• Re: TPM-WMI Errors

    From Dennis@nobody@nowhere.invalid to alt.comp.os.windows-11 on Fri Jun 26 08:01:43 2026
    From Newsgroup: alt.comp.os.windows-11

    On Mon, 20 Apr 2026 06:14:21 -0400, Dennis <nobody@nowhere.invalid>
    wrote:

    On Mon, 20 Apr 2026 03:41:37 -0400, Paul <nospam@needed.invalid> wrote:

    [...]

    Hi Paul,

    Looks like I'll add yet another monthly item to my calendar (to check HP
    for updated BIOS).

    Thanks for your help on this.

    A new BIOS version for my HP has just appeared at https://support.hp.com/us-en/drivers.

    F.14 Rev A

    It is dated 4 May 2026. It wasn't there last Friday.

    Of course, the description only says "provides improved security".

    I'll try it sometime next week to see if it has any impact on the
    TPM-WMI errors.
    --

    Dennis in Cincinnati
    --- Synchronet 3.22a-Linux NewsLink 1.2
  • From Paul@nospam@needed.invalid to alt.comp.os.windows-11 on Fri Jun 26 09:18:42 2026
    From Newsgroup: alt.comp.os.windows-11

    On Fri, 6/26/2026 8:01 AM, Dennis wrote:
    On Mon, 20 Apr 2026 06:14:21 -0400, Dennis <nobody@nowhere.invalid>
    wrote:

    On Mon, 20 Apr 2026 03:41:37 -0400, Paul <nospam@needed.invalid> wrote:

    [...]

    Hi Paul,

    Looks like I'll add yet another monthly item to my calendar (to check HP
    for updated BIOS).

    Thanks for your help on this.

    A new BIOS version for my HP has just appeared at https://support.hp.com/us-en/drivers.

    F.14 Rev A

    It is dated 4 May 2026. It wasn't there last Friday.

    Of course, the description only says "provides improved security".

    I'll try it sometime next week to see if it has any impact on the
    TPM-WMI errors.


    https://support.microsoft.com/en-us/topic/windows-secure-boot-certificate-expiration-and-ca-updates-7ff40d33-95dc-4c3c-8725-a9b95457578e

    June 24, 2026 Signs updates to DB and DBX.
    October 19, 2026 Used for signing the Windows boot loader.
    June 27, 2026 Signs third-party boot loaders and EFI applications.
    June 27, 2026 Signs third-party option ROMs

    Oct 19 looks like the most critical date.
    If you're a dual booter, I think people have already been reporting
    trouble with NVidia cards (bottom item) in Linux, where the driver is 580 instead
    of 535 or 550, as the "driver" is now implemented as a firmware and
    perhaps a display ends up running at 1024x768 (if the OS runs at all).
    I've had to fix that in two Linux installs. Usually the situation is,
    so "updates" come in, and on the next reboot, the graphics are fouled.

    The June 24 one, maybe that one prevents PCA2011 from "being revoked",
    but PCA2011 will expire on its own anyway (the second item in the list and
    the impact of that on the "winload" file on your C: drive). I can't remember what I was doing, but I was getting a complaint about Winload failing signing.

    On balance, I would think Oct 19 would be your most important day,
    the others could still make the odd nuisance of themselves depending on
    how many OSes you're juggling. I had to back out of one OS using a
    580 driver already, tore 20 files out of the package management so
    the OS would have no choice but to look for a 535 or a 550, and eventually
    I regained control enough to select an older driver (which worked).

    When I installed a new BIOS, I never seemed to notice that new keys
    were installed, but perhaps some "paths" for updating things were
    then opened and Windows could do its thing.

    As another issue, I don't think any of the machines in the room,
    really respond to the setting of SBAT (for Linux). I think no
    motherboard in the room implements that. Linux sets that as a
    "compression mechanism" so that the 4x32KB key stores
    don't fill as quickly. That's why the mechanism exists, to define
    a "class" or "epoch" of things, rather than naming a hundred
    distros manually.

    That's the beauty of the thing, others set the traps, you're
    responsible for the maintenance :-)

    Paul
    --- Synchronet 3.22a-Linux NewsLink 1.2
  • From Dennis@nobody@nowhere.invalid to alt.comp.os.windows-11 on Sun Jun 28 09:58:16 2026
    From Newsgroup: alt.comp.os.windows-11

    On Fri, 26 Jun 2026 08:01:43 -0400, Dennis <nobody@nowhere.invalid>
    wrote:

    On Mon, 20 Apr 2026 06:14:21 -0400, Dennis <nobody@nowhere.invalid>
    wrote:

    On Mon, 20 Apr 2026 03:41:37 -0400, Paul <nospam@needed.invalid> wrote:

    [...]

    Hi Paul,

    Looks like I'll add yet another monthly item to my calendar (to check HP >>for updated BIOS).

    Thanks for your help on this.

    A new BIOS version for my HP has just appeared at >https://support.hp.com/us-en/drivers.

    F.14 Rev A

    It is dated 4 May 2026. It wasn't there last Friday.

    Of course, the description only says "provides improved security".

    I'll try it sometime next week to see if it has any impact on the
    TPM-WMI errors.

    I installed the F.14 Rev A bios on my HP laptop yesterday. Still getting
    Event ID 1796 "The Secure Boot update failed to update SBAT".
    --

    Dennis in Cincinnati
    --- Synchronet 3.22a-Linux NewsLink 1.2
  • From sticks@wolverine01@charter.net to alt.comp.os.windows-11 on Sun Jun 28 09:10:17 2026
    From Newsgroup: alt.comp.os.windows-11

    On 6/28/2026 8:58 AM, Dennis wrote:

    I installed the F.14 Rev A bios on my HP laptop yesterday. Still getting Event ID 1796 "The Secure Boot update failed to update SBAT".

    I believe I have this correct, but as winston explained to me (same boat
    as you), it reports failed because it is already updated and could not accomplish that tasks. Yes, one would think a different error message
    would be better suited for this since, evidently, the update it wants to
    do is already done. All you can do is run the powershell scripts he recommends and if they pass go out for ice cream.
    --
    Science DoesnrCOt Support Darwin. Scientists Do

    --- Synchronet 3.22a-Linux NewsLink 1.2