Event details
If the Secure Boot certificate is not updated on a small set of machines before the deadline and the certificate expires, what would be the recommended next steps to remediate those devices?
- Arden_White
Microsoft
Hi VaishnavK1993.
the devices will continue to boot and operate normally. The steps to get them remediated are the same steps as before the certificates expire.
Test devices and apply across the devices. Update firmware where necessary.
There are a lot of good resources at this link below and these resources are being updated regularly.
Arden
Prabhakar_MSFTHello VaishnavK1993, Has your organization attempted installation of certs and encountering errors when applying the updates? Secure Boot Update task logs error events in System event log indicating why update could not be applied. In most cases device may be in known block list
If your organization have not yet initiated update process, Microsoft recommend testing on few similar machines that represent your environment before applying the policy broadly. For devices that have known issues, have been blocked and you will see an error 1802 under TPM-WMI source in System event log indicating update could not be installed due to known issue. For most issues, OEMs may already have firmware updates available. If OEM has new firmware update available, recommended to install the latest available firmware updates to unblock the certificate updates.
