Updating Microsoft Secure Boot keys


  • Staff

 Windows IT Pro Blog:

Microsoft, in collaboration with our ecosystem partners, is preparing to roll out replacement certificates that’ll set new Unified Extensible Firmware Interface (UEFI) Certificate Authorities (CAs) trust anchors in Secure Boot for the future. Look out for Secure Boot database updates rolling out in phases to add trust for the new database (DB) and Key Exchange Key (KEK) certificates. This new DB update is available as an optional servicing update for all Secure Boot enabled devices from February 13, 2024.

What is Secure Boot?​

Secure Boot is a security feature in the UEFI that helps ensure that only trusted software runs during the system’s boot sequence. It works by verifying the digital signature of any software against a set of trusted digital keys stored in the UEFI. As an industry standard, UEFI’s Secure Boot defines how platform firmware manages certificates, authenticates firmware, and how the operating system (OS) interfaces with this process. For more details on UEFI and Secure Boot, please refer to this article.

Secure Boot was first introduced to Windows systems with the Windows 8 release to protect against the emerging pre-boot malware (bootkit) threat at that time. Since then, Secure Boot has continued to be a part of Microsoft's Trusted Boot security architecture. Secure Boot authenticates modules such as UEFI firmware drivers, bootloaders, applications, and option ROMs (Read-Only Memory), which are firmware run by the PC BIOS during platform initialization, before they are all executed. As the final step of the Secure Boot process, the firmware verifies the Windows boot loader is trusted by Secure Boot and then passes control to the boot loader which in turn verifies, loads into memory, and launches Windows. This process coupled with the UEFI firmware signing process helps to ensure that only verified code executes before Windows, preventing attackers from utilizing the boot path as an attack vector. To learn more about how Secure Boot fits in with the overall Windows chip-t-cloud security, please refer to the Windows Security Book RWMyFE.

Trust and authenticity in Secure Boot are built using the Public-Key Infrastructure (PKI). This establishes a certificate management system which utilizes CAs to store digital certificates. These CAs, consisting of Original Equipment Manufacturer (OEM) or their delegates and Microsoft, generate key pairs that form the root of trust of a system.

688x600


Secure Boot “root of trust”: Setting trust anchors for the future​

Secure Boot’s root of trust utilizes a hierarchical system, where the Platform Key (PK) is typically managed by the OEM and used to sign updates to the KEK database. The KEK in turn signs updates to both the Allowed Signature DB and the Forbidden Signature Database (DBX).

The Secure Boot Allowed Signature DB and the DBX are integral to the functionality of Secure Boot. Bootloader modules’ signing authority must be allowlisted by the Secure Boot DB, while the DBX is used for revoking previously trusted boot components. Updates to the DB and DBX must be signed by a KEK in the Secure Boot KEK database.

The configuration of Secure Boot DB and KEK for Windows devices has remained the same since Windows 8. Microsoft requires every OEM to include the same three certificates managed by Microsoft for Windows and in support of the third-party hardware and OS ecosystem. These include the Microsoft Corporation KEK CA 2011 stored in the KEK database, and two certificates stored in the DB called the Microsoft Windows Production PCA 2011, which signs the Windows bootloader, and the Microsoft UEFI CA 2011 (or third-party UEFI CA), which signs third-party OS and hardware driver components.

All three of these Microsoft certificates expire in 2026. So, in collaboration with our ecosystem partners, Microsoft is preparing to roll out replacement certificates that will set new UEFI CA trust anchors for the future. Microsoft will be rolling out Secure Boot database updates in phases to add trust for the new DB and KEK certificates. The first DB update will add the Microsoft Windows UEFI CA 2023 to the system DB. The new Microsoft Windows UEFI CA 2023 will be used to sign Windows boot components prior to the expiration of the Windows Production CA 2011. This DB update will be optional for the February 2024 servicing and preview updates, and can be manually applied to devices. Microsoft will slowly roll out this DB update as we validate devices and firmware compatibility globally. The full DB update’s controlled-rollout process to all Windows customers will begin during the 2024 April servicing and preview updates, ahead of the certificate expiration in 2026. Meanwhile, efforts to update the Microsoft UEFI CA 2011 (aka third-party UEFI CA) and Microsoft Corporation KEK CA 2011 will begin late 2024, and will follow a similar controlled rollout process as this DB update.

While Microsoft has frequently performed DBX updates globally since the inception of Secure Boot, this will be the first DB update performed on such a large scale. We’re actively collaborating with our OEM partners to identify and address bugs in firmware implementation that could result in unbootable systems or render a device unreceptive to the DB update. To ensure a successful rollout, devices with identified issues will be suspended from receiving the update until a fix is released.

Microsoft is taking a very deliberate and cautious approach to rolling out this update. With this DB update, Microsoft will sustain its ability to service all Windows devices’ boot components.

Guidance to manually apply DB update​

The DB update is available on February 13, 2024, along with manual steps to allow customers to test for firmware compatibility, especially for organizations with fleets of devices. If you would like to manually apply the DB update to validate that your system is compatible, please read the following instructions. These actions should be completed with non-critical hardware representing devices in your environment.

Pre-requisite checks​

Before attempting the DB update, please ensure to perform the necessary pre-requisite checks:
  1. If you intend to manually apply this update to a large group of devices, we advise that you begin by rolling out to individual devices with the same firmware and specifications first to minimize the risks in the case of firmware bugs in your devices.
  2. Please verify that your UEFI firmware version is the most recent available version by your firmware vendor or OEM.
  3. For data backup steps, please refer to this guide.
  4. If you use BitLocker or if your enterprise has deployed BitLocker on your machine, ensure to backup BitLocker Keys:

    A) See this portal to ensure your BitLocker keys are backed up before your next reboot for your selfhost device. In the unlikely event that device becomes inoperable after receiving the update, the hard drive can still be unlocked.

    B) If the keys are backed up, the UI should resemble the following:

    698x665


    C) If the keys are not backed up, please open Windows Search to search for “Manage BitLocker” and select Back up your recovery key followed by Save to your Azure AD or MSA account.

    large


    800x624


    800x620
For users that use a local account instead of an Azure Active Directory (AAD) or Microsoft account (MSA), you can print your recovery password, save to a file, and store it in a secure location.

Formal DB update steps​

  1. Apply the February 2024 (or later) security update.
  2. Open a PowerShell console and ensure that PowerShell is running as an administrator before running the following commands:
    1. Set the registry key to:

      Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\SecureBoot" -Name "AvailableUpdates" -Value 0x40
    2. Run the following scheduled task as:

      Start-ScheduledTask -TaskName "\Microsoft\Windows\PI\Secure-Boot-Update"
  3. Reboot the machine twice after running these commands to confirm that the machine is booting with the updated DB.
  4. To verify that the Secure Boot DB update was successful, open a PowerShell console and ensure that PowerShell is running as an administrator before running the following command:

    [System.Text.Encoding]::ASCII.GetString((Get-SecureBootUEFI db).bytes) -match ‘Windows UEFI CA 2023’

    large
If the command returns “True”, the update was successful. In the case of errors while applying the DB update, please refer to the article, KB5016061: Addressing vulnerable and revoked Boot Managers.


 Source:

 

Attachments

  • Windows_Security.png
    Windows_Security.png
    6 KB · Views: 3
Last edited:
Ok...now that I'm on the correct forum... :p

Is this KB5034765 or is it a different update?

Thanks.......
 

My Computer

System One

  • OS
    Windows 11 Pro 23H2 (22631.3155)
    Computer type
    PC/Desktop
    Manufacturer/Model
    Homebuild
    CPU
    AMD Ryzen 2700
    Motherboard
    ASRock B450 m/ac
    Memory
    32gb Crucial DDR4-3200
    Graphics Card(s)
    nVidia GTX 2600 - 6gb
    Sound Card
    Sound BlasterX G6
    Other Info
    QNAP TS-469 Pro NAS

My Computers

System One System Two

  • OS
    Windows 11 Pro for Workstations
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom self build
    CPU
    Intel i7-8700K 5 GHz
    Motherboard
    ASUS ROG Maximus XI Formula Z390
    Memory
    64 GB (4x16GB) G.SKILL TridentZ RGB DDR4 3600 MHz (F4-3600C18D-32GTZR)
    Graphics Card(s)
    ASUS ROG-STRIX-GTX1080TI-O11G-GAMING (11GB GDDR5X)
    Sound Card
    Integrated Digital Audio (S/PDIF)
    Monitor(s) Displays
    2 x Samsung Odyssey G75 27"
    Screen Resolution
    2560x1440
    Hard Drives
    1TB Samsung 990 PRO M.2,
    4TB Samsung 990 PRO M.2,
    8TB WD MyCloudEX2Ultra NAS
    PSU
    Seasonic Prime Titanium 850W
    Case
    Thermaltake Core P3 wall mounted
    Cooling
    Corsair Hydro H115i
    Keyboard
    Logitech wireless K800
    Mouse
    Logitech MX Master 3
    Internet Speed
    1 Gbps Download and 35 Mbps Upload
    Browser
    Google Chrome
    Antivirus
    Microsoft Defender and Malwarebytes Premium
    Other Info
    Logitech Z625 speaker system,
    Logitech BRIO 4K Pro webcam,
    HP Color LaserJet Pro MFP M477fdn,
    APC SMART-UPS RT 1000 XL - SURT1000XLI,
    Galaxy S23 Plus phone
  • Operating System
    Windows 11 Pro
    Computer type
    Laptop
    Manufacturer/Model
    HP Spectre x360 2in1 14-eu0098nr (2024)
    CPU
    Intel Core Ultra 7 155H 4.8 GHz
    Memory
    16 GB LPDDR5x-7467 MHz
    Graphics card(s)
    Integrated Intel Arc
    Sound Card
    Poly Studio
    Monitor(s) Displays
    14" 2.8K OLED multitouch
    Screen Resolution
    2880 x 1800
    Hard Drives
    2 TB PCIe NVMe M.2 SSD
    Internet Speed
    Intel Wi-Fi 7 BE200 (2x2) and Bluetooth 5.4
    Browser
    Chrome and Edge
    Antivirus
    Windows Defender and Malwarebytes Premium
Successfully updated on my 4.5 year old HP Pavilion.
 

My Computer

System One

  • OS
    Windows 11
    Computer type
    PC/Desktop
    Manufacturer/Model
    HP Pavilion Desktop 590-p0xxx
    CPU
    Intel(R) Core(TM) i7-8700 CPU @ 3.20GHz
    Motherboard
    843B 00
    Memory
    16684 MB
    Graphics Card(s)
    Intel(R) UHD Graphics 630
    Sound Card
    Realtek High Definition Audio
    Monitor(s) Displays
    HP 22fw 22-inch Display
    Screen Resolution
    1920 x 1080
    Hard Drives
    SSD 119.24 GB
    HDD 1863.01 GB
    Case
    Tower
    Cooling
    Fan
    Keyboard
    HP
    Mouse
    HP
    Internet Speed
    50 Mbps down, 20 Mbps up
    Browser
    Edge
    Antivirus
    MS Defender, Malwarebytes
To ensure a successful rollout, devices with identified issues will be suspended from receiving the update until a fix is released.

Microsoft is taking a very deliberate and cautious approach to rolling out this update. With this DB update, Microsoft will sustain its ability to service all Windows devices’ boot components.




LOL.

Very good Microsoft. Just maybe, this method will work better than throwing updates out there, willy-nilly. :D
 

My Computers

System One System Two

  • OS
    Win 11 Home ♦♦♦22631.3447 ♦♦♦♦♦♦♦23H2
    Computer type
    PC/Desktop
    Manufacturer/Model
    Built by Ghot® [May 2020]
    CPU
    AMD Ryzen 7 3700X
    Motherboard
    Asus Pro WS X570-ACE (BIOS 4702)
    Memory
    G.Skill (F4-3200C14D-16GTZKW)
    Graphics Card(s)
    EVGA RTX 2070 (08G-P4-2171-KR)
    Sound Card
    Realtek ALC1220P / ALC S1220A
    Monitor(s) Displays
    Dell U3011 30"
    Screen Resolution
    2560 x 1600
    Hard Drives
    2x Samsung 860 EVO 500GB,
    WD 4TB Black FZBX - SATA III,
    WD 8TB Black FZBX - SATA III,
    DRW-24B1ST CD/DVD Burner
    PSU
    PC Power & Cooling 750W Quad EPS12V
    Case
    Cooler Master ATCS 840 Tower
    Cooling
    CM Hyper 212 EVO (push/pull)
    Keyboard
    Ducky DK9008 Shine II Blue LED
    Mouse
    Logitech Optical M-100
    Internet Speed
    300/300
    Browser
    Firefox (latest)
    Antivirus
    Bitdefender Internet Security
    Other Info
    Speakers: Klipsch Pro Media 2.1
  • Operating System
    Windows XP Pro 32bit w/SP3
    Computer type
    PC/Desktop
    Manufacturer/Model
    Built by Ghot® (not in use)
    CPU
    AMD Athlon 64 X2 5000+ (OC'd @ 3.2Ghz)
    Motherboard
    ASUS M2N32-SLI Deluxe Wireless Edition
    Memory
    TWIN2X2048-6400C4DHX (2 x 1GB, DDR2 800)
    Graphics card(s)
    EVGA 256-P2-N758-TR GeForce 8600GT SSC
    Sound Card
    Onboard
    Monitor(s) Displays
    ViewSonic G90FB Black 19" Professional (CRT)
    Screen Resolution
    up to 2048 x 1536
    Hard Drives
    WD 36GB 10,000rpm Raptor SATA
    Seagate 80GB 7200rpm SATA
    Lite-On LTR-52246S CD/RW
    Lite-On LH-18A1P CD/DVD Burner
    PSU
    PC Power & Cooling Silencer 750 Quad EPS12V
    Case
    Generic Beige case, 80mm fans
    Cooling
    ZALMAN 9500A 92mm CPU Cooler
    Mouse
    Logitech Optical M-BT96a
    Keyboard
    Logitech Classic Keybooard 200
    Internet Speed
    300/300
    Browser
    Firefox 3.x ??
    Antivirus
    Symantec (Norton)
    Other Info
    Still assembled, still runs. Haven't turned it on for 13 years?
So, is the revocation buildup, albeit voluntary at the moment ?
 

My Computer

System One

  • OS
    Windows 11
    Computer type
    Laptop
    Manufacturer/Model
    HP 15s_du1xxx
    CPU
    Intel i5 10210U
    Motherboard
    85F1
    Memory
    16Gb
    Graphics Card(s)
    Intel UHD
    Sound Card
    Realtek
    Screen Resolution
    1920 x 1080
Microsoft will sustain its ability to service all Windows devices’ boot components. Yeah, like I want something I don't understand.
I never truly grasped the whole earlier revocations mess. Now this. I am in a mental block and am sooo confused about what will happen if I continue to leave secure boot off. It would be so nice if for once MS would word this stuff in simple terms for a regular person instead of for ITs with a college degree. It's all over my head. Surely, I'm not the only one.
(I'm too old for this crap.)
 

My Computers

System One System Two

  • OS
    Windows 11 Pro 23H2 22631.3447
    Computer type
    PC/Desktop
    Manufacturer/Model
    Dell Optiplex 7080
    CPU
    i9-10900 10 core 20 threads
    Motherboard
    DELL 0J37VM
    Memory
    32 gb
    Graphics Card(s)
    none-Intel UHD Graphics 630
    Sound Card
    Integrated Realtek
    Monitor(s) Displays
    Benq 27
    Screen Resolution
    2560x1440
    Hard Drives
    1tb Solidigm m.2 +256gb ssd+512 gb usb m.2 sata
    PSU
    500w
    Case
    MT
    Cooling
    Dell Premium
    Keyboard
    Logitech wired
    Mouse
    Logitech wireless
    Internet Speed
    so slow I'm too embarrassed to tell
    Browser
    Firefox
    Antivirus
    Defender+MWB Premium
  • Operating System
    Windows 10 Pro 22H2 19045.3930
    Computer type
    PC/Desktop
    Manufacturer/Model
    Dell Optiplex 9020
    CPU
    i7-4770
    Memory
    24 gb
    Monitor(s) Displays
    Benq 27
    Screen Resolution
    2560x1440
    Hard Drives
    256 gb Toshiba BG4 M.2 NVE SSB and 1 tb hdd
    PSU
    500w
    Case
    MT
    Cooling
    Dell factory
    Mouse
    Logitech wireless
    Keyboard
    Logitech wired
    Internet Speed
    still not telling
    Browser
    Firefox
    Antivirus
    Defender+MWB Premium
Last edited:

My Computers

System One System Two

  • OS
    Win 11 Home ♦♦♦22631.3447 ♦♦♦♦♦♦♦23H2
    Computer type
    PC/Desktop
    Manufacturer/Model
    Built by Ghot® [May 2020]
    CPU
    AMD Ryzen 7 3700X
    Motherboard
    Asus Pro WS X570-ACE (BIOS 4702)
    Memory
    G.Skill (F4-3200C14D-16GTZKW)
    Graphics Card(s)
    EVGA RTX 2070 (08G-P4-2171-KR)
    Sound Card
    Realtek ALC1220P / ALC S1220A
    Monitor(s) Displays
    Dell U3011 30"
    Screen Resolution
    2560 x 1600
    Hard Drives
    2x Samsung 860 EVO 500GB,
    WD 4TB Black FZBX - SATA III,
    WD 8TB Black FZBX - SATA III,
    DRW-24B1ST CD/DVD Burner
    PSU
    PC Power & Cooling 750W Quad EPS12V
    Case
    Cooler Master ATCS 840 Tower
    Cooling
    CM Hyper 212 EVO (push/pull)
    Keyboard
    Ducky DK9008 Shine II Blue LED
    Mouse
    Logitech Optical M-100
    Internet Speed
    300/300
    Browser
    Firefox (latest)
    Antivirus
    Bitdefender Internet Security
    Other Info
    Speakers: Klipsch Pro Media 2.1
  • Operating System
    Windows XP Pro 32bit w/SP3
    Computer type
    PC/Desktop
    Manufacturer/Model
    Built by Ghot® (not in use)
    CPU
    AMD Athlon 64 X2 5000+ (OC'd @ 3.2Ghz)
    Motherboard
    ASUS M2N32-SLI Deluxe Wireless Edition
    Memory
    TWIN2X2048-6400C4DHX (2 x 1GB, DDR2 800)
    Graphics card(s)
    EVGA 256-P2-N758-TR GeForce 8600GT SSC
    Sound Card
    Onboard
    Monitor(s) Displays
    ViewSonic G90FB Black 19" Professional (CRT)
    Screen Resolution
    up to 2048 x 1536
    Hard Drives
    WD 36GB 10,000rpm Raptor SATA
    Seagate 80GB 7200rpm SATA
    Lite-On LTR-52246S CD/RW
    Lite-On LH-18A1P CD/DVD Burner
    PSU
    PC Power & Cooling Silencer 750 Quad EPS12V
    Case
    Generic Beige case, 80mm fans
    Cooling
    ZALMAN 9500A 92mm CPU Cooler
    Mouse
    Logitech Optical M-BT96a
    Keyboard
    Logitech Classic Keybooard 200
    Internet Speed
    300/300
    Browser
    Firefox 3.x ??
    Antivirus
    Symantec (Norton)
    Other Info
    Still assembled, still runs. Haven't turned it on for 13 years?
I'll wait until a Windows update fixes this!
 

My Computer

System One

  • OS
    Windows 11 Pro
    Computer type
    PC/Desktop
    Manufacturer/Model
    Self build
    CPU
    Core i7-13700K
    Motherboard
    Asus TUF Gaming Plus WiFi Z790
    Memory
    64 GB Kingston Fury Beast DDR5
    Graphics Card(s)
    Gigabyte GeForce RTX 2060 Super Gaming OC 8G
    Sound Card
    Realtek S1200A
    Monitor(s) Displays
    Viewsonic VP2770
    Screen Resolution
    2560 x 1440
    Hard Drives
    Kingston KC3000 2TB NVME SSD & SATA HDDs & SSD
    PSU
    EVGA SuperNova G2 850W
    Case
    Nanoxia Deep Silence 1
    Cooling
    Noctua NH-D14
    Keyboard
    Microsoft Digital Media Pro
    Mouse
    Logitech Wireless
    Internet Speed
    50 Mb / s
    Browser
    Chrome
    Antivirus
    Defender
Does the update only show if a user has Bitlocker enabled? Just wondering why I’m not seeing the update on my laptop.
 

My Computer

System One

  • OS
    Windows 11 Pro 64bit
    Computer type
    Laptop
    Manufacturer/Model
    PC Specialist Optimus VII V17-960 Gaming Laptop.
    CPU
    6th Gen Intel Core i7-6700HQ Quad Core processor.
    Memory
    16GB HyperX IMPACT 1600MHz SODIMM DDR3 (2 x 8GB)
    Graphics Card(s)
    NVIDIA® GeForce® GTX 960M - 2.0GB DDR5 Video RAM - DirectX® 12
    Sound Card
    Intel 2 Channel High Def. Audio + SoundBlaster™ Cinema 2 & Realtek
    Monitor(s) Displays
    Optimus Series: 17.3" Matte Full HD IPS LED Widescreen (1920x1080)
    Screen Resolution
    Full HD IPS display (1920 x 1080).
    Hard Drives
    4TB SSD (internal).
    1x 1TB & 1x 5TB external HDDs.
    Cooling
    STANDARD THERMAL PASTE FOR SUFFICIENT COOLING
    Keyboard
    Logitech K800 wireless keyboard
    Mouse
    Logitech M705 wireless mouse
    Internet Speed
    Upto 100Mbps
    Browser
    Edge.
    Antivirus
    Windows Defender & MalwareBytes pro.
Does the update only show if a user has Bitlocker enabled? Just wondering why I’m not seeing the update on my laptop.

This "update" is applied manually. See post one. And no, bitlocker needs to be turned off to apply it.


1708017708346.png
 

My Computers

System One System Two

  • OS
    Win 11 Pro 23H2 22631.3447
    Computer type
    PC/Desktop
    Manufacturer/Model
    Self Built
    CPU
    Intel® Core™ i7-12700F
    Motherboard
    ASUS TUF GAMING Z690-PLUS WIFI
    Memory
    G.SKILL Ripjaws S5 Series 64GB (2 x 32GB) DDR5
    Graphics Card(s)
    EVGA GeForce RTX 3050 XC Black Gaming
    Sound Card
    Sound Blaster AE-5 Plus
    Monitor(s) Displays
    ASUS TUF Gaming 27" 2K HDR Gaming
    Screen Resolution
    2560 x 1440
    Hard Drives
    Samsung 990 Pro 1TB NVMe (Win 11)
    SK hynix P41 500GB NVMe (Win 10)
    SK hynix P41 2TB NVMe (x3)
    Crucial P3 Plus 4TB
    PSU
    Corsair RM850x Shift
    Case
    Antec Dark Phantom DP502 FLUX
    Cooling
    Noctua NH-U12A chromax.black + 7 Phantek T-30's
    Keyboard
    Logitech MK 320
    Mouse
    Razer Basilisk V3
    Internet Speed
    350Mbs
    Browser
    Firefox
    Antivirus
    Winows Security
    Other Info
    Windows 10 22H2 19045.4291
    On System One
  • Operating System
    Win 11 Pro 23H2 22631.3447
    Computer type
    PC/Desktop
    Manufacturer/Model
    Self Built
    CPU
    Intel Core i7-11700F
    Motherboard
    Asus TUF Gaming Z590 Plus WiFi
    Memory
    64 GB DDR4
    Graphics card(s)
    EVGA RTX 2060 KO Ultra Gaming
    Sound Card
    SoundBlaster X-Fi Titanium
    Monitor(s) Displays
    Samsung F27T350
    Screen Resolution
    1920x1080
    Hard Drives
    Samsung 980 Pro 1TB
    Samsung 970 EVO Plus 2TB
    Samsung 870 EVO 500GB SSD
    PSU
    Corsair HX750
    Case
    Cougar MX330-G Window
    Cooling
    Hyper 212 EVO
    Internet Speed
    350Mbps
    Browser
    Firefox
    Antivirus
    Windows Security
Is this update risky, can it cause a boot failure?
 

My Computer

System One

  • OS
    Windows 11
    Computer type
    PC/Desktop
    Manufacturer/Model
    Asus
    CPU
    Intel i5-12400
    Motherboard
    Asus PRIME H610M-A D4
    Memory
    16GB
    Graphics Card(s)
    Intel UHD Graphics 730
    Sound Card
    Realtek (onboard)
This "update" is applied manually. See post one. And no, bitlocker needs to be turned off to apply it.


View attachment 87311
It’s supposed to be under the Optional updates but for me it isn’t. Sorry, I wasn’t clear on that.

Edit;
All sorted, I run the cmds & output was ‘True’. Seems the update wasn’t separate/under Optional after all.
 
Last edited:

My Computer

System One

  • OS
    Windows 11 Pro 64bit
    Computer type
    Laptop
    Manufacturer/Model
    PC Specialist Optimus VII V17-960 Gaming Laptop.
    CPU
    6th Gen Intel Core i7-6700HQ Quad Core processor.
    Memory
    16GB HyperX IMPACT 1600MHz SODIMM DDR3 (2 x 8GB)
    Graphics Card(s)
    NVIDIA® GeForce® GTX 960M - 2.0GB DDR5 Video RAM - DirectX® 12
    Sound Card
    Intel 2 Channel High Def. Audio + SoundBlaster™ Cinema 2 & Realtek
    Monitor(s) Displays
    Optimus Series: 17.3" Matte Full HD IPS LED Widescreen (1920x1080)
    Screen Resolution
    Full HD IPS display (1920 x 1080).
    Hard Drives
    4TB SSD (internal).
    1x 1TB & 1x 5TB external HDDs.
    Cooling
    STANDARD THERMAL PASTE FOR SUFFICIENT COOLING
    Keyboard
    Logitech K800 wireless keyboard
    Mouse
    Logitech M705 wireless mouse
    Internet Speed
    Upto 100Mbps
    Browser
    Edge.
    Antivirus
    Windows Defender & MalwareBytes pro.
Followed the instructions and it worked fine. Got the "true" result when running the last Powershell command.

Thanks all......
 

My Computer

System One

  • OS
    Windows 11 Pro 23H2 (22631.3155)
    Computer type
    PC/Desktop
    Manufacturer/Model
    Homebuild
    CPU
    AMD Ryzen 2700
    Motherboard
    ASRock B450 m/ac
    Memory
    32gb Crucial DDR4-3200
    Graphics Card(s)
    nVidia GTX 2600 - 6gb
    Sound Card
    Sound BlasterX G6
    Other Info
    QNAP TS-469 Pro NAS
Installed as advertised without bitlocker enabled.
 

My Computers

System One System Two

  • OS
    Windows 11 Pro
    Computer type
    PC/Desktop
    Manufacturer/Model
    Self Built
    CPU
    Intel Core i9 13900k, Intel UHD 770 integrated
    Motherboard
    MSI MEG Z790 ACE
    Memory
    32gb G.Skill Trident Z5 6600
    Graphics Card(s)
    Gigabyte RTX 4090 Gaming OC
    Sound Card
    EVGA Nu Audio, Razer Kraken V3 Pro, Realtek Onboard
    Monitor(s) Displays
    LG 38GN950-B, Benq EX3415R nano IPS monitors
    Screen Resolution
    3840x1600, 3440X1440
    Hard Drives
    Samsung 970 Pro, Samsung 850 Pro, Crucial MX500, WD Black SN700, WD Black 8tb HD
    PSU
    EVGA Supernova G2 1300w
    Case
    Thermaltake Level 20 XT
    Cooling
    ARCTIC Liquid Freezer III 420 ARGB in push/pull, Antec Prism X 120mm ARGB Fans x 15
    Keyboard
    Razer Huntsman Elite V1
    Mouse
    Corsair Dark Core Pro SE on an Asus ROG Balteus Qi pad
    Internet Speed
    450Mbps cable primary, 6Mbps secondary vdsl
    Browser
    Chrome primary, FF-Edge-IE secondary
    Antivirus
    Norton 360 Premium
    Other Info
    I sit on a Secret Lab Titan XL 2020 chair.😍
  • Operating System
    Windows 11 Pro
    Computer type
    Laptop
    Manufacturer/Model
    2021 HP Omen
    CPU
    AMD Ryzen 7 5800H
    Motherboard
    factory
    Memory
    16gb ddr 3200
    Graphics card(s)
    Nvidia RTX 3060 Mobile
    Sound Card
    onboard B&O
    Monitor(s) Displays
    15.6" 144hz IPS
    Screen Resolution
    1920x1080
    Hard Drives
    Hynix 512gb nvme ssd, WD Black SN850 2TB nvme ssd
    PSU
    factory
    Case
    factory
    Cooling
    factory with ARCTIC MX-6
    Mouse
    touchpad and Logitech wireless mouse
    Keyboard
    4 zone rgb
    Internet Speed
    WiFi 6, 1gb ethernet
    Browser
    Chrome primary, FF-IE and Edge secondary
    Antivirus
    Norton 360 Premium
2016 HP laptop, (y)

1708096903203.png
 

My Computers

System One System Two

  • OS
    Win 11 Pro & 🐥.
    Computer type
    Laptop
    Manufacturer/Model
    ASUS VivoBook
    CPU
    AMD Ryzen 7 3700U with Radeon Vega Mobile Gfx
    Motherboard
    ASUSTeK COMPUTER INC. X509DA (FP5)
    Memory
    12GB
    Graphics Card(s)
    RX Vega 10 Graphics
    Monitor(s) Displays
    Generic PnP Monitor (1920x1080@60Hz)
    Screen Resolution
    1920x1080@60Hz
    Hard Drives
    Samsung SSD 970 EVO Plus 2TB NVMe 1.3
    Internet Speed
    25 Mbps
    Browser
    Edge
    Antivirus
    Defender
  • Operating System
    Windows 11
    Computer type
    Laptop
    Manufacturer/Model
    ACER NITRO
    CPU
    AMD Ryzen 7 5800H / 3.2 GHz
    Motherboard
    CZ Scala_CAS (FP6)
    Memory
    32 GB DDR4 SDRAM 3200 MHz
    Graphics card(s)
    NVIDIA GeForce RTX 3060 6 GB GDDR6 SDRAM
    Sound Card
    Realtek Audio. NVIDIA High Definition Audio
    Monitor(s) Displays
    15.6" LED backlight 1920 x 1080 (Full HD) 144 Hz
    Screen Resolution
    1920 x 1080 (Full HD)
    Hard Drives
    Samsung 970 Evo Plus 2TB NVMe M.2
    PSU
    180 Watt, 19.5 V
    Mouse
    Lenovo Bluetooth
    Internet Speed
    25 Mbps
    Browser
    Edge
    Antivirus
    Defender

My Computers

System One System Two

  • OS
    Win 11 Pro 23H2 22631.3447
    Computer type
    PC/Desktop
    Manufacturer/Model
    Self Built
    CPU
    Intel® Core™ i7-12700F
    Motherboard
    ASUS TUF GAMING Z690-PLUS WIFI
    Memory
    G.SKILL Ripjaws S5 Series 64GB (2 x 32GB) DDR5
    Graphics Card(s)
    EVGA GeForce RTX 3050 XC Black Gaming
    Sound Card
    Sound Blaster AE-5 Plus
    Monitor(s) Displays
    ASUS TUF Gaming 27" 2K HDR Gaming
    Screen Resolution
    2560 x 1440
    Hard Drives
    Samsung 990 Pro 1TB NVMe (Win 11)
    SK hynix P41 500GB NVMe (Win 10)
    SK hynix P41 2TB NVMe (x3)
    Crucial P3 Plus 4TB
    PSU
    Corsair RM850x Shift
    Case
    Antec Dark Phantom DP502 FLUX
    Cooling
    Noctua NH-U12A chromax.black + 7 Phantek T-30's
    Keyboard
    Logitech MK 320
    Mouse
    Razer Basilisk V3
    Internet Speed
    350Mbs
    Browser
    Firefox
    Antivirus
    Winows Security
    Other Info
    Windows 10 22H2 19045.4291
    On System One
  • Operating System
    Win 11 Pro 23H2 22631.3447
    Computer type
    PC/Desktop
    Manufacturer/Model
    Self Built
    CPU
    Intel Core i7-11700F
    Motherboard
    Asus TUF Gaming Z590 Plus WiFi
    Memory
    64 GB DDR4
    Graphics card(s)
    EVGA RTX 2060 KO Ultra Gaming
    Sound Card
    SoundBlaster X-Fi Titanium
    Monitor(s) Displays
    Samsung F27T350
    Screen Resolution
    1920x1080
    Hard Drives
    Samsung 980 Pro 1TB
    Samsung 970 EVO Plus 2TB
    Samsung 870 EVO 500GB SSD
    PSU
    Corsair HX750
    Case
    Cougar MX330-G Window
    Cooling
    Hyper 212 EVO
    Internet Speed
    350Mbps
    Browser
    Firefox
    Antivirus
    Windows Security
Work fine for my desktop and laptop. Thanks all
 

My Computer

System One

  • OS
    Windows 11
    Computer type
    PC/Desktop
    Manufacturer/Model
    Asus
    CPU
    Intel i5-12400
    Motherboard
    Asus PRIME H610M-A D4
    Memory
    16GB
    Graphics Card(s)
    Intel UHD Graphics 730
    Sound Card
    Realtek (onboard)

My Computers

System One System Two

  • OS
    Win 11 Home ♦♦♦22631.3447 ♦♦♦♦♦♦♦23H2
    Computer type
    PC/Desktop
    Manufacturer/Model
    Built by Ghot® [May 2020]
    CPU
    AMD Ryzen 7 3700X
    Motherboard
    Asus Pro WS X570-ACE (BIOS 4702)
    Memory
    G.Skill (F4-3200C14D-16GTZKW)
    Graphics Card(s)
    EVGA RTX 2070 (08G-P4-2171-KR)
    Sound Card
    Realtek ALC1220P / ALC S1220A
    Monitor(s) Displays
    Dell U3011 30"
    Screen Resolution
    2560 x 1600
    Hard Drives
    2x Samsung 860 EVO 500GB,
    WD 4TB Black FZBX - SATA III,
    WD 8TB Black FZBX - SATA III,
    DRW-24B1ST CD/DVD Burner
    PSU
    PC Power & Cooling 750W Quad EPS12V
    Case
    Cooler Master ATCS 840 Tower
    Cooling
    CM Hyper 212 EVO (push/pull)
    Keyboard
    Ducky DK9008 Shine II Blue LED
    Mouse
    Logitech Optical M-100
    Internet Speed
    300/300
    Browser
    Firefox (latest)
    Antivirus
    Bitdefender Internet Security
    Other Info
    Speakers: Klipsch Pro Media 2.1
  • Operating System
    Windows XP Pro 32bit w/SP3
    Computer type
    PC/Desktop
    Manufacturer/Model
    Built by Ghot® (not in use)
    CPU
    AMD Athlon 64 X2 5000+ (OC'd @ 3.2Ghz)
    Motherboard
    ASUS M2N32-SLI Deluxe Wireless Edition
    Memory
    TWIN2X2048-6400C4DHX (2 x 1GB, DDR2 800)
    Graphics card(s)
    EVGA 256-P2-N758-TR GeForce 8600GT SSC
    Sound Card
    Onboard
    Monitor(s) Displays
    ViewSonic G90FB Black 19" Professional (CRT)
    Screen Resolution
    up to 2048 x 1536
    Hard Drives
    WD 36GB 10,000rpm Raptor SATA
    Seagate 80GB 7200rpm SATA
    Lite-On LTR-52246S CD/RW
    Lite-On LH-18A1P CD/DVD Burner
    PSU
    PC Power & Cooling Silencer 750 Quad EPS12V
    Case
    Generic Beige case, 80mm fans
    Cooling
    ZALMAN 9500A 92mm CPU Cooler
    Mouse
    Logitech Optical M-BT96a
    Keyboard
    Logitech Classic Keybooard 200
    Internet Speed
    300/300
    Browser
    Firefox 3.x ??
    Antivirus
    Symantec (Norton)
    Other Info
    Still assembled, still runs. Haven't turned it on for 13 years?
Huh?
Get-SecureBootUEFI : Cmdlet not supported on this platform: 0xC0000002
At line:1 char:42
+ ... System.Text.Encoding]::ASCII.GetString((Get-SecureBootUEFI db).bytes) ...
+ ~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotImplemented: (Microsoft.Secur...BootUefiCommand:GetSecureBootUefiCommand) [Get-Secure
BootUEFI], PlatformNotSupportedException
+ FullyQualifiedErrorId : GetFWVarFailed,Microsoft.SecureBoot.Commands.GetSecureBootUefiCommand
 

My Computer

System One

  • OS
    Windows 11
    Computer type
    PC/Desktop
    Manufacturer/Model
    Cooler master
    CPU
    I5
    Motherboard
    Gigabyte
    Memory
    Too much haha!
    Graphics Card(s)
    NVidia 1060
Back
Top Bottom