I have my WIndows installed in GPT partitions and UEFI mode. Now I tried to enable secure boot in my bios options, but Windows doesn’t boot, restore utility starts.
Do you have any idea why?
Which disk drive (sort and model) contains the Windows Boot Manager and where is it connected?
Samsung 960 Pro (M2)
AFAIK it is quite normal, that you cannot boot off an NVMe SSD, when the “Secure Boot” has been enabled.
Oh, many thanks! I googled around for the issue, but nobody mentioned this…
No, it’s not normal if your FW supports NVMe natively (i.e. without loading the driver from outside). Make sure everything is set up properly, i.e. you have all required variables in place using this PowerShell module:
https://docs.microsoft.com/en-us/powersh…/?view=win10-ps
You need to have PK, KEK, db and dbx to be populated, if they indeed are, try enabling SecureBoot again and see if it works correctly, if not - try booting Windows Installer from USB flash while SecureBoot is enabled. If works - something is broken in your current boot chain.
@gpvecchi I assume you’re trying this on your Asus Z170 Deluxe board? I have the same board, even use your modded BIOS (replaced EFI and OROM Intel RST with older versions, shouldn’t matter though) and boot Win 10 from a Samsung 960 Pro with SecureBoot without problems. I loaded the default keys after enabling SecureBoot, CSM is disabled. It needed some restarts to recognize the NVMe SSD iirc. Note that I did all the BIOS settings before the Windows installation, so maybe there are some problems if you didn’t install with SecureBoot enabled and try to switch it on later.
Yup, I enabled it after installation, can this be the problem? And yes, Asus Z170 Deluxe…
You may have your system installed with CSM enabled in legacy mode, make sure you can start your system with CSM disabled first, then clear SecureBoot settings and try again.
Yup, as I said installed in GPT, I always boot with CSM disabled (no issues). I tried clearing and reinstalling keys, but I can’t still boot…