Hello members, I have the following error in the event viewer. Code: Secure Boot CA/keys need to be updated. This device signature information is included here. DeviceAttributes: BucketId: BucketConfidenceLevel: UpdateType: 0 HResult: The system cannot find the file specified Windows 10 loT Enterprise LTSC 21H2 19044.6456 Is anyone able to tell me if I need to do anything? TIA
I had those "errors/alerts" when I switched from BIOS/MBR to UEFI/GPT. All I had to do was go into the BIOS/UEFI, enable secure boot, do: "Install Default Secure Boot Keys", then reboot into Windows (maybe once or twice?) and let it "see" them and "update". Then I went back and turned secure boot off again and it's been all good since.
Thanks @Dude Guyman I haven't found an option to turn off secure boot. I thought about turning off and then on again.
It says "Secure Boot State = Enabled". Change to "Disabled"? Just try "Install Default Secure Boot Keys" and reboot? Maybe some mainboards/laptops/OEM brand stuff don't have the option to turn it off? I had the "errors" with it off. It was turning secure boot on so I could "Install Default Secure Boot Keys" followed by Windows seeing that and doing its "update" that fixed it for me. Then I turned it back off, just because.
@Dude Guyman Sorry, I replied on impulse and I absolutely didn't want to replace you and your knowledge, I had a mobo that if I remember correctly behaved as I suggested.
@Logon - You may be right. I am just shooting in the dark at this one. When mine was in CSM=Enabled (legacy BIOS and MBR disks), I did not have the "errors" either. It only started when switching my system to UEFI and GPT disks. Toggling secure boot on and loading default secure boot keys seemed to "satisfy" Windows, then I was able to turn secure boot back off, after the errors stopped.
Thanks, I just didn't want to seem intrusive when you were the first to try to solve the issue. However, just to be a bit more specific, if the OP can't disable Secure Boot in "Windows UEFI mode" perhaps he could do so if there was an option like "OS Type: UEFI+LEGACY" to set first. This would also allow him to continue booting his GPT disk normally.
Okay, this is what I did to update the Boot Secure certificates on my machine. From PowerShell prompt run as admin the following command Code: reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Secureboot /v AvailableUpdates /t REG_DWORD /d 0x5944 /f and then the following one Code: Start-ScheduledTask -TaskName "\Microsoft\Windows\PI\Secure-Boot-Update" Please note the above "Secure-Boot-Update" task is triggered at system startup and after triggered repeat every 12 hours indefinitely. So, reboot your machine. After the above, the value of HKLM\SYSTEM\CurrentControlSet\Control\SecureBoot\Servicing "UEFICA2023Status" value changed from "NotStarted" to "InProgress", and within about an hour the update process should complete successfully (however, I didn't wait until the end of the process to check it). JFYI, I had to change the Compatibility Support Module setting in the BIOS from CSM enabled to disabled since I don't normally use Boot Secure, as often I need the Legacy Boot compatibility setting here in order to boot WinPE from a USB stick in MBR style to do some things through an earlier version of grub4dos, including restoring a system image. Please note that here diagnostic data of all types are disabled (just as it appears in the previous screenshot) and therefore they do not seem to correlate with the success of the manual procedure above. If I haven't made any typos in the description, the above procedure should be easily reproducible with minimal effort.
If the above seems enough for Windows (10 IoT Enterprise LTSC 2021 here), I guess the UEFI firmware should be updated as well, but also I think it will be some different ways for different manufacturers.
@Logon hello, I have a question and I would really appreciate it if you could help me, so let's go: I have a hard drive with 2TB of capacity and I need to know what is the ideal size to install Windows 10 LTSC 2021 x64? I am grateful in advance, thank you
Special thanks @Logon My apology, I had forgotten to check back. I have used your commands and now the registry states 'In Progress'. Lets see how it goes. Many thanks to all of you!