It appears I've been getting TPM-WMI errors for at least 6 months in the Windows System Event Log.
Most of the recent ones look like:
"The Secure Boot update failed to update SBAT with error Unknown HResult Error code: 0x800700c1. For more information, please see https://go.microsoft.com/fwlink/?linkid=2169931"
Event ID 1796.
I get the above twice daily, usually within seconds of each other.
But I do get an occasional (every few days):
"Updated Secure Boot certificates are available on this device but have
not yet been applied to the firmware. Review the published guidance to complete the update and maintain full protection. This device signature information is included here.
DeviceAttributes: FirmwareManufacturer:Insyde;FirmwareVersion:F.09;OEMModelBaseBoard:8DBC;OEMManufacturerName:HP;OSArchitecture:amd64;
BucketId:
ab2d867cad4d48a4bf96b8b06e9bbc2c5b6eb307038992e2ded7d5ee8ce79a89 BucketConfidenceLevel: Under Observation - More Data Needed
UpdateType:
For more information, please see https://go.microsoft.com/fwlink/?linkid=2301018."
Event ID 1801.
Laptop is an HP 17t-cn400 that I bought new last year. Win 11 Home 24H2.
The laptop appears to be running fine so I have not really felt the need
to pursue a fix. If it ain't broke, don't fix it.
But should I be doing something to fix this?
On Fri, 4/17/2026 11:06 AM, Dennis wrote:
It appears I've been getting TPM-WMI errors for at least 6 months in the
Windows System Event Log.
Most of the recent ones look like:
"The Secure Boot update failed to update SBAT with error Unknown HResult
Error code: 0x800700c1. For more information, please see
https://go.microsoft.com/fwlink/?linkid=2169931"
Event ID 1796.
I get the above twice daily, usually within seconds of each other.
But I do get an occasional (every few days):
"Updated Secure Boot certificates are available on this device but have
not yet been applied to the firmware. Review the published guidance to
complete the update and maintain full protection. This device signature
information is included here.
DeviceAttributes:
FirmwareManufacturer:Insyde;FirmwareVersion:F.09;OEMModelBaseBoard:8DBC;OEMManufacturerName:HP;OSArchitecture:amd64;
BucketId:
ab2d867cad4d48a4bf96b8b06e9bbc2c5b6eb307038992e2ded7d5ee8ce79a89
BucketConfidenceLevel: Under Observation - More Data Needed
UpdateType:
For more information, please see
https://go.microsoft.com/fwlink/?linkid=2301018."
Event ID 1801.
Laptop is an HP 17t-cn400 that I bought new last year. Win 11 Home 24H2.
The laptop appears to be running fine so I have not really felt the need
to pursue a fix. If it ain't broke, don't fix it.
But should I be doing something to fix this?
Start by making sure the BIOS is updated. The Insyde BIOS has some bugs >listed against it, and there was also a BlackLotus fix being propagated
by firmware updates (two of the three machines in the room are updated
for that).
I tried typing your machine model info this page, but am getting
page not found. If you use the serial number, that may coax
this page to work. While most of the time, BIOS updates are cumulative
and only the last one needs to be installed, check for any notes or warnings >indicating otherwise. (You can change the ca-en to en-us if you want.)
https://support.hp.com/ca-en/drivers/laptops
I'm getting similar messages ("SBAT") on the Test Machine. The Test Machine has--
a BIOS which can attest when a TPM 1.x module is plugged in, but the
BIOS code does not handle TPM 2.0 . I could not buy a module in any case,
as the type needed is no longer made (LPM type versus SPI type). Yet, >Microsoft seems to be puttering around with the keys (there is no point).
I'm pretty sure some OS attempted to turn on Secure Boot by itself,
because *I* know Secure Boot *cannot* work on the machine and why
would I have taken the stupid machine off the "Other OS" setting
which equals Secure Boot = OFF ? The machine has, as its main SSD pair,
a Windows 7 OS (and a Win10 and a Win11), and that definitely
takes "Other OS" setting or Win7 won't boot. I do my email on Win7.
Since your machine is in support, flash up the BIOS first.
That should give you an entirely different set of error
messages because... well, you know the drill.
This activity is a lot like buying a car and needing a
copy of the ignition computer source code, to keep the
car running.
Paul
On Sat, 18 Apr 2026 03:32:36 -0400, Paul <nospam@needed.invalid> wrote:
On Fri, 4/17/2026 11:06 AM, Dennis wrote:
It appears I've been getting TPM-WMI errors for at least 6 months in the >>> Windows System Event Log.
Most of the recent ones look like:
"The Secure Boot update failed to update SBAT with error Unknown HResult >>> Error code: 0x800700c1. For more information, please see
https://go.microsoft.com/fwlink/?linkid=2169931"
Event ID 1796.
I get the above twice daily, usually within seconds of each other.
But I do get an occasional (every few days):
"Updated Secure Boot certificates are available on this device but have
not yet been applied to the firmware. Review the published guidance to
complete the update and maintain full protection. This device signature
information is included here.
DeviceAttributes:
FirmwareManufacturer:Insyde;FirmwareVersion:F.09;OEMModelBaseBoard:8DBC;OEMManufacturerName:HP;OSArchitecture:amd64;
BucketId:
ab2d867cad4d48a4bf96b8b06e9bbc2c5b6eb307038992e2ded7d5ee8ce79a89
BucketConfidenceLevel: Under Observation - More Data Needed
UpdateType:
For more information, please see
https://go.microsoft.com/fwlink/?linkid=2301018."
Event ID 1801.
Laptop is an HP 17t-cn400 that I bought new last year. Win 11 Home 24H2. >>>
The laptop appears to be running fine so I have not really felt the need >>> to pursue a fix. If it ain't broke, don't fix it.
But should I be doing something to fix this?
Start by making sure the BIOS is updated. The Insyde BIOS has some bugs
listed against it, and there was also a BlackLotus fix being propagated
by firmware updates (two of the three machines in the room are updated
for that).
I tried typing your machine model info this page, but am getting
page not found. If you use the serial number, that may coax
this page to work. While most of the time, BIOS updates are cumulative
and only the last one needs to be installed, check for any notes or warnings >> indicating otherwise. (You can change the ca-en to en-us if you want.)
https://support.hp.com/ca-en/drivers/laptops
I tried my serial number and product number (B23HQAV), and still got
page not found. I logged in with my HP id/pw. It listed my products
(laptop and printer). When I clicked on my laptop I got a page not
found.
When I fire up HP Support Assistant it shows 3 updates available ... a
LAN driver, connection optimizer, and Hardware Diagnostics UEFI. No BIOS update.
I downloaded and installed the Hardware Diagnostics UEFI update. I then
ran it and clicked the BIOS-System Firmware Update link. It gave me the spinning wheel and finally returned "Up to Date".
On Sat, 4/18/2026 6:35 AM, Dennis wrote:
On Sat, 18 Apr 2026 03:32:36 -0400, Paul <nospam@needed.invalid> wrote:
On Fri, 4/17/2026 11:06 AM, Dennis wrote:
It appears I've been getting TPM-WMI errors for at least 6 months in the >>>> Windows System Event Log.
Most of the recent ones look like:
"The Secure Boot update failed to update SBAT with error Unknown HResult >>>> Error code: 0x800700c1. For more information, please see
https://go.microsoft.com/fwlink/?linkid=2169931"
Event ID 1796.
I get the above twice daily, usually within seconds of each other.
But I do get an occasional (every few days):
"Updated Secure Boot certificates are available on this device but have >>>> not yet been applied to the firmware. Review the published guidance to >>>> complete the update and maintain full protection. This device signature >>>> information is included here.
DeviceAttributes:
FirmwareManufacturer:Insyde;FirmwareVersion:F.09;OEMModelBaseBoard:8DBC;OEMManufacturerName:HP;OSArchitecture:amd64;
BucketId:
ab2d867cad4d48a4bf96b8b06e9bbc2c5b6eb307038992e2ded7d5ee8ce79a89
BucketConfidenceLevel: Under Observation - More Data Needed
UpdateType:
For more information, please see
https://go.microsoft.com/fwlink/?linkid=2301018."
Event ID 1801.
Laptop is an HP 17t-cn400 that I bought new last year. Win 11 Home 24H2. >>>>
The laptop appears to be running fine so I have not really felt the need >>>> to pursue a fix. If it ain't broke, don't fix it.
But should I be doing something to fix this?
Start by making sure the BIOS is updated. The Insyde BIOS has some bugs
listed against it, and there was also a BlackLotus fix being propagated
by firmware updates (two of the three machines in the room are updated
for that).
I tried typing your machine model info this page, but am getting
page not found. If you use the serial number, that may coax
this page to work. While most of the time, BIOS updates are cumulative
and only the last one needs to be installed, check for any notes or warnings
indicating otherwise. (You can change the ca-en to en-us if you want.)
https://support.hp.com/ca-en/drivers/laptops
I tried my serial number and product number (B23HQAV), and still got
page not found. I logged in with my HP id/pw. It listed my products
(laptop and printer). When I clicked on my laptop I got a page not
found.
When I fire up HP Support Assistant it shows 3 updates available ... a
LAN driver, connection optimizer, and Hardware Diagnostics UEFI. No BIOS
update.
I downloaded and installed the Hardware Diagnostics UEFI update. I then
ran it and clicked the BIOS-System Firmware Update link. It gave me the
spinning wheel and finally returned "Up to Date".
Since I can't even fix my own UEFI key issues (on the machine across from me), >there's no evidence I know how to fix these :-) Let's ask CoPilot.
************* CoPilot Question ****************
HP 17t-cn400 laptop
Event ID 1796
"The Secure Boot update failed to update SBAT"
Error code: 0x800700c1
Event ID 1801
"Updated Secure Boot certificates are available on this device but have
not yet been applied to the firmware"
DeviceAttributes:
FirmwareManufacturer: Insyde
FirmwareVersion: F.09
OEMModelBaseBoard: 8DBC
OEMManufacturerName: HP
OSArchitecture: amd64
BucketId: ab2d867cad4d48a4bf96b8b06e9bbc2c5b6eb307038992e2ded7d5ee8ce79a89
BucketConfidenceLevel: Under Observation - More Data Needed
UpdateType:
The HP support page is missing, and there is no obvious
way to apply any BIOS update file to the machine. Even when
the machine serial number is entered in the support page,
there is no match.
The machine currently boots, but the concern is that it
may not boot later in the year 2026.
What would be your recommended procedure be for correcting
these secure boot observations ?
************* CoPilot Answer ****************
**Short answer:** <=== Hah!
Your HP 17t?cn400 is failing the Secure Boot certificate update because the >firmware (Insyde F.09) is not yet accepting MicrosoftAs 2026 SBAT/DBX updates.
HPAs own guidance indicates that many 2022u2023 platforms require a BIOS update
*before* Windows can successfully apply the new Secure Boot certificates. Since
HPAs support page for your exact model is missing, the safest and most reliable path is:
**1. Confirm whether your model is in HPAs list of platforms requiring a BIOS update.**
**2. If it is, obtain the correct BIOS SoftPaq from HP (even if not listed on the public page).**
**3. Reset Secure Boot keys and temporarily disable HP Sure Start Secure Boot Keys Protection if needed.**
**4. Allow Windows to retry the SBAT/DBX update after the firmware is updated.**
Below is a structured, evidence-based breakdown.
---
## Why the errors are happening
Two Windows events are key:
- **Event 1796:** oSecure Boot update failed to update SBATo (0x800700c1)
- **Event 1801:** oUpdated Secure Boot certificates are available but have not yet been applied to the firmwareo
These exact symptoms are widely reported on HP systems where:
- Windows has the new Secure Boot certificates ready
- But the firmware **does not yet support** the new SBAT/DBX update path
- Or HP Sure Start is blocking key updates
This matches HPAs own support discussions, where users with similar HP firmware (Insyde?based)
see the same 0x800700c1 failure.
[HP Support Community]
https://h30434.www3.hp.com/t5/Desktop-Hardware-and-Upgrade-Questions/How-are-you-supposed-to-update-to-the-new-Secure-Boot/td-p/9592204
https://h30434.www3.hp.com/t5/Notebook-Operating-System-and-Recovery/Secure-boot-cerificates-not-applied-to-firmware/td-p/9618589
Microsoft confirms that Secure Boot certificate servicing requires cooperation >from the OEM firmware, and failures often occur when the firmware is not yet >updated to accept the new certificate chain.
[Microsoft Support]
https://support.microsoft.com/en-us/topic/secure-boot-troubleshooting-guide-5d1bf6b4-7972-455a-a421-0184f1e1ed7d
HP also confirms that **all Secure Boot-enabled HP PCs from 2018u2025
require BIOS updates** to prepare for the 2026 certificate expiration.
[HP Support] https://support.hp.com/document/ish_13070353-13070429-16
Your HP 17t?cn400 is a 2023?era consumer model, so it falls squarely in
the group that *should* receive a BIOS update before September 30, 2025.
---
## Recommended procedure (practical and ordered)
### **1. Verify whether HP has assigned your model a required BIOS version**
HP maintains a list of affected platforms and minimum BIOS versions for the 2026 certificate transition.
HP states that 2022u2023 platforms are scheduled to receive BIOS updates by **September 30, 2025**.
[HP Support] https://support.hp.com/document/ish_13070353-13070429-16
Since your support page is missing, this strongly suggests HP has not yet >published the SoftPaq for your model.
**Action:**
Contact HP support directly and request the BIOS SoftPaq for model
baseboard **8DBC** (your board ID).
HP support agents in similar cases request the serial number privately and >provide the correct firmware.
[HP Support Community]
https://h30434.www3.hp.com/t5/Notebook-Operating-System-and-Recovery/Secure-boot-cerificates-not-applied-to-firmware/td-p/9618589
---
### **2. Once the BIOS update is available, install it**
HPAs own Secure Boot troubleshooting guidance emphasizes:
- Install the latest BIOS
- Then retry the Secure Boot certificate update
- Because the firmware must accept the new SBAT/DBX entries before Windows
can apply them
[HP Support Community]
https://h30434.www3.hp.com/t5/Desktop-Knowledge-Base/Secure-Boot-Violation-Error-on-HP-Commercial-Products/ta-p/9618247
---
### **3. Temporarily disable HP Sure Start Secure Boot Keys Protection**
HP Sure Start can block updates to Secure Boot keys.
HPAs official steps for Secure Boot update failures include:
- Enter BIOS (F10)
- **Disable oSure Start Secure Boot Keys Protectiono**
- Disable Secure Boot
- Reset Secure Boot keys to factory defaults
- Re?enable Secure Boot
[HP Support Community]
https://h30434.www3.hp.com/t5/Desktop-Knowledge-Base/Secure-Boot-Violation-Error-on-HP-Commercial-Products/ta-p/9618247
This is often required before Windows can apply the SBAT/DBX update.
---
### **4. Allow Windows to retry the SBAT/DBX update**
After firmware is updated and Sure Start is temporarily disabled:
- Windows will retry the Secure Boot update via its scheduled task
- The registry value `AvailableUpdates` should drop from a non?zero value to **0**
when successful
- Microsoft documents this progression explicitly
[Microsoft Support]
https://support.microsoft.com/en-us/topic/secure-boot-troubleshooting-guide-5d1bf6b4-7972-455a-a421-0184f1e1ed7d
---
### **5. Confirm the DBX/SBAT update applied**
Check:
C:\Windows\System32\SecureBootUpdates\dbxupdate.bin
HP notes that the file date should be July 11, 2025 or later for the
new certificate set.
[HP Support Community]
https://h30434.www3.hp.com/t5/Desktop-Knowledge-Base/Secure-Boot-Violation-Error-on-HP-Commercial-Products/ta-p/9618247
---
## What happens if you do nothing?
HP warns that **MicrosoftAs 2011 Secure Boot certificates expire between >JuneuOctober 2026**, and systems without updated firmware + updated certificates may:
- Fail to boot
- Lose Secure Boot protection
- Fail Windows boot manager validation
[HP Support] https://support.hp.com/document/ish_13070353-13070429-16
Your concern about 2026 bootability is valid.
---
## Why your support page is missing
This is happening to multiple HP models right now. HP is in the middle of >publishing BIOS updates for the 2026 certificate transition. Several models >temporarily have missing or incomplete support pages while HP updates their catalog.
This is consistent with other HP users reporting missing pages and incomplete BIOS listings in 2025u2026.
---
## Final recommended path (clear and actionable)
1. **Contact HP Support** with your serial number and baseboard ID (8DBC)
and request the BIOS SoftPaq required for the 2026 Secure Boot certificate transition.
2. **Install the BIOS update** once provided.
3. In BIOS:
- Disable **Sure Start Secure Boot Keys Protection**
- Disable Secure Boot
- Reset Secure Boot keys to factory defaults
- Re?enable Secure Boot
4. **Reboot and allow Windows to retry** the SBAT/DBX update.
5. Confirm AvailableUpdates = 0 and that the DBX file is updated.
This is the only reliable way to ensure your system will continue to boot securely in 2026.
************* End - CoPilot Answer ****************
I would add a couple comments to this. As far as I'm concerned,
the state of the HP Support page indicates this is an ODM-manufactured
model where HP added zero value. The end result, is HP has no staff
preparing support materials. The LLM-AI seems to have some sort of
rosy picture of how manufacturing works in 2026.
To give an example, a family member had a portable clothes washer with >leaking hoses. The support page (from the "North America" manufacturer)
had an "exploded diagram" where the hose interface (two hoses) were
missing. There was no usable information as to how to access the hose
clamps or get the thing apart. This happens, because a Chinese firm made
the item, without any help at all, and the North America operation is
a "box shifting" operation who could not get out of their own way.
ODM stuff is fine, with the right helpful touches by somebody to make
it look like some effort was put into it. When you see a "page missing" >situation, "where is the love" ? :-/
So I would take the naive world view the AI has, and ask HP Support directly >and see what happens when their staff get Page Not Found. Should be
good for a laugh. It's hard to say whether this identifier
baseboard ID (8DBC)
is going to show up on a Support computer script.
The second comment, would be about
Disable **Sure Start Secure Boot Keys Protection**
I would be willing to go that far, except my own experience with
"leaving the barn door open", is that it does not work. The status
of my machine did not change when I neutralized MOK. I restored MOK
and moved on. Don't delete the key store, unless the BIOS has a
dialog to save the four files stored in NVRAM. Since this is an
Insyde BIOS (I have one, it has a grand total of one setting inside),
I would not be expecting to see anything Secure Boot related at
any level of detail in there. There may not be a backup option in there. >Perhaps the HP App side of things, has a backup capability ?
Since the computer and OS seems to be actively pursuing this issue,
maybe you will be successful three days after the Disable Sure Start thing.
On Sat, 18 Apr 2026 10:20:08 -0400, Paul <nospam@needed.invalid> wrote:
On Sat, 4/18/2026 6:35 AM, Dennis wrote:
On Sat, 18 Apr 2026 03:32:36 -0400, Paul <nospam@needed.invalid> wrote:
On Fri, 4/17/2026 11:06 AM, Dennis wrote:
It appears I've been getting TPM-WMI errors for at least 6 months in the >>>>> Windows System Event Log.
Most of the recent ones look like:
"The Secure Boot update failed to update SBAT with error Unknown HResult >>>>> Error code: 0x800700c1. For more information, please see
https://go.microsoft.com/fwlink/?linkid=2169931"
Event ID 1796.
I get the above twice daily, usually within seconds of each other.
But I do get an occasional (every few days):
"Updated Secure Boot certificates are available on this device but have >>>>> not yet been applied to the firmware. Review the published guidance to >>>>> complete the update and maintain full protection. This device signature >>>>> information is included here.
DeviceAttributes:
FirmwareManufacturer:Insyde;FirmwareVersion:F.09;OEMModelBaseBoard:8DBC;OEMManufacturerName:HP;OSArchitecture:amd64;
BucketId:
ab2d867cad4d48a4bf96b8b06e9bbc2c5b6eb307038992e2ded7d5ee8ce79a89
BucketConfidenceLevel: Under Observation - More Data Needed
UpdateType:
For more information, please see
https://go.microsoft.com/fwlink/?linkid=2301018."
Event ID 1801.
Laptop is an HP 17t-cn400 that I bought new last year. Win 11 Home 24H2. >>>>>
The laptop appears to be running fine so I have not really felt the need >>>>> to pursue a fix. If it ain't broke, don't fix it.
But should I be doing something to fix this?
Start by making sure the BIOS is updated. The Insyde BIOS has some bugs >>>> listed against it, and there was also a BlackLotus fix being propagated >>>> by firmware updates (two of the three machines in the room are updated >>>> for that).
I tried typing your machine model info this page, but am getting
page not found. If you use the serial number, that may coax
this page to work. While most of the time, BIOS updates are cumulative >>>> and only the last one needs to be installed, check for any notes or warnings
indicating otherwise. (You can change the ca-en to en-us if you want.) >>>>
https://support.hp.com/ca-en/drivers/laptops
I tried my serial number and product number (B23HQAV), and still got
page not found. I logged in with my HP id/pw. It listed my products
(laptop and printer). When I clicked on my laptop I got a page not
found.
When I fire up HP Support Assistant it shows 3 updates available ... a
LAN driver, connection optimizer, and Hardware Diagnostics UEFI. No BIOS >>> update.
I downloaded and installed the Hardware Diagnostics UEFI update. I then
ran it and clicked the BIOS-System Firmware Update link. It gave me the
spinning wheel and finally returned "Up to Date".
Since I can't even fix my own UEFI key issues (on the machine across from me),
there's no evidence I know how to fix these :-) Let's ask CoPilot.
************* CoPilot Question ****************
HP 17t-cn400 laptop
Event ID 1796
"The Secure Boot update failed to update SBAT"
Error code: 0x800700c1
Event ID 1801
"Updated Secure Boot certificates are available on this device but have
not yet been applied to the firmware"
DeviceAttributes:
FirmwareManufacturer: Insyde
FirmwareVersion: F.09
OEMModelBaseBoard: 8DBC
OEMManufacturerName: HP
OSArchitecture: amd64
BucketId: ab2d867cad4d48a4bf96b8b06e9bbc2c5b6eb307038992e2ded7d5ee8ce79a89
BucketConfidenceLevel: Under Observation - More Data Needed
UpdateType:
The HP support page is missing, and there is no obvious
way to apply any BIOS update file to the machine. Even when
the machine serial number is entered in the support page,
there is no match.
The machine currently boots, but the concern is that it
may not boot later in the year 2026.
What would be your recommended procedure be for correcting
these secure boot observations ?
************* CoPilot Answer ****************
**Short answer:** <=== Hah!
Your HP 17t?cn400 is failing the Secure Boot certificate update because the >> firmware (Insyde F.09) is not yet accepting MicrosoftrCOs 2026 SBAT/DBX updates.
HPrCOs own guidance indicates that many 2022rCo2023 platforms require a BIOS update
*before* Windows can successfully apply the new Secure Boot certificates. Since
HPrCOs support page for your exact model is missing, the safest and most reliable path is:
**1. Confirm whether your model is in HPrCOs list of platforms requiring a BIOS update.**
**2. If it is, obtain the correct BIOS SoftPaq from HP (even if not listed on the public page).**
**3. Reset Secure Boot keys and temporarily disable HP Sure Start Secure Boot Keys Protection if needed.**
**4. Allow Windows to retry the SBAT/DBX update after the firmware is updated.**
Below is a structured, evidence-based breakdown.
---
## Why the errors are happening
Two Windows events are key:
- **Event 1796:** rCLSecure Boot update failed to update SBATrCY (0x800700c1)
- **Event 1801:** rCLUpdated Secure Boot certificates are available but have not yet been applied to the firmwarerCY
These exact symptoms are widely reported on HP systems where:
- Windows has the new Secure Boot certificates ready
- But the firmware **does not yet support** the new SBAT/DBX update path
- Or HP Sure Start is blocking key updates
This matches HPrCOs own support discussions, where users with similar HP firmware (Insyde?based)
see the same 0x800700c1 failure.
[HP Support Community]
https://h30434.www3.hp.com/t5/Desktop-Hardware-and-Upgrade-Questions/How-are-you-supposed-to-update-to-the-new-Secure-Boot/td-p/9592204
https://h30434.www3.hp.com/t5/Notebook-Operating-System-and-Recovery/Secure-boot-cerificates-not-applied-to-firmware/td-p/9618589
Microsoft confirms that Secure Boot certificate servicing requires cooperation
from the OEM firmware, and failures often occur when the firmware is not yet >> updated to accept the new certificate chain.
[Microsoft Support]
https://support.microsoft.com/en-us/topic/secure-boot-troubleshooting-guide-5d1bf6b4-7972-455a-a421-0184f1e1ed7d
HP also confirms that **all Secure Boot-enabled HP PCs from 2018rCo2025
require BIOS updates** to prepare for the 2026 certificate expiration.
[HP Support] https://support.hp.com/document/ish_13070353-13070429-16
Your HP 17t?cn400 is a 2023?era consumer model, so it falls squarely in
the group that *should* receive a BIOS update before September 30, 2025.
---
## Recommended procedure (practical and ordered)
### **1. Verify whether HP has assigned your model a required BIOS version** >>
HP maintains a list of affected platforms and minimum BIOS versions for the 2026 certificate transition.
HP states that 2022rCo2023 platforms are scheduled to receive BIOS updates by **September 30, 2025**.
[HP Support] https://support.hp.com/document/ish_13070353-13070429-16
Since your support page is missing, this strongly suggests HP has not yet
published the SoftPaq for your model.
**Action:**
Contact HP support directly and request the BIOS SoftPaq for model
baseboard **8DBC** (your board ID).
HP support agents in similar cases request the serial number privately and >> provide the correct firmware.
[HP Support Community]
https://h30434.www3.hp.com/t5/Notebook-Operating-System-and-Recovery/Secure-boot-cerificates-not-applied-to-firmware/td-p/9618589
---
### **2. Once the BIOS update is available, install it**
HPrCOs own Secure Boot troubleshooting guidance emphasizes:
- Install the latest BIOS
- Then retry the Secure Boot certificate update
- Because the firmware must accept the new SBAT/DBX entries before Windows >> can apply them
[HP Support Community]
https://h30434.www3.hp.com/t5/Desktop-Knowledge-Base/Secure-Boot-Violation-Error-on-HP-Commercial-Products/ta-p/9618247
---
### **3. Temporarily disable HP Sure Start Secure Boot Keys Protection** >> HP Sure Start can block updates to Secure Boot keys.
HPrCOs official steps for Secure Boot update failures include:
- Enter BIOS (F10)
- **Disable rCLSure Start Secure Boot Keys ProtectionrCY**
- Disable Secure Boot
- Reset Secure Boot keys to factory defaults
- Re?enable Secure Boot
[HP Support Community]
https://h30434.www3.hp.com/t5/Desktop-Knowledge-Base/Secure-Boot-Violation-Error-on-HP-Commercial-Products/ta-p/9618247
This is often required before Windows can apply the SBAT/DBX update.
---
### **4. Allow Windows to retry the SBAT/DBX update**
After firmware is updated and Sure Start is temporarily disabled:
- Windows will retry the Secure Boot update via its scheduled task
- The registry value `AvailableUpdates` should drop from a non?zero value to **0**
when successful
- Microsoft documents this progression explicitly
[Microsoft Support]
https://support.microsoft.com/en-us/topic/secure-boot-troubleshooting-guide-5d1bf6b4-7972-455a-a421-0184f1e1ed7d
---
### **5. Confirm the DBX/SBAT update applied**
Check:
C:\Windows\System32\SecureBootUpdates\dbxupdate.bin
HP notes that the file date should be July 11, 2025 or later for the
new certificate set.
[HP Support Community]
https://h30434.www3.hp.com/t5/Desktop-Knowledge-Base/Secure-Boot-Violation-Error-on-HP-Commercial-Products/ta-p/9618247
---
## What happens if you do nothing?
HP warns that **MicrosoftrCOs 2011 Secure Boot certificates expire between >> JunerCoOctober 2026**, and systems without updated firmware + updated certificates may:
- Fail to boot
- Lose Secure Boot protection
- Fail Windows boot manager validation
[HP Support] https://support.hp.com/document/ish_13070353-13070429-16
Your concern about 2026 bootability is valid.
---
## Why your support page is missing
This is happening to multiple HP models right now. HP is in the middle of
publishing BIOS updates for the 2026 certificate transition. Several models >> temporarily have missing or incomplete support pages while HP updates their catalog.
This is consistent with other HP users reporting missing pages and incomplete BIOS listings in 2025rCo2026.
---
## Final recommended path (clear and actionable)
1. **Contact HP Support** with your serial number and baseboard ID (8DBC)
and request the BIOS SoftPaq required for the 2026 Secure Boot certificate transition.
2. **Install the BIOS update** once provided.
3. In BIOS:
- Disable **Sure Start Secure Boot Keys Protection**
- Disable Secure Boot
- Reset Secure Boot keys to factory defaults
- Re?enable Secure Boot
4. **Reboot and allow Windows to retry** the SBAT/DBX update.
5. Confirm AvailableUpdates = 0 and that the DBX file is updated.
This is the only reliable way to ensure your system will continue to boot securely in 2026.
************* End - CoPilot Answer ****************
I would add a couple comments to this. As far as I'm concerned,
the state of the HP Support page indicates this is an ODM-manufactured
model where HP added zero value. The end result, is HP has no staff
preparing support materials. The LLM-AI seems to have some sort of
rosy picture of how manufacturing works in 2026.
To give an example, a family member had a portable clothes washer with
leaking hoses. The support page (from the "North America" manufacturer)
had an "exploded diagram" where the hose interface (two hoses) were
missing. There was no usable information as to how to access the hose
clamps or get the thing apart. This happens, because a Chinese firm made
the item, without any help at all, and the North America operation is
a "box shifting" operation who could not get out of their own way.
ODM stuff is fine, with the right helpful touches by somebody to make
it look like some effort was put into it. When you see a "page missing"
situation, "where is the love" ? :-/
So I would take the naive world view the AI has, and ask HP Support directly >> and see what happens when their staff get Page Not Found. Should be
good for a laugh. It's hard to say whether this identifier
baseboard ID (8DBC)
is going to show up on a Support computer script.
The second comment, would be about
Disable **Sure Start Secure Boot Keys Protection**
I would be willing to go that far, except my own experience with
"leaving the barn door open", is that it does not work. The status
of my machine did not change when I neutralized MOK. I restored MOK
and moved on. Don't delete the key store, unless the BIOS has a
dialog to save the four files stored in NVRAM. Since this is an
Insyde BIOS (I have one, it has a grand total of one setting inside),
I would not be expecting to see anything Secure Boot related at
any level of detail in there. There may not be a backup option in there.
Perhaps the HP App side of things, has a backup capability ?
Since the computer and OS seems to be actively pursuing this issue,
maybe you will be successful three days after the Disable Sure Start thing.
We have lift off!
I just went back to the HP driver download site and my product number is
now listed. What timing. I was able to download a driver (sp168565.exe).
The file is the same for 24H2 and 25H2, so I think I'll upgrade to 25H2 before messing with the BIOS.
This should take care of steps 1 & 2.
I'm a little confused by the LLM's step 3 instructions and your
concerns. I'll cross that bridge when I come to it. I'll play with 25H2
today and the BIOS tomorrow or Monday.
When I get the BIOS updated should I just let nature take its course and
wait a day or two for windows to retry the SBAT/DBX update?
Thanks Paul!
And that's one hell of a coincidence, the page coming back like that.
Maybe they actually check their server logs ? :-)
On Sat, 4/18/2026 1:36 PM, Dennis wrote:
On Sat, 18 Apr 2026 10:20:08 -0400, Paul <nospam@needed.invalid> wrote:
On Sat, 4/18/2026 6:35 AM, Dennis wrote:We have lift off!
On Sat, 18 Apr 2026 03:32:36 -0400, Paul <nospam@needed.invalid> wrote: >>>>
On Fri, 4/17/2026 11:06 AM, Dennis wrote:
It appears I've been getting TPM-WMI errors for at least 6 months in the >>>>>> Windows System Event Log.
Most of the recent ones look like:
"The Secure Boot update failed to update SBAT with error Unknown HResult >>>>>> Error code: 0x800700c1. For more information, please see
https://go.microsoft.com/fwlink/?linkid=2169931"
Event ID 1796.
I get the above twice daily, usually within seconds of each other. >>>>>>
But I do get an occasional (every few days):
"Updated Secure Boot certificates are available on this device but have >>>>>> not yet been applied to the firmware. Review the published guidance to >>>>>> complete the update and maintain full protection. This device signature >>>>>> information is included here.
DeviceAttributes:
FirmwareManufacturer:Insyde;FirmwareVersion:F.09;OEMModelBaseBoard:8DBC;OEMManufacturerName:HP;OSArchitecture:amd64;
BucketId:
ab2d867cad4d48a4bf96b8b06e9bbc2c5b6eb307038992e2ded7d5ee8ce79a89
BucketConfidenceLevel: Under Observation - More Data Needed
UpdateType:
For more information, please see
https://go.microsoft.com/fwlink/?linkid=2301018."
Event ID 1801.
Laptop is an HP 17t-cn400 that I bought new last year. Win 11 Home 24H2. >>>>>>
The laptop appears to be running fine so I have not really felt the need >>>>>> to pursue a fix. If it ain't broke, don't fix it.
But should I be doing something to fix this?
Start by making sure the BIOS is updated. The Insyde BIOS has some bugs >>>>> listed against it, and there was also a BlackLotus fix being propagated >>>>> by firmware updates (two of the three machines in the room are updated >>>>> for that).
I tried typing your machine model info this page, but am getting
page not found. If you use the serial number, that may coax
this page to work. While most of the time, BIOS updates are cumulative >>>>> and only the last one needs to be installed, check for any notes or warnings
indicating otherwise. (You can change the ca-en to en-us if you want.) >>>>>
https://support.hp.com/ca-en/drivers/laptops
I tried my serial number and product number (B23HQAV), and still got
page not found. I logged in with my HP id/pw. It listed my products
(laptop and printer). When I clicked on my laptop I got a page not
found.
When I fire up HP Support Assistant it shows 3 updates available ... a >>>> LAN driver, connection optimizer, and Hardware Diagnostics UEFI. No BIOS >>>> update.
I downloaded and installed the Hardware Diagnostics UEFI update. I then >>>> ran it and clicked the BIOS-System Firmware Update link. It gave me the >>>> spinning wheel and finally returned "Up to Date".
Since I can't even fix my own UEFI key issues (on the machine across from me),
there's no evidence I know how to fix these :-) Let's ask CoPilot.
************* CoPilot Question ****************
HP 17t-cn400 laptop
Event ID 1796
"The Secure Boot update failed to update SBAT"
Error code: 0x800700c1
Event ID 1801
"Updated Secure Boot certificates are available on this device but have
not yet been applied to the firmware"
DeviceAttributes:
FirmwareManufacturer: Insyde
FirmwareVersion: F.09
OEMModelBaseBoard: 8DBC
OEMManufacturerName: HP
OSArchitecture: amd64
BucketId: ab2d867cad4d48a4bf96b8b06e9bbc2c5b6eb307038992e2ded7d5ee8ce79a89
BucketConfidenceLevel: Under Observation - More Data Needed
UpdateType:
The HP support page is missing, and there is no obvious
way to apply any BIOS update file to the machine. Even when
the machine serial number is entered in the support page,
there is no match.
The machine currently boots, but the concern is that it
may not boot later in the year 2026.
What would be your recommended procedure be for correcting
these secure boot observations ?
************* CoPilot Answer ****************
**Short answer:** <=== Hah!
Your HP 17t?cn400 is failing the Secure Boot certificate update because the >>> firmware (Insyde F.09) is not yet accepting MicrosoftAs 2026 SBAT/DBX updates.
HPAs own guidance indicates that many 2022u2023 platforms require a BIOS update
*before* Windows can successfully apply the new Secure Boot certificates. Since
HPAs support page for your exact model is missing, the safest and most reliable path is:
**1. Confirm whether your model is in HPAs list of platforms requiring a BIOS update.**
**2. If it is, obtain the correct BIOS SoftPaq from HP (even if not listed on the public page).**
**3. Reset Secure Boot keys and temporarily disable HP Sure Start Secure Boot Keys Protection if needed.**
**4. Allow Windows to retry the SBAT/DBX update after the firmware is updated.**
Below is a structured, evidence-based breakdown.
---
## Why the errors are happening
Two Windows events are key:
- **Event 1796:** oSecure Boot update failed to update SBATo (0x800700c1) >>> - **Event 1801:** oUpdated Secure Boot certificates are available but have not yet been applied to the firmwareo
These exact symptoms are widely reported on HP systems where:
- Windows has the new Secure Boot certificates ready
- But the firmware **does not yet support** the new SBAT/DBX update path >>> - Or HP Sure Start is blocking key updates
This matches HPAs own support discussions, where users with similar HP firmware (Insyde?based)
see the same 0x800700c1 failure.
[HP Support Community]
https://h30434.www3.hp.com/t5/Desktop-Hardware-and-Upgrade-Questions/How-are-you-supposed-to-update-to-the-new-Secure-Boot/td-p/9592204
https://h30434.www3.hp.com/t5/Notebook-Operating-System-and-Recovery/Secure-boot-cerificates-not-applied-to-firmware/td-p/9618589
Microsoft confirms that Secure Boot certificate servicing requires cooperation
from the OEM firmware, and failures often occur when the firmware is not yet >>> updated to accept the new certificate chain.
[Microsoft Support]
https://support.microsoft.com/en-us/topic/secure-boot-troubleshooting-guide-5d1bf6b4-7972-455a-a421-0184f1e1ed7d
HP also confirms that **all Secure Boot-enabled HP PCs from 2018u2025
require BIOS updates** to prepare for the 2026 certificate expiration.
[HP Support] https://support.hp.com/document/ish_13070353-13070429-16
Your HP 17t?cn400 is a 2023?era consumer model, so it falls squarely in
the group that *should* receive a BIOS update before September 30, 2025. >>>
---
## Recommended procedure (practical and ordered)
### **1. Verify whether HP has assigned your model a required BIOS version**
HP maintains a list of affected platforms and minimum BIOS versions for the 2026 certificate transition.
HP states that 2022u2023 platforms are scheduled to receive BIOS updates by **September 30, 2025**.
[HP Support] https://support.hp.com/document/ish_13070353-13070429-16
Since your support page is missing, this strongly suggests HP has not yet >>> published the SoftPaq for your model.
**Action:**
Contact HP support directly and request the BIOS SoftPaq for model
baseboard **8DBC** (your board ID).
HP support agents in similar cases request the serial number privately and >>> provide the correct firmware.
[HP Support Community]
https://h30434.www3.hp.com/t5/Notebook-Operating-System-and-Recovery/Secure-boot-cerificates-not-applied-to-firmware/td-p/9618589
---
### **2. Once the BIOS update is available, install it**
HPAs own Secure Boot troubleshooting guidance emphasizes:
- Install the latest BIOS
- Then retry the Secure Boot certificate update
- Because the firmware must accept the new SBAT/DBX entries before Windows >>> can apply them
[HP Support Community]
https://h30434.www3.hp.com/t5/Desktop-Knowledge-Base/Secure-Boot-Violation-Error-on-HP-Commercial-Products/ta-p/9618247
---
### **3. Temporarily disable HP Sure Start Secure Boot Keys Protection** >>> HP Sure Start can block updates to Secure Boot keys.
HPAs official steps for Secure Boot update failures include:
- Enter BIOS (F10)
- **Disable oSure Start Secure Boot Keys Protectiono**
- Disable Secure Boot
- Reset Secure Boot keys to factory defaults
- Re?enable Secure Boot
[HP Support Community]
https://h30434.www3.hp.com/t5/Desktop-Knowledge-Base/Secure-Boot-Violation-Error-on-HP-Commercial-Products/ta-p/9618247
This is often required before Windows can apply the SBAT/DBX update.
---
### **4. Allow Windows to retry the SBAT/DBX update**
After firmware is updated and Sure Start is temporarily disabled:
- Windows will retry the Secure Boot update via its scheduled task
- The registry value `AvailableUpdates` should drop from a non?zero value to **0**
when successful
- Microsoft documents this progression explicitly
[Microsoft Support]
https://support.microsoft.com/en-us/topic/secure-boot-troubleshooting-guide-5d1bf6b4-7972-455a-a421-0184f1e1ed7d
---
### **5. Confirm the DBX/SBAT update applied**
Check:
C:\Windows\System32\SecureBootUpdates\dbxupdate.bin
HP notes that the file date should be July 11, 2025 or later for the
new certificate set.
[HP Support Community]
https://h30434.www3.hp.com/t5/Desktop-Knowledge-Base/Secure-Boot-Violation-Error-on-HP-Commercial-Products/ta-p/9618247
---
## What happens if you do nothing?
HP warns that **MicrosoftAs 2011 Secure Boot certificates expire between >>> JuneuOctober 2026**, and systems without updated firmware + updated certificates may:
- Fail to boot
- Lose Secure Boot protection
- Fail Windows boot manager validation
[HP Support] https://support.hp.com/document/ish_13070353-13070429-16 >>>
Your concern about 2026 bootability is valid.
---
## Why your support page is missing
This is happening to multiple HP models right now. HP is in the middle of >>> publishing BIOS updates for the 2026 certificate transition. Several models >>> temporarily have missing or incomplete support pages while HP updates their catalog.
This is consistent with other HP users reporting missing pages and incomplete BIOS listings in 2025u2026.
---
## Final recommended path (clear and actionable)
1. **Contact HP Support** with your serial number and baseboard ID (8DBC) >>> and request the BIOS SoftPaq required for the 2026 Secure Boot certificate transition.
2. **Install the BIOS update** once provided.
3. In BIOS:
- Disable **Sure Start Secure Boot Keys Protection**
- Disable Secure Boot
- Reset Secure Boot keys to factory defaults
- Re?enable Secure Boot
4. **Reboot and allow Windows to retry** the SBAT/DBX update.
5. Confirm AvailableUpdates = 0 and that the DBX file is updated.
This is the only reliable way to ensure your system will continue to boot securely in 2026.
************* End - CoPilot Answer ****************
I would add a couple comments to this. As far as I'm concerned,
the state of the HP Support page indicates this is an ODM-manufactured
model where HP added zero value. The end result, is HP has no staff
preparing support materials. The LLM-AI seems to have some sort of
rosy picture of how manufacturing works in 2026.
To give an example, a family member had a portable clothes washer with
leaking hoses. The support page (from the "North America" manufacturer)
had an "exploded diagram" where the hose interface (two hoses) were
missing. There was no usable information as to how to access the hose
clamps or get the thing apart. This happens, because a Chinese firm made >>> the item, without any help at all, and the North America operation is
a "box shifting" operation who could not get out of their own way.
ODM stuff is fine, with the right helpful touches by somebody to make
it look like some effort was put into it. When you see a "page missing"
situation, "where is the love" ? :-/
So I would take the naive world view the AI has, and ask HP Support directly
and see what happens when their staff get Page Not Found. Should be
good for a laugh. It's hard to say whether this identifier
baseboard ID (8DBC)
is going to show up on a Support computer script.
The second comment, would be about
Disable **Sure Start Secure Boot Keys Protection**
I would be willing to go that far, except my own experience with
"leaving the barn door open", is that it does not work. The status
of my machine did not change when I neutralized MOK. I restored MOK
and moved on. Don't delete the key store, unless the BIOS has a
dialog to save the four files stored in NVRAM. Since this is an
Insyde BIOS (I have one, it has a grand total of one setting inside),
I would not be expecting to see anything Secure Boot related at
any level of detail in there. There may not be a backup option in there. >>> Perhaps the HP App side of things, has a backup capability ?
Since the computer and OS seems to be actively pursuing this issue,
maybe you will be successful three days after the Disable Sure Start thing. >>
I just went back to the HP driver download site and my product number is
now listed. What timing. I was able to download a driver (sp168565.exe).
The file is the same for 24H2 and 25H2, so I think I'll upgrade to 25H2
before messing with the BIOS.
This should take care of steps 1 & 2.
I'm a little confused by the LLM's step 3 instructions and your
concerns. I'll cross that bridge when I come to it. I'll play with 25H2
today and the BIOS tomorrow or Monday.
When I get the BIOS updated should I just let nature take its course and
wait a day or two for windows to retry the SBAT/DBX update?
Thanks Paul!
I don't think you have to be super-aggressive. Give it a couple days to work >its magic and see if it needs additional help. Your plan sounds good.
And that's one hell of a coincidence, the page coming back like that.
Maybe they actually check their server logs ? :-)
It appears I've been getting TPM-WMI errors for at least 6 months in the Windows System Event Log.
Most of the recent ones look like:
"The Secure Boot update failed to update SBAT with error Unknown HResult Error code: 0x800700c1. For more information, please see https://go.microsoft.com/fwlink/?linkid=2169931"
Event ID 1796.
Hi Paul,
I upgraded to 25H2 and I flashed the BIOS to F.13 (dated Dec 2025)
without problem.
Afterwards I ran Windows Update. I looked at the Event log and still got
a 1796 and 1801. The 1801 listed FirmwareVersion:F.13 this time.
So I reviewed all the info you sent as well and looked at the links you
sent.
In https://support.hp.com/us-en/document/ish_13070353-13070429-16 I
found:
"HP PCs released 2024 and later already ship with the Windows UEFI CA
2023 certificate installed in the Secure Boot UEFI DB and do not require
a BIOS update related to this change."
So I opened Powershell as admin. And sure enough, running...
[System.Text.Encoding]::ASCII.GetString((Get-SecureBootUEFI
db).bytes) -match 'Windows UEFI CA 2023'
... returns 'True'.
So it appears the answer to CoPilot's recommendation **1 is that my
notebook is good to go as far as the certificate transition is
concerned? If so, than what else could be causing the 1796/1801 events?
Thoughts?
I'm beginning to think that, since the system is stable, I should just
ignore these for now.
rCLThis error indicates a problem in the update process, potentially related to a corrupted fileor an invalid configurationrCa monitor for a future BIOS or firmware update.rCY
On 4/17/2026 10:06 AM, Dennis wrote:
It appears I've been getting TPM-WMI errors for at least 6 months in the
Windows System Event Log.
Most of the recent ones look like:
"The Secure Boot update failed to update SBAT with error Unknown HResult
Error code: 0x800700c1. For more information, please see
https://go.microsoft.com/fwlink/?linkid=2169931"
Event ID 1796.
I have been following your thread as I have been getting the exact same >error message since I bought this HP box. I have updated the bios
today. I am unsure now if I just leave it alone to try and see if it
can update successfully now on its own, or if I need to reset the secure >boot keys to factory defaults. I suppose I can wait a day or two before >doing that and see if I get an information log in event viewer saying it
was successful?
[...]
On Sun, 19 Apr 2026 20:29:50 -0500, sticks <wolverine01@charter.net>
wrote:
On 4/17/2026 10:06 AM, Dennis wrote:
It appears I've been getting TPM-WMI errors for at least 6 months in the >>> Windows System Event Log.
Most of the recent ones look like:
"The Secure Boot update failed to update SBAT with error Unknown HResult >>> Error code: 0x800700c1. For more information, please see
https://go.microsoft.com/fwlink/?linkid=2169931"
Event ID 1796.
I have been following your thread as I have been getting the exact same
error message since I bought this HP box. I have updated the bios
today. I am unsure now if I just leave it alone to try and see if it
can update successfully now on its own, or if I need to reset the secure
boot keys to factory defaults. I suppose I can wait a day or two before
doing that and see if I get an information log in event viewer saying it
was successful?
Try running Windows Update. That (I think) should trigger the event.
How old is your PC?
On 4/20/2026 4:42 AM, Dennis wrote:
On Sun, 19 Apr 2026 20:29:50 -0500, sticks <wolverine01@charter.net>
wrote:
On 4/17/2026 10:06 AM, Dennis wrote:
It appears I've been getting TPM-WMI errors for at least 6 months in the >>>> Windows System Event Log.
Most of the recent ones look like:
"The Secure Boot update failed to update SBAT with error Unknown HResult >>>> Error code: 0x800700c1. For more information, please see
https://go.microsoft.com/fwlink/?linkid=2169931"
Event ID 1796.
I have been following your thread as I have been getting the exact same
error message since I bought this HP box.-a I have updated the bios
today.-a I am unsure now if I just leave it alone to try and see if it
can update successfully now on its own, or if I need to reset the secure >>> boot keys to factory defaults.-a I suppose I can wait a day or two before >>> doing that and see if I get an information log in event viewer saying it >>> was successful?
Try running Windows Update. That (I think) should trigger the event.
Nothing yet
How old is your PC?
11/2025
It looks like it tries 2-3 times every day to do this update with the first happening between 6 and 9 AM.-a I'll check later and see if it has failed again.
On Mon, 4/20/2026 8:22 AM, sticks wrote:
On 4/20/2026 4:42 AM, Dennis wrote:
On Sun, 19 Apr 2026 20:29:50 -0500, sticks <wolverine01@charter.net>
wrote:
On 4/17/2026 10:06 AM, Dennis wrote:
It appears I've been getting TPM-WMI errors for at least 6 months in the >>>>> Windows System Event Log.
Most of the recent ones look like:
"The Secure Boot update failed to update SBAT with error Unknown HResult >>>>> Error code: 0x800700c1. For more information, please see
https://go.microsoft.com/fwlink/?linkid=2169931"
Event ID 1796.
I have been following your thread as I have been getting the exact same >>>> error message since I bought this HP box.-a I have updated the bios
today.-a I am unsure now if I just leave it alone to try and see if it >>>> can update successfully now on its own, or if I need to reset the secure >>>> boot keys to factory defaults.-a I suppose I can wait a day or two before >>>> doing that and see if I get an information log in event viewer saying it >>>> was successful?
Try running Windows Update. That (I think) should trigger the event.
Nothing yet
How old is your PC?
11/2025
It looks like it tries 2-3 times every day to do this update with the first happening between 6 and 9 AM.-a I'll check later and see if it has failed again.
It's every 12 hours.
Being a scheduled task, you may be able to find it in there.
Materials in-queue might look like this.
C:\Windows\System32\SecureBootUpdates\ sbatlevel.bin <=== We expect to find at least this one
dbxupdate.bin <=== That's a certificate revocation
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecureBoot
AvailableUpdates REG_DWORD 0x0400 <=== if only the SBAT was pending...
That bit position is not set in 0x5944.--
Each bit means something (0x5944 is a mess...)
Presumably there is some sort of ordering mechanism to take care
of these, and perhaps the 12 hour interval is there to empty the
queue of them, if more than one shows up.
The AI claims that Setup Mode is not required, but (somehow)
the BIOS interface plays a part. However, checking the links
the AI used, they're not exactly detailed webpages. In one case,
the answerer was likely an AI.
I guess we'll know the truth of what CoPilot posits
for an answer, when one of you gets this stuff to work :-)
Paul
Materials in-queue might look like this.
C:\Windows\System32\SecureBootUpdates\ sbatlevel.bin <=== We expect to find at least this one
dbxupdate.bin <=== That's a certificate revocation
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecureBoot
AvailableUpdates REG_DWORD 0x0400 <=== if only the SBAT was pending...
That bit position is not set in 0x5944.
Each bit means something (0x5944 is a mess...)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecureBoot
-a-a-a-a AvailableUpdates REG_DWORD-a 0x0400-a-a-a-a-a-a-a-a-a-a-a-a-a-a-a-a-a-a-a-a-a-a-a-a-a <===
if only the SBAT was pending...
OK, so mine does have the 0x0400 value.
Under the Servicing folder it has under has a UEFICA2023 Status with a
data value as updated.
In the State folder it has UEFISecureBootEnabled with a value of
0x00000001.
Still nothing in event viewer on this and I'll check back on it later
On Mon, 20 Apr 2026 09:35:01 -0400, Paul <nospam@needed.invalid> wrote:
Materials in-queue might look like this.
C:\Windows\System32\SecureBootUpdates\ sbatlevel.bin <=== We expect to find at least this one
dbxupdate.bin <=== That's a certificate revocation
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecureBoot
AvailableUpdates REG_DWORD 0x0400 <=== if only the SBAT was pending...
That bit position is not set in 0x5944.
Each bit means something (0x5944 is a mess...)
On mine I get:
Directory of C:\Windows\System32\SecureBootUpdates
04/14/2026 01:29 PM <DIR> .
04/19/2026 03:40 PM <DIR> ..
04/11/2026 12:22 PM 91,041,426 BucketConfidenceData.cab
04/01/2024 03:22 AM 3 dbupdate.bin
04/01/2024 03:22 AM 4,832 dbupdate2024.bin
05/13/2025 01:32 PM 4,829 DBUpdate3P2023.bin
05/13/2025 01:32 PM 4,840 DBUpdateOROM2023.bin
04/14/2026 01:14 PM 16,632 dbxupdate.bin
04/14/2026 01:14 PM 5,017 DBXUpdate2024.bin
04/14/2026 01:14 PM 5,094 DBXUpdate2024Legacy.bin
04/14/2026 01:14 PM 16,709 dbxupdateLegacy.bin
04/14/2026 01:14 PM 3,432 DBXUpdateSVN.bin
04/14/2026 01:14 PM 3,509 DBXUpdateSVNLegacy.bin
04/14/2026 01:14 PM 891,611 KEKUpdateCombined.bin
04/19/2025 06:36 AM 45 SbatLevel.txt
04/14/2026 01:14 PM 6,776 SKUSiPolicy.P7b
14 File(s) 92,004,755 bytes
2 Dir(s) 759,804,465,152 bytes free
sbatlevel.bin not present.
***
Contents of SbatLevel.txt:
sbat,1,2024010900
shim,4
grub,3
grub.debian,4
***
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecureBoot
AvailableUpdates REG_DWORD is 0x0400
On 4/20/2026 9:18 AM, sticks wrote:
---snip---
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecureBoot
-a-a-a-a AvailableUpdates REG_DWORD-a 0x0400-a-a-a-a-a-a-a-a-a-a-a-a-a-a-a-a-a-a-a-a-a-a-a-a-a <===
if only the SBAT was pending...
OK, so mine does have the 0x0400 value.
Under the Servicing folder it has under has a UEFICA2023 Status with a
data value as updated.
In the State folder it has UEFISecureBootEnabled with a value of
0x00000001.
Still nothing in event viewer on this and I'll check back on it later
The same error came back at 10:20 this morning.
On 4/20/2026 11:00 AM, sticks wrote:
On 4/20/2026 9:18 AM, sticks wrote:
---snip---
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecureBoot
-a-a-a-a AvailableUpdates REG_DWORD-a 0x0400-a-a-a-a-a-a-a-a-a-a-a-a-a-a-a-a-a-a-a-a-a-a-a-a-a <=== if only the SBAT was pending...
OK, so mine does have the 0x0400 value.
Under the Servicing folder it has under has a UEFICA2023 Status with a data value as updated.
In the State folder it has UEFISecureBootEnabled with a value of 0x00000001.
Still nothing in event viewer on this and I'll check back on it later
The same error came back at 10:20 this morning.
Just checked on my office desktop, also a HP about a 1.5 years old, and it has the same damn errors.
On Mon, 4/20/2026 6:35 PM, sticks wrote:
On 4/20/2026 11:00 AM, sticks wrote:
On 4/20/2026 9:18 AM, sticks wrote:
---snip---
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecureBoot
-a-a-a-a AvailableUpdates REG_DWORD-a 0x0400-a-a-a-a-a-a-a-a-a-a-a-a-a-a-a-a-a-a-a-a-a-a-a-a-a <=== if only the SBAT was pending...
OK, so mine does have the 0x0400 value.
Under the Servicing folder it has under has a UEFICA2023 Status with a data value as updated.
In the State folder it has UEFISecureBootEnabled with a value of 0x00000001.
Still nothing in event viewer on this and I'll check back on it later
The same error came back at 10:20 this morning.
Just checked on my office desktop, also a HP about a 1.5 years old, and it has the same damn errors.
What are the odds that everyone has this error :-)
I just checked the Big Machine (which is my Secure Boot test case),
and it shows AvailableUpdates 0x0000, so it has nothing pending.
That's an Asus motherboard and an Award BIOS.
"In one case, the answerer was likely an AI."We're doomed, I tell you. AI quoting AI. We're doomed!!
On 4/20/2026 8:42 PM, Paul wrote:
On Mon, 4/20/2026 6:35 PM, sticks wrote:
On 4/20/2026 11:00 AM, sticks wrote:
On 4/20/2026 9:18 AM, sticks wrote:
---snip---
The same error came back at 10:20 this morning.HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecureBoot
-a-a-a-a-a AvailableUpdates REG_DWORD-a 0x0400-a-a-a-a-a-a-a-a-a-a-a-a-a-a-a-a-a-a-a-a-a-a-a-a-a <=== if only the SBAT was pending...
OK, so mine does have the 0x0400 value.
Under the Servicing folder it has under has a UEFICA2023 Status with a data value as updated.
In the State folder it has UEFISecureBootEnabled with a value of 0x00000001.
Still nothing in event viewer on this and I'll check back on it later >>>>
Just checked on my office desktop, also a HP about a 1.5 years old, and it has the same damn errors.
What are the odds that everyone has this error :-)
I just checked the Big Machine (which is my Secure Boot test case),
and it shows AvailableUpdates 0x0000, so it has nothing pending.
That's an Asus motherboard and an Award BIOS.
So am I correct in thinking the only thing people like myself and Dennis can do is
wait for HP to come up with the proper Bios, and right now they're probably claiming
MS has not gotten them the proper information, even though miraculously Asus has
somehow managed to get it right?
On 20/04/2026 11:35 pm, Paul wrote:
<Snip>
"In one case, the answerer was likely an AI."We're doomed, I tell you. AI quoting AI. We're doomed!!
What are the odds that everyone has this error :-)
I just checked the Big Machine (which is my Secure Boot test case),
and it shows AvailableUpdates 0x0000, so it has nothing pending.
That's an Asus motherboard and an Award BIOS.
Paul
On Tue, 4/21/2026 4:52 AM, Daniel70 wrote:
On 20/04/2026 11:35 pm, Paul wrote:
<Snip>
"In one case, the answerer was likely an AI."We're doomed, I tell you. AI quoting AI. We're doomed!!
That's why you have to look at the HTTP links the AI gives you, to
see whether they are the real McCoy or merely "hot fluff".
Once I see...
"Let's dig in!"
the game is up :-) I think they've mostly removed those from Harmony
now. There are still tell-tale expressions indicating slop is
involved.
I cannot sit here every day, adding guard expressions to every AI
question, on the off chance the AI will cheat :-) That would be like
a low-paying baby sitting job.
"Think slowly and carefully, giving a precise answer."
*******
The reason we discuss "AI things", it's not for fun. It's preparing
you for a day, when technology gets in your way, and your job is to
outsmart the technology.
I was at the Mall one day, using the information display there. I was
looking for some clothing store. While interacting with that piece of
crap, "the floor map got rotated" at some weird angle. There was no
"reset" on the interface, to tell it to go back to cartesian
alignment. Well, I can't stand there all day long playing with the
thing. I'm not a SmartPhone user, but I recollected there is a "pinch
and rotate" gesture for situations like this. And when I tried that,
the panel was multitouch, the gesture registered and the map
rotated.
Some day, you'll be in a dark parking lot. You'll say to your car
"Hal, open the door".
The car will respond "I'm afraid I can't do that, Dave". You will
have to remember all you have learned about AI, to get the door open
so you can be driven home.
This is why we socialize what we learn about AI, for future
purposes.
Even the elevator at the mall, now has a personality. The buttons
don't register reliably. You can press "5" and "2" lights up. This
requires all of your cunning to overcome. One day I got on the
elevator, and the door wouldn't close. Without even blinking, the
lady next to me, leans down and reaches for the rubber covering on
the door sensor (the one near the bottom of the door part) and she
"gives it a pinch". And when the door goes to close this time, the
cycle completes and off we go. You can see from examples like this,
it's all we can do to keep up with this shit.
Like knowing the diagnostic for the door close sensor is a "pinch".
You never know who you're riding with on the elevator, it could be ElevatorEinstein.
Paul
| Sysop: | Amessyroom |
|---|---|
| Location: | Fayetteville, NC |
| Users: | 65 |
| Nodes: | 6 (0 / 6) |
| Uptime: | 10:48:26 |
| Calls: | 862 |
| Files: | 1,311 |
| D/L today: |
3 files (7,546K bytes) |
| Messages: | 265,193 |