• ×
    Information
    Need Windows 11 help?
    Check documents on compatibility, FAQs, upgrade information and available fixes.
    Windows 11 Support Center.
  • post a message
  • ×
    Information
    Need Windows 11 help?
    Check documents on compatibility, FAQs, upgrade information and available fixes.
    Windows 11 Support Center.
  • post a message
Guidelines
Join the HP Community Solve‑a‑thon | Help Others & Share Your Solutions | Live on Zoom | 2:30 PM to 2:30 AM IST | Every Wednesday Click here to know more
Check out our WINDOWS 11 Support Center info about: OPTIMIZATION, KNOWN ISSUES, FAQs, VIDEOS AND MORE.

‎05-01-2026 05:25 AM

HP Recommended

I’m trying to apply the Secure Boot 2023 certificate update (UEFI CA 2023) on my system, but it does not complete.

System details:

  • Device: HP EliteBook 840 G8
  • BIOS Version: 01.23.00 (Nov 2025)
  • OS: Windows 11 (fully updated)
Current state:
  • Secure Boot: Enabled
  • TPM: “Ready for use”
  • UEFICA2023Status: InProgress
What I have tried:

  1. Ran the scheduled task manually:

    Start-ScheduledTask -TaskName "\Microsoft\Windows\PI\Secure-Boot-Update"
  2. Restarted the system multiple times (including double reboot cycle)
  3. Waited after running the task before rebooting
  4. Ensured BIOS is updated to the latest version
  5. Verified Secure Boot is enabled and system is in standard mode
Verification result:
The following check returns False, indicating the update is not applied:
[System.Text.Encoding]::ASCII.GetString((Get-SecureBootUEFI db).bytes) -match 'Windows UEFI CA 2023'
Event Viewer logs:
I consistently see TPM-WMI errors when running the task:
  • Event ID 1796
  • Event ID 1801

These appear during attempts to apply the Secure Boot update.

Issue:
It seems Windows is scheduling and attempting the update, but the firmware is not committing it. The status remains stuck at InProgress, and the UEFI CA 2023 certificate is not present.
Question:
  • Is this expected behavior on certain firmware (e.g., HP Sure Start systems)?
  • Does Event ID 1796 indicate firmware rejection of the Secure Boot update?
  • Is there any way to force the update, or is this dependent on a future BIOS/firmware update?
Any clarification would be appreciated.
Reply
Warning
Be alert for scammers posting fake support phone numbers and/or email addresses on the community.
If you think you have received a fake HP Support message, please report it to us by clicking on "Flag Post".
† The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.
Didn't find what you were looking for? Ask the community
† The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the <a href="https://www8.hp.com/us/en/terms-of-use.html" class="udrlinesmall">Terms of Use</a> and <a href="/t5/custom/page/page-id/hp.rulespage" class="udrlinesmall"> Rules of Participation</a>.