• ×
    Information
    Need Windows 11 help?
    Check documents on compatibility, FAQs, upgrade information and available fixes.
    Windows 11 Support Center.
  • post a message
  • ×
    Information
    Need Windows 11 help?
    Check documents on compatibility, FAQs, upgrade information and available fixes.
    Windows 11 Support Center.
  • post a message
Guidelines
Seize the moment! nominate yourself or a tech enthusiast you admire & join the HP Community Experts!

‎11-12-2025 11:37 AM

HP Recommended

Hello HP Community,
I'm reaching out with a question regarding the Windows UEFI CA 2023 certificate and its compatibility with older HP systems.
I own an HP Compaq Pro 6300 SFF (System SKU: QV985AV), running BIOS version K01 v03.08 dated April 10, 2019. Secure Boot is enabled and functioning, but my system does not currently recognize the new Windows UEFI CA 2023 certificate in the firmware database (db). I've verified this using PowerShell scripts that check for the certificate's presence.
Given that Microsoft has started distributing the new certificate through Windows updates, I'm curious whether HP plans to release a firmware update for this model to support the new CA. I understand this is an older system, but I’d appreciate any insights from HP staff or other users who might know if support is planned or definitively ruled out.
Thanks in advance for any information or guidance!
Best regards,
Alexferro

Reply
4 REPLIES 4

‎11-29-2025 02:04 AM

HP Recommended

Hi @Alexferro ,

 

Welcome to The HP Support Community.


Thank you for posting your query, I will be glad to help you.

 

That is an excellent and highly technical question, Alexferr, and one that many users with older, yet capable, HP commercial desktops are currently facing. You have correctly identified that the issue lies in the **firmware's db (Allowed Signature Database)** not containing the new certificate.

 

Based on official HP security bulletins and community-confirmed information regarding this specific platform:

 

## 1. Status: No Planned Support for the HP Compaq Pro 6300 SFF

 

The HP Compaq Pro 6300 SFF is considered an **older platform** (originally released around 2012, based on the Intel Ivy Bridge architecture) that HP has **definitively ended firmware development** for.

 

Final BIOS: Your BIOS version, K01 v03.08 (dated April 10, 2019), is confirmed to be the final firmware HP released for the K01 family (HP 6300/8300 series).

HP Policy: According to HP's official support documentation regarding the transition to the 2023 Secure Boot certificates, HP platforms released in 2017 and earlier generally **do not receive a BIOS update** related to this change because HP no longer supports those platforms. Your 6300 falls into this unsupported category.

The Technical Limitation: This older generation of UEFI firmware (K01) lacks the necessary mechanisms to correctly ingest and store the **Windows UEFI CA 2023** certificate into the firmware's internal db Secure Boot Signature Database) that modern BIOS versions support.

 

## 2. What This Means Going Forward

 

Your system is currently functioning because Secure Boot still trusts the **older Microsoft UEFI CA 2011 certificate** (which is present in your firmware db).

 

* **Immediate Risk:** There is no immediate risk. The 6300 SFF will continue to boot and run Windows as long as it trusts the existing certificates.

* **Future Risk (2026):** The issue arises when the older 2011 certificates expire or when Microsoft strictly enforces the 2023 certificate for all critical boot components (expected around 2026). At that point, the firmware may fail Secure Boot validation entirely, potentially preventing the system from booting modern, signed OS loaders.

 

## 3. Recommended Workaround

 

If you intend to continue using this system securely beyond the full enforcement of the 2023 CA, the community-confirmed workaround is to **disable Secure Boot**.

 

* **Action:** Enter the BIOS (F10 Setup), and change the setting from **Secure Boot Enabled** to **Secure Boot Disabled**.

Why it Works: This bypasses the firmware's database check, allowing the system to boot any trusted UEFI-compatible bootloader without validating it against the db certificates. Windows 11 will still run normally in this configuration.

 

In summary, while this is a necessary security measure for newer hardware, **HP will not be releasing a firmware update for the Compaq Pro 6300 SFF** to specifically address the UEFI CA 2023 certificate, meaning the Secure Boot functionality on your system will eventually become obsolete.

 

Hope this helps resolve your issue

 

I am an HP Employee. Although i am speaking for myself and not for HP.
Click Helpful = Yes to say Thank You
Question / Concern Answered, Click "Accept as Solution"

Reply
1 person found this reply helpful
Was this reply helpful? Yes No

‎11-29-2025 02:55 AM

HP Recommended

Muito obrigado pela atenção e pela explicação tão completa e esclarecedora.
A resposta foi extremamente útil para compreender melhor a situação do meu equipamento e os limites técnicos relacionados ao certificado UEFI CA 2023.
Fico satisfeito por ter agora uma visão clara sobre o funcionamento atual do sistema, os riscos futuros e, sobretudo, sobre a solução alternativa recomendada para que eu possa continuar a utilizar o Windows 11 no curto prazo.
Agradeço pela dedicação em detalhar cada ponto de forma tão precisa e técnica. Sem dúvida, esta orientação será fundamental para que eu possa planear os próximos passos com segurança e confiança.
Cumprimentos,
AlexFerro.

Reply
Was this reply helpful? Yes No

‎11-29-2025 09:58 AM

HP Recommended

Hi @Alex1368 ,

 

"Merci beaucoup pour votre retour détaillé ! Je suis ravi d'avoir pu vous éclairer sur la situation. Si ma réponse vous a aidé, pourriez-vous s'il vous plaît l'accepter comme solution ? Cela permettra à d'autres utilisateurs se posant la même question de trouver l'information plus facilement. Bonne continuation !"

 

 

I am an HP Employee. Although i am speaking for myself and not for HP.
Click Helpful = Yes to say Thank You
Question / Concern Answered, Click "Accept as Solution"

Reply
1 person found this reply helpful
Was this reply helpful? Yes No

‎11-29-2025 10:20 AM

HP Recommended

Hi @Alex1368 ,

 

"Merci beaucoup pour votre vote 'Utile' ! Si ma réponse a résolu votre problème, pourriez-vous s'il vous plaît cliquer sur le bouton « Accepter comme solution » ? Cela permettra aux autres utilisateurs de la communauté de trouver cette réponse plus facilement. Merci encore !"

 

 

  • Utile = Helpful

  • Accepter comme solution = Accept as Solution

  • Pouce levé = Thumbs up

 

I am an HP Employee. Although i am speaking for myself and not for HP.
Click Helpful = Yes to say Thank You
Question / Concern Answered, Click "Accept as Solution"

Reply
1 person found this reply helpful
Was this reply helpful? Yes No
Warning
Be alert for scammers posting fake support phone numbers and/or email addresses on the community.
If you think you have received a fake HP Support message, please report it to us by clicking on "Flag Post".
† The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.
Didn't find what you were looking for? Ask the community
† The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the <a href="https://www8.hp.com/us/en/terms-of-use.html" class="udrlinesmall">Terms of Use</a> and <a href="/t5/custom/page/page-id/hp.rulespage" class="udrlinesmall"> Rules of Participation</a>.