6RF Stealth Pro
    CPU
    intel core i7 6700HQ
    Memory
    16GB
    Graphics card(s)
    Nvidia Geforce GTX1060 (6GB)
    Screen Resolution
    FHD
    Hard Drives
    128GB SSD + 1TB HDD
    Browser
    Microsoft Edge
    Antivirus
    Windows Defender
Sheikh said:
Alright I will add this command to make sure bitlocker is suspended during the update. Thank you.

Is there anyway to open bitlocker backup page so users can backup their bitlocker key easier? I think many users can’t find backup option.

I’m afraid of loosing those keys after an update.
Click to expand...

Sorry, I may be simply being a little bit slow here. It is 6:30 AM here and my last dose of caffeine was almost 24 hours ago. Are you asking if you can retrieve the Bitlocker recovery key using command line?

If that is not what you are asking, please clarify for me. But assuming that I understood correctly, yes, you can retrieve the key like this:

manage-bde -protectors -get C:

Here is what that looks like (with important bits redacted):

Image1.webp

I hope that helps!
 

My Computers

System One System Two

  • OS
    Win11 Pro 25H2 (RTM+)
    Computer type
    PC/Desktop
    Manufacturer/Model
    Acemagic
    CPU
    Intel i7-14650HX
    Memory
    32 GB
    Graphics Card(s)
    No GPU - Built-in Intel Graphics
    Sound Card
    Integrated
    Monitor(s) Displays
    Varies as machine will often be moved to locations with different monitors
    Screen Resolution
    Varies
    Hard Drives
    1 x 1TB Gen 4 NVMe SSD
    PSU
    120W Power Brick
    Keyboard
    Corsair K70 Max RGB Magnetic Keyboard
    Mouse
    Logitech MX Master 3
    Internet Speed
    1Gb Up / 1 Gb Down
    Browser
    Edge
    Antivirus
    Windows Defender
  • Operating System
    Win11 Pro 25H2 (RTM+)
    Computer type
    Laptop
    Manufacturer/Model
    Lenovo ThinkBook 13x Gen 2
    CPU
    Intel i7-1255U
    Memory
    16 GB
    Graphics card(s)
    Intel Iris Xe Graphics
    Sound Card
    Realtek® ALC3306-CG codec
    Monitor(s) Displays
    13.3-inch IPS Display
    Screen Resolution
    WQXGA (2560 x 1600)
    Hard Drives
    2 TB 4 x 4 NVMe SSD
    PSU
    USB-C / Thunderbolt 4 Power / Charging
    Keyboard
    Backlit, spill resistant keyboard
    Mouse
    Buttonless Glass Precision Touchpad
    Internet Speed
    1Gb Up / 1Gb Down
    Browser
    Edge
    Antivirus
    Windows Defender
    Other Info
    WiFi 6e / Bluetooth 5.1 / Facial Recognition / Fingerprint Sensor / ToF (Time of Flight) Human Presence Sensor
There are a few threads on this topic showing up. I have the Windows UEFI 2023 certificate updated. What about other expiring certificates...specifically KEK and PCA? How do you update those?
 

My Computers

System One System Two

  • OS
    Windows 11
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom
    CPU
    Intel i7-7700K
    Motherboard
    Asus Prime Z-270A
    Memory
    32GB 2666Mhz (Kingston Hyper X Fury)
    Graphics Card(s)
    Asus Nvidia 1050Ti
    Sound Card
    N/A
    Monitor(s) Displays
    Samsung C27F390
    Screen Resolution
    1920 x 1080
    Hard Drives
    1TB Western Digital SN770 (System) and 2TB Western Digital SN770 (Storage)
    Antivirus
    Windows Security
  • Operating System
    Windows 11 Home
    Computer type
    Laptop
    Manufacturer/Model
    Dell/XPS 15 9510
    CPU
    i9-11900H
    Motherboard
    Unknown
    Memory
    32GB
    Graphics card(s)
    Integrated Intel and Nvidia 3050Ti
    Sound Card
    Integrated (Realtek)
    Monitor(s) Displays
    None
    Screen Resolution
    1920 x 1200 (non-Touch)
    Hard Drives
    2TB SK Hynix P41 Platinum
    Antivirus
    Windows Security
Every 2011 certificate should get a 2023 equivalent. The names don't exactly match.

Microsoft Corporation KEK CA 2011Microsoft Corporation KEK 2K CA 2023
Microsoft Corporation UEFI CA 2011Microsoft UEFI CA 2023
Microsoft Windows Production PCA 2011Windows UEFI CA 2023

Your motherboard's vendor should be providing KEK 2023 as part of their BIOS updates.
 

My Computer

System One

  • OS
    Windows 7
thecaretaker said:
I recently updated my Gigabyte Z690 Gaming X BIOS to F31. All working fine. Would I be right in understanding that the updated Secure Boot Keys in the description of the BIOS update means I don't need to update the keys manually before the old ones expire in 2026. Or is that something different?

View attachment 143872
Click to expand...
I updated to this BIOS and was wondering what to do next. I have 2 links.

techcommunity.microsoft.com

Updating Microsoft Secure Boot keys | Windows IT Pro blog

A new Microsoft Windows UEFI CA 2023 will replace the existing Windows Production 2011 CA.
techcommunity.microsoft.com techcommunity.microsoft.com

then this link

How to manage the Windows Boot Manager revocations for Secure Boot changes associated with CVE-2023-24932 - Microsoft Support

support.microsoft.com support.microsoft.com

I haven't run the instructions in link 1 or link 2. I did check to see if I had the 2023 certificates and it said false. I am a bit confused on what to do.

Do I run Sheikh's script? or do I follow instructions in link 1?

I am incredibly confused I only just started reading up on this a week ago.

Thanks,
James.
 

Attachments

  • 1.webp
    1.webp
    20.5 KB · Views: 2
Last edited:

My Computers

System One System Two

  • OS
    Windows 11 Pro
    Computer type
    PC/Desktop
    Manufacturer/Model
    Me
    CPU
    Intel Core i5-12600K 3.7 GHz 10-Core Processor
    Motherboard
    Gigabyte B760M H DDR4 Micro ATX LGA1700 Motherboard
    Memory
    Corsair Vengeance LPX 64 GB (2 x 32 GB) DDR4-3200 CL16 Memory
    Graphics Card(s)
    Integrated Intel UHD Graphics 770
    Sound Card
    Realtek
    Monitor(s) Displays
    LG
    Hard Drives
    Samsung 990 Pro 1 TB M.2-2280 PCIe 4.0 X4 NVME Solid State Drive
    Samsung 990 Pro 2 TB M.2-2280 PCIe 4.0 X4 NVME Solid State Drive
    PSU
    NZXT 850w ATX 3.1 Gold Fully Modular Power Supply
    Case
    Thermaltake Versa H25 ATX Mid Tower Case
    Cooling
    CPU Cooler Thermalright Assassin Spirit 120 EVO ARGB (ARGB Disabled) - Case Fans BlackThermalright TL-C12C-S X3 66.17 CFM 120 mm Fans 3-Pack (ARGB disabled)
    Internet Speed
    1 Gbps
    Other Info
    I hate ARGB.
  • Operating System
    Windows 11 Pro
    Computer type
    Laptop
    Manufacturer/Model
    Lenovo ThinkBook 14 G2 ITL
You must log in or register to reply here.

Similar threads

OEM's and their Secure Boot Keys (2023) BIOS Update Policy
2 3
Replies
45
Views
6K
Akeo
Akeo
Secure boot violation after deleted the secure boot keys
Replies
10
Views
2K
Winback
W
Update "Secure Boot Allowed Key Exchange Key (KEK)" - Causing Problems
Replies
10
Views
8K
garlin
G
Secure Boot Key update
Replies
15
Views
11K
garlin
G
After 2025-10 update, secure boot problems with recovery media built with WinRE?
Replies
14
Views
3K
Ghot
Ghot

Latest Support Threads

Latest Tutorials

Back
Top Bottom