HP Confirms BIOS Update Bug Causing BitLocker Recovery Loops on Windows 11 PCs

HP has confirmed a faulty BIOS firmware issue affecting several premium commercial PCs, including business laptops, desktops, and workstation systems. The problem appeared after HP released critical BIOS updates in early April 2026, and affected devices may enter repeated BitLocker recovery prompts or fail to boot correctly.

Which Systems Are Affected

The issue affects commercial notebooks, commercial desktops, and workstation computers running Windows 11 23H2, 24H2, and 25H2.

In some cases, users report that their PCs boot directly into BitLocker recovery after the BIOS update. Even after entering the correct recovery key, the system may restart and return to the same recovery screen.

Why BitLocker Recovery Loops Happen

The problem appears linked to firmware changes that disrupt the security measurements BitLocker expects. Since BitLocker relies on TPM and Secure Boot measurements to confirm that the boot environment has not changed, the faulty firmware can make Windows treat the system as altered.

HP says the issue can also prevent Microsoft’s 2023 Secure Boot certificates from installing correctly. These certificates matter because older Secure Boot certificates from 2011 expire in June 2026.

If the update process fails, the handoff between Windows and the motherboard firmware may not complete properly.

Some Systems Freeze at the HP Logo

Some users have also reported systems freezing at the HP logo after installing the BIOS update. This may be tied to the same Secure Boot firmware servicing process.

How Enterprise Admins Can Check the Issue

Enterprise admins can check Secure Boot servicing status through the registry. If UEFICA2023Status remains stuck at In Progress, the Secure Boot update may have failed.

If UEFICA2023Error is greater than zero, the certificate handoff likely failed.

HP’s Recommended Workaround

HP recommends entering BIOS by pressing F10 during startup, then going to Security > Secure Boot Configuration.

Users should enable Microsoft Option ROM UEFI CA 2023, Microsoft UEFI CA 2023, and Enable MS UEFI CA Key, then save changes and reboot.

After applying the workaround, the PC may restart several times while applying the Secure Boot 2023 updates. Users can later verify the update through PowerShell by checking UEFICA2023Status.

HP Warns Enterprise IT Teams

For enterprise deployments, HP warns admins to suspend BitLocker before changing firmware settings across multiple devices. IT teams should also review logs and registry values before pushing recent firmware updates more widely.

This is not the first recent BitLocker-related problem on Windows systems. Microsoft recently fixed incorrect BitLocker recovery prompts with KB5089549, while it is also working to address the YellowKey exploit that can bypass BitLocker protections.

Microsoft has also repeatedly stressed the importance of updating Secure Boot certificates before the June 2026 deadline.

Via Windows Latest