Hello AndreaMarc,
Thank you for reaching out to the Hp community. I would be delighted to assist you. Superb description and terrific troubleshooting. Kudos to you for that. 

The value 0x40 or 0x400 represents bit flags that correspond to available secure boot updates or update stages.

Secure Boot variables are stored in firmware (UEFI), not just Windows registry.
The registry merely reflects or caches state information. Editing it will not fix the underlying issue and may desync registry and firmware data.

The error 0x800700c1 (“Invalid image format”) in Event ID 1796 (TPM-WMI) occurs when the firmware rejects a Secure Boot variable update payload — usually due to a mismatch between UEFI implementation and the update content (often from KB5058411 in this case).

Microsoft is aware of this behavior in 24H2 Insider and production builds — it’s benign in most cases and does not disable Secure Boot or affect TPM integrity.

Do not manually modify registry values under SecureBoot.

Ensure your UEFI firmware is updated to the latest version for your HP model (HP releases firmware microcode updates that improve Secure Boot handling).

If the TPM-WMI 1796 errors persist after future cumulative updates (e.g., November 2025 Patch Tuesday), they will likely be resolved automatically once Microsoft syncs the Secure Boot DBX update pipeline.

Optionally, you can clear and re-enroll Secure Boot keys via BIOS/UEFI (only if you’re comfortable and have recovery media).

Keep AvailableUpdates as 0x400.

Do not manually edit it.

The Event ID 1796 TPM-WMI errors after KB5058411 are a known cosmetic issue not a functional fault. Secure Boot still works fine.