This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(108.80000000000001, 70%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBK%3C/text%3E%3C/svg%3E)
Couple days ago my Dell XPS 8700 running Windows 10 Home (extended support through OneDrive backup) started freezing couple minutes after the startup. It boots up fine, starts working OK, but then couple minutes later (maybe 5 minutes or so), it completely freezes, including keyboard and mouse interaction.
I ran Dell diagnostics, all was fine.
I explored further and found out that the Secure Boot Update task that starts about that time may be the issue.
I disabled this task - and now there is no freezing whatsoever.
However, that also concerns me because this Secure Boot Update task is supposed to update Microsoft's UEFI certificates that are expiring in June 2026.
So, I ran check as follows in PowerShell (as Administrator):
[System.Text.Encoding]::ASCII.GetString((Get-SecureBootUEFI db).bytes) -match 'Windows UEFI CA 2023'
This returned "True" - which should mean that certificates were already installed successfully. At least that is what I understood from various support and related articles (and from Bing/Copilot AI).
However, on check of Windows Security (within Device Security), and while I see green checkmark on Secure Boot, the Secure Boot is giving the following message:
"Learn more" goes to explore all possible information about certificates, and does not offer any real practical advice.
There are some suggestions/instructions (not Microsoft) to either wait for automatic updates, or to try and toggle Secure Boot to force updates.
So, the question is: Considering that I had to disable Secure Boot Update task because it was making my computer inoperable, what should I do now?
Is there a problem with the Secure Boot Update task? - I see that it tries to reach some URLs - but if the network (internet) is not accessible, the task does not freeze the computer, so maybe there is something there?
Is Microsoft aware of any related issue and is there guidance on how to overcome this, make the task run, do automatic or forced updates without freezing the computer?
For further/repeated information:
PC is Dell XPS 8700, and it does not have TPM2.0 so it cannot be upgraded to Windows 11
Security Updates are enabled by enabling backups via OneDrive (as per Microsoft advice).
Edition Windows 10 Home
Version 22H2
OS Build 19045.7291
The only current potential issue is that the free space on boot drive is around 165GB - but that should not have anything to do with the certificates installation or system resources (i7, 16GB RAM, etc.)
Thank you.
Branko
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(176, 28.999999999999996%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERS%3C/text%3E%3C/svg%3E)
Branko, you nailed it. Thank you. I had to do the same by researching it. MS failed again while users like you try to help them. They should value people like you, instead disregard them. It must be a self-confidence issue that keeps them from accepting and wanting to fix a problem that the public identifies. Not the way the world should rotate. AI will fix them.
Hi @randy-san - appreciate your support.
Though this is the first I raised the issue - and I see there is already Sumit, independent advisor, who is trying to assist.
This is not the first time I ran into something with Microsoft - but this is the process - try the community, advisors, experts, and up the ladder.
In couple of cases when no one could reach a solution (on paid products, e.g., Outlook, OneDrive) - I got escalated to actual Microsoft employees, who then worked back-and-forth, and kept informing about upcoming release that will fix the issue.
So, it is slow, but standard process.
I wish AI will fix all problems - see below the AI response which, essentially, says to me to run task that freezes the computer. With AI, I learned it also takes quite some babysitting to get to what you need, so it also needs several interactions to get to point where it is actually useful.
But for this case, let's see where it goes.
Thank you again.
Branko
Now, wondering "So, the question is: Considering that I had to disable Secure Boot Update task because it was making my computer inoperable, what should I do now?" You are a step ahead of those that might fix this. Do you play on chess.com?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(89.60000000000001, 72%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESD%3C/text%3E%3C/svg%3E)
Hi Branko,
Please supply the following Information.
Right-click the Start button and Choose the Run option
Type in msinfo32
Press enter.
Take a screenshot of the System Summary window and post it in the next reply.
I look forward to your response and am eager to collaborate until we find a solution.
This comment has been deleted due to a violation of our Code of Conduct. The comment was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.
This comment has been deleted due to a violation of our Code of Conduct. The comment was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.
Hi @Sumit D - IA ,
Thank you for your interest and willingness to troubleshoot and resolve.
Sorry for delay. Here is the screenshot of system info, only personal information hidden.
Best regards,
Branko
AI answer
The Secure Boot status message indicates that the device is still using an older boot trust configuration, even though the Windows UEFI CA 2023 certificate is present in the DB. The freeze occurs when the \Microsoft\Windows\PI\Secure-Boot-Update scheduled task runs, which is responsible for applying Secure Boot certificate and boot manager updates.
From the provided information:
AvailableUpdates registry key and the Secure-Boot-Update scheduled task to apply, in sequence, the new certificates and the PCA2023‑signed boot manager. The expected progression of AvailableUpdates is:
0x59440x0040 → 0x5904 (Windows UEFI CA 2023)0x0800 → 0x5104 (Microsoft Option ROM UEFI CA 2023, if needed)0x1000 → 0x4104 (Microsoft UEFI CA 2023, if needed)0x0004 → 0x4100 (Microsoft Corporation KEK 2K CA 2023)0x0100 → 0x4000 (Windows UEFI CA 2023 signed boot manager)
After all operations complete, AvailableUpdates remains 0x4000.AvailableUpdates to 0x5944.AvailableUpdates becomes 0x4100.AvailableUpdates becomes 0x4000.UEFICA2023Status, UEFICA2023Error, and related event logs (as described in KB5016061) to confirm success or identify failures.Given this behavior, the practical path to resolve the mismatch between the status message and the actual certificate state is:
\Microsoft\Windows\PI\Secure-Boot-Update scheduled task so that Windows can complete the Secure Boot certificate and boot manager update sequence.HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Secureboot\AvailableUpdates and confirm that it progresses through the documented values toward 0x4000.AvailableUpdates that indicates pending work (for example 0x4100), restart the device and allow the Secure-Boot-Update task to run again.UEFICA2023Status and UEFICA2023Error registry keys.There is no additional guidance in the provided material about freezes specifically, but Microsoft’s documented mechanism for completing and troubleshooting these updates is through the Secure-Boot-Update scheduled task, the AvailableUpdates registry key, and the associated event logs and status keys.
References: