Event details

Want to ensure you maintain a trusted boot environment for your Windows devices? Walk through essential guidance - including how to test firmware, monitor device readiness, deploy updated certificate...
Pearl-Angeles
Updated Mar 05, 2026
Technical Takeoff
jeddunn's avatar
jeddunn
Copper Contributor
Mar 09, 2026

Thanks for the info. I do have a question about the status key value. In our environment, we have a large number of the devices that do not have the key value of UEFICA2023Status rather, we have the key value of WindowsUEFICA2023Capable which is set to 2. I have validated that the device is booting off the 2023 cert but would like some clarification on why we are seeing this?

mihi's avatar
mihi
Brass Contributor
Mar 10, 2026

Assuming they are on current patchlevel, I would assume they have been delivered with the new 2023 certificates from the factory and therefore the job would have never needed to update anything.

  • Arden_White's avatar
    Arden_White
    Icon for Microsoft rankMicrosoft
    Mar 10, 2026

    It would be worth checking to see if the System Event log has 1801 or 1808 events. If 1808 events, then all is well. If 1801, then it may be that the KEK and/or the 3rd party CAs were not shipped as part of the firmware.

    The WindowsUEFICA2023Capable key can be misleading as it only indicates status of the 1st party CA and boot manager. I don't recommend using this key for that reason.