# WTF! I wanted to try Windows 11 earlier today, I wiped the SSD, but as soon as I enabled Secure Boot and rebooted, I had to clear the CMOS!



## RJARRRPCGP (Apr 7, 2022)

Is this a common issue? What went wrong?

Because the SSD was wiped, after clearing the CMOS and re-entering everything, including my fan settings, I did a totally fresh Windows 10 installation.

It reminded me of manually overclocking back in the socket 462 days on a Soyo. 

FFS, I have the latest UEFI-BIOS! (2.20)


----------



## Solaris17 (Apr 7, 2022)

I dont see how this literally has anything to do with windows 11.


----------



## RJARRRPCGP (Apr 7, 2022)

Solaris17 said:


> I dont see how this literally has anything to do with windows 11.


Roger that! I said that, because I went to enable Secure Boot in the BIOS, before I tried to boot the Windows 11 USB stick. But on reboot, just a black screen!


----------



## Solaris17 (Apr 7, 2022)

RJARRRPCGP said:


> Roger that! I said that, because I went to enable Secure Boot in the BIOS, before I tried to boot the Windows 11 USB stick. But on reboot, just a black screen!



hm, that kind of makes sense make sure to set any GPU settings to UEFI then set secure boot to on, then try rebooting. When secure boot is enabled the gpu requires UEFI to be enabled in the BIOS or it wont display output until either the OS takes over, or worst case POST wont continue at all.


----------



## RJARRRPCGP (Apr 7, 2022)

Solaris17 said:


> hm, that kind of makes sense make sure to set any GPU settings to UEFI then set secure boot to on, then try rebooting. When secure boot is enabled the gpu requires UEFI to be enabled in the BIOS or it wont display output until either the OS takes over, or worst case POST wont continue at all.


I have been using pure UEFI, none of that CSM bull. And it wouldn't boot diddly, TMK!


----------



## Mussels (Apr 7, 2022)

RJARRRPCGP said:


> I have been using pure UEFI, none of that CSM bull. And it wouldn't boot diddly, TMK!


Then the issue was with your boot media, or the settings you chose to use with secureboot
It kinda is what secureboot does, prevents unauthorised software from booting


----------



## RJARRRPCGP (Apr 7, 2022)

Mussels said:


> Then the issue was with your boot media, or the settings you chose to use with secureboot
> It kinda is what secureboot does, prevents unauthorised software from booting


I couldn't even get a BIOS screen, it was like it messed with my RAM settings! I went with an official ISO, got it from Microsoft. It acted like a BIOS bug, because clearing the CMOS resulted in a working system.

Was it because I didn't use the "Standard" preset in the Secure Boot settings section? Back in Windows 10 after an SSD wipe yesterday, things are looking good.


----------



## Cutechri (Apr 7, 2022)

Secure Boot is not even required to be enabled - just supported - which means all you need is a GPT drive and UEFI boot. Which let's be honest, you should be using. MBR and Legacy boot are ancient.


----------



## Mussels (Apr 7, 2022)

RJARRRPCGP said:


> I couldn't even get a BIOS screen, it was like it messed with my RAM settings! I went with an official ISO, got it from Microsoft. It acted like a BIOS bug, because clearing the CMOS resulted in a working system.
> 
> Was it because I didn't use the "Standard" preset in the Secure Boot settings section? Back in Windows 10 after an SSD wipe yesterday, things are looking good.


That's not how secureboot works, something else happened

Could be a BIOS bug on your system, i have no idea what these presets are


----------



## ThrashZone (Apr 7, 2022)

Hi,
Guess first rule is clear older existing secure boot keys when clean installing.
Second is optimize defaults in bios.
Third is usually disable secure boot until after install.


----------



## mb194dc (Apr 7, 2022)

The 4th rule is Microsoft are a bunch of clowns for the last 10 years at least, so prepare for problems when doing anything "out of the ordinary". 

The philosophy is the users are now the QA team!


----------



## ThrashZone (Apr 7, 2022)

Hi,
Well as far as fast start features go yes getting into bios if you need to is a pita 
You pretty much have to ask ms in the os if you can enter bios if you don't have recovery media of some sort, like windows install media or winpe.

Or wear out you power button on/ off-on/ off until the recovery screen shows up might work.


----------



## R-T-B (Apr 9, 2022)

Mussels said:


> That's not how secureboot works, something else happened
> 
> Could be a BIOS bug on your system, i have no idea what these presets are


I've run into the odd board that will in fact, let you turn on SecureBoot with no keys enrolled.

The end result of that is the machine trusts nothing, not even it's own bios.  It will reboot to a plain black screen and become braindead to the world until CMOS reset.  It should never be allowed to happen.  But I have seen it on some weird early firmware releases.

Sounds like this might be something similar?


----------



## RJARRRPCGP (Apr 9, 2022)

R-T-B said:


> I've run into the odd board that will in fact, let you turn on SecureBoot with no keys enrolled.
> 
> The end result of that is the machine trusts nothing, not even it's own bios.  It will reboot to a plain black screen and become braindead to the world until CMOS reset.  It should never be allowed to happen.


Apparently the "security" is so good that it shadow bans my own hardware! Like it thinks it's the 8-bit Nintendo "anti-bootleg" feature!


----------



## mb194dc (Apr 9, 2022)

R-T-B said:


> I've run into the odd board that will in fact, let you turn on SecureBoot with no keys enrolled.
> 
> The end result of that is the machine trusts nothing, not even it's own bios.  It will reboot to a plain black screen and become braindead to the world until CMOS reset.  It should never be allowed to happen.  But I have seen it on some weird early firmware releases.
> 
> Sounds like this might be something similar?



Which manufacturer and bios ?


----------



## ThrashZone (Apr 9, 2022)

RJARRRPCGP said:


> Apparently the "security" is so good that it shadow bans my own hardware! Like it thinks it's the 8-bit Nintendo "anti-bootleg" feature!


Hi,
On your asrock board ?
If so reflash bios and see if the issue repeats and needs cmos clearing again.

Doesn't make me feel better about asrock bios


----------



## jsfitz54 (Apr 9, 2022)

RJARRRPCGP said:


> Is this a common issue? What went wrong?
> 
> Because the SSD was wiped, after clearing the CMOS and re-entering everything, including my fan settings, I did a totally fresh Windows 10 installation.
> 
> ...



*Have you seen the new Rufus release 3.18:* https://rufus.ie/en/

*Version 3.18*(2022.03.11)                
 
Fix DLL sideloading vulnerabilities
 
*Fix ISO → ESP creation when running on Windows 11*
 
Fix an issue when detecting network connectivity when the DHCP service is disabled
 
Update FreeDOS to version 1.3
 
*Add bypass of Windows 11 restrictions for in-place upgrades*
 
Add Miracle Linux 8 to the list of Red Hat exceptions
 
Other internal fixes and improvements


----------



## RJARRRPCGP (Apr 18, 2022)

Problem solved on April 15th. I finally was able to wipe the Samsung 970 Pro 512 GB NVMe SSD and install Windows 11.

You need to tell it to load default keys and then select the "Standard" preset for Secure Boot.


----------



## theFOoL (Apr 18, 2022)

I heard that you have to disable secure boot upon installing then re-enable it afterwards or is it the other way around


----------



## Mussels (Apr 18, 2022)

RJARRRPCGP said:


> Problem solved on April 15th. I finally was able to wipe the Samsung 970 Pro 512 GB NVMe SSD and install Windows 11.
> 
> You need to tell it to load default keys and then select the "Standard" preset for Secure Boot.


ahah, weird thing your board does then

you wont be alone with that issue, so thanks for posting the fix


----------



## R-T-B (Apr 18, 2022)

mb194dc said:


> Which manufacturer and bios ?


Intel X58SOC2, any bios with UEFI (it was one of the very early UEFI implementations).  Or maybe it was a later Intel that had secure boot, I am unsure here.

But I know I also saw it later on a z370 taichi.  Unsure what bios but it was middle of the supported bios runs, approximately.  

I think any board that uses Intels reference UEFI code in some form may be susceptible.



RJARRRPCGP said:


> Apparently the "security" is so good that it shadow bans my own hardware! Like it thinks it's the 8-bit Nintendo "anti-bootleg" feature!


I mean you have to literally tell it to do that in a boneheaded move, but yeah.


----------



## RJARRRPCGP (Apr 18, 2022)

Looks like the "Standard" preset is the same as Windows-mode/Windows-compatible mode.


----------



## R-T-B (Apr 18, 2022)

Yep this is the exact bug I was talking about in Intels reference UEFI implementation.  I'm surprised companies are still using it complete with its known public bugs.  There are easy fixes out there if you have the resources a mobo vendor has...

Bottom line is when turning on secure boot it should autoload default keys if no keys are present.  Intels reference code does not.


----------



## lexluthermiester (Apr 18, 2022)

jsfitz54 said:


> *Have you seen the new Rufus release 3.18:* https://rufus.ie/en/
> 
> *Version 3.18*(2022.03.11)
> 
> ...


This. Anyone who wants to use Windows 11 and does not or possibly can not use TPM/SecureBoot should employ a bypass like the method used by Rufus.


----------

