This article provides step-by-step instructions for manually updating the Microsoft CA 2023 certificates through Windows on Elo All-in-One systems with Intel-based hardware.
EloPOS Microsoft CA 2023 Certificate Update Guide
Following these steps ensures your device remains compliant and secure.
Step 1: Enter BIOS and Set Secure Boot to Setup Mode
- Restart your system and press Del during startup to enter the BIOS setup utility.
- Navigate to the Security tab → Secure Boot Menu.
- Set these values:
- Secure Boot: Disabled
- Secure Boot Mode: Custom
- Select Reset To Setup Mode.
-
When prompted, confirm:
"Deleting all variables will reset the system to Setup Mode. Do you want to proceed?"
- Ensure BIOS settings match the below:
- Save changes and exit BIOS (F10).
Step 2: Import the Certificate Using PowerShell
- After Windows loads, open PowerShell as Administrator:
- Search "PowerShell" in the Start Menu
- Right-click and select Run as Administrator
- Download and extract ELO_Key_Update.zip into a folder (e.g.,
D:\ELO_Key_Update). -
Navigate to that folder:
cd D:\ELO_Key_Update -
Verify that the system is in Setup Mode:
Get-SecureBootUEFI -Name SetupModeThe output should show 1.
-
If Setup Mode is active, enter the following commands in order:
$CurrentTime = (Get-Date).ToString("yyyy-MM-ddTHH:mm:ssZ") Set-SecureBootUEFI -Name KEK -Content (Get-Content "KEK_SigList.bin" -Raw -Encoding Byte) -Time $CurrentTime Set-SecureBootUEFI -Name DB -Content (Get-Content "DB_SigList.bin" -Raw -Encoding Byte) -Time $CurrentTime Set-SecureBootUEFI -Name DBX -Content (Get-Content "DBX_Content.bin" -Raw -Encoding Byte) -Time $CurrentTime Set-SecureBootUEFI -Name PK -ContentFilePath PK.sig -SignedFilePath PK.ser.p7 -Time $CurrentTime - Ensure all commands execute successfully without errors.
- The above screen shows the sequential execution of all commands, including
Get-SecureBootUEFI -Name SetupModeoutput of 1 (SetupMode 1), and successful output after eachSet-SecureBootUEFIcommand.
Step 3: Verification
Use these commands to verify that all Microsoft certificates have been correctly applied. Each command should return True:
[System.Text.Encoding]::ASCII.GetString((Get-SecureBootUEFI db).bytes) -match 'Windows UEFI CA 2023'
[System.Text.Encoding]::ASCII.GetString((Get-SecureBootUEFI db).bytes) -match 'Microsoft UEFI CA 2023'
[System.Text.Encoding]::ASCII.GetString((Get-SecureBootUEFI db).bytes) -match 'Microsoft Option ROM UEFI CA 2023'
[System.Text.Encoding]::ASCII.GetString((Get-SecureBootUEFI KEK).bytes) -match 'Microsoft Corporation KEK 2K CA 2023'
True, your certificate update is complete.Additional Notes
- Only use official files from the ELO_Key_Update package.
- If any command fails, double-check file paths and spelling.
- If your system fails to boot after the update, contact Elo Support for assistance.
Keywords
EloPOS, Certificate Update, Microsoft CA 2023, BIOS, Secure Boot, PowerShell, UEFI Setup Mode
Please report any broken links by emailing support@elotouch.com and include a link to the knowledge article