Secure Boot 2023 Certificate Status

With the 2011 Secure Boot certificates expiring in June 2026, can you provide a report that shows which devices have successfully applied the 2023 certificates and which are blocked by old firmware?

My organization is preparing for Secure Boot certificate updates.

Just as a suggestion, the report could include these data points.

• • HKLM\SYSTEM\CurrentControlSet\Control\SecureBoot\Servicing\UEFICA2023Status (To see if the update is "Updated", "InProgress", or "NotStarted").

  • HKLM\SYSTEM\CurrentControlSet\Control\SecureBoot\Servicing\WindowsUEFICA2023Capable (To identify if the firmware even supports the new certs).

  • Event Log Filtering: Include a count of Event ID 1808 (Success) vs. 1801 (Failure).