• ×
    Information
    Need Windows 11 help?
    Check documents on compatibility, FAQs, upgrade information and available fixes.
    Windows 11 Support Center.
  • post a message
  • ×
    Information
    Need Windows 11 help?
    Check documents on compatibility, FAQs, upgrade information and available fixes.
    Windows 11 Support Center.
  • post a message
Guidelines
Join the HP Community Solve‑a‑thon | Help Others & Share Your Solutions | Live on Zoom | 2:30 PM to 2:30 AM IST | Every Wednesday Click here to know more
Check out our WINDOWS 11 Support Center info about: OPTIMIZATION, KNOWN ISSUES, FAQs, VIDEOS AND MORE.

‎05-26-2026 04:47 AM - edited ‎05-26-2026 05:39 AM

HP Recommended

I'm trying to update a number of HP laptops and desktops with the new secure boot certificates but I'm having problems with the update process and the BIOS settings.

 

I'd say we have two groups of devices

Newer devices (Eg, 840 G11) have extra BIOS settings for managing secure boot certificates:

Windows UEFI CA 2023

Microsoft Option ROM UEFI CA 2023

Microsoft UEFI CA 2023

Enable MS UEFI key

 

Older devices like 840 G8 does not have these. On the newer devices the cert install appears to fail if all those settings are not enabled. On some devices causing bitlocker recovery.  What's odd is how different devices seem to have these set differently which is making managing this a bit of a headache. 

 

We then have a lot of older devices, like the G8, that do not have this setting but still seems to be in stuck in a loop of not completing the cert install. The most common issue there is pending a reboot for the cert install that never goes away (This happens on the newer devices but goes away once you enable those settings).


Is anyone else seeing this? What options do you have for those settings? What have you done on older devices like 840 G8 and G9 etc?

Reply
2 REPLIES 2

‎05-26-2026 09:19 AM

HP Recommended

OK so looks like the 4 settings are only available on devices that have updated their BIOS with a version released after April. That will be why I'm not seeing the setting on all devices but doesn't explain why I'm seeing a mix of why devices seem to have different settings enabled.

I've had some 840 G11s that needed all 4 enabled before the cert install and other G11s with only 2 of the settings enabled but have already completed the install. Also doesn't help with the older versions that are failing to install.

Reply
Was this reply helpful? Yes No

‎05-26-2026 09:37 AM

HP Recommended

Hi @Frey228 

 

Those options are available in a BIOS version that was removed due to issues with BitLocker. New versions will be released between June and July. For the models I've already updated, please check the following link; you don't need to have all the options enabled.

 

All HP Commercial and Workstation Computers – Computer Stuck in BitLocker Recovery Loop After Updati...

Reply
Was this reply helpful? Yes No
Warning
Be alert for scammers posting fake support phone numbers and/or email addresses on the community.
If you think you have received a fake HP Support message, please report it to us by clicking on "Flag Post".
† The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.
Didn't find what you were looking for? Ask the community
† The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the <a href="https://www8.hp.com/us/en/terms-of-use.html" class="udrlinesmall">Terms of Use</a> and <a href="/t5/custom/page/page-id/hp.rulespage" class="udrlinesmall"> Rules of Participation</a>.