Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Beginner
164 Views

Latest May 2020 bios for 5i7RYH cannot disable secure boot, and cannot boot either Windows 7 or Windows 10 fresh installs via UEFI.

Hello, I have a 5i7RYH Nuc that I just updated to the latest bios yesterday. I have multiple UEFI Windows installations and none of them are able to boot more than once after a fresh install using a SATA SSD.

 

I had Windows 7 installed when I upgraded the bios, and attempted to upgrade the Windows 7 install to Windows 10 via Microsoft's downloadable update. The Windows 10 upgrade failed to boot to the installer after the first reboot, and the boot loader didn't show up a second time.

 

I then downloaded the full Windows 10 Home ISO from Microsoft and put it on a bootable (uefi) USB, and got the same result. The OS would not boot after the first phase of the install.

 

I then tried to wipe all partitions and reinstall Windows 7, and am now unable to do that as well. Windows 7 will also not boot beyond the first phase of the installation process.

 

In both cases (Windows 10 and Windows 7) a pair of "OS Bootloader" entries for partition 0 on the SSD show up in the bios boot priority list, but they do not boot and do not show up in the F10 boot selection menu, even with secure boot disabled.

 

I have used third party UEFI bootloaders with this Nuc for years to multi-boot various operating systems prior to this bios update (both Linux bootloaders and Clover) without any issues.

 

Enabling secure boot and loading the trusted key database has no effect, neither Windows version will boot with secure boot and the provided key database loaded either. Each time I boot into the Windows 7 installation media after it fails to boot I am able to trigger a boot repair, which leads me to suspect that the bios is corrupting the EFI boot partition in some way each time the machine reboots.

0 Kudos
3 Replies
Highlighted
Community Manager
152 Views

Hello RClay4,

 

Thank you for submitting your question on this Intel® Community.

 

Due to Intel® NUC Kit NUC5i7RYH being discontinued, Intel Customer Service no longer supports inquiries for it, but perhaps fellow community members have the knowledge to jump in and help.

 

You may also find the Discontinued Products website helpful to address your request. Thank you for your understanding.

 

Wanner G.

Intel Customer Support Technician

Tags (1)
0 Kudos
Highlighted
Beginner
145 Views

So I figured this out, if anyone else stumbles in from google...

The problem seems to be similar to what's described in this article:

https://navhaxs.au.eu.org/blog/2017/01/25/duplicate-windows-boot-manager-boot-entries---clover-uefi-...

If the BIOS sees both an EFI\BOOT folder and a Microsoft\Boot folder in the EFI partition, it gets confused and boots neither of them.  Both show in the bios as bootable, but neither will work. The recommendation for most motherboards is to rename the Microsoft EFI boot loader, but that didn't work on this NUC until I deleted the entry from the NVRAM (I presume it was detected when installing Windows).

Sadly the EFI shell provided by Intel does not include NVRAM utilities, but the Clover EFI shell does. So the fix was to boot the Clover EFI shell, use its bcfg utility to remove the existing entries, and then add back the bootloader that you want to boot (in my case I want Clover to boot, not the Microsoft boot loader).

Mild Rant: All of this seems to me to be caused by Microsoft pushing monopoly assumptions on users, doesn't seem like they've learned much since the DOJ hauled Gates in and beat confessions from those emails out of him.  If you google around about this issue you'll find other posts where, for example, an Asus support rep told a customer that their boards are "only compatible with Microsoft." 

I'm not sure if Microsoft's installers in recent operating systems are messing with the board's NVRAM on their own or if hardware makers are appeasing them, but in any case the solution is as stated above; if you're stuck with using a Windows install like I am but don't want to be stuck with them screwing with your boot loader and your real OS, get an alternative boot loader that includes an efi shell with bcfg, boot it from a USB stick, and delete Microsoft's boot loader from the NVRAM. Surely this will be good at least until the next gaping security hole gets patches in the next Windows update...

0 Kudos
Highlighted
Super User
142 Views

1. Boot from Windows Installation USB. 

2. Select your language preferences and click/tap on Next.

3. Click/tap on Repair your computer at the bottom.

4. Click/tap on Troubleshoot.

5. Click/tap on Advanced options.

6. Click on Command Prompt 

7. See this video to see how to remove old EFI entries from Boot Menu using bcdedit command.

 

Leon