HP has published a support advisory confirming a firmware bug that can send some commercial and workstation PCs into a BitLocker recovery loop after an early April 2026 BIOS update. The problem affects HP Commercial Notebooks, Commercial Desktops and Workstation Computers running Windows 11 23H2, 24H2 and 25H2.
The failure hits after users install the faulty BIOS update and then reboot. The machine can go straight to a BitLocker recovery screen, and even when the correct recovery key unlocks the desktop, Windows may not record the change. On the next restart, the same system can land back in recovery again. HP also says Microsoft’s 2023 Secure Boot certificates may fail to install when the BitLocker issue occurs.
For enterprise administrators, the impact is more than an annoying boot loop. Microsoft has said the global expiration of the original 2011 cryptographic keys means motherboard makers must deploy updated certificates by June 2026, and Windows 11 may show a new Secure Boot folder as the staging area for those firmware keys. HP’s April firmware updates broke that synchronization chain on some PCs, creating a failure that can block both normal startup and the certificate handoff meant to keep Secure Boot working on schedule.
HP’s advisory gives administrators a way to verify the failure in the Windows Registry by checking the SecureBoot Servicing path. If the UEFICA2023Status string is stuck in an In Progress state and the UEFICA2023Error value shows any number above zero, the certificate handoff has failed. HP posted a separate support document focused on the BitLocker recovery loop issue after weeks of user complaints, underscoring how widely the bug had spread before the company publicly acknowledged it.
The BitLocker problem is not the only boot failure tied to HP’s recent firmware work. Users on HP community forums reported a severe boot freeze bug in early April 2026, and the HP ZBook Ultra G1a mobile workstation was among the premium platforms named as affected. In that case, BIOS update 01.04.05 Rev A caused some systems to freeze completely at the initial boot logo, adding a second layer of trouble for customers already dealing with startup failures.
The underlying mechanics explain why these problems are so disruptive. A buggy BIOS update attempts to modify the Secure Boot variables stored in the motherboard, and the altered firmware changes the boot measurements recorded in the Trusted Platform Module chip. That is the chain HP now has to unwind before the affected systems can move cleanly into Microsoft’s updated certificate regime. For IT departments, the immediate priority is checking whether any affected HP device has been caught in the recovery loop and whether the Secure Boot certificate handoff has actually completed.
