After installing a few versions of Linux and having to turn off secure boot, I keep getting this error when I turn it on. I may have installed UEFI but the boot device may have been Legacy or non UEFI, can't remember. Anyway I'm going back to Windows and now I can't get secure boot working. I tried setting default in bios setup but that didn't work. Would flashing a bios update fix this? I successfully installed Windows 10 with secure boot off, would that fix it??? Just curious what's needed, to get back to normal.
Systems that did not come with Windows 10 secure boot certificate in bios will not support secure boot for windows 10 with a windows 8.X secure boot certificate. ACPI 2.0 windows 10 secure boot is only NEW hardware. Bios update does not change this. You will also have to use diskpart to CLEAN the hard drives to bare before you can install windows.
Before the PC is deployed, the OEM installs the Secure Boot databases in the bios PC. This includes the signature database (db), revoked signatures database (dbx), and Key Enrollment Key database (KEK). These databases are stored at manufacturing time.
End users cannot store or update or use these.
Driver signing is different for Windows 10. To install on Windows 10 , driver packages must meet the following requirements:
Well this machine came with Windows 10, so should have the keys. Not sure if they get updated with bios update or not??? Could the recent Intel vulnerability and subsequent firmware update have changed the keys so they are no longer valid???
1. Anyway I'm going back to Windows and now I can't get secure boot working.2. Can I successfully install Windows 10 with secure boot off? Would that fix it???
1. Once upon a time ... I had to use the BIOS options on a UEFI-based laptop to get SecureBoot working again ... the option was "Rebuild SecureBoot Keys" or similar. It worked.
2. Yes, that is allowable on a machine this old. Who knows, try it.
And in general, always start with only one SSD/HDD connected. Be sure it is fdisked/blank/erased back to "raw/un-initialized" before you start.
Thanks, I didn't see any option in the BIOS to update keys, would that be in the bios firmware update section?
This didn't happen before when I was experimenting with installing Linux. I did delete the Manjaro linux boot option from the menu and that's about it before this started, But I may have installed Linux uefi boot image with uefi off, or viseversa before, so this would be the first time I'm back in the bios.
I deleted all the partitions during my windows install last night but had to have secure boot off. Would be nice to get things back they way they were if possible.
1. Thanks, I didn't see any option in the BIOS to update keys, would that be in the bios firmware update section?
2. I deleted all the partitions during my windows install last night
3. but had to have secure boot off.
1. On the Lenovo laptop, it was in the BIOS options.
2. Better to "clean" it with DiskPart. Reading above, I see that @speedstep also suggested it.
3. That is usually fine (if it allows it in the first place). You just activate it later (I've done it that way before on some machine).
Thanks again, so deleting the partitions and letting windows recreate them during the install, is that the same as cleaning with DiskPart?
What about what they are talking about here:
Could that be what's needed in my case?