operating system loader signature not found in SecureBoot database ('db'). All bootable devices failed Secure Boot verification

Hello cssz,

I have the same problem as you.. Did it happen after a big Windows update? I think it dit for me.

And did you find by any chance find a solution? I'm going to contact soon the dell support service to have some information...

Best,

rfribourg

user ejn63 is correct. I verified this on an Optiplex 3050.

In BIOS there is a Secure Boot section on the left hand navigation pane.

"Disable Secure Boot" helped me boot off a custom bootable USB clone re-image solution

Excelent, Tks so much.

Worked perfectly. I didn't lose any data as well. Thanks!

Worked. Thanks

It worked! Thank you! :)

Hi Mansoor. I have just inherited the same issue with XPS13. Turning secure boot off is not working so want to try your guidance but I am not familiar with changing BIOS settings. I can get to the Boot Sequence menu but please can you advise exactly how to add the Windows boot manager line and where is the option to select the /EFI route you mention?

I can also confirm the answer given by MANSOORPATUDI does works. Thank you.

Thanks - had this same issue after my battery died and this worked for me

I can't believe one of the accepted solutions here is to simply disable Secure Boot.  If your system worked with Secure Boot enabled and doesn't anymore, then something significant went wrong.  The whole point of Secure Boot is to prevent you from loading an environment that may have been infected with a rootkit, so while yes theoretically it could have been a Windows Update that went wrong (although very few change the bootloader), it's also possible that you picked up some malware, and therefore that by disabling Secure Boot, you've just ignored a completely legitimate warning and allowed said malware to continue operating.  That's sort of like responding to your home alarm system getting activated by silencing it and being annoyed that it woke you up, without even considering that maybe it sounded because a burglar got into your home.

The other suggested answer of adding a new boot entry is also a workaround at best.  I'd have wanted to know what the system had been trying to boot in the first place that was triggering the warning about not being in the Secure Boot database.  If all boot entries on the system had simply been wiped out, then adding the boot entry back would be completely appropriate, but in that case the original behavior would have been an error that the system couldn't find ANY bootable devices, not an error that whatever the system DID try to boot failed a security check.  For people who fixed this by adding a new boot entry, it's very possible you've still got a malicious bootloader lurking in your system and a lower-ranked boot entry pointing to it.

If I saw that error, my response would have been to restore my system from a full system backup.  If I didn't have a full system backup, then I would rather boot into an alternate environment to copy just my personal data elsewhere and then do a clean install than continue on with a system that was infected or even just had a bad Windows Update installation -- and I would have considered the effort of that clean install to be my penalty for not capturing full system backups and my lesson to start doing so.

I agree, the real solution needs to be found.  Messages about no bootable devices and OS loader has no signature, would seem to be different things.

I am starting to think, in low battery situations, the UEFI firmware is losing or corrupting some data.  

^ That's the only other possible cause of this issue I can think of: A change to the certificate store in the UEFI firmware that's checked in order to determine whether a particular bootloader is secure, but that too would have security implications.  But if that were the cause of any of the cases reported here, just adding a new boot entry wouldn't solve the issue.  I also don't know the mechanisms by which that can be accomplished.  I know users can manually manage the certificate store in the BIOS setup, but I don't know if a BIOS update is allowed to make that change (I'm guessing yes, but nobody mentioned performing a BIOS update here) or if there's an API within Windows that would allow an application even running with elevated rights to achieve this (I'm guessing no, but that's just a guess.)

Hello,

This has helped, but I have one correction that is very important.

You must use \ (backslash) instead of /

Thanks.

Hi I did this on my laptop (XPS 13) and it was running fine afterwards. But i turned my computer off and then I had an error where windows cant sign me in. I followed various tutorials and this one below seemes most popular-

-On keyboard hold down the 'windows' key and press the 'r' key.

-In the run prompt type regedit and hit enter.

-In the registry editor, browse to the following key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList

-Expand the ProfileList key and find the key that has .bak added to it.

-Delete the key that has the same string of characters, but DOES NOT have .bak next to it.

-Rename the key with .bak.  Just delete the '.bak' part and hit enter.

-Close registry editor and reboot.  You should be able to get back in to your profile now.

I did this but in my profile list i only had a Temp profile, my other profile wasn't there for some reason and it's running on Temp now.

How do i Fix this guys? Thanks