If you notice Event IDs 1034 and 1036 in the event log, there is nothing to worry about. The message says the Secure Boot DBX update was applied successfully, and Microsoft has fixed the issue.
Event ID 1034 or 1036: Secure Boot DBX update applied successfully
Event ID 1034: The cause of this informative event being logged is a confirmation that the Secure Boot DBX database has been updated successfully. Modifying or updating the untrusted Secure Boot components is aimed at enhancing system security by allowing the execution of only trusted software components during the boot process.
Event ID 1036: As suggested by the event message text, this particular event confirms the list of trusted certificates in Secure Boot DB has been updated successfully. This event notification is triggered when a new boot manager certificate is added to the list as the trusted one.
Meaning of Event ID 1034
Updating DBX or the blacklist of Secure Boot eliminates any suspicious or malicious Secure Boot components, thereby strengthening system security. The components may include boot managers or certificates used to sign boot managers, which have been categorized as potential security threats to the system once the KB5016061 security update is installed and are, therefore, updated in the DBX list.
Meaning of Event ID 1036
If we update the OS or install a new one, the bootloader might also get updated. However, a new certificate must be added to the Secure Boot DBX to ensure that Secure Boot continues to trust the bootloader. The update of the DBX ensures that only the verified loaders are permitted to run during system startup.
Related: Event ID 1798: The Secure Boot DBX update failed to revoke Microsoft Windows Production PCA
Can I use UEFI without Secure Boot?
UEFI only runs signed bootloaders for security reasons, making it impossible to boot the computer from USB drive unless this option is disabled. Disabling secure boot may cause Windows x64 not to boot due to mandatory UEFI for existing GPT partitions.
Read: Event ID 1797, The Secure Boot DBX Update Failed
What is the DBX key in Secure Boot?
Secure Boot has two key databases: the Signature Database (db) and the Forbidden Signature Database (dbx). The former contains a whitelist of trusted keys, signatures, and hashes, while the latter contains a blacklist of those that are not. Any updates to these databases must be signed by a Key Exchange Key (KEK).
