Questions tagged [secure-boot]
For questions on “Secure Boot” and “Restricted Boot” the new bios feature that is in computers with the “Windows 8” logo.
233
questions
0
votes
1
answer
77
views
Bypassing Secure Boot without disabling it
I've tried archboot, but no luck as I was stuck due to the plymouth missing. Now I want to try to install arch or nixos alongside Win 11. The problem lies in secure boot. I don't have spare linux to ...
- 21
0
votes
1
answer
61
views
BIOS asks password every time but secure boot is disabled
I had to set a temporary password for both SSDs using secure boot but now, I can't disable it. I tried to restore and revert everything, but it doesn't go away.
Here, Admin y User Password only ...
- 103
-1
votes
0
answers
146
views
Secure Boot Option greyed out in Asus BIOS
I have an ASUS TUF F15 Laptop.
Model : FX506LH
BIOS VERSION : 310
OS : Windows 10 Home Single Language
Secure Boot is ENABLED in the BIOS settings and greyed out and there is no way to disable it.
...
1
vote
0
answers
99
views
How can I use unified kernel images with Ubuntu and Debian?
I would like to use unified kernel images (UKIs) and systemd-boot to take advantage of some of the hardware security features it provides (such as measured boot and real secure boot). I think that the ...
- 49
0
votes
1
answer
2k
views
windows 11 error The Secure Boot update failed
for some reason this error is constantly thrown and logged in the Windows Event Viewer:
The Secure Boot update failed to update a Secure Boot variable with error Secure Boot is not enabled on this ...
0
votes
1
answer
837
views
How to fix error: "FAIL: Unable to load driver '\efi\rufus\exfat_x64.efi': [26] Security Violation"
I'm trying to reinstall Windows 10 but the short DST test fails and also it states Unable to load driver '\efi\rufus\exfat_x64.efi': [26] Security Violation.
My laptop is a HP EliteBook 840 G3 1TB ...
-2
votes
1
answer
134
views
Why is Windows not booting (boot loop) after accepting a BitLocker PIN after having completed BIOS CMS work?
Occasionally one might need to boot into an application that requires CMS mode in BIOS to be enabled (like SpinRite.) Since most Windows modern installation are UEFI with Secure Boot, this requires ...
- 552
0
votes
0
answers
41
views
How to alternate automatically at boot between my laptop's two installed OSes?
I have Windows 10 and Ubuntu Linux 20.04 installed into separate encrypted partitions on my Dell Latitude 5411 laptop. When I shut down one OS, it's always to boot into the other one.
Linux is the ...
- 411
1
vote
1
answer
137
views
Why does the kernel reject my self signed module on a secure boot system?
I have a secure boot enabled linux on an Intel NUC. It uses a special distribution (Balena IoT) that doesn't use shim and has only this distribution's keys enrolled (no Microsoft keys). For a test, I ...
0
votes
1
answer
1k
views
Installing VirtualBox on Debian 12 Bookworm With Errors
I have a Clevo PD70SND-G, fresh from China. Installed Debian 12 Bookworm. I am attempting to install, and use, VirtualBox. I have data on a VirtualBox machine that I need access to.
I have attempted ...
0
votes
1
answer
339
views
Delete PK key from terminal when secure boot is disabled
When secure boot is disabled, is it possible to delete the PK key from terminal? I know that to change the keys, you need to enter setup mode. And to enter setup mode, you need to delete the PK key. ...
- 101
0
votes
0
answers
277
views
How to get minimal vendor information about the TPM chip installed in my laptop
How do I get some minimal information about the TPM chip in my Linux laptop?
Information such as the manufacturer, manufacturer id, manufacturer version.
So far I have tried the tpm2_getcap command to ...
- 1
0
votes
1
answer
241
views
Buildroot and secure boot on x86 - can it be done? [closed]
I'm trying to figure out if buildroot can generate a Secure Boot capable system. Secure boot requires a properly signed kernel.
The target hardware is an x86-64/AMD64 processor with TPM 2.0 support.
...
-2
votes
2
answers
785
views
Secure Boot switch-off, PK deletion consequences [closed]
I have to disable Secure Boot. To do this, I have to delete the PK keys. Will this affect the loading of my operating system?
I am using a "one-time" SSD that is currently connected. But I ...
- 21
0
votes
0
answers
14
views
How does the SPK ID provide security in Xilinx secure boot
My understanding of the Xilinx ultra scale secure boot process is that the CSU validates the SPK with the PPK. If the SPK is authenticated, the CSU checks to see if the SPK ID that’s associated with ...
- 21
0
votes
1
answer
315
views
Supplemental WDAC policy Doesn't Override Block Rule from Base WDAC Policy (Microsoft Recommended Block Rules)
I'm working on creating a Windows Defender Application Control (WDAC) supplemental policy which supplements a base policy. The base policy is merged with the Microsoft Recommended Block Rules. This ...
1
vote
0
answers
174
views
Why the TPM PCRs does not consider a UEFI settings change? If someone resets CMOS, it's undetected
In my laptop I've set up a bios pw when I power on the laptop, and once I enter it the laptop starts my linux distro and decrypts the disk without asking any other password. To do this I've set up TPM ...
- 254
2
votes
1
answer
1k
views
LUKS encryption using passphrase + TPM
I have questions about secure boot and TPMs and I couldn’t find precise answers on the web, so I’m hoping someone skilled in this domain will be able to answer.
In a case of an evil maid attack, what ...
- 31
0
votes
0
answers
283
views
Does the Microsoft update for BlackLotus mitigation SKUSiPolicy.p7b require Memory Integrity to be on and working in the Security Center?
In other words is the "Code Integrity feature" on this Microsoft kb5025885 page:
The Code Integrity Boot Policy (SKUSiPolicy.p7b) uses the Code Integrity feature of Windows to prevent ...
- 87
1
vote
1
answer
970
views
Odd message during boot using GRUB
I use Secure Boot, followed by GRUB2, set up to boot Debian 12 and Windows 11 at the choice of a user. Right after the user chooses Windows and hits ⏎, we see a black screen with two white lines on it ...
user1787659
0
votes
0
answers
1k
views
Gigabyte b650 DS3H secure boot won't boot from USB
Gigabyte b650 DS3H secure boot won't boot from USB.
I'm trying to run clean install for win 11 from USB drive system running on gigabyte b650 DS3H. I've made sure that TMP 2.0 is enabled and CSM is ...
- 101
-2
votes
1
answer
1k
views
Why does my computer say "Soft Temporary Disable" at boot after disabling Secure Boot?
I have a HP PC bought less than four years ago.
I had several annoying issues with Linux due to this "Secure Boot" junk, so I disabled it in the BIOS/UEFI settings. Then I was able to ...
- 105
0
votes
0
answers
575
views
Cannot enable Secure boot on Gigabyte H61M-DS2
Trying to help a friend do a fresh install of Windows, but the bootable USB isn't even listed in the BIOS. I realized that Secure Boot is currently disabled, and assume this is the issue. However ...
- 1
0
votes
0
answers
640
views
Cannot change my secure boot configuration in BIOS
Device: ASUS Vivobook pro 15
OS: Windows 11 Pro 22H2
As in the image above, the configuration for secure boot has been disabled in my BIOS configuration.
How can I change my secure boot configuration?...
- 1
0
votes
0
answers
328
views
Run older kernel on Ubuntu with secure boot
On Ubuntu 20.04, I am trying to run some piece of proprietary software junk that works only with kernel 5.8 instead of the current kernel 5.15.
So, I installed the kernel 5.8 using a mainline script ...
- 101
1
vote
1
answer
833
views
Making a MOK-signed GRUB with extra modules
I have a Wake-on-LAN situation where I'd like GRUB to make a network request to decide "should I boot Windows?", perhaps by load_env (http,192.168.1.123)/grubenv (so I can write that file ...
- 253
0
votes
2
answers
507
views
Windows 11 installed on a refurbished HP so that I can't suppress Secure boot mode to boot on USB
I recently bought a refurbished HP Z4 G4 with windows 11 already installed. In order to dual boot, I have to change the bios/UEFI Secure Boot to disable (and legacy to enable). I am able to change it ...
- 181
0
votes
2
answers
2k
views
Bypassing TPM/SecureBoot checks when installing Win11 without Rufus
I need to install Windows 11 on an older PC that doesn't support TPM and SecureBoot.
According to this article, it's possible by creating DWORDs with the names BypassTPMCheck and BypassSecureBoot (...
- 3
0
votes
2
answers
8k
views
Secure Boot Violation: Invalid Signature Detected, Check Secure Boot Policy in Setup Error - HackBGRT (how to use secure boot with it)
Update - Go to answer for steps.
First off, I am trying to enable secure Boot thus I don't consider disabling secure Boot a solution.
I have a Gigabyte B450M DS3H, with AMD Ryzen 5600 and have tried ...
- 19
0
votes
1
answer
553
views
Why can Debian 11 no longer load after Windows 10 changed motherboard state?
Note that this question is not a duplicate of the typical dual-boot questions, because I never have the Windows-HDD and Linux-SSD at once in the PC, so they cannot touch each other's (efi) partitions.
...
