Ebojager
2 Iron

XPS-8910 Secure Boot Violation Invalid Signature

After installing a few versions of Linux and having to turn off secure boot, I keep getting this error when I turn it on. I may have installed UEFI but the boot device may have been Legacy or non UEFI, can't remember. Anyway I'm going back to Windows and now I can't get secure boot working. I tried setting default in bios setup but that didn't work. Would flashing a bios update fix this? I successfully installed Windows 10 with secure boot off, would that fix it??? Just curious what's needed, to get back to normal. 

Thank you!

Reply
7 Replies
Highlighted
7 Thorium

Re: XPS-8910 Secure Boot Violation Invalid Signature

Systems that did not come with Windows 10 secure boot certificate in bios will not support secure boot for windows 10 with a windows 8.X secure boot certificate.   ACPI 2.0 windows 10 secure boot is only NEW hardware.  Bios update does not change this.  You will also have to use diskpart to CLEAN the hard drives to bare before you can install windows.

Before the PC is deployed, the OEM installs the Secure Boot databases in the bios PC.  This includes the signature database (db), revoked signatures database (dbx),  and Key Enrollment Key database (KEK). These databases are stored at manufacturing time.

End users cannot store or update or use these.

Driver signing is different for Windows 10.  To install on Windows 10 , driver packages must meet the following requirements:

  • Driver packages must be digitally signed with a Windows, WHQL, ELAM, or Store certificate from the Windows Hardware Developer Center Dashboard.
  • Companion software must be signed with a Microsoft Store Certificate.
  • Does not include an *.exe, *.zip, *.msi or *.cab in the driver package that extracts unsigned binaries.
  • Driver installs using only INF directives.

 


Report Unresolved Customer Service Issues
here

I do not work for Dell. I too am a user.

The forum is primarily user to user, with Dell employees moderating
Contact USA Technical Support






Get Support on Twitter @DellCaresPro

Reply
Highlighted
Ebojager
2 Iron

Re: XPS-8910 Secure Boot Violation Invalid Signature

Well this machine came with Windows 10, so should have the keys. Not sure if they get updated with bios update or not??? Could the recent Intel vulnerability and subsequent firmware update have changed the keys so they are no longer valid??? 

Reply
Highlighted
Tesla1856
6 Thallium

Re: XPS-8910 Secure Boot Violation Invalid Signature


@Ebojager wrote:

1. Anyway I'm going back to Windows and now I can't get secure boot working.

2. Can I successfully install Windows 10 with secure boot off? Would that fix it??? 

1. Once upon a time ... I had to use the BIOS options on a UEFI-based laptop to get SecureBoot working again ... the option was "Rebuild SecureBoot Keys" or similar. It worked.

2. Yes, that is allowable on a machine this old. Who knows, try it.

And in general, always start with only one SSD/HDD connected. Be sure it is fdisked/blank/erased back to "raw/un-initialized" before you start.


Registered Microsoft Partner and Apple Developer
- Like many of you, I can appreciate a good game-engine.
- I answer questions here, but I'm not a Dell employee.
- Consider giving posts you like a "thumbs-up"
- Posting models-numbers and software versions speeds trouble-shooting.
- Click "Accept as Solution" button on any post that answers your question best.
Reply
Highlighted
Ebojager
2 Iron

Re: XPS-8910 Secure Boot Violation Invalid Signature

Thanks, I didn't see any option in the BIOS to update keys, would that be in the bios firmware update section? 

This didn't happen before when I was experimenting with installing Linux. I did delete the Manjaro linux boot option from the menu and that's about it before this started, But I may have installed Linux uefi boot  image with uefi off, or viseversa before, so this would be the first time I'm back in the bios. 

I deleted all the partitions during my windows install last night but had to have secure boot off. Would be nice to get things back they way they were if possible. 

Reply
Highlighted
Tesla1856
6 Thallium

Re: XPS-8910 Secure Boot Violation Invalid Signature


@Ebojager wrote:

1. Thanks, I didn't see any option in the BIOS to update keys, would that be in the bios firmware update section? 

2. I deleted all the partitions during my windows install last night

3. but had to have secure boot off. 


1. On the Lenovo laptop, it was in the BIOS options.

2. Better to "clean" it with DiskPart. Reading above, I see that @speedstep also suggested it.

3. That is usually fine (if it allows it in the first place). You just activate it later (I've done it that way before on some machine). 


Registered Microsoft Partner and Apple Developer
- Like many of you, I can appreciate a good game-engine.
- I answer questions here, but I'm not a Dell employee.
- Consider giving posts you like a "thumbs-up"
- Posting models-numbers and software versions speeds trouble-shooting.
- Click "Accept as Solution" button on any post that answers your question best.
Reply
Highlighted
Ebojager
2 Iron

Re: XPS-8910 Secure Boot Violation Invalid Signature

Thanks again, so deleting the partitions and letting windows recreate them during the install, is that the same as cleaning with DiskPart? 

 

What about what they are talking about here:

https://www.dell.com/support/article/us/en/04/sln300987/how-to-repair-the-efi-bootloader-on-a-gpt-hd...

Could that be what's needed in my case? 

Reply
Highlighted
Ebojager
2 Iron

Re: XPS-8910 Secure Boot Violation Invalid Signature

Seems like recreating the install media from Windows instead of Linux has fixed the issue and now boots up in secure boot mode.

Reply