• ×
    Information
    Need Windows 11 help?
    Check documents on compatibility, FAQs, upgrade information and available fixes.
    Windows 11 Support Center.
  • post a message
  • ×
    Information
    Need Windows 11 help?
    Check documents on compatibility, FAQs, upgrade information and available fixes.
    Windows 11 Support Center.
  • post a message
Guidelines
Join the HP Community Solve‑a‑thon | Help Others & Share Your Solutions | Live on Zoom | 2:30 PM to 2:30 AM IST | Every Wednesday Click here to know more
Locked

‎09-19-2025 01:53 PM

HP Recommended

Here are my findings so far:

This is all on Win 11 24H2.

HP EliteBook 1040 G11 (with BIOS v1.06.01 - 4/22/25) - 2023 Cert is successfully added, regardless of OS patch level.

 

HP EliteBook 840 G10 (with BIOS v1.09.00) - 2023 Cert can be applied BEFORE OS updates ("base" build .1742 from 2024-10 if used as master image) OR if OS is updated, then Resetting the Secure Boot Keys in BIOS (NOT CLEAR THEM) will allow the 2023 Cert to be added manually. Two MAJOR PROBLEMS WITH 2ND OPTION - Sure Start Secure Boot Keys Protection must be DISABLED in order to be able to reset the keys to defaults AND this will also trigger a BitLocker Recovery Password prompt at boot (if it is enabled) ! Not really a way to automate/deploy this...

 

HP EliteBook 840 G9 (with BIOS v1.15.00) - Same as the G10...

 

HP EliteBook 840 G8 (with BIOS v1.20.00) - Only possible before OS is patched (if base build is from last year). Removing all updates to bring it back to old build level works, but not really practical. Plus, if the master image has been recently patched w/ reset base option then updates older than the cleanup date cannot be removed.

 

HP EliteBook 840 G7 (with BIOS v1.21.00) - Same as the G8...

I have tried clearing the keys and importing custom keys on the G7 via USB, but the import always fails. Searching for possible reason and solution in the HP forums only returns the same issue posted by other users with no replies.

 

I have also worked with Dell devices in the past and last year there was an identical issue with some of their models. I recently tried applying the new cert to 2 different Dell models (fully updated - OS and BIOS) and they successfully added it.

 

So I think it's an "artificial" disconnect between the OS and Firmware Vendors. It's either one or the other (maybe even both) need to provide the fix via a future update. My guess is that vendors are working from new to old models gradually adding support for this, and some of them are quicker than others in catching up with all the hardware options they have out there...

A couple extra references - I have successfully applied the new cert on pretty old models for both Lenovo and Fujitsu laptops.

1 person had the same question
Warning
Be alert for scammers posting fake support phone numbers and/or email addresses on the community.
If you think you have received a fake HP Support message, please report it to us by clicking on "Flag Post".
† The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.
Didn't find what you were looking for? Ask the community
† The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the <a href="https://www8.hp.com/us/en/terms-of-use.html" class="udrlinesmall">Terms of Use</a> and <a href="/t5/custom/page/page-id/hp.rulespage" class="udrlinesmall"> Rules of Participation</a>.