I update the servers to the point where I see the following Reg entries..

• Both Active and Default DBs show both 2023 and 2011.
• AvailableUpdates show 0x00004000
• WindowsUEFICA2023Capable registry key was set to 2
• UEFICA2023Status registry key shows “Updated”
• For Server OS I see the following:
• Server 2019/2022 I see Event ID 1808 in system log
• Server 2025 I see event 1799 in system log

Both events say that the UEFI CA 2023 was installed successfully….so does that mean the system is up to date?  

However, if we run the command below, I get the return code “00” …is that a problem???

• $pk = Get-SecureBootUEFI -Name PK
• $bytes = $pk.Bytes
• $cert = $bytes[44..($bytes.Length-1)]
• [IO.File]::WriteAllBytes("PK.der", $cert)
• certutil -dump PK.der