If you’ve recently browsed the Event Viewer, you may have encountered new TPM-WMI errors associated with Secure Boot certificates. Rest assured, you’re not alone in this experience. Many Windows 11 users have reported similar issues, particularly following the installation of the February 2026 Patch Tuesday update.
Fortunately, these occurrences are not indicative of a bug.Microsoft is currently in the process of refreshing Secure Boot certificates that have been in use since 2011. As these older keys approach the end of their lifespan, Windows is transitioning to a more current certificate authority known as Windows UEFI CA 2023.
Secure Boot serves a critical role in safeguarding your PC during startup by permitting only trusted firmware, bootloaders, and system components to run before the operating system loads. If these certificates were to expire or lose their trust status, it would compromise the effectiveness of Secure Boot.
The certificate refresh was part of the February 2026 Windows 11 update (KB5077181) and, as is common practice, it’s being rolled out in phases that depend on specific devices. This staged approach utilizes telemetry and confidence checks before the new keys are applied to your PC’s firmware.
Consequently, many users are seeing messages in the Event Viewer indicating notifications such as “updated certificates available”or “under observation, ”despite no immediate changes on their systems. It’s essential to note that these alerts do not signal an error. In most scenarios, Windows is likely preparing your device and ensuring compatibility ahead of safely applying the new Secure Boot keys.
Understanding TPM-WMI Errors in Event Viewer
A significant number of Windows 11 users have reported seeing Event ID 1801 along with messages like:
“BucketConfidenceLevel: Under Observation – More Data Needed”
Rest assured, your PC is functioning safely, and there is no malfunction. The logging is simply a status report, rather than an error or indicator of failure.
Secure Boot keys reside at the firmware level, utilized across the entire PC ecosystem, including OEM firmware and motherboard vendors. Therefore, making changes has to be carefully coordinated to prevent any devices from becoming unbootable due to unforeseen issues.
The certificate transition process involves two key steps:
- The new Secure Boot certificate becomes accessible to Windows.
- This certificate is subsequently applied to the system firmware.
For many systems, this process can take time as they reside between these two phases. When the Event Viewer indicates that updated Secure Boot certificates are available but not yet implemented, it signals that your device has been identified, assessed, and is queued for the next step. The “Under Observation”status means Microsoft is still gathering relevant signals from your device to ensure a reliable operation before executing the firmware-level changes.
Additionally, Windows has the capability to download and prepare new certificates within the OS long before they are adopted at the firmware level. Hence, until the firmware acknowledges and records the new keys, the Event Viewer may continue to show status messages reflecting that the transition is pending.
This explains why these logs may be interpreted as errors, though they are merely informational staging logs. It does not imply problems with TPM, failed Secure Boot processes, or a corrupted BIOS. Many systems might stay in this transitional phase for an extended period, especially during a phased rollout of this nature.
How to Confirm Application of the New Secure Boot Certificate
Windows provides a straightforward method to verify whether the Windows UEFI CA 2023 certificate is already incorporated into your system. This procedure is entirely safe and does not alter any settings.
Step 1: Launch PowerShell as Administrator
Right-click the Start button and select Windows PowerShell (Admin) or Terminal (Admin).
Step 2: Execute the following command exactly as shown
([System. Text. Encoding]::ASCII. GetString((Get-SecureBootUEFI db).bytes) -match ‘Windows UEFI CA 2023′)
Step 3: Interpret the Result
- True: This indicates that the Windows UEFI CA 2023 certificate is already present in your Secure Boot database, confirming that your system is ready, even if Event Viewer still presents staging or observation messages.
- False: This suggests that your device has not yet received the certificate. This situation is not an error and requires no action; your PC is simply awaiting its turn in the rollout process.
How to Verify the Update in Event Viewer
If the PowerShell command returns True and you wish to view the official logs for reassurance, here’s a simple way to find them in the system log without having to sift through countless events:
- Open Event Viewer (search for it in the Start menu).
- Navigate to Windows Logs > System.
- On the right side, click on Filter Current Log….
- In the Event sources dropdown, scroll down and check the box for TPM-WMI (this may be displayed as Microsoft-Windows-TPM-WMI).
- Click OK.
After filtering, look for Event ID 1808. If this appears, it confirms that the new Secure Boot certificate has been successfully applied. You may also see Event ID 1034, which indicates that the DBX (revocation list) update was also completed successfully.
It’s important to note that these two checks can sometimes seem inconsistent. Some users may observe a True result in PowerShell while Event Viewer continues to log warnings regarding certificates not being applied to the firmware. This discrepancy is normal; the OS-level update might occur first, with firmware application happening subsequently, possibly after restarts or updates.
As long as PowerShell returns True, your system is in good standing. At this point, the Event Viewer logs can be reasonably disregarded.
Should You Immediately Update Your BIOS?
No immediate action is necessary regarding a BIOS update.
A common misconception surrounding this rollout is the belief that Microsoft is directly pushing firmware changes. In reality, BIOS and UEFI firmware are managed by your device’s manufacturer, independent of Windows Update. Thus, Microsoft cannot arbitrarily update Secure Boot keys at the firmware level across all machines without coordination with OEMs like Dell, Lenovo, HP, ASUS, Acer, and others.
Firmware updates are considerably more delicate than OS updates. While a Windows update failure can often be rolled back, a firmware update failure may leave your PC unbootable. Therefore, device manufacturers need to validate the transition of Secure Boot keys meticulously and only release updates when they are sure it will not disrupt platform-specific configurations.
You should only contemplate a BIOS update if:
- Your device manufacturer explicitly advises doing so.
- The update documentation pertains to changes in Secure Boot certificates.
- You are knowledgeable and comfortable with performing firmware updates and comprehending the associated risks.
Such updates are often designed for enterprise environments and can diminish security if not executed properly.
If you feel that Microsoft has recently been more active in the background, it’s because they indeed are. While the Secure Boot certificate update was anticipated, given the previous one was 15 years old, Microsoft is dedicated to reinforcing Windows’ security by default.
Related Articles:
Microsoft Recommends 32GB RAM as the Ideal Upgrade for Windows 11 Gaming
19:34
Satya Nadella Confirms 1.6 Billion Monthly Windows Users and Bing Surpasses 1 Billion Users
15:14
Satya Nadella Acknowledges Microsoft’s Need to Regain Windows 11 Users and Enhance Performance for Low RAM Computers
0:54
Leave a Reply