SurfaceHub Gen1 violation error at several devices

This is what Microsoft gave to us.

For the Serial Issue:
I was told you can press the backspace button and then you can enter the s/n. (Not tested)
I had to get the BitLocker (Recovery) keys from Active Directory. 
Once you enter in the recovery key, the unit will work until it is rebooted.
It will go back into an errored state anytime the unit reboots but simply press the ESC on your external keyboard and it will boot back up without the recovery key.

edit I was just told the reason this happens is because were did not enter in the serial number but rather pressed ESC to enter the recovery key. Be sure to enter the Serial Number.

We have not identified a fix for the boot error. We currently have over 300 units effected.

Surface Hub v1 Boot Issue After June 2025 Windows Update (KB5060533)
[Last Updated: June 12, 2025]

We are currently investigating a known issue impacting Surface Hub v1 devices following the June 2025 “6B” Windows Update (KB5060533). After installing this update, some Surface Hub v1 units may no longer boot into Windows and display one of two error messages.

Affected Devices:

• Only Surface Hub v1 is affected.
• Surface Hub 2S and Surface Hub 3 are not impacted.

What You Might See

🔴 Secure Boot Violation (Red Screen)

You may encounter the following error message on boot:

Secure Boot Violation
Invalid signature detected. Check Secure Boot Policy in Setup

This is the primary error blocking startup of affected devices. It is caused by a Secure Boot DBX update included in the June “6B” cumulative update. The Surface and Windows engineering teams have identified this as a conflict between the update and the AMI BIOS used in Hub v1 devices. A fix is actively being developed.

🔵 Invalid Serial Number (Blue Screen)

Some customers may also see this message:

Invalid Serial Number
New Serial Number: [System Serial]

This is a separate issue and not directly related to Secure Boot, but may appear if the BIOS has been fully reset to defaults. In this case, you can re-enter the correct serial number for your device and it will proceed to boot to Bitlocker recovery. If the Bitlocker key is not available, SHRT can be used to re-image the device at that point.

To locate your Surface Hub v1 serial number, refer to the label underneath the power and volume control panel, as shown below:

What Microsoft Is Doing

• As of June 11, 2025, Microsoft has blocked the 6B update from installing on additional Surface Hub v1 devices.
• Engineering teams are developing a 6B update to prevent future DBX updates from being applied to Hub v1, while still allowing all other security patches through the end of Windows 10 support in October 2025.
• We are investigating recovery options for devices already affected and will share validated recovery instructions as soon as they are available.

What You Can Do Now

• If your device is displaying the red Secure Boot error, please retain the device in its current state. We will share step-by-step recovery instructions once a fix is confirmed.
• If you see the blue Invalid Serial Number screen, manually re-enter the serial number found on the label near the control buttons.
• Stay connected with your Microsoft representative for direct updates and we will also soon be releasing a Surface IT Pro Blog post around this issue.

We understand how critical Surface Hub is to your organization, and we are working urgently across engineering teams to resolve this issue. We appreciate your patience and partnership.

If you have questions or need to report affected devices, please reach out to your Microsoft support contact.