XPS-8910 Secure Boot Violation Invalid Signature

---

@Ebojager wrote:

1. Anyway I'm going back to Windows and now I can't get secure boot working.

2. Can I successfully install Windows 10 with secure boot off? Would that fix it??? 

---

1. Once upon a time ... I had to use the BIOS options on a UEFI-based laptop to get SecureBoot working again ... the option was "Rebuild SecureBoot Keys" or similar. It worked.

2. Yes, that is allowable on a machine this old. Who knows, try it.

And in general, always start with only one SSD/HDD connected. Be sure it is fdisked/blank/erased back to "raw/un-initialized" before you start.

Systems that did not come with Windows 10 secure boot certificate in bios will not support secure boot for windows 10 with a windows 8.X secure boot certificate.   ACPI 2.0 windows 10 secure boot is only NEW hardware.  Bios update does not change this.  You will also have to use diskpart to CLEAN the hard drives to bare before you can install windows.

Before the PC is deployed, the OEM installs the Secure Boot databases in the bios PC.  This includes the signature database (db), revoked signatures database (dbx),  and Key Enrollment Key database (KEK). These databases are stored at manufacturing time.

End users cannot store or update or use these.

Driver signing is different for Windows 10.  To install on Windows 10 , driver packages must meet the following requirements:

• Driver packages must be digitally signed with a Windows, WHQL, ELAM, or Store certificate from the Windows Hardware Developer Center Dashboard.
• Companion software must be signed with a Microsoft Store Certificate.
• Does not include an *.exe, *.zip, *.msi or *.cab in the driver package that extracts unsigned binaries.
• Driver installs using only INF directives.

---

@Ebojager wrote:

1. Thanks, I didn't see any option in the BIOS to update keys, would that be in the bios firmware update section? 

2. I deleted all the partitions during my windows install last night

3. but had to have secure boot off. 

---

1. On the Lenovo laptop, it was in the BIOS options.

2. Better to "clean" it with DiskPart. Reading above, I see that @speedstep also suggested it.

3. That is usually fine (if it allows it in the first place). You just activate it later (I've done it that way before on some machine). 

Thanks, I didn't see any option in the BIOS to update keys, would that be in the bios firmware update section? 

This didn't happen before when I was experimenting with installing Linux. I did delete the Manjaro linux boot option from the menu and that's about it before this started, But I may have installed Linux uefi boot  image with uefi off, or viseversa before, so this would be the first time I'm back in the bios. 

I deleted all the partitions during my windows install last night but had to have secure boot off. Would be nice to get things back they way they were if possible. 

Thanks again, so deleting the partitions and letting windows recreate them during the install, is that the same as cleaning with DiskPart? 

What about what they are talking about here:

https://www.dell.com/support/article/us/en/04/sln300987/how-to-repair-the-efi-bootloader-on-a-gpt-hdd-for-windows-7-8-8-1-and-10-on-your-dell-pc?lang=en

Could that be what's needed in my case? 

Seems like recreating the install media from Windows instead of Linux has fixed the issue and now boots up in secure boot mode.