1

I have an Aorus x470 Gaming Ultra motherboard with a Ryzen 7 2700 CPU and an Evo 970 NVME with Windows 10.

Windows was installed as UEFI without problem about 2 years ago.

To get my PC ready for Windows 11 I enabled FTPM and disabled CMS in the UEFI.

Windows booted, but the Software checker said that I also needed to enable Secure Boot in the UEFI.

I enabled Secure Boot, but now my PC won't boot to Windows. It goes straight back the UEFI screen with no error messages or logs.

I must disable Secure Boot to get back into windows. After which things seem normal.

Is this because Windows was installed with Secure Boot switched off, and can I boot into Windows with Secure Boot enabled without having to reinstall Windows?

Improve this question
3
  • Have you tried performing any Boot Repair functions or a Repair Install of Windows after enabling Secure Boot to get Windows to correct/repair its boot instructions?
    – music2myear
    Commented Jul 3, 2021 at 17:02
  • No, I am not able to get to any kind of interface other than the UEFI to perform a repair install. I have not attempted it form external media in case it resets my OS to factory default.
    – user1450676
    Commented Jul 3, 2021 at 17:12
  • The keys required for Secure Boot are probably missing. Windows 10 does not require Secure Boot to be enable. However, Microsoft requires OEM devices to provide a way for it to be disabled, so it’s possible to seamlessly enable or disable it on all Windows devices (except certain Microsoft ARM devices)
    – Ramhound
    Commented Jul 3, 2021 at 19:39

1 Answer 1

Reset to default
1

I had a similar problem. It turned out that my disk (actually an M.2 SSD) was formatted MBR rather than GPT, and it needs to be GPT for UEFI.

If CSM is not disabled, then if your boot disk is MBR then you are just getting legacy BIOS compatibility rather than actually using UEFI. And disabling CSM means it won't boot at all, and you're just kicked back into the UEFI setup screen.

You can run diskmgmt.msc as Administrator to see if your disk is MBR. See the image in the first link below: right click on the boot disk (it might be Disk 0), then select Properties / Volumes and look at the Partition style.

If it's MBR, you can run the MBR2GPT.EXE command line tool (with the /allowFullOS option) to convert it to GPT without data loss. The DISKPART.EXE utility, by contrast, only works if the disk is empty, with no partitions or volumes.

I ran MBR2GPT to convert to GPT, this created an additional EFI system partition that used up 100 MB. Then after rebooting and entering the UEFI setup screen, I was able to enable UEFI and disable CSM and save those settings, and after that it successfully rebooted into Windows without getting stuck in the UEFI setup screen like it was doing before.

Improve this answer

You must log in to answer this question.