Software Archive
Read-only legacy content
17061 Discussions

SecureBoot not booing signed binary?

David_F_2
Beginner
‎04-29-2018 06:49 PM
700 Views

I'm using a DH77KC and updated the firmware today (111).  Prior firmware was (108 from 2013 - and was allowing non-signed items to boot).   So now when I enable secure boot, it seems to be checking, only it's rejecting the binary MS signed the beginning of this month.   Is this firmware setup to only boot MS binaries and not MS signed third-party binaries?  I haven't tried booting Windows to see if it even allows that?

Also how does one reset the entire cmos on this system, the load defaults dosen't clear out all the NV Memory, if I remove the battery will it?

Thanks!!

0 Kudos

Link Copied

2 Replies
BrianRichardson
Employee
‎04-30-2018 12:00 PM
700 Views

This isn't the correct forum for motherboard support, but I might be able to help.

First, I recommend updating the firmware to the latest version:

https://downloadcenter.intel.com/download/27755/BIOS-Update-KCH7710H-86A-

That may help with the default value, along with providing the latest patches. It may also resolve the UEFI secure boot certificate issue. If not, you may have to enroll updated certificates manually. Sometimes these are delivered by Microsoft Windows Update when Secure Boot is enabled.

The updated Microsoft binaries might be signed against an older key. I recommended disabling secure boot and enrolling updated KEK/db entries for Microsoft & the UEFI CA (3rd party UEFI binaries). You can do this from the same setup menu used to turn secure boot on/off (look for a 'Custom' menu).

https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/windows-secure-boot-key-creation-and-management-guidance ;

The Microsoft KEK certificate can be downloaded from: http://go.microsoft.com/fwlink/?LinkId=321185.

The Windows CA can be downloaded from here: http://go.microsoft.com/fwlink/p/?linkid=321192.

The UEFI CA can be downloaded from here: http://go.microsoft.com/fwlink/p/?linkid=321194.

 

0 Kudos
Copy link
David_F_2
Beginner
‎05-01-2018 08:41 PM
700 Views

Thanks, I had just updated the firmware to that latest version.  Anyway, I was able to get in to custom mode, but not install the certificates, no option to do that?

0 Kudos
Copy link
Reply

Community support is provided during standard business hours (Monday to Friday 7AM - 5PM PST). Other contact methods are available here.

Intel does not verify all solutions, including but not limited to any file transfers that may appear in this community. Accordingly, Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade.

For more complete information about compiler optimizations, see our Optimization Notice.