Questions tagged [secure-boot]
For questions on “Secure Boot” and “Restricted Boot” the new bios feature that is in computers with the “Windows 8” logo.
233
questions
0
votes
1
answer
315
views
Supplemental WDAC policy Doesn't Override Block Rule from Base WDAC Policy (Microsoft Recommended Block Rules)
I'm working on creating a Windows Defender Application Control (WDAC) supplemental policy which supplements a base policy. The base policy is merged with the Microsoft Recommended Block Rules. This ...
1
vote
0
answers
174
views
Why the TPM PCRs does not consider a UEFI settings change? If someone resets CMOS, it's undetected
In my laptop I've set up a bios pw when I power on the laptop, and once I enter it the laptop starts my linux distro and decrypts the disk without asking any other password. To do this I've set up TPM ...
2
votes
1
answer
1k
views
LUKS encryption using passphrase + TPM
I have questions about secure boot and TPMs and I couldn’t find precise answers on the web, so I’m hoping someone skilled in this domain will be able to answer.
In a case of an evil maid attack, what ...
0
votes
0
answers
283
views
Does the Microsoft update for BlackLotus mitigation SKUSiPolicy.p7b require Memory Integrity to be on and working in the Security Center?
In other words is the "Code Integrity feature" on this Microsoft kb5025885 page:
The Code Integrity Boot Policy (SKUSiPolicy.p7b) uses the Code Integrity feature of Windows to prevent ...
1
vote
1
answer
970
views
Odd message during boot using GRUB
I use Secure Boot, followed by GRUB2, set up to boot Debian 12 and Windows 11 at the choice of a user. Right after the user chooses Windows and hits ⏎, we see a black screen with two white lines on it ...
0
votes
0
answers
1k
views
Gigabyte b650 DS3H secure boot won't boot from USB
Gigabyte b650 DS3H secure boot won't boot from USB.
I'm trying to run clean install for win 11 from USB drive system running on gigabyte b650 DS3H. I've made sure that TMP 2.0 is enabled and CSM is ...
-2
votes
1
answer
1k
views
Why does my computer say "Soft Temporary Disable" at boot after disabling Secure Boot?
I have a HP PC bought less than four years ago.
I had several annoying issues with Linux due to this "Secure Boot" junk, so I disabled it in the BIOS/UEFI settings. Then I was able to ...
0
votes
0
answers
575
views
Cannot enable Secure boot on Gigabyte H61M-DS2
Trying to help a friend do a fresh install of Windows, but the bootable USB isn't even listed in the BIOS. I realized that Secure Boot is currently disabled, and assume this is the issue. However ...
0
votes
0
answers
640
views
Cannot change my secure boot configuration in BIOS
Device: ASUS Vivobook pro 15
OS: Windows 11 Pro 22H2
As in the image above, the configuration for secure boot has been disabled in my BIOS configuration.
How can I change my secure boot configuration?...
0
votes
0
answers
328
views
Run older kernel on Ubuntu with secure boot
On Ubuntu 20.04, I am trying to run some piece of proprietary software junk that works only with kernel 5.8 instead of the current kernel 5.15.
So, I installed the kernel 5.8 using a mainline script ...
1
vote
1
answer
833
views
Making a MOK-signed GRUB with extra modules
I have a Wake-on-LAN situation where I'd like GRUB to make a network request to decide "should I boot Windows?", perhaps by load_env (http,192.168.1.123)/grubenv (so I can write that file ...
0
votes
2
answers
507
views
Windows 11 installed on a refurbished HP so that I can't suppress Secure boot mode to boot on USB
I recently bought a refurbished HP Z4 G4 with windows 11 already installed. In order to dual boot, I have to change the bios/UEFI Secure Boot to disable (and legacy to enable). I am able to change it ...
0
votes
2
answers
2k
views
Bypassing TPM/SecureBoot checks when installing Win11 without Rufus
I need to install Windows 11 on an older PC that doesn't support TPM and SecureBoot.
According to this article, it's possible by creating DWORDs with the names BypassTPMCheck and BypassSecureBoot (...
0
votes
2
answers
8k
views
Secure Boot Violation: Invalid Signature Detected, Check Secure Boot Policy in Setup Error - HackBGRT (how to use secure boot with it)
Update - Go to answer for steps.
First off, I am trying to enable secure Boot thus I don't consider disabling secure Boot a solution.
I have a Gigabyte B450M DS3H, with AMD Ryzen 5600 and have tried ...
0
votes
1
answer
553
views
Why can Debian 11 no longer load after Windows 10 changed motherboard state?
Note that this question is not a duplicate of the typical dual-boot questions, because I never have the Windows-HDD and Linux-SSD at once in the PC, so they cannot touch each other's (efi) partitions.
...