In my Google searches I've read many times "soft brick" or similar terms. This means the affected computer does the POST (depending, it properly signals it to the user with a beep/similar or not), but it detects corrupted legacy BIOS settings or not (afterwards I'll explore the corrupted certs possibility), in the former case it's like a driver seeing that he/she is in a dead end, although the car and he/she are healthy (a person can always find a solution, an automatic system it depends), in the latter case "the car" crashes against a wall or anything and the system crashes, minimum a reboot would be required but only a reboot wouldn't be enough in general.
Legacy BIOS settings: SATA ports in IDE/AHCI/RAID, processor/RAM voltage/frequency modes/multipliers (this part can be very dense in data: I've counted about 30-40 user settings in one's manual and not all combinations are possible), onboard sound and other peripherals enabled/disabled,... Corruption here is what most clearly can impede the bootup. In all non UEFI boards I've had the chance to know, visiting the BIOS (that sometimes is automatic) or clearing the CMOS fixes the issue. I've never had the chance to know about any UEFI board.
We're speaking about NVRAM and CMOS, but are they always separated? Is there any "mechanical" characteristic that makes it impossible to use the same store for the CMOS settings and for the certs? Possible one: the CMOS settings live in fixed memory positions, the certs are more like files (with different lengths) and even folders in a "disk" (for fulfilling the "not in DBX" part you don't go to the "KEKs folder"). I'm not meaning there's a "filesystem": this is memory, it's fast and rewriting everything again is possible, although I don't like it because of the intermediate store problem, system RAM isn't reliable enough for my taste and a second store only for this... let it alone if Windows is constantly appending/deleting small items. Maybe it's inevitable anyway depending on the use mechanics of this database. Is there an "absolutely maximum length" for a cert?
Now let's suppose everything in the 2nd paragraph is okay. The very first operation afterwards could be some check in the certs/UEFI variables... even if the computer is set in legacy BIOS? (oldest computers might have a "pure legacy BIOS" mode, CSM is theoretically a part of UEFI although there're probably as many different CSM modes as models). Whatever, any check (let it alone if it's more than a check) of corrupted data can cause a hang, or should it rather cause a SB violation??? This is important b/c a "NVRAM corruption issue" can be seen as an attack. If the user data can be retrieved (it's backed up or the disk can be attached to other computer, not for example in my miniPC that as disk has an "eMMC" soldered to the board), maybe it's preferable to brick the computer (half kidding, half not).
Legacy BIOS or CSM or Secure Boot not capable aren't compatible with Windows 11 so in theory this problem doesn't exist lol. Windows 10 still exists though (and ESU has been extended one year more).
Legacy BIOS settings: SATA ports in IDE/AHCI/RAID, processor/RAM voltage/frequency modes/multipliers (this part can be very dense in data: I've counted about 30-40 user settings in one's manual and not all combinations are possible), onboard sound and other peripherals enabled/disabled,... Corruption here is what most clearly can impede the bootup. In all non UEFI boards I've had the chance to know, visiting the BIOS (that sometimes is automatic) or clearing the CMOS fixes the issue. I've never had the chance to know about any UEFI board.
We're speaking about NVRAM and CMOS, but are they always separated? Is there any "mechanical" characteristic that makes it impossible to use the same store for the CMOS settings and for the certs? Possible one: the CMOS settings live in fixed memory positions, the certs are more like files (with different lengths) and even folders in a "disk" (for fulfilling the "not in DBX" part you don't go to the "KEKs folder"). I'm not meaning there's a "filesystem": this is memory, it's fast and rewriting everything again is possible, although I don't like it because of the intermediate store problem, system RAM isn't reliable enough for my taste and a second store only for this... let it alone if Windows is constantly appending/deleting small items. Maybe it's inevitable anyway depending on the use mechanics of this database. Is there an "absolutely maximum length" for a cert?
Now let's suppose everything in the 2nd paragraph is okay. The very first operation afterwards could be some check in the certs/UEFI variables... even if the computer is set in legacy BIOS? (oldest computers might have a "pure legacy BIOS" mode, CSM is theoretically a part of UEFI although there're probably as many different CSM modes as models). Whatever, any check (let it alone if it's more than a check) of corrupted data can cause a hang, or should it rather cause a SB violation??? This is important b/c a "NVRAM corruption issue" can be seen as an attack. If the user data can be retrieved (it's backed up or the disk can be attached to other computer, not for example in my miniPC that as disk has an "eMMC" soldered to the board), maybe it's preferable to brick the computer (half kidding, half not).
Legacy BIOS or CSM or Secure Boot not capable aren't compatible with Windows 11 so in theory this problem doesn't exist lol. Windows 10 still exists though (and ESU has been extended one year more).
My Computer
At a glance
Windows 11Celeron J4125 (10th gen)8GB DDR4
- OS
- Windows 11
- Manufacturer/Model
- MeLE Quieter 2Q (fanless miniPC)
- CPU
- Celeron J4125 (10th gen)
- Memory
- 8GB DDR4
- Monitor(s) Displays
- Samsung SyncMaster T260
- Screen Resolution
- 1920x1200
- Hard Drives
- 256GB eMMC (Windows)
2TB USB3 HDD Toshiba (Data)




