Intel® Server D50TNP and M50CYP BIOS Version R010 Requires New Secure Boot Keys for Microsoft* Windows Server 2025
Content Type: Install & Setup | Article ID: 000101941 | Last Reviewed: 09/09/2025
BIOS Version R01.01.0010 requires new secure boot keys for Microsoft* Windows Server 2025
KEK – Microsoft* Corporation KEK 2K Certificate Authority (CA) 2023*.
DB – Microsoft* Windows UEFI CA 2023*, Microsoft* UEFI CA 2023*, and Microsoft* Option ROM UEFI CA 2023*.
To update the new KEK and DB keys, the previous secure boot keys stored in BIOS must be removed via the UpdateNvram parameter, using SUP (UEFI) or SFUP (Windows/Linux) update packages.
The UpdateNvram parameter cannot be used if updating the BIOS via the BMC Embedded Web Server (EWS).
If using SUP/UEFI, modify the UpdBIOS_CYP.nsh script from:
sysfwupdt.efi -u R01010010_CoyotePass_LBG_ICX_UpdateCapsule_prd.bin ImmReset to:
sysfwupdt.efi -u R01010010_CoyotePass_LBG_ICX_UpdateCapsule_prd.bin ImmReset+UpdateNvram
If using SFUP/WINLNX, modify the bios_update.sh from:
BIOS="R01010010_CoyotePass_LBG_ICX_UpdateCapsule_prd.bin -recovery" to:
BIOS="R01010010_CoyotePass_LBG_ICX_UpdateCapsule_prd.bin -recovery UpdateNvram"
These changes will also restore all BIOS settings to default values.
| Note | The above parameters are only necessary if you are using Microsoft Windows 2025. Other operating systems will not require these steps. |