Secure Boot not enabled in new MiniPC - Win 11 setup without Secure Boot


ajaxStardust

Well-known member
Local time
7:02 PM
Posts
58
OS
Windows 11 Pro 22631.3447
(please ignore some URL's here copied pointing to mastodon tags accidentally)

Working on the project of setting up a new minipc device.
Story, here: ajaxStardust (@ajaxStardust@vivaldi.net)

Secureboot is/was not enabled when my new miniPC powered on the first time and setup Windows11 .
That device details are shown in this Speccy report

It didn't occur to me to check it until I experienced something I'd never seen before.
See here please:
Win11 > Security > Virus & Threat > Ransomware > Allow Picard - #3 by stanley.tweedle - MusicBrainz Picard - MetaBrainz Community Discourse

I tried enabling the secure boot (referenced this guide), but I get an error about the device not matching (e.g. not unlike you've got a Linux O/S w/ secure boot disabled to boot correctly, and forget to re-enable secure boot when you switch over to Windows).

As we know, Win 11 doesn't allow itself to be installed on a system without secure boot equipped. It only has to be equipped, not enabled. #BIOS
#Ransomware #protection #Security #windowsdefender
Seems like the manufacturer would ship it in such a way as to not deal with that issue.

What to do in this situation? Seems to me it would probably be a LOT easier to just start over. I'm upset about that, but I'm pretty sure I'd rather do that-- ANYTHING that I know will correct it with 100% (okay 99.9%) confidence that it's going to be the correct option. I really can't spend more time on this. I'm not interested in learning how to "fix" it, if I can just start over.

FTR: I haven't consulted their network yet (manufactured by Trycoo), as I'll most likely get some feedback here sooner.
But that's where I'm headed now.

:(
 
Windows Build/Version
Win 11 Pro (x64) Build 22631.3447 (23H2)

My Computer

System One

  • OS
    Windows 11 Pro 22631.3447
    Computer type
    PC/Desktop
    Manufacturer/Model
    Trycoo
    CPU
    Intel(R) N100 800 MHz
    Motherboard
    WI-6
    Memory
    16 GB
    Graphics Card(s)
    Intel UHD Graphics: 8086-4E61
    Sound Card
    USB Audio Device
    Monitor(s) Displays
    HP E241i
    Screen Resolution
    1920x1200
    Other Info
    http://speccy.piriform.com/results/NwxSjHiPVH0y4XLSt8D2NvS
Take a look at this Microsoft article:


Note that this article deals with a specific issue (BlackLotus UEFI Bootkit) but what we are after is a specific portion of that article. Scoll way down near the bottom to the section called "Recovery procedure". That section discusses some of the things to try to reset the keys for Secure Boot. As an example, on the desktop that I am in front of right now, after I disable Secure Boot, before I can re-enable it again, I first have to clear the keys and reset them to defaults.

BTW, you are lucky with your Mini PC. I have roughly 7 mini PCs. They are all Intel 11th gen or newer. Of those machines, 5 of them act like they support Secure Boot but there is no way to actually enable it in the BIOS. Only 2 of those systems actually allow me to enable Secure Boot.
 

My Computers

System One System Two

  • OS
    Win11 Pro 24H2
    Computer type
    PC/Desktop
    Manufacturer/Model
    Self-built
    CPU
    Intel i7 11700K
    Motherboard
    ASUS Prime Z590-A MB
    Memory
    64GB (Waiting for warranty replacement of another 64GB for 128GB total)
    Graphics Card(s)
    No GPU - Built-in Intel Graphics
    Sound Card
    Integrated
    Monitor(s) Displays
    HP Envy 32
    Screen Resolution
    2560 x 1440
    Hard Drives
    1 x 1TB NVMe SSD
    1 x 2TB NVMe SSD
    1 x 4TB NVMe SSD
    3 x 512GB 2.5" SSD
    1 x 4TB 2.5" SSD
    5 x 8TB Seagate Barracuda HDD
    PSU
    Corsair HX850i
    Case
    Corsair iCUE RGB 5000X mid tower case
    Cooling
    Noctua NF-S12A chromax.black.swap case fans (Qty. 7) & Home Computer Specifications, Configuration, and Usage Notes General Specifications ASUS Prime Z590-A motherboard, serial number M1M0KC222467ARP Intel Core i7-11700K CPU (11th Gen Rocket Lake / LGA 1200 Socket) 128GB Crucial Ballistix RGB DDR4 3200 MHz DRAM (4 x 32GB) Corsair iCUE RGB 5000X mid tower case Noctua NH-D15 chromax.black CPU cooler Noctua NF-S12A chromax.black.swap case fans (Qty. 7) & Corsair LL-120 RGB Fans (Qty. 3)
    Keyboard
    Corsair K70 Max RGB Magnetic Keyboard
    Mouse
    Logitech MX Master 3
    Internet Speed
    1Gb Up / 1 Gb Down
    Browser
    Edge
    Antivirus
    Windows Defender
    Other Info
    The five 8TB drives and three 512GB SSDs are part of a DrivePool using StableBit DrivePool software. The three SSDs are devoted purely to caching for the 8TB drives. All of the important data is stored in triplicate so that I can withstand simultaneous failure of 2 disks.

    Networking: 2.5Gbps Ethernet and WiFi 6e
  • Operating System
    Win11 Pro 23H2
    Computer type
    Laptop
    Manufacturer/Model
    Lenovo ThinkBook 13x Gen 2
    CPU
    Intel i7-1255U
    Memory
    16 GB
    Graphics card(s)
    Intel Iris Xe Graphics
    Sound Card
    Realtek® ALC3306-CG codec
    Monitor(s) Displays
    13.3-inch IPS Display
    Screen Resolution
    WQXGA (2560 x 1600)
    Hard Drives
    2 TB 4 x 4 NVMe SSD
    PSU
    USB-C / Thunderbolt 4 Power / Charging
    Keyboard
    Backlit, spill resistant keyboard
    Mouse
    Buttonless Glass Precision Touchpad
    Internet Speed
    1Gb Up / 1Gb Down
    Browser
    Edge
    Antivirus
    Windows Defender
    Other Info
    WiFi 6e / Bluetooth 5.1 / Facial Recognition / Fingerprint Sensor / ToF (Time of Flight) Human Presence Sensor
Or simply bypass hardware compatibility check and install Windows 11 without Secure Boot, or even without TPM 2.0 or UEFI. See the relevant threads. The easiest way to do it is to download the ISO from Microsoft or elsewhere and then use Rufus to create the USB flash drive with Windows 11 setup. Once Rufus detects the ISO is Windows 11, you will be prompted if you want to bypass compatibility checks. You can safely select all options (CPU, RAM, UEFI, TMP, Secure Boot). With that USB you can install Windows 11 on any 64-bit system. Make sure to select GPT (UEFI) if you have a modern system with UEFI firmware, or MBR (CSM) if you have an older system with a BIOS.
 

My Computers

System One System Two

  • OS
    Windows 11 Pro 23H2 (5472), 24H2 (4652)
    Computer type
    Laptop
    Manufacturer/Model
    Acer Extensa 5630EZ
    CPU
    Mobile DualCore Intel Core 2 Duo T7250, 2000 MHz
    Motherboard
    Acer Extensa 5630
    Memory
    4GB
    Graphics Card(s)
    Mobile Intel(R) GMA 4500M (Mobile 4 series)
    Sound Card
    Realtek ALC268 @ Intel 82801IB ICH9 - High Definition Audio Controller
    Monitor(s) Displays
    1
    Screen Resolution
    1280x800
    Hard Drives
    Samsung SSD 850 EVO 250GB SATA Device (250 GB, SATA-III)
    Internet Speed
    VDSL 50 Mbps
    Browser
    MICROSOFT EDGE
    Antivirus
    WINDOWS DEFENDER
    Other Info
    Legacy MBR installation, no TPM, no Secure Boot, no WDDM 2.0 graphics drivers, no SSE4.2, cannot get more unsupported ;) This is only my test laptop. I had installed Windows 11 here before upgrading my main PC. For my main PC I use everyday see my 2nd system specs.
  • Operating System
    Windows 11 Pro v24H2 (build 26100.4652)
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom-built PC
    CPU
    Intel Core-i7 3770 3.40GHz s1155 (3rd generation)
    Motherboard
    Asus P8H61 s1155 ATX
    Memory
    2x Kingston Hyper-X Blu 8GB DDR3-1600
    Graphics card(s)
    Gainward NE5105T018G1-1070F (nVidia GeForce GTX 1050Ti 4GB GDDR5)
    Sound Card
    Realtek HD audio (ALC887)
    Monitor(s) Displays
    Sony Bravia KDL-19L4000 19" LCD TV via VGA
    Screen Resolution
    1440x900 32-bit 60Hz
    Hard Drives
    WD Blue SA510 2.5 1000GB SSD as system disk, Western Digital Caviar Purple 4TB SATA III (WD40PURZ) as second
    PSU
    Thermaltake Litepower RGB 550W Full Wired
    Case
    SUPERCASE MIDI-TOWER
    Cooling
    Deepcool Gamma Archer CPU cooler, 1x 8cm fan at the back
    Keyboard
    Mitsumi 101-key PS/2
    Mouse
    Sunnyline OptiEye PS/2
    Internet Speed
    100Mbps
    Browser
    Microsoft Edge, Mozilla Firefox
    Antivirus
    Microsoft Windows Defender
    Other Info
    Legacy BIOS (MBR) installation, no TPM, no Secure Boot, WDDM 3.0 graphics drivers, WEI score 7.4
@spapakons There may be confusion here? The system IS installed without secure boot. I'm not pleased about that-- if it's an added layer of security that I could otherwise have enabled. The system seems to function fine, but I am encountering little things here and there which I'm of course even subliminally attributing to the secure boot being disabled.

@hsehestedt sounds like you're picking up what i'm laying down! I'll ref that article right away. As for the #miniPC I'm 99.99% sure I've been able to set the secure boot option in the #Beelink #U59 I used previously as well. don't know I've ever seen one that didn't allow that mod. (more about my experience with beelink minipc here)

Should I resolve that I basically shouldn't worry about it?
E.g. Stuff like winget
Code:
winget update
Failed when opening source(s); try the 'source reset' command if the problem persists.

I'm afraind I'm going to keep getting unexpected errors constantly. So, seeking the resolve of resetting the system, or the "keys" as @hsehestedt advises.

THank you!

EDIT:
I said i followed this guide. I'm confused now. Because I don't think I did follow that specific guide, but something else here to check if it's enabled (without going back out into the BIOS). I'm just getting back to this after a couple of days out of town. forgive me.
 
Last edited:

My Computer

System One

  • OS
    Windows 11 Pro 22631.3447
    Computer type
    PC/Desktop
    Manufacturer/Model
    Trycoo
    CPU
    Intel(R) N100 800 MHz
    Motherboard
    WI-6
    Memory
    16 GB
    Graphics Card(s)
    Intel UHD Graphics: 8086-4E61
    Sound Card
    USB Audio Device
    Monitor(s) Displays
    HP E241i
    Screen Resolution
    1920x1200
    Other Info
    http://speccy.piriform.com/results/NwxSjHiPVH0y4XLSt8D2NvS
Entering the command,
Code:
[System.Text.Encoding]::ASCII.GetString((Get-SecureBootUEFI db).bytes) -match 'Windows UEFI CA 2023'
returns:

Code:
Get-SecureBootUEFI : Variable is currently undefined: 0xC0000100
At line:1 char:42
+ ... System.Text.Encoding]::ASCII.GetString((Get-SecureBootUEFI db).bytes) ...
+                                             ~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : ResourceUnavailable: (Microsoft.Secur...BootUefiCommand:GetSecureBootUefiCommand) [Get-Secure
   BootUEFI], StatusException
    + FullyQualifiedErrorId : GetFWVarFailed,Microsoft.SecureBoot.Commands.GetSecureBootUefiCommand
 

My Computer

System One

  • OS
    Windows 11 Pro 22631.3447
    Computer type
    PC/Desktop
    Manufacturer/Model
    Trycoo
    CPU
    Intel(R) N100 800 MHz
    Motherboard
    WI-6
    Memory
    16 GB
    Graphics Card(s)
    Intel UHD Graphics: 8086-4E61
    Sound Card
    USB Audio Device
    Monitor(s) Displays
    HP E241i
    Screen Resolution
    1920x1200
    Other Info
    http://speccy.piriform.com/results/NwxSjHiPVH0y4XLSt8D2NvS
That's got 'er.

vV9bAv0l2t8TGDajnDw5D[1].png

However, from the tutorial about updating keys here, running the following command as admin powershell:

Code:
PS C:\Users\someguy> [System.Text.Encoding]::ASCII.GetString((Get-SecureBootUEFI db).bytes) -match 'Windows UEFI CA 2023'
False
PS C:\Users\someguy>

Is this a concern?
and how to fix?
 

My Computer

System One

  • OS
    Windows 11 Pro 22631.3447
    Computer type
    PC/Desktop
    Manufacturer/Model
    Trycoo
    CPU
    Intel(R) N100 800 MHz
    Motherboard
    WI-6
    Memory
    16 GB
    Graphics Card(s)
    Intel UHD Graphics: 8086-4E61
    Sound Card
    USB Audio Device
    Monitor(s) Displays
    HP E241i
    Screen Resolution
    1920x1200
    Other Info
    http://speccy.piriform.com/results/NwxSjHiPVH0y4XLSt8D2NvS
However, from the tutorial about updating keys here, running the following command as admin powershell:

Code:
PS C:\Users\someguy> [System.Text.Encoding]::ASCII.GetString((Get-SecureBootUEFI db).bytes) -match 'Windows UEFI CA 2023'
False
PS C:\Users\someguy>
Follow the steps in the article below to Install the updated certificate definitions to the DB. That's the first part of the mitigation.

 

My Computers

System One System Two

  • OS
    Win11 Pro 24H2
    Computer type
    PC/Desktop
    Manufacturer/Model
    Self-built
    CPU
    Intel i7 11700K
    Motherboard
    ASUS Prime Z590-A MB
    Memory
    64GB (Waiting for warranty replacement of another 64GB for 128GB total)
    Graphics Card(s)
    No GPU - Built-in Intel Graphics
    Sound Card
    Integrated
    Monitor(s) Displays
    HP Envy 32
    Screen Resolution
    2560 x 1440
    Hard Drives
    1 x 1TB NVMe SSD
    1 x 2TB NVMe SSD
    1 x 4TB NVMe SSD
    3 x 512GB 2.5" SSD
    1 x 4TB 2.5" SSD
    5 x 8TB Seagate Barracuda HDD
    PSU
    Corsair HX850i
    Case
    Corsair iCUE RGB 5000X mid tower case
    Cooling
    Noctua NF-S12A chromax.black.swap case fans (Qty. 7) & Home Computer Specifications, Configuration, and Usage Notes General Specifications ASUS Prime Z590-A motherboard, serial number M1M0KC222467ARP Intel Core i7-11700K CPU (11th Gen Rocket Lake / LGA 1200 Socket) 128GB Crucial Ballistix RGB DDR4 3200 MHz DRAM (4 x 32GB) Corsair iCUE RGB 5000X mid tower case Noctua NH-D15 chromax.black CPU cooler Noctua NF-S12A chromax.black.swap case fans (Qty. 7) & Corsair LL-120 RGB Fans (Qty. 3)
    Keyboard
    Corsair K70 Max RGB Magnetic Keyboard
    Mouse
    Logitech MX Master 3
    Internet Speed
    1Gb Up / 1 Gb Down
    Browser
    Edge
    Antivirus
    Windows Defender
    Other Info
    The five 8TB drives and three 512GB SSDs are part of a DrivePool using StableBit DrivePool software. The three SSDs are devoted purely to caching for the 8TB drives. All of the important data is stored in triplicate so that I can withstand simultaneous failure of 2 disks.

    Networking: 2.5Gbps Ethernet and WiFi 6e
  • Operating System
    Win11 Pro 23H2
    Computer type
    Laptop
    Manufacturer/Model
    Lenovo ThinkBook 13x Gen 2
    CPU
    Intel i7-1255U
    Memory
    16 GB
    Graphics card(s)
    Intel Iris Xe Graphics
    Sound Card
    Realtek® ALC3306-CG codec
    Monitor(s) Displays
    13.3-inch IPS Display
    Screen Resolution
    WQXGA (2560 x 1600)
    Hard Drives
    2 TB 4 x 4 NVMe SSD
    PSU
    USB-C / Thunderbolt 4 Power / Charging
    Keyboard
    Backlit, spill resistant keyboard
    Mouse
    Buttonless Glass Precision Touchpad
    Internet Speed
    1Gb Up / 1Gb Down
    Browser
    Edge
    Antivirus
    Windows Defender
    Other Info
    WiFi 6e / Bluetooth 5.1 / Facial Recognition / Fingerprint Sensor / ToF (Time of Flight) Human Presence Sensor

My Computer

System One

  • OS
    Windows 11 Pro 22631.3447
    Computer type
    PC/Desktop
    Manufacturer/Model
    Trycoo
    CPU
    Intel(R) N100 800 MHz
    Motherboard
    WI-6
    Memory
    16 GB
    Graphics Card(s)
    Intel UHD Graphics: 8086-4E61
    Sound Card
    USB Audio Device
    Monitor(s) Displays
    HP E241i
    Screen Resolution
    1920x1200
    Other Info
    http://speccy.piriform.com/results/NwxSjHiPVH0y4XLSt8D2NvS
Be careful with Secure Boot as it could affect how Windows load and get it unable to boot. You may need to reinstall Windows 11 if you enable it.
 

My Computers

System One System Two

  • OS
    Windows 11 Pro 23H2 (5472), 24H2 (4652)
    Computer type
    Laptop
    Manufacturer/Model
    Acer Extensa 5630EZ
    CPU
    Mobile DualCore Intel Core 2 Duo T7250, 2000 MHz
    Motherboard
    Acer Extensa 5630
    Memory
    4GB
    Graphics Card(s)
    Mobile Intel(R) GMA 4500M (Mobile 4 series)
    Sound Card
    Realtek ALC268 @ Intel 82801IB ICH9 - High Definition Audio Controller
    Monitor(s) Displays
    1
    Screen Resolution
    1280x800
    Hard Drives
    Samsung SSD 850 EVO 250GB SATA Device (250 GB, SATA-III)
    Internet Speed
    VDSL 50 Mbps
    Browser
    MICROSOFT EDGE
    Antivirus
    WINDOWS DEFENDER
    Other Info
    Legacy MBR installation, no TPM, no Secure Boot, no WDDM 2.0 graphics drivers, no SSE4.2, cannot get more unsupported ;) This is only my test laptop. I had installed Windows 11 here before upgrading my main PC. For my main PC I use everyday see my 2nd system specs.
  • Operating System
    Windows 11 Pro v24H2 (build 26100.4652)
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom-built PC
    CPU
    Intel Core-i7 3770 3.40GHz s1155 (3rd generation)
    Motherboard
    Asus P8H61 s1155 ATX
    Memory
    2x Kingston Hyper-X Blu 8GB DDR3-1600
    Graphics card(s)
    Gainward NE5105T018G1-1070F (nVidia GeForce GTX 1050Ti 4GB GDDR5)
    Sound Card
    Realtek HD audio (ALC887)
    Monitor(s) Displays
    Sony Bravia KDL-19L4000 19" LCD TV via VGA
    Screen Resolution
    1440x900 32-bit 60Hz
    Hard Drives
    WD Blue SA510 2.5 1000GB SSD as system disk, Western Digital Caviar Purple 4TB SATA III (WD40PURZ) as second
    PSU
    Thermaltake Litepower RGB 550W Full Wired
    Case
    SUPERCASE MIDI-TOWER
    Cooling
    Deepcool Gamma Archer CPU cooler, 1x 8cm fan at the back
    Keyboard
    Mitsumi 101-key PS/2
    Mouse
    Sunnyline OptiEye PS/2
    Internet Speed
    100Mbps
    Browser
    Microsoft Edge, Mozilla Firefox
    Antivirus
    Microsoft Windows Defender
    Other Info
    Legacy BIOS (MBR) installation, no TPM, no Secure Boot, WDDM 3.0 graphics drivers, WEI score 7.4
Be careful with Secure Boot as it could affect how Windows load and get it unable to boot. You may need to reinstall Windows 11 if you enable it.
Or just disable Secure Boot again. Somewhat simpler.
 

My Computer

System One

  • OS
    Windows 10
If he wants it enabled (I see no reason for that), he might have to reinstall Windows 11 if it doesn't boot with Secure Boot enabled, or at least Repair Startup from the Troubleshooting screen.
 

My Computers

System One System Two

  • OS
    Windows 11 Pro 23H2 (5472), 24H2 (4652)
    Computer type
    Laptop
    Manufacturer/Model
    Acer Extensa 5630EZ
    CPU
    Mobile DualCore Intel Core 2 Duo T7250, 2000 MHz
    Motherboard
    Acer Extensa 5630
    Memory
    4GB
    Graphics Card(s)
    Mobile Intel(R) GMA 4500M (Mobile 4 series)
    Sound Card
    Realtek ALC268 @ Intel 82801IB ICH9 - High Definition Audio Controller
    Monitor(s) Displays
    1
    Screen Resolution
    1280x800
    Hard Drives
    Samsung SSD 850 EVO 250GB SATA Device (250 GB, SATA-III)
    Internet Speed
    VDSL 50 Mbps
    Browser
    MICROSOFT EDGE
    Antivirus
    WINDOWS DEFENDER
    Other Info
    Legacy MBR installation, no TPM, no Secure Boot, no WDDM 2.0 graphics drivers, no SSE4.2, cannot get more unsupported ;) This is only my test laptop. I had installed Windows 11 here before upgrading my main PC. For my main PC I use everyday see my 2nd system specs.
  • Operating System
    Windows 11 Pro v24H2 (build 26100.4652)
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom-built PC
    CPU
    Intel Core-i7 3770 3.40GHz s1155 (3rd generation)
    Motherboard
    Asus P8H61 s1155 ATX
    Memory
    2x Kingston Hyper-X Blu 8GB DDR3-1600
    Graphics card(s)
    Gainward NE5105T018G1-1070F (nVidia GeForce GTX 1050Ti 4GB GDDR5)
    Sound Card
    Realtek HD audio (ALC887)
    Monitor(s) Displays
    Sony Bravia KDL-19L4000 19" LCD TV via VGA
    Screen Resolution
    1440x900 32-bit 60Hz
    Hard Drives
    WD Blue SA510 2.5 1000GB SSD as system disk, Western Digital Caviar Purple 4TB SATA III (WD40PURZ) as second
    PSU
    Thermaltake Litepower RGB 550W Full Wired
    Case
    SUPERCASE MIDI-TOWER
    Cooling
    Deepcool Gamma Archer CPU cooler, 1x 8cm fan at the back
    Keyboard
    Mitsumi 101-key PS/2
    Mouse
    Sunnyline OptiEye PS/2
    Internet Speed
    100Mbps
    Browser
    Microsoft Edge, Mozilla Firefox
    Antivirus
    Microsoft Windows Defender
    Other Info
    Legacy BIOS (MBR) installation, no TPM, no Secure Boot, WDDM 3.0 graphics drivers, WEI score 7.4
I have enabled and disabled secure boot in UEFI bios numerous times and had no problems booting windows whether SB is enabled or disabled.
 

My Computers

System One System Two

  • OS
    Windows 11 Pro 24H2 26100.4652
    Computer type
    PC/Desktop
    Manufacturer/Model
    Dell Optiplex 7080
    CPU
    i9-10900 10 core 20 threads
    Motherboard
    DELL 0J37VM
    Memory
    32 gb
    Graphics Card(s)
    none-Intel UHD Graphics 630
    Sound Card
    Integrated Realtek
    Monitor(s) Displays
    Benq 27
    Screen Resolution
    2560x1440
    Hard Drives
    2x1tb Solidigm m.2 nvme /External drives 512gb Samsung m.2 sata+2tb Kingston m2.nvme
    PSU
    500w
    Case
    MT
    Cooling
    Dell Premium
    Keyboard
    Logitech wired
    Mouse
    Logitech wireless
    Internet Speed
    so slow I'm too embarrassed to tell
    Browser
    #1 Edge #2 Firefox
    Antivirus
    Defender+MWB Premium
  • Operating System
    Windows 11 Pro 24H2 26100.4061
    Computer type
    PC/Desktop
    Manufacturer/Model
    Beelink Mini PC SER5
    CPU
    AMD Ryzen 7 6800U
    Memory
    32 gb
    Graphics card(s)
    integrated
    Sound Card
    integrated
    Monitor(s) Displays
    Benq 27
    Screen Resolution
    2560x1440
    Hard Drives
    1TB Crucial nvme
    Keyboard
    Logitech wired
    Mouse
    Logitech wireless
    Internet Speed
    still too embarrassed to tell
    Browser
    Firefox
    Antivirus
    Defender
    Other Info
    System 3 is non compliant Dell 9020 i7-4770/24gb ram Win11 PRO 26100.4061
Back in the day SB meant SoundBlaster. Today means Secure Boot. Technology progressed... :)
 

My Computers

System One System Two

  • OS
    Windows 11 Pro 23H2 (5472), 24H2 (4652)
    Computer type
    Laptop
    Manufacturer/Model
    Acer Extensa 5630EZ
    CPU
    Mobile DualCore Intel Core 2 Duo T7250, 2000 MHz
    Motherboard
    Acer Extensa 5630
    Memory
    4GB
    Graphics Card(s)
    Mobile Intel(R) GMA 4500M (Mobile 4 series)
    Sound Card
    Realtek ALC268 @ Intel 82801IB ICH9 - High Definition Audio Controller
    Monitor(s) Displays
    1
    Screen Resolution
    1280x800
    Hard Drives
    Samsung SSD 850 EVO 250GB SATA Device (250 GB, SATA-III)
    Internet Speed
    VDSL 50 Mbps
    Browser
    MICROSOFT EDGE
    Antivirus
    WINDOWS DEFENDER
    Other Info
    Legacy MBR installation, no TPM, no Secure Boot, no WDDM 2.0 graphics drivers, no SSE4.2, cannot get more unsupported ;) This is only my test laptop. I had installed Windows 11 here before upgrading my main PC. For my main PC I use everyday see my 2nd system specs.
  • Operating System
    Windows 11 Pro v24H2 (build 26100.4652)
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom-built PC
    CPU
    Intel Core-i7 3770 3.40GHz s1155 (3rd generation)
    Motherboard
    Asus P8H61 s1155 ATX
    Memory
    2x Kingston Hyper-X Blu 8GB DDR3-1600
    Graphics card(s)
    Gainward NE5105T018G1-1070F (nVidia GeForce GTX 1050Ti 4GB GDDR5)
    Sound Card
    Realtek HD audio (ALC887)
    Monitor(s) Displays
    Sony Bravia KDL-19L4000 19" LCD TV via VGA
    Screen Resolution
    1440x900 32-bit 60Hz
    Hard Drives
    WD Blue SA510 2.5 1000GB SSD as system disk, Western Digital Caviar Purple 4TB SATA III (WD40PURZ) as second
    PSU
    Thermaltake Litepower RGB 550W Full Wired
    Case
    SUPERCASE MIDI-TOWER
    Cooling
    Deepcool Gamma Archer CPU cooler, 1x 8cm fan at the back
    Keyboard
    Mitsumi 101-key PS/2
    Mouse
    Sunnyline OptiEye PS/2
    Internet Speed
    100Mbps
    Browser
    Microsoft Edge, Mozilla Firefox
    Antivirus
    Microsoft Windows Defender
    Other Info
    Legacy BIOS (MBR) installation, no TPM, no Secure Boot, WDDM 3.0 graphics drivers, WEI score 7.4
When you encounter issues with Secure Boot on a new MiniPC, especially in the context of setting up Windows 11. Since you're considering starting over, here are your options for a clean install that can ensure everything is properly set up.

If you have any important files on the MiniPC, back them up to an external drive or cloud storage. A clean install will erase all data on the drive.
Restart your MiniPC and enter the BIOS/UEFI settings. This is usually done by pressing a key like F2, Delete, or Esc immediately after powering on. Looking for the Boot Options or Security section in the BIOS menu.
 

My Computer

System One

  • OS
    Windows 11
    Computer type
    Laptop
    Manufacturer/Model
    ASUS
When you encounter issues with Secure Boot on a new MiniPC, especially in the context of setting up Windows 11. Since you're considering starting over, here are your options for a clean install that can ensure everything is properly set up.

If you have any important files on the MiniPC, back them up to an external drive or cloud storage. A clean install will erase all data on the drive.
Restart your MiniPC and enter the BIOS/UEFI settings. This is usually done by pressing a key like F2, Delete, or Esc immediately after powering on. Looking for the Boot Options or Security section in the BIOS menu.
I disabled secure boot on an NIPOGI Mini PC -- zero problem installing W11.

Secure boot is a dog if you want to boot other OS'es such as Linux etc -- in any case since most of the current set of mini pc's originate from China I'm sure they've hobbled their versions of W11 that these things come pre-installed in -- I wiped and installed my own copy of W11.

Laptops etc with keys enabled --you will need to go into the computers firmware BIOS to clear those and maybe also clear the TPM - but installing and booting Windows 11 without secure boot doesn't currently seem to be a problem.

Cheers
jimbo
 

My Computer

System One

  • OS
    Windows XP,10,11 Linux (Fedora 42&43 pre-release,Arch Linux)
    Computer type
    PC/Desktop
    CPU
    2 X Intel i7
    Screen Resolution
    4KUHD X 2
My 3rd Generation Intel i7 (see 2nd system specs) supports UEFI mode and Secure Boot, but since the CPU is unsupported anyway, I did a Legacy BIOS (MBR) installation, without TPM, without UEFI, without Secure Boot. Zero issues so far.
 

My Computers

System One System Two

  • OS
    Windows 11 Pro 23H2 (5472), 24H2 (4652)
    Computer type
    Laptop
    Manufacturer/Model
    Acer Extensa 5630EZ
    CPU
    Mobile DualCore Intel Core 2 Duo T7250, 2000 MHz
    Motherboard
    Acer Extensa 5630
    Memory
    4GB
    Graphics Card(s)
    Mobile Intel(R) GMA 4500M (Mobile 4 series)
    Sound Card
    Realtek ALC268 @ Intel 82801IB ICH9 - High Definition Audio Controller
    Monitor(s) Displays
    1
    Screen Resolution
    1280x800
    Hard Drives
    Samsung SSD 850 EVO 250GB SATA Device (250 GB, SATA-III)
    Internet Speed
    VDSL 50 Mbps
    Browser
    MICROSOFT EDGE
    Antivirus
    WINDOWS DEFENDER
    Other Info
    Legacy MBR installation, no TPM, no Secure Boot, no WDDM 2.0 graphics drivers, no SSE4.2, cannot get more unsupported ;) This is only my test laptop. I had installed Windows 11 here before upgrading my main PC. For my main PC I use everyday see my 2nd system specs.
  • Operating System
    Windows 11 Pro v24H2 (build 26100.4652)
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom-built PC
    CPU
    Intel Core-i7 3770 3.40GHz s1155 (3rd generation)
    Motherboard
    Asus P8H61 s1155 ATX
    Memory
    2x Kingston Hyper-X Blu 8GB DDR3-1600
    Graphics card(s)
    Gainward NE5105T018G1-1070F (nVidia GeForce GTX 1050Ti 4GB GDDR5)
    Sound Card
    Realtek HD audio (ALC887)
    Monitor(s) Displays
    Sony Bravia KDL-19L4000 19" LCD TV via VGA
    Screen Resolution
    1440x900 32-bit 60Hz
    Hard Drives
    WD Blue SA510 2.5 1000GB SSD as system disk, Western Digital Caviar Purple 4TB SATA III (WD40PURZ) as second
    PSU
    Thermaltake Litepower RGB 550W Full Wired
    Case
    SUPERCASE MIDI-TOWER
    Cooling
    Deepcool Gamma Archer CPU cooler, 1x 8cm fan at the back
    Keyboard
    Mitsumi 101-key PS/2
    Mouse
    Sunnyline OptiEye PS/2
    Internet Speed
    100Mbps
    Browser
    Microsoft Edge, Mozilla Firefox
    Antivirus
    Microsoft Windows Defender
    Other Info
    Legacy BIOS (MBR) installation, no TPM, no Secure Boot, WDDM 3.0 graphics drivers, WEI score 7.4
A lot of mini PCs are now shipping with no ability to turn on secure boot in the BIOS. They report to Windows as being capable of secure boot, but you cannot turn it on. Since Windows 11 only cares that the machine is capable of secure boot but it does not need to be turned on, Windows will install just fine.

Only reason that I can think of for this behavior is that secure boot requires a certificate and maybe they just don't want to pay for the cert.
 

My Computers

System One System Two

  • OS
    Win11 Pro 24H2
    Computer type
    PC/Desktop
    Manufacturer/Model
    Self-built
    CPU
    Intel i7 11700K
    Motherboard
    ASUS Prime Z590-A MB
    Memory
    64GB (Waiting for warranty replacement of another 64GB for 128GB total)
    Graphics Card(s)
    No GPU - Built-in Intel Graphics
    Sound Card
    Integrated
    Monitor(s) Displays
    HP Envy 32
    Screen Resolution
    2560 x 1440
    Hard Drives
    1 x 1TB NVMe SSD
    1 x 2TB NVMe SSD
    1 x 4TB NVMe SSD
    3 x 512GB 2.5" SSD
    1 x 4TB 2.5" SSD
    5 x 8TB Seagate Barracuda HDD
    PSU
    Corsair HX850i
    Case
    Corsair iCUE RGB 5000X mid tower case
    Cooling
    Noctua NF-S12A chromax.black.swap case fans (Qty. 7) & Home Computer Specifications, Configuration, and Usage Notes General Specifications ASUS Prime Z590-A motherboard, serial number M1M0KC222467ARP Intel Core i7-11700K CPU (11th Gen Rocket Lake / LGA 1200 Socket) 128GB Crucial Ballistix RGB DDR4 3200 MHz DRAM (4 x 32GB) Corsair iCUE RGB 5000X mid tower case Noctua NH-D15 chromax.black CPU cooler Noctua NF-S12A chromax.black.swap case fans (Qty. 7) & Corsair LL-120 RGB Fans (Qty. 3)
    Keyboard
    Corsair K70 Max RGB Magnetic Keyboard
    Mouse
    Logitech MX Master 3
    Internet Speed
    1Gb Up / 1 Gb Down
    Browser
    Edge
    Antivirus
    Windows Defender
    Other Info
    The five 8TB drives and three 512GB SSDs are part of a DrivePool using StableBit DrivePool software. The three SSDs are devoted purely to caching for the 8TB drives. All of the important data is stored in triplicate so that I can withstand simultaneous failure of 2 disks.

    Networking: 2.5Gbps Ethernet and WiFi 6e
  • Operating System
    Win11 Pro 23H2
    Computer type
    Laptop
    Manufacturer/Model
    Lenovo ThinkBook 13x Gen 2
    CPU
    Intel i7-1255U
    Memory
    16 GB
    Graphics card(s)
    Intel Iris Xe Graphics
    Sound Card
    Realtek® ALC3306-CG codec
    Monitor(s) Displays
    13.3-inch IPS Display
    Screen Resolution
    WQXGA (2560 x 1600)
    Hard Drives
    2 TB 4 x 4 NVMe SSD
    PSU
    USB-C / Thunderbolt 4 Power / Charging
    Keyboard
    Backlit, spill resistant keyboard
    Mouse
    Buttonless Glass Precision Touchpad
    Internet Speed
    1Gb Up / 1Gb Down
    Browser
    Edge
    Antivirus
    Windows Defender
    Other Info
    WiFi 6e / Bluetooth 5.1 / Facial Recognition / Fingerprint Sensor / ToF (Time of Flight) Human Presence Sensor
Probably so. I also have read posts that had issues dual booting with Linux if Secure Boot is enabled. On the other hand, if you want to dual boot with Mac OS (Hackintosh), most guides say to disable Legacy boot (CSM), set UEFI only boot and enable Secure Boot before you begin installation of Mac OS.

PS: For those systems that support Secure Boot but cannot be enabled in BIOS, isn't there any way to enable it from Windows? It should be, otherwise it doesn't make sense.
 

My Computers

System One System Two

  • OS
    Windows 11 Pro 23H2 (5472), 24H2 (4652)
    Computer type
    Laptop
    Manufacturer/Model
    Acer Extensa 5630EZ
    CPU
    Mobile DualCore Intel Core 2 Duo T7250, 2000 MHz
    Motherboard
    Acer Extensa 5630
    Memory
    4GB
    Graphics Card(s)
    Mobile Intel(R) GMA 4500M (Mobile 4 series)
    Sound Card
    Realtek ALC268 @ Intel 82801IB ICH9 - High Definition Audio Controller
    Monitor(s) Displays
    1
    Screen Resolution
    1280x800
    Hard Drives
    Samsung SSD 850 EVO 250GB SATA Device (250 GB, SATA-III)
    Internet Speed
    VDSL 50 Mbps
    Browser
    MICROSOFT EDGE
    Antivirus
    WINDOWS DEFENDER
    Other Info
    Legacy MBR installation, no TPM, no Secure Boot, no WDDM 2.0 graphics drivers, no SSE4.2, cannot get more unsupported ;) This is only my test laptop. I had installed Windows 11 here before upgrading my main PC. For my main PC I use everyday see my 2nd system specs.
  • Operating System
    Windows 11 Pro v24H2 (build 26100.4652)
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom-built PC
    CPU
    Intel Core-i7 3770 3.40GHz s1155 (3rd generation)
    Motherboard
    Asus P8H61 s1155 ATX
    Memory
    2x Kingston Hyper-X Blu 8GB DDR3-1600
    Graphics card(s)
    Gainward NE5105T018G1-1070F (nVidia GeForce GTX 1050Ti 4GB GDDR5)
    Sound Card
    Realtek HD audio (ALC887)
    Monitor(s) Displays
    Sony Bravia KDL-19L4000 19" LCD TV via VGA
    Screen Resolution
    1440x900 32-bit 60Hz
    Hard Drives
    WD Blue SA510 2.5 1000GB SSD as system disk, Western Digital Caviar Purple 4TB SATA III (WD40PURZ) as second
    PSU
    Thermaltake Litepower RGB 550W Full Wired
    Case
    SUPERCASE MIDI-TOWER
    Cooling
    Deepcool Gamma Archer CPU cooler, 1x 8cm fan at the back
    Keyboard
    Mitsumi 101-key PS/2
    Mouse
    Sunnyline OptiEye PS/2
    Internet Speed
    100Mbps
    Browser
    Microsoft Edge, Mozilla Firefox
    Antivirus
    Microsoft Windows Defender
    Other Info
    Legacy BIOS (MBR) installation, no TPM, no Secure Boot, WDDM 3.0 graphics drivers, WEI score 7.4
For those systems that support Secure Boot but cannot be enabled in BIOS, isn't there any way to enable it from Windows?

Nope. Cannot be enabled from Windows.
 

My Computers

System One System Two

  • OS
    Win11 Pro 24H2
    Computer type
    PC/Desktop
    Manufacturer/Model
    Self-built
    CPU
    Intel i7 11700K
    Motherboard
    ASUS Prime Z590-A MB
    Memory
    64GB (Waiting for warranty replacement of another 64GB for 128GB total)
    Graphics Card(s)
    No GPU - Built-in Intel Graphics
    Sound Card
    Integrated
    Monitor(s) Displays
    HP Envy 32
    Screen Resolution
    2560 x 1440
    Hard Drives
    1 x 1TB NVMe SSD
    1 x 2TB NVMe SSD
    1 x 4TB NVMe SSD
    3 x 512GB 2.5" SSD
    1 x 4TB 2.5" SSD
    5 x 8TB Seagate Barracuda HDD
    PSU
    Corsair HX850i
    Case
    Corsair iCUE RGB 5000X mid tower case
    Cooling
    Noctua NF-S12A chromax.black.swap case fans (Qty. 7) & Home Computer Specifications, Configuration, and Usage Notes General Specifications ASUS Prime Z590-A motherboard, serial number M1M0KC222467ARP Intel Core i7-11700K CPU (11th Gen Rocket Lake / LGA 1200 Socket) 128GB Crucial Ballistix RGB DDR4 3200 MHz DRAM (4 x 32GB) Corsair iCUE RGB 5000X mid tower case Noctua NH-D15 chromax.black CPU cooler Noctua NF-S12A chromax.black.swap case fans (Qty. 7) & Corsair LL-120 RGB Fans (Qty. 3)
    Keyboard
    Corsair K70 Max RGB Magnetic Keyboard
    Mouse
    Logitech MX Master 3
    Internet Speed
    1Gb Up / 1 Gb Down
    Browser
    Edge
    Antivirus
    Windows Defender
    Other Info
    The five 8TB drives and three 512GB SSDs are part of a DrivePool using StableBit DrivePool software. The three SSDs are devoted purely to caching for the 8TB drives. All of the important data is stored in triplicate so that I can withstand simultaneous failure of 2 disks.

    Networking: 2.5Gbps Ethernet and WiFi 6e
  • Operating System
    Win11 Pro 23H2
    Computer type
    Laptop
    Manufacturer/Model
    Lenovo ThinkBook 13x Gen 2
    CPU
    Intel i7-1255U
    Memory
    16 GB
    Graphics card(s)
    Intel Iris Xe Graphics
    Sound Card
    Realtek® ALC3306-CG codec
    Monitor(s) Displays
    13.3-inch IPS Display
    Screen Resolution
    WQXGA (2560 x 1600)
    Hard Drives
    2 TB 4 x 4 NVMe SSD
    PSU
    USB-C / Thunderbolt 4 Power / Charging
    Keyboard
    Backlit, spill resistant keyboard
    Mouse
    Buttonless Glass Precision Touchpad
    Internet Speed
    1Gb Up / 1Gb Down
    Browser
    Edge
    Antivirus
    Windows Defender
    Other Info
    WiFi 6e / Bluetooth 5.1 / Facial Recognition / Fingerprint Sensor / ToF (Time of Flight) Human Presence Sensor
they've hobbled their versions of W11 that these things come pre-installed in
that's a variable i hadn't considered in my processes.

i prob used an iso to USB flash drive from the horse's mouth (Microsoft)

memories: gone, into the ether.
 

My Computer

System One

  • OS
    Windows 11 Pro 22631.3447
    Computer type
    PC/Desktop
    Manufacturer/Model
    Trycoo
    CPU
    Intel(R) N100 800 MHz
    Motherboard
    WI-6
    Memory
    16 GB
    Graphics Card(s)
    Intel UHD Graphics: 8086-4E61
    Sound Card
    USB Audio Device
    Monitor(s) Displays
    HP E241i
    Screen Resolution
    1920x1200
    Other Info
    http://speccy.piriform.com/results/NwxSjHiPVH0y4XLSt8D2NvS

Latest Support Threads

Back
Top Bottom