# 1. Tell the firmware that the 2023 certificate payload is allowed
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\SecureBoot" -Name "AvailableUpdates" -Value 0x40
# 2. Force Windows to execute the Secure Boot update immediately
Start-ScheduledTask -TaskName "\Microsoft\Windows\PI\Secure-Boot-Update"
Reboot
[System.Text.Encoding]::ASCII.GetString((Get-SecureBootUEFI db).bytes) -match "Windows UEFI CA 2023"