0

for some reason this error is constantly thrown and logged in the Windows Event Viewer:

The Secure Boot update failed to update a Secure Boot variable with error Secure Boot is not enabled on this machine.. For more information, please see https://go.microsoft.com/fwlink/?linkid=2169931

However, when I restart the machine and go into the BIOS settings - the Secure Boot is turned ON. Any clue??

Why the error happens if the Secure Boot is set to ON in BIOS settings?

PC specs are as follows:

OS: Windows 11 (licensed)

CPU: 12th Gen Intel(R) Core(TM) i9-12900KS, Socket 1700 LGA (0x1)

Chipset

Northbridge: Intel Alder Lake rev. 02

Southbridge: Intel Z690 rev. 11

Bus Specification: PCI-Express 5.0 (32.0 GT/s)

Graphic Interface: PCI-Express

Memory Type: DDR5

Memory Size: 32 GBytes

Channels: 4 x 32-bit

Memory Frequency: 3200.0 MHz (1:32)

Memory Max Frequency: 3200.0 MHz

CAS# latency (CL): 32.0

RAS# to CAS# delay (tRCD): 39

RAS# Precharge (tRP): 39

Cycle Time (tRAS): 80

Bank Cycle Time (tRC): 119

Row Refresh Cycle Time (tRFC): 510

Command Rate (CR): 2T

Uncore Frequency: 3600.0 MHz

Memory Controller Frequency: 1600.0 MHz

Host Bridge: 0x4660

Motherboard:

manufacturer: Gigabyte Technology Co. Ltd.

product: Z690 AORUS MASTER

some error details from the event log:

  • System

    • Provider

    [ Name] Microsoft-Windows-TPM-WMI [ Guid] {7d5387b0-cbe0-11da-a94d-0800200c9a66} EventID 1796 Version 0 Level 2 Task 0 Opcode 0 Keywords 0x8000000000000000

    • TimeCreated

    [ SystemTime] 2024-05-27T07:08:36.3761094Z EventRecordID 77810 Correlation

    • Execution

    [ ProcessID] 3312 [ ThreadID] 15248 Channel System Computer DESKTOP-NSFJJ4C

    • Security

    [ UserID] S-1-5-18

  • EventData

    HResult -2147020471

Improve this question
10
  • Do you have KB5034440 installed? Microsoft over the last 12 months has spent preparing to update and revoke a certificate used by Secure Boot. One of the things that has happened is that Microsoft has updated the Secure Boot DBX. This also requires WinRE to be updated. This error is likely linked to this update. We will need more information to completely diagnose your issue. What’s the event id of the error, that information, isn’t contained in your question
    – Ramhound
    Commented May 27 at 16:22
  • @Ramhound that update is not installed on my PC. I can't find it in the history
    – Semen Shekhovtsov
    Commented May 27 at 16:23
  • Has it failed to install? What size is your WinRE? Check if there are any firmware updates: Windows Settings > Windows Update > Additional Settings > Optional updates
    – Ramhound
    Commented May 27 at 16:30
  • Verify you have this update
    – Ramhound
    Commented May 27 at 16:34
  • the KB5034440 update is not listed in the optional updates nor in the installed updates
    – Semen Shekhovtsov
    Commented May 27 at 16:35

1 Answer 1

Reset to default
-1

the Secure Boot mode was Enabled and forced to the Active state by following steps from this amazing video: https://www.youtube.com/watch?v=0eC9gT8mDPY

many thanks to the author of that short youtube tutorial!

The steps are as follows:

  1. Enter BIOS by pressing the DEL keyboard key during the initial boot of the device.
  2. navigate to the BOOT section in the BIOS management GUI
  3. make sure, that the CSM Support is disabled, if not - change it to DISABLED!
  4. Secure Boot Mode change to Custom
  5. Secure Boot Mode change to Standart
  6. Install factory defaults - click YES
  7. Reset Without Saving - NO
  8. Secure Boot - set to ENABLED if it's not enabled yet
  9. Secure Boot Mode - make sure that the STANDART option is selected

save & exit the BIOS tool, the restart procedure of your PC should start automatically. Voila! It works! Now, the Secure Boot State is ON enter image description here

Improve this answer
2

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .