Hey everyone,
I've been working on updating the BIOS for a bunch of Dell Optiplex 3080 computers I manage. After installing the new Secure Boot certificates, I'm running into an issue. All the PCs are showing Event ID 1801, which says, 'Secure Boot certificates have been updated but are not yet applied to device firmware.' I thought I had everything updated correctly, so I'm not sure why this message keeps popping up. Any insights would be really appreciated!
2 Answers
It sounds like Windows is trying to apply the new Secure Boot certificates to the firmware but isn't able to because the certificates might already be in place. I put together a script that checks the status of Secure Boot certification and helps with Black Lotus remediation. If you run this script on one of your Optiplex 3080s and share the output, we could figure out if there's a real issue or not! Check it out here: [Get-SecureBootStatus.ps1](https://github.com/gakamor/public-scripts/blob/main/Get-SecureBootStatus.ps1).
Just updating the BIOS alone won’t actually re-enroll the Secure Boot keys. What happens is that the old keys may still be retained, and they need to be manually opted into for the update to take effect. Make sure to check the Secure Boot settings in your BIOS to ensure the new keys are being used properly.
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures