Is there an existing issue for this?
Current Behavior
I hope issues regarding C:\Windows\SecureBoot\ExampleRolloutScripts belong here.
If not, could you point me to the right team?
Following Local Testing (Sample Secure Boot E2E Automation Guide):
When an 1796 event is triggered, e.g. failed to apply SBAT via 0x400, Detect-SecureBootCertUpdateStatus.ps1 won’t be able to read the correct BucketId and BucketConfidenceLevel
Latest Event ID: 1796
WARNING: BucketId not found in event message
Bucket ID: Not Found in Event
WARNING: Confidence level not found in event message
Confidence: Not Found in Event
If a new 1808 is triggered, it correctly reads again.
Latest Event ID: 1808
Bucket ID: <Redacted but as expected>
Confidence: <Redacted but as expected>
Cause:
BucketId and BucketConfidenceLevel are only contained in 1795, 1801, 1802, 1803, 1808 as per Secure Boot DB and DBX variable update events but the script attempts to read from latest event, seemingly expecting them to be 1801/1808 only, looking at the comments.
Detect-SecureBootCertUpdateStatus.ps1 Line 376
# 17. BucketID - Extracted from Event 1801/1808
if ($null -ne $latestEvent -and $null -ne $latestEvent.Message) {Detect-SecureBootCertUpdateStatus.ps1 Line 392
# 18. Confidence - Extracted from Event 1801/1808
if ($null -ne $latestEvent -and $null -ne $latestEvent.Message) {Expected Behavior
Expected:
Latest Event ID: 1808
Bucket ID: <Redacted>
Confidence: <Redacted>
It should read the BucketId and Confidence from the latest 1795, 1801, 1802, 1803, 1808 instead of latest overall, which can be 1796. There were earlier 1808 entries in the log as all needed certificates have been applied to the firmware, and the boot manager has been updated to the boot manager signed by the “Windows UEFI CA 2023” certificate.
Steps To Reproduce
cd C:\Windows\SecureBoot\ExampleRolloutScripts\
& .\Detect-SecureBootCertUpdateStatus.ps1 -OutputPath "C:\Temp\SecureBootTest"
Build Environment
- OS(s): Windows 11 25H2 (Build 26200.8457) - May 12, 2026
Version Information
'C:\Windows\SecureBoot\ExampleRolloutScripts' not part of this repository yet.
Urgency
Medium
Are you going to fix this?
Someone else needs to fix it
Do you need maintainer feedback?
No maintainer feedback needed
Anything else?
No response
Is there an existing issue for this?
Current Behavior
I hope issues regarding C:\Windows\SecureBoot\ExampleRolloutScripts belong here.
If not, could you point me to the right team?
Following Local Testing (Sample Secure Boot E2E Automation Guide):
When an
1796event is triggered, e.g. failed to apply SBAT via 0x400,Detect-SecureBootCertUpdateStatus.ps1won’t be able to read the correctBucketIdandBucketConfidenceLevelIf a new
1808is triggered, it correctly reads again.Cause:
BucketIdandBucketConfidenceLevelare only contained in1795,1801,1802,1803,1808as per Secure Boot DB and DBX variable update events but the script attempts to read from latest event, seemingly expecting them to be 1801/1808 only, looking at the comments.Detect-SecureBootCertUpdateStatus.ps1Line 376Detect-SecureBootCertUpdateStatus.ps1Line 392Expected Behavior
Expected:
It should read the
BucketIdandConfidencefrom the latest1795,1801,1802,1803,1808instead of latest overall, which can be1796. There were earlier1808entries in the log as all needed certificates have been applied to the firmware, and the boot manager has been updated to the boot manager signed by the “Windows UEFI CA 2023” certificate.Steps To Reproduce
Build Environment
- OS(s): Windows 11 25H2 (Build 26200.8457) - May 12, 2026Version Information
Urgency
Medium
Are you going to fix this?
Someone else needs to fix it
Do you need maintainer feedback?
No maintainer feedback needed
Anything else?
No response