@nathsan01, Welcome to HP Support Community,

Thank you for posting your query; I’m here to help by guiding you through steps to resolve this issue

Thank you for providing such a thorough and detailed account of the issue you're facing with your HP Omen 30L Desktop. I understand how frustrating it can be when Secure Boot isn’t functioning correctly, especially with it impacting game performance and security.

Here are the steps I would recommend to resolve this issue:

Re-verify BIOS Version F.23

Even though you’ve already reflashed to BIOS F.23, we recommend re-checking the HP website to see if a newer version (or even a Beta BIOS) has been released since your last update. Occasionally, newer firmware releases may resolve issues like this one, or offer a fix specific to your motherboard (Board ID 8876).

Check HP Support for any newer BIOS versions or related updates.

Check Secure Boot Configuration from the HP Omen Control Panel

The HP Omen series may have additional proprietary settings in the Omen Control software. I would suggest verifying if there are any settings in the Omen Control Panel related to Secure Boot or UEFI settings that could influence BIOS behavior.

Open the Omen Control Panel and check for any additional options or updates related to Secure Boot or UEFI.

Reset BIOS to Default Settings Manually

Since the "Load HP Factory Default Keys" isn’t fully enrolling the Secure Boot keys and resets to a non-functional state, I recommend performing a full reset to default BIOS settings manually:

Power off the system.

Hold the Power Button for 10-15 seconds to ensure complete discharge of power.

Boot into BIOS and manually reset settings to Default/Optimized Defaults.

After this, manually enable Secure Boot and see if the Platform Key is enrolled after a reboot.

Ensure TPM Settings in BIOS are Correct

Since TPM is involved in the Secure Boot process, ensure that the TPM settings in the BIOS are configured correctly.

Check Security or Advanced menu in BIOS and ensure that TPM is Enabled and Active.

If TPM settings are incorrectly configured, it could prevent Secure Boot from being enabled properly.

I hope this helps.

Please feel free to reply here if you have any questions or if you need further clarification on any of the steps. 

Take care and have a good day. 

Did we resolve the issue? If yes, please consider marking this post as "Accepted Solution" and click "Yes" to give us a helpful vote - your feedback keeps us going!

Regards,

Thank you for the suggestions. I’ve already tried the recommended steps:

• BIOS F.23 has been reflashed multiple times; rollback was rejected.
• Omen Control Panel has no Secure Boot/UEFI options.
• BIOS was reset to defaults and TPM verified as enabled/active.
• Despite this, the BIOS still reports:
  
• Platform Key: Not Enrolled
• Secure Boot Key Database is Empty
• Attempting Load HP Factory Default Keys does not populate PK/KEK/db/dbx databases.
• Event Viewer repeatedly logs:
  
• TPM-WMI 1796 (Secure Boot variable update failed)
• SCEP/AIK enrollment errors tied to missing Secure Boot keys.
• Windows Update telemetry confirms: “Secure Boot CA/keys need to be updated.” 
  
• This confirms the root cause is not configuration, but a firmware-level defect in BIOS F.23 for board 8876.

This is what I have compiled when I checked in powershell as admin:
Unfortunately, I don't think updating KB5036210 will do anything because it would silently skip because there's no Secure Boot db to modify. Since my Secure Boot key database is empty, will HP release a BIOS patch for board 8876 that will properly provision the Platform Key and Secure Boot Keys?

i have a simullar problem  i load factory keys and it says next boot factroy keys  then i go back to windows and it says secure boot off i do the same and the PK is empty and its like a loop and i cant fix it

Hey @nathsan01, 

Thanks for reaching out! Since the issue remains unresolved, I suggest contacting our phone/chat support team for personalized assistance. They can provide one-on-one help and may even be able to work their remote assistance magic to fix the problem.

Note: There might be a nominal charge for the service they provide.

Regards,

Okay, thanks for the offer but absolutely not. I am not paying for an HP “tech support service” when they will do everything that I have already tried and in the end tell me they can’t do anything until HP releases a BIOS update that will have my PKs enrolled. I’m tired of the constant issues that I’ve had over the years with this computer and having to fix it over and over again by myself. On the bright side, at least I’ve learned a lot about troubleshooting computers thanks to this HP desktop. This is the end of the line for me with HP products.