©ASUSTEK COMPUTER INC. ALL RIGHTS RESERVED.

Wesley1 · a month ago

I'm getting this warning on Windows 11 25h2 v10.0.26200.6899

Secure Boot CA/keys need to be updated. This device signature information is included here.
DeviceAttributes: BaseBoardManufacturer:ASUSTeK COMPUTER INC.;FirmwareManufacturer:American Megatrends Inc.;FirmwareVersion:3001;OEMModelBaseBoard:ROG STRIX Z790-F GAMING WIFI;OEMManufacturerName:ASUS;OSArchitecture:amd64;

This is consistent with Microsoft announcement, PLEASE UPDATE, along with Intel ME firmware v16.1.38.2676.

SecureBoot Keys about to EXPIRE in few months.

inge70 · a month ago

There's already a thread on this topic 🙂

Because the current Windows 11 update also causes a TPM-WMI error to appear in the event log.

We should agree on one thread, otherwise there will be endless threads again. 😉

Intel Core i7 13700K / AiO Fractal Design Lumen S36 v2 RGB / Asus Rog Strix Z790-F Gaming WIFI / Corsair Dominator Platinum DDR5-5600 64GB (4x 16GB) / Asus TUF RTX 5070 Ti OC / 4x Samsung 980 pro 1TB / Seasonic Prime GX 850 W Gold / Fractal Design Meshify 2 Lite RGB Black TG Light Tint / Monitor AOC Q27G2S/EU (WQHD)

Wesley1 · 4 weeks ago

I'm reporting the issue here, your thread is about hiding the problem. The keys in BIOS need to be updated.

inge70 · 4 weeks ago

My thread is NOT about hiding the error, but rather about fixing it by manually updating the SercueBoot certificates, thus avoiding having to wait for MS and Asus to respond.
In the meantime, @MoKiChU has posted instructions to FIX the error message.

My thread is NOT about hiding the error, but rather about fixing it by manually updating the SercueBoot certificates, thus avoiding having to wait for MS and Asus to respond.
Following @MoKiChU's instructions, the error is fixed, and then only a message, TPM-WMI ID 1808, is displayed, indicating that the SecureBoot certificates have been successfully updated. This message then appears every time the PC/laptop boots.
Nothing is hidden; it's fixed.

Intel Core i7 13700K / AiO Fractal Design Lumen S36 v2 RGB / Asus Rog Strix Z790-F Gaming WIFI / Corsair Dominator Platinum DDR5-5600 64GB (4x 16GB) / Asus TUF RTX 5070 Ti OC / 4x Samsung 980 pro 1TB / Seasonic Prime GX 850 W Gold / Fractal Design Meshify 2 Lite RGB Black TG Light Tint / Monitor AOC Q27G2S/EU (WQHD)

JohnAb · 3 weeks ago

Wesley won't use anything by MoKiChU, basically says he's a BIOS modder posting random stuff on the internet. Strange but true. Just ignore him as he's rude and ungrateful for any help. I'll call out his behaviour as I have no time for rudeness.

Z690 Hero, 12900K, BIOS 4301, MEI 2517.8.1.0, ME Firmware 16.1.38.2676, 7000X Case, RM1000x PSU, ASUS TUF OC 3090TI, 2 x 16GB Corsair RAM @ 5200MHz, Windows 11 Pro 23H2, Corsair H150i Elite AIO, 4x Corsair RGB fans, 3x M.2 NVME drives, 2x SATA SSDs, 2x SATA HDs.

PauloPanda · 2 weeks ago

My ROG STRIX Z690-E Gaming WIFI encountered the same problem. Used the solution provided by MokiChu and all is okay now. Just need to restart the PC a few times.

Wesley1 · 2 weeks ago

Hope Assus will release BIOS update for z790 board soon, no point waiting for May/June 2026.

CA root keys can be issued for many years timeframe.

drminer · 2 weeks ago

I have the Z790 Hero motherboard. I ran the script from Github that checks both current and default KEK and DB. It showed 2023 certificates were already installed in the default keys. I am using the 3001 version of the UEFI. So, you might already have the newer certificates in your default KEK and DB.

Outdated SecureBoot keys on Asus motherboards !!!