After much frustration these links below helped us to resolve the issue but Microsoft claims it will resolve with a later update:
https://support.microsoft.com/en-us/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-e3b9e4cb-a330-b3ba-a602-15083965d9ca
This MS guidance article sent us here: https://uefi.org/revocationlistfile
I downloaded the x64 file. Under “More Information” on the Microsoft guidance document, I placed the downloaded file called dbxupdate_x64.bin into a folder I created under C:\Temp\Powershell called “Dbx”.
I then downloaded the script to split this file. The file has to be split before it can be uploaded. Microsoft has a PowerShell script to run this (in link above) There are two files it will place in the folder: Content.bin and Signature.p7 that are key. There is also this file that is placed there: splitdbxcontent.1.0.0.nupkg.
SplitDbxAuthInfo.ps1” splits a DBX update package into the new DBX variable contents and the signature authorizing the change.
Run Set-SecureBootUefi script to apply the updates.
Here’s a synopsis of the steps we used:
- Download the dbxupdate_x64.bin file.
- Create a folder under C:\Temp\Powershell\DBX and place the scripts and the file there.
- Open PowerShell ISE (elevated). Change directory to the DBX folder.
- Run .\SplitDbxAuthInfo.ps1 DbxUpdate_x64.bin
- To apply the update using the output files of this script, run: Set-SecureBootUefi -Name dbx -ContentFilePath .\content.bin -SignedFilePath .\signature.p7 -Time 2010-03-06T19:17:21Z -AppendWrite'
This should come back as successful.