Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

TPM-WMI Event ID 1801 error on EC2 instance

0

Hello,

I did march Windows updates and after that I am experiencing an issue related to TPM-WMI. In Event Viewer of my all instances I have error with following details: Event ID: 1801 Source TPM-WMI

Error message: Updated Secure Boot certificates are available on this device but have not yet been applied to the firmware. Review the published guidance to complete the update and maintain full protection. This device signature information is included here. DeviceAttributes: BaseBoardManufacturer:;FirmwareManufacturer:;FirmwareVersion:;OEMModelNumber:t3.medium;OEMModelBaseBoard:;OEMModelSystemFamily:;OEMManufacturerName:Amazon EC2;OEMModelSKU:;OSArchitecture:amd64; BucketId: 4a5a87bba6b025610d549158c7cbd027ce0469f100d7e4ef458d00f5db610753 BucketConfidenceLevel: No Data Observed - Action Required UpdateType: For more information, please see https://go.microsoft.com/fwlink/?linkid=2301018.

This affects all my instances with Windows on that account with different instance types (t3a.small, t3a.xlarge, t3a.medium).

I would like to understand:

  1. Whether this issue is expected in AWS EC2 environments (especially if TPM is virtualized or not supported).
  2. If this error has any impact on system security or functionality.
  3. Recommended steps to resolve or safely ignore this issue.

If TPM functionality is limited or not fully supported in EC2, can you please confirm whether this error can be safely ignored or if there is a recommended configuration/workaround.

Topics
Compute
Tags
Amazon EC2
Language
English
asked 14 days ago75 views
1 Answer
4
Accepted Answer

This issue stems from the March 2024 Windows updates regarding Secure Boot DBX (revocation list) updates. Here is the breakdown:

  • Why it happens: Windows is attempting to write updated Secure Boot certificates to the UEFI firmware. In EC2 (Nitro-based instances), the virtualized firmware often restricts these OS-level write operations to maintain environment integrity.
  • Impact: There is no impact on system functionality or stability. Your instances will continue to boot and operate normally.
  • Security: While the warning suggests action is required, the risk in a cloud environment is negligible as there is no physical access to the hardware to exploit the bootloader vulnerabilities these certificates target.

Treat this as a cosmetic error. You can safely ignore Event ID 1801 or filter it out of your monitoring logs. AWS periodically updates their base AMIs with these certificates integrated, so the error may disappear when you eventually migrate to newer AMI builds.

see also:

EXPERT
answered 14 days ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content