I keep saying TEMPORARILY disable Secure Boot. You can't tell what's wrong without a working system. No Secure Boot = no security violation.
My Computer
System One
-
- OS
- Windows 7
Solved Secure boot update HowTo
- Thread starter XxXxX
- Start date
I think that what is wrong is that it reset to the factory keys. Now I don't know how to get back to the ones it was using.
My Computer
System One
-
- OS
- Windows 11 Pro 25H2
- Computer type
- PC/Desktop
- Manufacturer/Model
- Dell XPS 8930
- CPU
- Intel I9-9900K
- Memory
- 64GB
- Graphics Card(s)
- NVIDIA RTX 2060
- Sound Card
- NVIDIA High Definition Audio
- Monitor(s) Displays
- 4k Samsung
- Screen Resolution
- 3840 x 2160
- Hard Drives
- 512GB NVMe, ADATA SU 800, 2TB HDD
You need to boot Windows without Secure Boot, so the script can report what the current settings are. I presume the boot file is CA 2023, and you have no CA 2023 certs to authorize it. That's the simplest explanation.
I'm going to Chipotle's and you should have disabled Secure Boot, by the time I get back...
I'm going to Chipotle's and you should have disabled Secure Boot, by the time I get back...
My Computer
System One
-
- OS
- Windows 7
Yes, I already did that and came up, how do I fix it to get secure boot back?
My Computer
System One
-
- OS
- Windows 11 Pro 25H2
- Computer type
- PC/Desktop
- Manufacturer/Model
- Dell XPS 8930
- CPU
- Intel I9-9900K
- Memory
- 64GB
- Graphics Card(s)
- NVIDIA RTX 2060
- Sound Card
- NVIDIA High Definition Audio
- Monitor(s) Displays
- 4k Samsung
- Screen Resolution
- 3840 x 2160
- Hard Drives
- 512GB NVMe, ADATA SU 800, 2TB HDD
start the update secure boot cert process again
if that fails
go back into the BIOS and reset the secure boot and TPM to system defaults.
best of luck Steve ..
My Computers
System One System Two
-
- OS
- Windows 11 Home
- Computer type
- PC/Desktop
- Manufacturer/Model
- HP 24" AiO
- CPU
- Ryzen 7 5825u
- Motherboard
- HP
- Memory
- 64GB DDR4 3200
- Graphics Card(s)
- Ryzen 7 5825u
- Sound Card
- RealTek
- Monitor(s) Displays
- 24" HP AiO
- Screen Resolution
- 1920 x 1080 @60 Hz
- Hard Drives
- 1TB WD Blue SN580 M2 SSD Partitioned.
2x 1TB USB HDD External Backup/Storage.
- PSU
- 90W external power brick
- Case
- 24" All in One
- Cooling
- Default Air Cooling
- Keyboard
- HP WiFi UK extended
- Mouse
- HP WiFi 3 Button
- Internet Speed
- 1GB full fibre
- Browser
- Edge & Firefox
- Antivirus
- AVG Internet Security/Windows Defender
- Other Info
- Mainly Open Source Software
-
- Operating System
- Ubuntu 22.04.5 LTS
- Computer type
- Laptop
- Manufacturer/Model
- Dell 13" Latitude 2017
- CPU
- i5 7200u
- Motherboard
- Dell
- Memory
- 16GB DDR4
- Graphics card(s)
- Intel
- Sound Card
- Intel
- Monitor(s) Displays
- 13" Dell Laptop
- Hard Drives
- 250GB Crucial 2.5" SSD
- Mouse
- Generic WiFi 3 button
- Internet Speed
- WiFi only
- Browser
- Firefox
- Antivirus
- ClamAV TK
- Other Info
- Mainly Open Source Software
I think the update for the CA 2023 only works if secure boot is on. Catch 22?
My Computer
System One
-
- OS
- Windows 11 Pro 25H2
- Computer type
- PC/Desktop
- Manufacturer/Model
- Dell XPS 8930
- CPU
- Intel I9-9900K
- Memory
- 64GB
- Graphics Card(s)
- NVIDIA RTX 2060
- Sound Card
- NVIDIA High Definition Audio
- Monitor(s) Displays
- 4k Samsung
- Screen Resolution
- 3840 x 2160
- Hard Drives
- 512GB NVMe, ADATA SU 800, 2TB HDD
go back into your BIOS please.
re-enable secure boot then use the settings within the BIOS to set secure boot to its default settings.
or reset the BIOS to its factory defaults including the secure boot settings
save settings and exit .. restart the system.
now see if it boots into Windows
best of luck Steve ..
My Computers
System One System Two
-
- OS
- Windows 11 Home
- Computer type
- PC/Desktop
- Manufacturer/Model
- HP 24" AiO
- CPU
- Ryzen 7 5825u
- Motherboard
- HP
- Memory
- 64GB DDR4 3200
- Graphics Card(s)
- Ryzen 7 5825u
- Sound Card
- RealTek
- Monitor(s) Displays
- 24" HP AiO
- Screen Resolution
- 1920 x 1080 @60 Hz
- Hard Drives
- 1TB WD Blue SN580 M2 SSD Partitioned.
2x 1TB USB HDD External Backup/Storage.
- PSU
- 90W external power brick
- Case
- 24" All in One
- Cooling
- Default Air Cooling
- Keyboard
- HP WiFi UK extended
- Mouse
- HP WiFi 3 Button
- Internet Speed
- 1GB full fibre
- Browser
- Edge & Firefox
- Antivirus
- AVG Internet Security/Windows Defender
- Other Info
- Mainly Open Source Software
-
- Operating System
- Ubuntu 22.04.5 LTS
- Computer type
- Laptop
- Manufacturer/Model
- Dell 13" Latitude 2017
- CPU
- i5 7200u
- Motherboard
- Dell
- Memory
- 16GB DDR4
- Graphics card(s)
- Intel
- Sound Card
- Intel
- Monitor(s) Displays
- 13" Dell Laptop
- Hard Drives
- 250GB Crucial 2.5" SSD
- Mouse
- Generic WiFi 3 button
- Internet Speed
- WiFi only
- Browser
- Firefox
- Antivirus
- ClamAV TK
- Other Info
- Mainly Open Source Software
My Computer
System One
-
- OS
- Windows 11 Pro 25H2
- Computer type
- PC/Desktop
- Manufacturer/Model
- Dell XPS 8930
- CPU
- Intel I9-9900K
- Memory
- 64GB
- Graphics Card(s)
- NVIDIA RTX 2060
- Sound Card
- NVIDIA High Definition Audio
- Monitor(s) Displays
- 4k Samsung
- Screen Resolution
- 3840 x 2160
- Hard Drives
- 512GB NVMe, ADATA SU 800, 2TB HDD
No this won't work if your boot file has already been replaced with the CA 2023 version.
Resetting to the factory gets you CA 2011 in Secure Boot mode. But the scheduled task has already swapped out the boot file with CA 2023. Since CA 2023 doesn't exist in the factory default, then it's not allowed because there's no cert authenticating it.
So disable Secure Boot, and no checking is done. Now you can boot Windows normally and restart the update process or manually copy the CA 2011 boot file to the EFI partition (so Secure Boot can be enabled again).
Resetting to the factory gets you CA 2011 in Secure Boot mode. But the scheduled task has already swapped out the boot file with CA 2023. Since CA 2023 doesn't exist in the factory default, then it's not allowed because there's no cert authenticating it.
So disable Secure Boot, and no checking is done. Now you can boot Windows normally and restart the update process or manually copy the CA 2011 boot file to the EFI partition (so Secure Boot can be enabled again).
My Computer
System One
-
- OS
- Windows 7
My Computer
System One
-
- OS
- Windows 11 Pro 25H2
- Computer type
- PC/Desktop
- Manufacturer/Model
- Dell XPS 8930
- CPU
- Intel I9-9900K
- Memory
- 64GB
- Graphics Card(s)
- NVIDIA RTX 2060
- Sound Card
- NVIDIA High Definition Audio
- Monitor(s) Displays
- 4k Samsung
- Screen Resolution
- 3840 x 2160
- Hard Drives
- 512GB NVMe, ADATA SU 800, 2TB HDD
start the system with secure boot disabled
go back into the registry and check
Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecureBoot
make sure that AvailableUpdates is set to 0x00000000
Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecureBoot\Servicing
then manually change these reg keys to this
then open task scheduler and disable/delete
"\Microsoft\Windows\PI\Secure-Boot-Update"
restart the system
if that fails then you are looking at re-installing Windows
best of luck Steve ..
go back into the registry and check
Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecureBoot
make sure that AvailableUpdates is set to 0x00000000
Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecureBoot\Servicing
then manually change these reg keys to this
then open task scheduler and disable/delete
"\Microsoft\Windows\PI\Secure-Boot-Update"
restart the system
if that fails then you are looking at re-installing Windows
best of luck Steve ..
My Computers
System One System Two
-
- OS
- Windows 11 Home
- Computer type
- PC/Desktop
- Manufacturer/Model
- HP 24" AiO
- CPU
- Ryzen 7 5825u
- Motherboard
- HP
- Memory
- 64GB DDR4 3200
- Graphics Card(s)
- Ryzen 7 5825u
- Sound Card
- RealTek
- Monitor(s) Displays
- 24" HP AiO
- Screen Resolution
- 1920 x 1080 @60 Hz
- Hard Drives
- 1TB WD Blue SN580 M2 SSD Partitioned.
2x 1TB USB HDD External Backup/Storage.
- PSU
- 90W external power brick
- Case
- 24" All in One
- Cooling
- Default Air Cooling
- Keyboard
- HP WiFi UK extended
- Mouse
- HP WiFi 3 Button
- Internet Speed
- 1GB full fibre
- Browser
- Edge & Firefox
- Antivirus
- AVG Internet Security/Windows Defender
- Other Info
- Mainly Open Source Software
-
- Operating System
- Ubuntu 22.04.5 LTS
- Computer type
- Laptop
- Manufacturer/Model
- Dell 13" Latitude 2017
- CPU
- i5 7200u
- Motherboard
- Dell
- Memory
- 16GB DDR4
- Graphics card(s)
- Intel
- Sound Card
- Intel
- Monitor(s) Displays
- 13" Dell Laptop
- Hard Drives
- 250GB Crucial 2.5" SSD
- Mouse
- Generic WiFi 3 button
- Internet Speed
- WiFi only
- Browser
- Firefox
- Antivirus
- ClamAV TK
- Other Info
- Mainly Open Source Software
Code:
mountvol S: /s
copy C:\Windows\Boot\EFI\bootmgfw.efi S:\EFI\Microsoft\Boot\bootmgfw.efi
mountvol S: /dRun the script afterwards to confirm it's CA 2011 again. If it's good, you can start the whole AvailableUpdates process.
My Computer
System One
-
- OS
- Windows 7
My Computer
System One
-
- OS
- Windows 11 Pro 25H2
- Computer type
- PC/Desktop
- Manufacturer/Model
- Dell XPS 8930
- CPU
- Intel I9-9900K
- Memory
- 64GB
- Graphics Card(s)
- NVIDIA RTX 2060
- Sound Card
- NVIDIA High Definition Audio
- Monitor(s) Displays
- 4k Samsung
- Screen Resolution
- 3840 x 2160
- Hard Drives
- 512GB NVMe, ADATA SU 800, 2TB HDD
Those keys are written to by the scheduled task when it runs. Changing them doesn't modify the task's behavior, only AvailableUpdates (and I think one of the opt-out keys to block it) instructs it what to do.
My Computer
System One
-
- OS
- Windows 7
Sorry, I corrected it see above
My Computer
System One
-
- OS
- Windows 11 Pro 25H2
- Computer type
- PC/Desktop
- Manufacturer/Model
- Dell XPS 8930
- CPU
- Intel I9-9900K
- Memory
- 64GB
- Graphics Card(s)
- NVIDIA RTX 2060
- Sound Card
- NVIDIA High Definition Audio
- Monitor(s) Displays
- 4k Samsung
- Screen Resolution
- 3840 x 2160
- Hard Drives
- 512GB NVMe, ADATA SU 800, 2TB HDD
Run the check script. It should confirm whether this boot file is allowed or not.
My Computer
System One
-
- OS
- Windows 7
My Computer
System One
-
- OS
- Windows 11 Pro 25H2
- Computer type
- PC/Desktop
- Manufacturer/Model
- Dell XPS 8930
- CPU
- Intel I9-9900K
- Memory
- 64GB
- Graphics Card(s)
- NVIDIA RTX 2060
- Sound Card
- NVIDIA High Definition Audio
- Monitor(s) Displays
- 4k Samsung
- Screen Resolution
- 3840 x 2160
- Hard Drives
- 512GB NVMe, ADATA SU 800, 2TB HDD
My Computer
System One
-
- OS
- Windows 11 Pro 25H2
- Computer type
- PC/Desktop
- Manufacturer/Model
- Dell XPS 8930
- CPU
- Intel I9-9900K
- Memory
- 64GB
- Graphics Card(s)
- NVIDIA RTX 2060
- Sound Card
- NVIDIA High Definition Audio
- Monitor(s) Displays
- 4k Samsung
- Screen Resolution
- 3840 x 2160
- Hard Drives
- 512GB NVMe, ADATA SU 800, 2TB HDD
Similar threads
Latest Support Threads
-
-
-
Changing MS Accounts - Handling Onedrive Folder(s)- Started by Caledon Ken
- Replies: 0
-
-
Latest Tutorials
-
Browsers and Mail Enable or Disable Show Frequent Sites on Taskbar for Microsoft Edge on Windows 11- Started by Brink
- Replies: 0
-
System Change Adaptive Communication Sound Levels in Windows 11- Started by Brink
- Replies: 0
-
Browsers and Mail Enable or Disable Automatically Upgrade Accounts to use Passkeys in Microsoft Edge- Started by Brink
- Replies: 0
-
-
Browsers and Mail Refresh or Hard Refresh Page in Microsoft Edge on Windows 11- Started by Brink
- Replies: 0