Unsolved
1 Rookie
•
91 Posts
0
535
January 8th, 2026 11:47
Secure Boot key update - what to do?
The secure boot key update stuff is described in this article.
To my knowledge, it involves installing the latest BIOS and I'm done. Or am I? I note several of our Dell Precision machines logging this in the Eventlog:
Secure Boot certificates have been updated but are not yet applied to the device firmware. Review the published guidance to complete the update and ensure full protection. This device signature information is included here.
DeviceAttributes: FirmwareManufacturer:Dell Inc.;FirmwareVersion:2.38.0;OEMManufacturerName:Dell Inc.;OEMModelSKU:0871;OSArchitecture:amd64;
And:
The Secure Boot update failed to update SBAT with error Incorrect function
So.... there's this other article 'How To Update Secure Boot Active Database from BIOS'. Do I have to perform the steps outlined in that article? And if so, is there a tool that will do it for me? Like - I don't want to visit all pc's to make these BIOS changes....
Simon Weel
1 Rookie
•
91 Posts
0
January 8th, 2026 15:08
Never mind - I found the solution on this page: Registry key updates for Secure Boot: Windows devices with IT-managed updates - Microsoft Support
I tried the GPO method first, but that doesn't seem to work. The Registry key method does the trick; when activated it takes a couple of reboots before and then the machine reports Event 1808:
This device has updated Secure Boot CA/keys. This device signature information is included here.
DeviceAttributes: FirmwareManufacturer:Dell Inc.;FirmwareVersion:1.41.0;OEMManufacturerName:Dell Inc.;OEMModelSKU:098D;OSArchitecture:amd64;