desperate4help
New member
- Local time
- 2:54 PM
- Posts
- 1
- OS
- Windows 11 Pro
System Info: Dell XPS 8940, Windows 11 Pro 10.0.26200 Build 26200, BIOS Version: Dell inc. 2.27.1 (04/03/2025)
After resetting Secure Boot keys in BIOS while troubleshooting a separate issue, Secure Boot no longer works correctly.
Secure Boot OFF (or Checked ON in Audit Mode) -> Windows boots normally.
Secure Boot ON (in Deployed Mode) -> Boot fails with “Checking media presence… media present Start PXE over IPv4 (or IPv6) on MAC: [your MAC address]” for a couple minutes, followed by “Operating System Loader failed signature verification. Warning: the file may have been tampered with. All bootable devices failed Secure Boot verification.” It occurs after the Dell Logo appears briefly.
When booted with Secure Boot in Audit mode:
bootmgfw.efi signature checks out as valid in PowerShell: Get-AuthenticodeSignature, Status: Valid.
Issuer shows Microsoft Windows Production PCA 2011 chain.
bcdboot C:\Windows /f UEFI -> successful (“Boot files successfully created”)
bcdedit /enum firmware shows standard Windows Boot Manager entry pointing to \EFI\Microsoft\Boot\bootmgfw.efi
EFI System Partition exists and is healthy (100MB FAT32 system partition)
What I have tried in BIOS:
Reset All Keys (multiple times), Delete All Keys, Switch between Audit Mode and Deployed Mode, Enable/disable Custom Mode, Restore to "BIOS defaults" and "Factory Settings", BIOS update/reflash via .exe from Dell to 2.27.1, Full power drain (shutdown, unplug, hold power button).
Possibly useful information:
Booted with Secure Boot Checked in Audit mode,
Confirm-SecureBootUEFI returns False
Get-SecureBootUEFI -Name SetupMode returns SetupMode {1} BOOTSERVICE ACCESS...
Get-SecureBootUEFI -Name SecureBoot returns SecureBoot {0} BOOTSERVICE ACCESS...
Dell BIOS:
The ONLY options this BIOS includes pertaining to keys is -> Reset All Keys, Delete All Keys, Save to File, Import from File, Append Key from File. A simple checkbox for Custom Mode reveals these options. The BIOS as a whole has an option to Restore, which I have only tried 'BIOS Defaults' but there are other options such as 'Factory Settings' or 'Last Known Good Settings'. When this issue first occurred, I left Custom Mode checked before trying to boot, because it said I will lose changes. But I have been told that 'Reset All Keys' will not be lost, and to uncheck Custom Mode before booting - So that is what I have been doing ever since when attempting to Reset All Keys.
Personal Disclaimer:
I have been trying to resolve this issue for over 8 hours. I have extremely limited experience working within the Dell BIOS, Windows 11 boot issues, Secure Boot, Certifications or Keys and so on. I have received almost all the help I've got with this from generic online tips or AI, since it's difficult to receive personalized help online and I don't fully understand what's going on. Therefore, take what I say with a grain of salt and know that I may have misconfigured something in BIOS. I've messed with just about everything in the BIOS there is to mess with pertaining to boot, storage, or keys. This is just what I understand the situation to be. Feel free to ask any questions or mention commands you want me to run to better diagnose or solve the issue.
Windows boots normally when Secure Boot is disabled — no crashes, BSODs, or boot issues otherwise.
After resetting Secure Boot keys in BIOS while troubleshooting a separate issue, Secure Boot no longer works correctly.
Secure Boot OFF (or Checked ON in Audit Mode) -> Windows boots normally.
Secure Boot ON (in Deployed Mode) -> Boot fails with “Checking media presence… media present Start PXE over IPv4 (or IPv6) on MAC: [your MAC address]” for a couple minutes, followed by “Operating System Loader failed signature verification. Warning: the file may have been tampered with. All bootable devices failed Secure Boot verification.” It occurs after the Dell Logo appears briefly.
When booted with Secure Boot in Audit mode:
bootmgfw.efi signature checks out as valid in PowerShell: Get-AuthenticodeSignature, Status: Valid.
Issuer shows Microsoft Windows Production PCA 2011 chain.
bcdboot C:\Windows /f UEFI -> successful (“Boot files successfully created”)
bcdedit /enum firmware shows standard Windows Boot Manager entry pointing to \EFI\Microsoft\Boot\bootmgfw.efi
EFI System Partition exists and is healthy (100MB FAT32 system partition)
What I have tried in BIOS:
Reset All Keys (multiple times), Delete All Keys, Switch between Audit Mode and Deployed Mode, Enable/disable Custom Mode, Restore to "BIOS defaults" and "Factory Settings", BIOS update/reflash via .exe from Dell to 2.27.1, Full power drain (shutdown, unplug, hold power button).
Possibly useful information:
Booted with Secure Boot Checked in Audit mode,
Confirm-SecureBootUEFI returns False
Get-SecureBootUEFI -Name SetupMode returns SetupMode {1} BOOTSERVICE ACCESS...
Get-SecureBootUEFI -Name SecureBoot returns SecureBoot {0} BOOTSERVICE ACCESS...
Dell BIOS:
The ONLY options this BIOS includes pertaining to keys is -> Reset All Keys, Delete All Keys, Save to File, Import from File, Append Key from File. A simple checkbox for Custom Mode reveals these options. The BIOS as a whole has an option to Restore, which I have only tried 'BIOS Defaults' but there are other options such as 'Factory Settings' or 'Last Known Good Settings'. When this issue first occurred, I left Custom Mode checked before trying to boot, because it said I will lose changes. But I have been told that 'Reset All Keys' will not be lost, and to uncheck Custom Mode before booting - So that is what I have been doing ever since when attempting to Reset All Keys.
Personal Disclaimer:
I have been trying to resolve this issue for over 8 hours. I have extremely limited experience working within the Dell BIOS, Windows 11 boot issues, Secure Boot, Certifications or Keys and so on. I have received almost all the help I've got with this from generic online tips or AI, since it's difficult to receive personalized help online and I don't fully understand what's going on. Therefore, take what I say with a grain of salt and know that I may have misconfigured something in BIOS. I've messed with just about everything in the BIOS there is to mess with pertaining to boot, storage, or keys. This is just what I understand the situation to be. Feel free to ask any questions or mention commands you want me to run to better diagnose or solve the issue.
Windows boots normally when Secure Boot is disabled — no crashes, BSODs, or boot issues otherwise.
- Windows Build/Version
- 10.0.26200 Build 26200
Last edited:
My Computer
At a glance
Windows 11 Pro
- OS
- Windows 11 Pro
- Computer type
- PC/Desktop
- Manufacturer/Model
- Dell XPS 8940
