Windows won't boot with Secure Boot enabled


Elisyan

Unknown Member
Local time
10:49 AM
Posts
36
Location
Hell on Earth
OS
Windows 11 Pro [ Dev ]
Hey guys
I'm trying to enable Secure Boot but I can't go in to windows

Is there a way to find out what is the exact problem with that?


I have HackBGRT and a custom boot image
I noticed a signed version of that, so I deleted the regular version and installed new one
They say this in the description:
To boot securely, you must import the certificate into the motherboards database.
I have no idea what to do ( links are broken and google search found nothing related )
I installed the Certificate file in the folder to Trusted Root Certification Authorities ( as file description suggested ) but it didn't work
 
Windows Build/Version
25188.1000

My Computer

System One

  • OS
    Windows 11 Pro [ Dev ]
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom
    CPU
    Intel Core i9 9900K
    Motherboard
    MSI MPG Z390 Gaming Pro Carbon AC
    Memory
    Corsair Vengeance RGB Pro 32GB [ 4 x 8GB ] DDR4 3600MHz CL18
    Graphics Card(s)
    MSI GeForce GTX 1660Ti Ventus XS 6GB OC @ +120/+500
    Monitor(s) Displays
    LG 42LS34000 , 1920x1080 , 42" , 60Hz , 15ms
    Screen Resolution
    1920x1080
    Hard Drives
    SSD: Samsung 980 Pro 250GB
    HDD: Western Digital Blue 4TB
    PSU
    Cooler Master MWE 550W White 230V
    Case
    Cooler Master MasterCase H500P Mesh ARGB
    Cooling
    DeepCool Gammaxx L360 v2
    Keyboard
    Corsair K95 RGB Platinum ( MX Speed ) [ PrismCaps ]
    Mouse
    TSCO TM 2014N
    Internet Speed
    16 Mb/s ‌ ‌ | ‌ ‌ 1 Mb/s
    Browser
    Microsoft Edge
    Antivirus
    Windows Security

glasskuter

Well-known member
Pro User
VIP
Local time
2:19 AM
Posts
2,600
Location
The Lone Star State of Texas
OS
Windows 11 Pro 22H2 22621.608
The fact that you used a custom boot image rather than official clean iso may be the problem.There were specific warnings in the description of Hackbgrt. In its description it says "Make sure that Secure Boot is disabled, unless you know how to sign EFI applications."
It also says "If something breaks and you can't boot to Windows, you have the following options:
  • Windows installation (or recovery) media can fix boot issues.
  • You can copy [EFI System Partition]\EFI\HackBGRT\bootmgfw-original.efi into [EFI System Partition]\EFI\Microsoft\Boot\bootmgfw.efi by some other means such as Linux or Windows command prompt." If you do a web search for "How to sign EFI applications" there are several results. However, IMO you are opening yourself up a can of worms.
In a clean iso installation here are things I would advise you to try. I have a feeling they will not work in your case but you can give them a try.
1. Make sure CSM is disabled and TPM is enabled in bios.

2. Disconnect all external drives and try to boot..

3. Make sure you have the latest bios.

4. Drive must be partitioned as GPT.

5. Some people have found that removing the power and then removing the cmos battery for about 10 minutes to reset bios resolves the problem. Others have found that the dedicated graphics card has to be removed first, then remove the cmos battery for 10 minutes. Put battery back in and use your integrated graphics while booting. Once it is successful, you can then reinstall your graphics card.

See if the information and suggestions in these articles are of any help. (Note: the MS article states "I some cases, you may need to refresh or Remove everything to its original state before you can turn on Secure Boot."
 
Last edited:

My Computers

System One System Two

  • OS
    Windows 11 Pro 22H2 22621.608
    Computer type
    PC/Desktop
    Manufacturer/Model
    Dell Optiplex 7080
    CPU
    i9-10900 10 core 20 threads
    Motherboard
    DELL 0J37VM
    Memory
    32 gb
    Graphics Card(s)
    none-Intel UHD Graphics 630
    Sound Card
    Integrated Realtek
    Monitor(s) Displays
    Benq 27
    Screen Resolution
    2560x1440
    Hard Drives
    256 m.2 2230-256+1 tb hdd
    PSU
    500w
    Case
    MT
    Cooling
    Dell Premium
    Keyboard
    Logitech wired
    Mouse
    Logitech wireless
    Internet Speed
    so slow I'm too embarrassed to tell
    Browser
    Firefox
    Antivirus
    Defender+MWB Premium
  • Operating System
    Windows 10 Pro 21H2
    Computer type
    PC/Desktop
    Manufacturer/Model
    Dell Optiplex 9020
    CPU
    i7-4770
    Memory
    24 gb
    Monitor(s) Displays
    Benq 27
    Screen Resolution
    2560x1440
    Hard Drives
    256 gb Toshiba BG4 M.2 NVE SSB and 1 tb hdd
    PSU
    500w
    Case
    MT
    Cooling
    Dell factory
    Mouse
    Logitech wireless
    Keyboard
    Logitech wired
    Internet Speed
    still not telling
    Browser
    Firefox
    Antivirus
    Defender+MWB Premium

aubergine

New member
Local time
10:19 AM
Posts
14
OS
Windows 11
In a clean iso installation here are things I would advise you to try. I have a feeling they will not work in your case but you can give them a try.
1. Make sure CSM is disabled and TPM is enabled in bios.
When you do a clean UEFI installation of Windows 10/11
- It doesn't matter if CSM is on or not.
- It doesn't matter if Secure Boot is on or not.
 

My Computer

System One

  • OS
    Windows 11
    Computer type
    Laptop
    Manufacturer/Model
    Lenovo Yoga C940
    CPU
    Intel Core i7-1065G7
    Memory
    16GB

glasskuter

Well-known member
Pro User
VIP
Local time
2:19 AM
Posts
2,600
Location
The Lone Star State of Texas
OS
Windows 11 Pro 22H2 22621.608
It doesn't matter if Secure Boot is on or not.
That is true. In a clean install it only has to be secure boot COMPATIBLE to meet MS requirements. But per the MS document some systems will not boot if the OS was installed with secure boot OFF and then the user decides to turn it on. It also states Warning After disabling Secure Boot and installing other software and hardware, you may need to restore your PC to the factory state to re-activate Secure Boot.
My advice to him was general advice based on the most common method of OS installation and what I observed from reading complaints by others with the same problem. Normally can secure boot be turned off...absolutely. I did on mine without any issue. But depending on hardware, that is not always the case.

It doesn't matter if CSM is on or not.
Again, my advice was given based on the way bios should be set when installing Windows 11 and that is csm=off and uefi=on.
 

My Computers

System One System Two

  • OS
    Windows 11 Pro 22H2 22621.608
    Computer type
    PC/Desktop
    Manufacturer/Model
    Dell Optiplex 7080
    CPU
    i9-10900 10 core 20 threads
    Motherboard
    DELL 0J37VM
    Memory
    32 gb
    Graphics Card(s)
    none-Intel UHD Graphics 630
    Sound Card
    Integrated Realtek
    Monitor(s) Displays
    Benq 27
    Screen Resolution
    2560x1440
    Hard Drives
    256 m.2 2230-256+1 tb hdd
    PSU
    500w
    Case
    MT
    Cooling
    Dell Premium
    Keyboard
    Logitech wired
    Mouse
    Logitech wireless
    Internet Speed
    so slow I'm too embarrassed to tell
    Browser
    Firefox
    Antivirus
    Defender+MWB Premium
  • Operating System
    Windows 10 Pro 21H2
    Computer type
    PC/Desktop
    Manufacturer/Model
    Dell Optiplex 9020
    CPU
    i7-4770
    Memory
    24 gb
    Monitor(s) Displays
    Benq 27
    Screen Resolution
    2560x1440
    Hard Drives
    256 gb Toshiba BG4 M.2 NVE SSB and 1 tb hdd
    PSU
    500w
    Case
    MT
    Cooling
    Dell factory
    Mouse
    Logitech wireless
    Keyboard
    Logitech wired
    Internet Speed
    still not telling
    Browser
    Firefox
    Antivirus
    Defender+MWB Premium

Elisyan

Unknown Member
Thread Starter
Local time
10:49 AM
Posts
36
Location
Hell on Earth
OS
Windows 11 Pro [ Dev ]
I tested again and confirmed that problem IS HackBGRT
I removed it and secure boot activated without any issue

I just wanted to know how to keep them both ( custom boot image + secure boot ) cuz they said something about it in the description:
To comply with Secure Boot, the EFI executables have been signed. You do not need to sign them yourself. To boot securely, you must import the certificate into the motherboards database. To do this, please refer to your motherboard manual.
 

My Computer

System One

  • OS
    Windows 11 Pro [ Dev ]
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom
    CPU
    Intel Core i9 9900K
    Motherboard
    MSI MPG Z390 Gaming Pro Carbon AC
    Memory
    Corsair Vengeance RGB Pro 32GB [ 4 x 8GB ] DDR4 3600MHz CL18
    Graphics Card(s)
    MSI GeForce GTX 1660Ti Ventus XS 6GB OC @ +120/+500
    Monitor(s) Displays
    LG 42LS34000 , 1920x1080 , 42" , 60Hz , 15ms
    Screen Resolution
    1920x1080
    Hard Drives
    SSD: Samsung 980 Pro 250GB
    HDD: Western Digital Blue 4TB
    PSU
    Cooler Master MWE 550W White 230V
    Case
    Cooler Master MasterCase H500P Mesh ARGB
    Cooling
    DeepCool Gammaxx L360 v2
    Keyboard
    Corsair K95 RGB Platinum ( MX Speed ) [ PrismCaps ]
    Mouse
    TSCO TM 2014N
    Internet Speed
    16 Mb/s ‌ ‌ | ‌ ‌ 1 Mb/s
    Browser
    Microsoft Edge
    Antivirus
    Windows Security

glasskuter

Well-known member
Pro User
VIP
Local time
2:19 AM
Posts
2,600
Location
The Lone Star State of Texas
OS
Windows 11 Pro 22H2 22621.608

My Computers

System One System Two

  • OS
    Windows 11 Pro 22H2 22621.608
    Computer type
    PC/Desktop
    Manufacturer/Model
    Dell Optiplex 7080
    CPU
    i9-10900 10 core 20 threads
    Motherboard
    DELL 0J37VM
    Memory
    32 gb
    Graphics Card(s)
    none-Intel UHD Graphics 630
    Sound Card
    Integrated Realtek
    Monitor(s) Displays
    Benq 27
    Screen Resolution
    2560x1440
    Hard Drives
    256 m.2 2230-256+1 tb hdd
    PSU
    500w
    Case
    MT
    Cooling
    Dell Premium
    Keyboard
    Logitech wired
    Mouse
    Logitech wireless
    Internet Speed
    so slow I'm too embarrassed to tell
    Browser
    Firefox
    Antivirus
    Defender+MWB Premium
  • Operating System
    Windows 10 Pro 21H2
    Computer type
    PC/Desktop
    Manufacturer/Model
    Dell Optiplex 9020
    CPU
    i7-4770
    Memory
    24 gb
    Monitor(s) Displays
    Benq 27
    Screen Resolution
    2560x1440
    Hard Drives
    256 gb Toshiba BG4 M.2 NVE SSB and 1 tb hdd
    PSU
    500w
    Case
    MT
    Cooling
    Dell factory
    Mouse
    Logitech wireless
    Keyboard
    Logitech wired
    Internet Speed
    still not telling
    Browser
    Firefox
    Antivirus
    Defender+MWB Premium

cereberus

Well-known member
Pro User
VIP
Local time
8:19 AM
Posts
2,591
OS
Windows 10 Pro + others in VHDs
I tested again and confirmed that problem IS HackBGRT
I removed it and secure boot activated without any issue

I just wanted to know how to keep them both ( custom boot image + secure boot ) cuz they said something about it in the description:
Ughhhh - a lot of effort just to customise logos.

Frankly, I would not use a tool that required secure boot to be off. It is there for a reason (clue is in word secure)!
 

My Computer

System One

  • OS
    Windows 10 Pro + others in VHDs
    Computer type
    Laptop
    Manufacturer/Model
    ASUS Vivobook 14
    CPU
    I7
    Motherboard
    Yep, Laptop has one.
    Memory
    16 GB
    Graphics Card(s)
    Integrated Intel Iris XE
    Sound Card
    Realtek built in
    Monitor(s) Displays
    N/A
    Screen Resolution
    1920x1080
    Hard Drives
    1 TB Optane NVME SSD, 1 TB NVME SSD
    PSU
    Yep, got one
    Case
    Yep, got one
    Cooling
    Stella Artois
    Keyboard
    Built in
    Mouse
    Bluetooth , wired
    Internet Speed
    72 Mb/s :-(
    Browser
    Edge mostly
    Antivirus
    Defender
    Other Info
    TPM 2.0

Latest Tutorials

Top Bottom