my configration steps so far:
- DH77KC Mainboard Firmware 105
- installed win8 x64 in uefi mode without secure boot enabled some time ago with Firmware 095
- now enabled "Secure Boot Mode" and once "Force Secure Boot Defaults" to load the Default M$ keys
- current setting:
Secure Boot: On
Secure Boot Mode: Custom
Platform Key (PKpub): Not Installed
Force Secure Boot Defaults: Off
Clear Secure Boot Data: Off
- msinfo32 shows Secure Boot off
How can I "load" the Platform Key and switch the system from Secure Boot Mode Custom to Standard? Do I have to install win anew? According to some infos by Google searching, Secure Boot can be turned on and off at any time. Is it a bug that the firmware does not switch to Standard mode after Force Secure Boot Defaults?
Thanks for your help and interest!
Hmm same for me on DZ77GA70K, i chatted with Intel 3 times and they could not help me, so it seems to be a bug in the firmware. Installed Windows 8 Pro x64 after i enabled Secure Boot. I also tried to boot Fedora 18 and it showed something like "Secure boot not enabled".
I tried to tick both "Force Secure Boot Defaults" and "Clear Secure Boot Data" and it does not work, the key is not installed.
But in this thread: you can see that it shows "Installed" on the screenshots, i don't know how he/she got it to work but it is a DH77DF board.
Same with the new firmware revision DH77KC 0106. No way to get SecureBoot Standard Mode instead of Custom Mode. It shows (even after force secure boot defaults) Platform Key PKpub not installed. Do I have to install Win 8 anew? How can the PKpub be stored?
By the way, although enabled, there is no display of HotKeys F2, F7, F10... during UEFI boot. Video Optimization is disabled and the graphical Intel Logo is shown.
The problem appears to be that Intel hasn't provided a platform key in the firmware, which I think they're supposed to do. (Or at least there should be the provision to generate one.) The same problem is also present in the latest BIOS release for the DH77EB.
Half the trouble is that reliable, informed details about Secure Boot are pretty thin on the ground and frequently contradictory. The Linux Foundation, for example, recommends: "https://www.linuxfoundation.org/sites/main/files/lf_uefi_secure_boot_open_platforms.pdf To enable proper operation with open systems, all UEFI secure boot platforms should ship in setup mode, with no Platform Key installed. This enables the Platform Owner to take control of the platform securely by installing their own platform key or allowing the Operating System install process to do so."
You should actually be able to install a platform key in Windows 8 using the http://technet.microsoft.com/en-us/library/jj603042.aspx Format-SecureBootUEFI and Set-SecureBootUEFI PowerShell cmdlets, but it's a lot of faff for a standalone system and I haven't tried it. Fine for enterprises, but in my opinion the whole process should be either invisible or self-explanatory for regular users or it runs the risk of Secure Boot just being completely unused or - even worse - many users assuming they have Secure Boot enabled when they actually don't.
As far as I can see, then, in our situation the problem here is being caused by Intel. Who knows whether it's a bug, oversight or actual design decision? If anyone from Intel is reading this thread, I'd be very interested to hear their opinions.
The c't computer Magazine 3/13 writes on page 61 that the new mini NUC barebones from Intel contains a lot of UEFI bugs. Especially, it contains UEFI secure boot, but no necessary Micorosoft keys are not contained.
Seems to be the Intention of Intel then, maybe also on the DH77KC.
Does anyone know a "doable" way how to store the MS keys on the mainboard?