Secure Boot Activation Impossible
Pinguuuuui
-
Roat84 Posted messages 20 Status Member -
Roat84 Posted messages 20 Status Member -
Hi!
I'm trying to enable the Secure Boot option in my BIOS, but when starting the computer, it detects a violation with the following message: "Invalid signature detected. Check secure boot policy in setup."
I've tried looking online for explanations but found nothing concrete.
I have a Gigabyte H310M H 2.0 motherboard, two SSDs, the first one has Windows 10 installed, and the second one is empty.
Thanks to those who take the time to respond ;)
I'm trying to enable the Secure Boot option in my BIOS, but when starting the computer, it detects a violation with the following message: "Invalid signature detected. Check secure boot policy in setup."
I've tried looking online for explanations but found nothing concrete.
I have a Gigabyte H310M H 2.0 motherboard, two SSDs, the first one has Windows 10 installed, and the second one is empty.
Thanks to those who take the time to respond ;)
2 answers
Hello,
I think you want to try Windows 11; if you want my opinion, it's better to wait.
For "secure boot," the CSM needs to be disabled, so the BIOS should be in UEFI mode only. Your error message indicates that the secure boot keys are not loaded. Since not all BIOS are the same, it's difficult to inform you, especially without seeing it. Sometimes, simply changing the "secure boot" mode from "standard" to "custom" and then back to "standard" immediately can prompt the reload of the keys. There is also sometimes the option "install default secure boot keys." Ultimately, it's up to you to open your eyes and look in your BIOS because, as I've already told you, each BIOS is different—there is no one-size-fits-all method.
Be careful: when adjusting such settings, it's best not to make mistakes, so proceed with caution. If you make an error and the PC won't start anymore, simply turn off the PC, unplug it, and remove the CMOS battery from the motherboard to reset the BIOS settings to default.
Good luck with the rest; that will be all from me.
bazfile
Moderator/Security Contributor.
A hello, a reply, and a thank you are always appreciated.
I think you want to try Windows 11; if you want my opinion, it's better to wait.
For "secure boot," the CSM needs to be disabled, so the BIOS should be in UEFI mode only. Your error message indicates that the secure boot keys are not loaded. Since not all BIOS are the same, it's difficult to inform you, especially without seeing it. Sometimes, simply changing the "secure boot" mode from "standard" to "custom" and then back to "standard" immediately can prompt the reload of the keys. There is also sometimes the option "install default secure boot keys." Ultimately, it's up to you to open your eyes and look in your BIOS because, as I've already told you, each BIOS is different—there is no one-size-fits-all method.
Be careful: when adjusting such settings, it's best not to make mistakes, so proceed with caution. If you make an error and the PC won't start anymore, simply turn off the PC, unplug it, and remove the CMOS battery from the motherboard to reset the BIOS settings to default.
Good luck with the rest; that will be all from me.
bazfile
Moderator/Security Contributor.
A hello, a reply, and a thank you are always appreciated.
I don't want to install Windows 11 right away, but I wanted to see if my PC was compatible. However, this Secure Boot issue goes beyond just this simple update.
I had already performed all the steps described above before, but none of them worked... I'm a bit out of ideas and documentation :/
For compatibility with Windows 11:
- You need to enable TPM in the BIOS; its version must be 2.0. To check if it’s enabled and its version, simultaneously press the Windows and R keys, a window will appear, copy/paste tpm.msc and then click on OK.
- Your graphics card must support DirectX 12 and have a WDDM driver version 2. To check this, in the search box, copy/paste DXdiag; a window will appear showing the DirectX version in the System tab and the WDDM version in the Display tab.
- Secure Boot must be enabled in the BIOS.
- Your BIOS must be in UEFI.
Also, your processor must be compatible; not all are supported. Intel CPUs are only supported starting from the 8th generation; see the list of supported processors:
AMD Processors https://docs.microsoft.com/en-us/windows-hardware/design/minimum/supported/windows-11-supported-amd-processors
Intel Processors https://docs.microsoft.com/en-us/windows-hardware/design/minimum/supported/windows-11-supported-intel-processors