• ×
    Information
    Need Windows 11 help?
    Check documents on compatibility, FAQs, upgrade information and available fixes.
    Windows 11 Support Center.
  • post a message
  • ×
    Information
    Need Windows 11 help?
    Check documents on compatibility, FAQs, upgrade information and available fixes.
    Windows 11 Support Center.
  • post a message
Guidelines
Are you having HotKey issues? Click here for tips and tricks.

‎08-05-2025 08:46 AM - edited ‎08-06-2025 09:42 AM

HP Recommended

Hey

I am trying to get secure boot to work in windows 11.
No matter what I do Device Security shows "Standard hardware security not supported" and Secure Boot State in msinfo32 says Off

I've tried:
Disabling and enabling Secure Boot in BIOS
Clearing keys
Loading HP Default Keys
Clearing TPM in windows.
All drivers updated via HP Support Assistant.
Windows fully up to date.

Tried resetting the BIOS by removing the power and holding the power button for 30+ seconds.
Flashed the BIOS 3 times.
Tried holding down Windows key and B for BIOS reset during boot.


BIOS keeps saying Platform Key Not Enrolled.

BIOS Version fV22.Rev A
OS 24H2 26100.4770

 

I am sure this happened after applying the latest BIOS
Is there an issue with F.22 Rev.A?

Reply
3 people had the same question
10 REPLIES 10

‎08-06-2025 09:56 AM - edited ‎08-06-2025 10:50 AM

HP Recommended

Greetings @poffs 

 

Welcome to the HP Forum. 

 

This is the third instance of seeing this problem in this Forum over the last few days.

 

I think I'm seeing a pattern developing.

 

It could be a buggy HP BIOS update. Although I can't say for sure.

 

Doing a HP MB BIOS rollback is a fairly complex undertaking.

 

It's better to have Secure Boot enabled but not the end of the world if it is not enabled.

 

Regards

 

 

Reply
Was this reply helpful? Yes No

‎08-06-2025 05:50 PM

HP Recommended

I am having the exact same issues! I've done all the steps you have as well, including reseting Windows. Hours wasted with no fix.

 

HP PLEASE US!!!!!

Reply
Was this reply helpful? Yes No

‎08-07-2025 03:38 AM

HP Recommended

Upon further investigation it seems that Windows 11 no longer can enroll the AMD certificates - 3 failures every time I reboot the PC:

SCEP Certificate enrollment initialization for via https://AMD-KeyId-907d65e9b562315997dd5ad086b2b7598957b92c.microsoftaik.azure.net/templates/Aik/scep failed:

GetCACaps
GetCACaps: Not Found
{"Message":"The authority \"amd-keyid-907d65e9b562315997dd5ad086b2b7598957b92c.microsoftaik.azure.net\" does not exist."}
HTTP/1.1 404 Not Found
Date: Thu, 07 Aug 2025 09:24:40 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: 6a37c43d-38f6-43af-b236-ef2c9d5aa731

Method: GET(234ms)
Stage: GetCACaps
Not found (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)

This is related to TPM and must be related to Secure Boot as well.
I think this is the real issue, but what to do?


Reply
1 person found this reply helpful
Was this reply helpful? Yes No

‎08-07-2025 06:05 AM - edited ‎08-07-2025 06:50 AM

HP Recommended

Greetings @poffs 

 

Nice sleuthing!

 

I think the latest optional W11 update, KB5062660, deals with certificate expiration.

 

I had previously installed this update on my AMD PCs. This is why I am not having W11 Secure Boot problems.

 

Regards

Reply
Was this reply helpful? Yes No

‎08-07-2025 07:01 AM - edited ‎08-07-2025 07:02 AM

HP Recommended

That is what I read as well but when I have that installed I just get 3 new errors on top of the missing AMD certificate errors:
The "Microsoft Pluton Cryptographic Provider" provider was not loaded because initialization failed.

Reply
Was this reply helpful? Yes No

‎08-07-2025 07:20 AM - edited ‎08-07-2025 07:26 AM

HP Recommended

Greetings @poffs 

 

Wow!

 

I have Asus and Asrock MBs.

 

Is the error happening in the BIOS when resetting Secure Boot? Try setting the BIOS to defaults.

 

Or try a CMOS reset.

 

Or is this a W11 startup error?

 

I don't know what to say?

 

Regards

Reply
Was this reply helpful? Yes No

‎08-07-2025 07:31 AM

HP Recommended

The SCEP Certificate enrollment initialization error is in Windows application log just after startup. There is no errors in the BIOS but a note on the Platform Key not enrolled.

I wonder if Microsoft deleted the old AMD keys and forgot to tell HP etc. about this. There is going to be a big rollout of Secure Boot CA in the future and you can opt in for that.
https://www.elevenforum.com/t/act-now-secure-boot-certificates-expire-in-june-2026.37372/

I tried the opt in, but so far nothing.

Reply
Was this reply helpful? Yes No

‎08-07-2025 07:42 AM

HP Recommended

Greetings @poffs 

 

Well, I guess you'll have to wait on a new HP BIOS update.

 

I'm not having a Secure Boot problem on my AMD PCs at this time.

 

I have the latest firmware. Windows 11 indicates Secure Boot is on.

 

Regards

Reply
Was this reply helpful? Yes No

‎08-08-2025 03:56 AM

HP Recommended

I've wasted 2 days trying to fix this issue with no luck. 

 

Games are requiring secure boot to operate, so I have a gaming PC that I can't game on. Great. 

Reply
1 person found this reply helpful
Was this reply helpful? Yes No
Warning
Be alert for scammers posting fake support phone numbers and/or email addresses on the community.
If you think you have received a fake HP Support message, please report it to us by clicking on "Flag Post".
† The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.
Didn't find what you were looking for? Ask the community
† The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the <a href="https://www8.hp.com/us/en/terms-of-use.html" class="udrlinesmall">Terms of Use</a> and <a href="/t5/custom/page/page-id/hp.rulespage" class="udrlinesmall"> Rules of Participation</a>.