• ×
    Information
    Need Windows 11 help?
    Check documents on compatibility, FAQs, upgrade information and available fixes.
    Windows 11 Support Center.
  • post a message
  • ×
    Information
    Need Windows 11 help?
    Check documents on compatibility, FAQs, upgrade information and available fixes.
    Windows 11 Support Center.
  • post a message
Guidelines
Join the HP Community Solve‑a‑thon | Help Others & Share Your Solutions | Live on Zoom | 2:30 PM to 2:30 AM IST | Every Wednesday Click here to know more

‎03-20-2026 08:19 PM - last edited on ‎03-24-2026 04:00 AM by Moderator

HP Recommended

PC is a HP ProDesk 600 G4 SFF, Product: 2VG42AV, Serial:  Edited

 

I applied the registry key to force the Secure Boot Certificate update
"reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Secureboot /v AvailableUpdates /t REG_DWORD /d 0x40 /f"
The Event log shows the error "The Secure Boot update Windows UEFI CA 2023 (DB) was blocked due to a known firmware issue on the device. Check with your device vendor for a firmware update that addresses the issue."

 

This support page says that "HP PCs released between 2018 to 2021 received a BIOS update on or around December 31, 2025." for the new Windows Secure Boot certificates
https://support.hp.com/us-en/document/ish_13070353-13070429-16

 

As the HP ProDesk 600 G4 SFF was released in 2018, there should be a Bios update available

 

My PC has Bios HP Q07 v02.30.00 30/12/2024 installed
HP Support shows Bios v02.21.00 Rev.A Nov 08 2022 (i.e. older) for download

 

Does anyone know if an updated Bios has been released and if so where I might get it?

Thanks

Category:
Reply
1 person had the same question
3 REPLIES 3

‎03-21-2026 12:49 PM

HP Recommended

Hi @nige0090 

 

You already have the latest version of the BIOS installed.

 

https://ftp.hp.com/pub/softpaq/sp156501-157000/sp156641.html

https://ftp.hp.com/pub/softpaq/sp156501-157000/sp156641.exe

 

If your BIOS is compatible with the certificate, you should receive an update via Windows Update. The file name is as follows: : Secure Boot Allowed Key Exchange Key (KEK) Update

 

Windows 11 gets Secure Boot Allowed Key Exchange Key (KEK) update on more PCs, requires a reboot to ...

 

Without that update, you won't be able to use the new Windows certificate.

 

Reply
Was this reply helpful? Yes No

‎03-21-2026 07:40 PM

HP Recommended

Hi @Resistencia,

 

Thanks for the reply.

My event log has the two items...
1801 Updated Secure Boot certificates are available on this device but have not yet been applied to the firmware.
1802 The Secure Boot update Windows UEFI CA 2023 (DB) was blocked due to a known firmware issue on the device.

So the new certificates are available but are "blocked due to a known firmware issue on the device."
HP have said that a Bios update should be available on or around December 31, 2025, for the new certificates.

 

When will a Bios update be released to fix this blocking firmware issue?

Thanks

Reply
Was this reply helpful? Yes No

‎03-22-2026 09:48 AM

HP Recommended

 

No one here can tell you when a new BIOS update will be released, so I recommend checking for updates using the following application

 

HP Image Assistant | HP Client Management Solutions

Reply
Was this reply helpful? Yes No
Warning
Be alert for scammers posting fake support phone numbers and/or email addresses on the community.
If you think you have received a fake HP Support message, please report it to us by clicking on "Flag Post".
† The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.
Didn't find what you were looking for? Ask the community
† The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the <a href="https://www8.hp.com/us/en/terms-of-use.html" class="udrlinesmall">Terms of Use</a> and <a href="/t5/custom/page/page-id/hp.rulespage" class="udrlinesmall"> Rules of Participation</a>.