Hi @HaniRouatbi1 

Welcome to the HP Support Community! We're here to help you get back up and running.

Thanks for sharing the full event details and your proactive steps—your clarity makes it much easier to guide you. Since you’ve already reset CMOS and toggled Secure Boot, we’ll now focus on deeper firmware and OS-level alignment.

The Secure Boot update failure on your HP Victus 15L (TG02-0000i) with Event IDs 1801 and 1796 is caused by a mismatch between Windows 11’s TPM-WMI update process and the system firmware’s ability to apply Secure Boot key updates. This can be resolved by refreshing the platform key structure and ensuring firmware and OS integrity.

Step-by-step actions to resolve Secure Boot update failures (0x800700c1)

1. Reflash BIOS with latest version—even if already on F.33
Reinstalling the same BIOS version can reinitialize Secure Boot variables:

• Visit the official HP support page for your model:
  HP Victus 15L TG02-0000i Drivers
• Download the BIOS update utility for Windows
• Run the installer and follow on-screen instructions
• After reboot, enter BIOS (F10) and confirm Secure Boot is enabled

2. Reset Secure Boot keys from BIOS
This clears and regenerates platform keys:

• Enter BIOS Setup (F10 at startup)
• Navigate to Security > Secure Boot Configuration
• Select Reset Secure Boot Keys to Factory Defaults
• Save and exit BIOS
• Boot into Windows and check Event Viewer again

3. Run Windows integrity checks
Ensure OS components can apply Secure Boot updates:

• Open Command Prompt as Administrator
• Run:sfc /scannow dism /online /cleanup-image /restorehealth
• Restart after completion

4. Confirm TPM and Secure Boot status in Windows

• Open Settings > Privacy & Security > Device Security
• Confirm Secure Boot and TPM are listed as active
• If TPM is not initialized, open tpm.msc and click Prepare TPM

5. Optional: Clear Secure Boot pending updates
If the error persists, you can clear pending Secure Boot updates using PowerShell:

• Open PowerShell as Administrator
• Run:Confirm-SecureBootUEFI
• If it returns True, Secure Boot is active
• Then run:Get-SecureBootPolicy | Remove-SecureBootPolicy
• Reboot and check Event Viewer

Let me know how the system responds after these steps. You’re doing everything right by addressing this early, and I’ll be here to guide you further if needed. This issue is solvable with firmware and OS alignment, and your system is well-positioned for a clean fix.

If my response helped, please mark it as an Accepted Solution! ✅ It helps others and spreads support. 💙 Also, tapping "Yes" on "Was this reply helpful?" makes a big difference! Thanks! 😊

Take care, and have an amazing day!

Regards, 

Hawks_Eye

Hi @Hawks_Eye, thank you for the detailed steps.

Before I reflash the BIOS, I need clarification on the correct file to use.
On the HP support page for my system, there are two different BIOS packages listed:

1. HP Consumer Desktop PC BIOS (ROM Family 89B5)

2. HP Consumer Desktop PC BIOS (ROM Family SSID 89B5)

Could you please confirm which one is appropriate for my Victus 15L TG02-0000i (491A7AV) 

Also, what is the functional difference between the ROM Family 89B5 package and the ROM Family SSID 89B5 package? I want to ensure I flash the correct firmware to avoid compatibility issues.

Thank you!

You are very welcome @HaniRouatbi1 

For your HP Victus 15L TG02-0000i (491A7AV), the correct BIOS package is the one labeled “HP Consumer Desktop PC BIOS (ROM Family SSID 89B5).” This matches your system’s specific SSID and ensures compatibility with your motherboard configuration.

Understanding the difference: ROM Family vs. ROM Family SSID

• ROM Family 89B5 refers to a broader firmware family shared across multiple HP desktop models that use similar chipsets or board layouts.
   
• ROM Family SSID 89B5 is more specific—it includes the System SKU ID (SSID), which directly maps to your system’s exact hardware configuration (in your case, 491A7AV).
   

Using the SSID-specific BIOS ensures that the firmware aligns precisely with your system board’s embedded controller, thermal tables, and Secure Boot key structure. This is especially important when resolving Secure Boot update failures like Event 1801/1796.

What to do next

1. Visit the HP Victus 15L TG02-0000i driver page
    
2. Under BIOS, download the package labeled:
   • HP Consumer Desktop PC BIOS (ROM Family SSID 89B5)
      
3. Run the installer in Windows and follow the on-screen instructions
    
4. After reboot, enter BIOS (F10) and confirm Secure Boot is enabled
    

This reflash will help reinitialize Secure Boot variables and align firmware with Windows 11’s TPM-WMI update process.

Let me know how the system behaves after the update—we’ll continue refining from there if needed. You’re doing everything right by verifying before flashing.

If my response helped, please mark it as an Accepted Solution! ✅ It helps others and spreads support. 💙 Also, tapping "Yes" on "Was this reply helpful?" makes a big difference! Thanks! 😊

Take care, and have an amazing day!

Regards, 

Hawks_Eye

Hi @Hawks_Eye, thanks for the clarification.

I have one important detail to add:

My current BIOS version F.33 was delivered through Windows Update (WU).
On the HP support page, the SSID BIOS shows version F.30, which is older than the F.33 installed by WU.

Before I proceed, could you please confirm: Is it safe to downgrade from the WU-delivered F.33 to the SSID F.30?

Thanks again for your help — just want to double-check before flashing.

Thanks for the update @HaniRouatbi1 

Thank you for raising this important detail—I completely understand your caution here. You’ve done the right thing by pausing before flashing, because BIOS versions must align carefully with your system’s hardware and Secure Boot configuration.

Key points about BIOS versions

• Windows Update-delivered BIOS (F.33): This is a newer revision pushed through Microsoft’s update channel. It may include changes not yet reflected on HP’s support page.
• HP Support Page BIOS (F.30, SSID 89B5): This is the officially posted package for your exact system SKU (491A7AV). It is guaranteed to match your board’s SSID and embedded controller.

On downgrading BIOS

• In general, downgrading BIOS is not recommended unless HP explicitly provides rollback instructions.
• Moving from F.33 back to F.30 could remove fixes or introduce incompatibilities, especially with Secure Boot and TPM updates.
• Since your current BIOS (F.33) was delivered through Windows Update, it is already validated for your platform. The mismatch you’re seeing is more likely due to Secure Boot key variables rather than the BIOS version itself.

Safer path forward

1. Do not downgrade to F.30—stay on F.33.
2. Instead, reflash F.33 using the same installer (if available) to reinitialize Secure Boot variables.
   • If HP’s support page doesn’t list F.33 yet, wait until it appears there before reflashing.
3. In the meantime, proceed with the other steps:
   • Reset Secure Boot keys to factory defaults in BIOS.
   • Run sfc /scannow and dism /restorehealth to ensure OS integrity.
   • Confirm TPM and Secure Boot status in Windows.

Why this matters

Your system is already on the latest firmware (F.33). The safest approach is to refresh Secure Boot keys and OS integrity checks rather than downgrading. Once HP posts F.33 on the support page, you can reflash it to align firmware variables cleanly.

You’ve been very thorough and careful, which is exactly the right approach with firmware. Would you like me to walk you through the Secure Boot key reset process in BIOS step by step, so you can try that immediately without touching the BIOS version?

Thanks,

Hawks_Eye

Hi @Hawks_Eye, thanks again for the detailed explanation.
Before proceeding, I want to confirm one last point:
I don’t actually know whether the F.33 BIOS that Windows Update installed is from the generic ROM family or the SSID-specific branch. If this detail doesn’t matter for the Secure Boot steps, we can go ahead but if it does matter, could you please tell me how to check whether my current F.33 BIOS is SSID-matched or not?
Once we confirm that, I’m ready to start with the Secure Boot key reset.
Please guide me through the step-by-step process when you’re ready.
Thanks again for your support!