please reread what you wrote

Some original equipment manufacturer (OEM) firmware might not allow for the installation of this update.
To resolve this issue, contact your firmware OEM.

Microsoft is "NOT" asking you to contact your OEM first,

they are saying to contact the OEM if you have a issue with installing this update

so if the update installs, then HP obviously is not doing anything that prevents it from installing.........................................

Microsoft seems to be aware of possible issues with this 'Secure Boot' update, that may conflict with some OEM firmware.

However, Microsoft provides no hints as to what type of OEM firmware settings might be responsible, and how they should possibly be modified to avoid such issues.

[Microsoft refers to other aspects of this update and provides some workaround for them; I checked those and they are OK; yet Microsoft leaves us in mystery as to the main issue with OEM firmware in general.]

That's why I am turning to knowledgeable sources associated with the OEM of my workstation, i.e. this HP Forum, looking for some advice, as a preventive action.

Otherwise, 'Secure Boot' might inadvertently turn into 'No Boot'.

Neowin - Users report KB5012170 is causing their PCs to boot into BItLocker recovery 

Bleepingcomputer - Windows KB5012170 update causing BitLocker recovery screens, boot issues

there were other issues discovered when this update get installed on some HP systems

To Noelpg21,

Thanks for bringing these reports to my attention.

It is worth noting that Microsoft now says you can fix this error by checking for updated UEFI firmware from your device manufacturer.

This may mean that existing UEFI firmware versions may still be vulnerable to ill-effects of the 'offending' Microsoft update KB5012170.

Now, look at the time-line:

Microsoft update KB5012170 was issued on August 9, 2022;

The latest UEFI firmware for my Z8 G4 workstation, HP Z6/Z8-G4 Workstation System BIOS version 02.82 Rev.A, was issued by HP on April 27, 2022.

I mean, the MS update was published when latest UEFI firmware had already been available to customers of (OEM) device manufacturers.

So, does Microsoft expect (OEM) device manufacturers to hurry up and publish new updated firmware for their devices just to help avoid damage due to MS KB5012170 update?

the bulletin for this specific KB plainly states that if your system is incompatible, this KB will fail to install 

AND THEN CONTACT YOUR OEM to see if a  UEFI/Bios  update is necessary

bitlocker issues with various MS updates have been around for years, nothing new here.

you should always disable bitlocker when doing any security update that modifies this feature

OK, I was curious to find out the source of Neoqee232 detailed steps and comments on KB5012170, so I Googled for the following pair of strings:
"Next, I also performed these additional steps:"+"7. Reboot into UEFI BIOS"

As of this moment, that quoted text appears at a few sources on the Internet, the latest one is in this URL:
https://www.windowsphoneinfo.com/threads/kb5015878-kb5012170-not-installing.795242/

Interesting to note: That latest poster on the subject seems to have gone as far as creating Windows 10 installation media and installing Windows 10; Issue resolved.

It indicates to me that I should postpone installing KB5012170 for the foreseeable future, to avoid such complications.

I tend to accept the following view from URL:
https://www.windowsphoneinfo.com/threads/kb5012170-windows-update-error-0x800f0922-uefi-bios-update-...

"To exploit this vulnerability, an attacker would need to have administrative privileges or physical access on a system where Secure Boot is configured"; "Most Windows devices are not in immediate danger judging from the description."