A well-liked wave of gadget disasters has struck homeowners of top class HP industrial laptops, desktops, and high-end workstations. Customers who authorised vital firmware updates launched via HP in early April 2026 discovered their multi-thousand-dollar machines reworked into inoperable {hardware} or locked within an endless BitLocker restoration loops.
Following weeks of mounting person court cases, HP formally printed a give a boost to advisory confirming the flaw. The advisory notes that the malicious program affects an enormous fleet of company {hardware}, spanning all HP Business Notebooks, Business Desktops, and Workstation Computer systems, operating Home windows 11 23H2, 24H2, and 25H2.
As anticipated, the problem is amazingly irritating for finish customers. After putting in the erroneous BIOS replace, the pc boots immediately to a BitLocker restoration display screen. Although the person enters the right kind restoration key and effectively accesses the desktop, the OS fails to sign in the alternate, forcing the pc proper again into the similar BitLocker restoration loop upon the following reboot.
HP additionally confirms that Microsoft’s 2023 Protected Boot certificate would possibly fail to put in at the pc when this BitLocker factor happens.
Inaccurate firmware on HP gadgets blocks Microsoft’s vital Protected Boot updates
Because the PC trade approaches a significant safety milestone, Microsoft just lately published what occurs in your Home windows 11 PC if you happen to forget about the Protected Boot closing date in June 2026. The worldwide expiration of the unique 2011 cryptographic keys calls for motherboard distributors to deploy up to date certificate. And all over the method, you might also see a brand new Protected Boot folder in Home windows 11, which isn’t a malicious program, because it purposes as a staging flooring for those firmware keys.
Sadly, HP’s April firmware updates broke this important synchronization chain. When Home windows 11 makes an attempt at hand off the staged keys to the motherboard, the {hardware} encounters an unhandled exception, inflicting the gadget to continuously urged for encryption keys.
Home windows Newest made an excessively detailed record about why Home windows 11’s Protected Boot 2023 updates are failing throughout some PCs, exposing a much broader firmware drawback.
Endeavor directors can test if their fleet is failing via opening the Home windows Registry and checking the SecureBoot Servicing trail. If the UEFICA2023Status registry string stays caught in an In Development state over the years and the UEFICA2023Error registry worth displays any quantity upper than 0, the certificates handoff has utterly failed.
Person frustration mounts over unbootable top class {hardware}
As first noticed via Home windows Newest, HP has formally posted a give a boost to record that makes a speciality of the BitLocker restoration loop factor. The problem is also intertwined with a critical boot freeze malicious program that started to appear throughout HP neighborhood boards in early April 2026.
Prime-end {hardware} homeowners, together with customers of top class platforms just like the HP ZBook Extremely G1a cellular workstation, reported that the vital BIOS replace model 01.04.05 Rev A led to their techniques to freeze utterly on the preliminary boot brand.
When a buggy BIOS replace installs, it makes an attempt to change the Protected Boot variables, normally the Key Trade Key and signature database (and in some instances the Platform Key) throughout the motherboard. For some {hardware} configurations, this abrupt amendment can introduce a firmware incompatibility or validation malicious program all over the early Energy-On Self-Check collection, leading to a boot failure that may go away the gadget caught on the corporate brand.
For techniques that organize to seem previous the preliminary {hardware} take a look at, the changed firmware adjustments the boot measurements recorded within the Relied on Platform Module chip’s Platform Configuration Registers. As a result of those measurements not fit the values BitLocker sealed its key towards, the chip refuses to unlock its cryptographic key, forcing Home windows 11 to call for a BitLocker restoration key.
The disaster turns right into a loop since the Protected Boot certificates replace collection hasn’t absolutely finished. Because the firmware replace is risky, the brand new keys and certificate are by no means dedicated effectively, so the firmware state and the sealed baseline by no means reconcile, which leaves the platform viewing itself as altered with each reboot collection till the replace completes or BitLocker is suspended.
manually unravel the HP BIOS BitLocker restoration loop
For the ones lately locked out in their PC, HP has supplied a multi-step guide workaround the usage of the motherboard settings interface to power compliance.
In case you are an IT skilled making an attempt to push those configuration adjustments remotely via fleet control gear, you should make certain that BitLocker encryption is absolutely suspended around the community sooner than enhancing any firmware environments.
- Energy at the pc and faucet the F10 key many times till the HP brand seems to go into the BIOS configuration web page.
- Open the Safety menu and make a selection Protected Boot Configuration from the record.
- At the configuration display screen, take a look at the containers to permit the Microsoft Possibility ROM UEFI CA 2023, the Microsoft UEFI CA 2023, and the overall Permit MS UEFI CA Key fields.
- Save your adjustments, go out the interface, and reboot the system.
As soon as the system reboots, the running gadget will in any case be allowed to flush the staged information immediately to the motherboard NVRAM. You might understand your PC restarting more than one instances to use the Protected Boot 2023 updates correctly.
When the Home windows setting a lot, you’ll run a PowerShell script to verify the UEFICA2023Status registry string reads as Up to date. Open PowerShell and run the next command:
Get-ItemProperty -Trail “HKLM:SYSTEMCurrentControlSetControlSecureBootServicing” -Title “UEFICA2023Status”
Curiously, HP recommends that after the replace succeeds, security-conscious customers will have to return into the BIOS and uncheck those self same choices to deal with the tightest imaginable safety baseline, supplied they don’t use specialised third-party boot loaders.
In a observation to TheRegister, HP prior to now stated it used to be acutely aware of boot problems, but it surely didn’t verify BitLocker restoration loop that Home windows Newest discovered.
The frenzy for Home windows 11 {hardware} high quality has already begun
HP’s Boot and BitLocker Restoration problems come at a time when the PC trade is trying a big high quality overhaul. Microsoft has spent the ultimate a number of months coordinating with primary {hardware} distributors to wash up low-level gadget code.
The corporate already admitted that dangerous drivers have been breaking Home windows 11 PCs. The brand new initiative introduced at WinHEC 2026 will power {hardware} makers to ship cleaner, deeply optimized code.
All over the new {hardware} engineering summit, the tech trade additionally overtly pledged to transport clear of risky deployment strategies. This effort is meant to forestall dangerous drivers from inflicting crashes, overheating, and deficient battery lifestyles.
Alternatively, as this HP incident proved, forcing {hardware} distributors to all of a sudden modernize their firmware to satisfy strict safety cut-off dates can once in a while yield the other end result. When PC producers rush out updates to agree to the brand new Home windows platform mandates, the loss of rigorous validation can simply bypass automatic telemetry tests, leaving endeavor customers to take care of the fallout.
What will get underneath my pores and skin is that those problems shouldn’t be going down to ultra-expensive {hardware}. Endeavor consumers be expecting absolute steadiness when purchasing skilled equipment, but they’re discovering themselves as beta testers for core gadget updates.
Both method, if you happen to organize a fleet of HP EliteBooks, ProBooks, or ZBook workstations, we extremely counsel that you simply cross-reference your inner error logs with the registry values given via HP. Be certain your deployment groups are absolutely acutely aware of the guide F10 BIOS workaround sooner than pushing any pending spring firmware updates throughout your community.
