Skip to content

elevatingdev/uefica2023

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
Check-UEFICA2023.ps1
Check-UEFICA2023.ps1
 
 
README.md
README.md
 
 

Repository files navigation

Check-UEFICA2023.ps1

PowerShell script to validate Secure Boot and check progress of the Windows UEFI CA 2023 certificate update on a device.

It combines:

  • Secure Boot status checks
  • Registry status from UEFICA2023Status
  • System event log analysis for update progression and troubleshooting events
  • A final overall device status summary

What This Script Checks

  1. Whether Secure Boot is enabled.
  2. Registry status at:
    • HKLM:\SYSTEM\CurrentControlSet\Control\SecureBoot\Servicing
    • value: UEFICA2023Status
  3. Relevant System event IDs for expected update progression and known failure/block conditions.
  4. Whether the device appears fully updated (based on both registry state and Event ID 1808).

Requirements

  • Windows device with PowerShell.
  • Administrator privileges.
  • Access to System event logs.

Parameters

Parameter Type Default Description
-DaysBack int 90 Number of days back to search in the System event log. Valid range: 1-730.
-MaxEvents int 1 Maximum number of events to return per Event ID. Valid range: 1-100.
-ResultOnly switch False Shows only final overall status without detailed event sections.

Usage

Run from an elevated PowerShell session:

.\Check-UEFICA2023.ps1

Search last 30 days and return up to 5 events per ID:

.\Check-UEFICA2023.ps1 -DaysBack 30 -MaxEvents 5

Show only the final status line:

.\Check-UEFICA2023.ps1 -ResultOnly

Output Sections

When -ResultOnly is not used, output includes:

  • Secure Boot status
  • Registry status for UEFI CA 2023
  • Progression Events
  • Troubleshoot Events
  • Overall Device Status

Final status uses:

  • ✅ device appears fully updated
  • ❌ device may not be fully updated

Progression Event IDs

The script tracks expected progression using these event IDs:

  • 1801, 1036, 1044, 1045, 1043, 1800, 1799, 1808

Event 1808 indicates the device has been fully updated.

Troubleshoot Event IDs

The script also checks for known issue events, including:

  • 1032, 1795, 1796, 1797, 1798, 1802, 1803

These may indicate firmware, BitLocker, signing, or compatibility problems that block completion.

Exit Behavior

  • If not run as Administrator, the script writes an error and exits with code 1.

Notes

  • A registry status of Updated without Event 1808 may still indicate incomplete rollout state.
  • Event visibility depends on log retention and selected -DaysBack window.
  • Event descriptions are based on Microsoft Secure Boot update documentation.

Quick Interpretation

  • Best-case result:
    • Secure Boot enabled
    • UEFICA2023Status is Updated
    • Event 1808 present
  • Needs attention:
    • Missing progression events
    • Presence of troubleshoot events
    • Final output says device may not be fully updated

Reference

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages