Yoga 11 Secure Boot State Off - How to enable it?

Similar Messages

• Secure Boot State On in Error?

  I am running Windows Server 2012 R2 Essentials as a VM on Hyper-V Server 2012 R2 (server core).  In checking MSINFO32 I see "Secure Boot State" is "On" for Essentials, but given my current configuration I believe this should be "Off?"
  I setup a new Hyper-V Server 2012 R2 (server core) using an Areca ARC-1224-8i RAID controller.  It was unclear to me whether or not the Areca RAID controller would support UEFI or not, but since Secure Boot was desirable I decided to try a UEFI installation.
   I created two volumes on the RAID controller.  C drive of 80 Gb and D drive of the remainder (about 9 Tb).  I checked the file C:\Windows\Panther\setupact.log and saw the message which told me this was an EFI installation/boot.
  After Hyper-V was installed I then setup Essentials as a VM on the D drive.
  When I ran MSINFO32 in both Hyper-V and Essentials and I saw the Secure Boot State was On which was expected (and desired) for both OS levels.
  Several days later I started having problems.  The system seemed to have crashed and during multiple attempts to reboot the Hyper-V server couldn't seem to detect the RAID controller.  If I tried a new Hyper-V installation and loaded the RAID driver
  the RAID controller was seen, but when Hyper-V itself tried to boot it seemed as though the RAID driver was not being loaded and thus the RAID controller could not be found (and along with it my C boot drive was missing)?
  Since I had some suspicion that the RAID controller might not support UEFI I decided to re-install Hyper-V, but this time using the Legacy BIOS.  After the installation was completed I again verified the setupact.log and saw BIOS rather than EFI (as
  expected).
  I then re-attached my Essentials VM (which was left untouched on the D drive) and got everything running again.
  But now when I check MSINFO32 within Hyper-V it showed Secure Boot State Off (expected given that UEFI was not used).  But when checking MSINFO32 within Essentials it showed Secure Boot State On.
  I thought one purpose of Secure Boot was to create a chain of trust.  Given that Hyper-V can no longer verify this chain (since UEFI is not used) I would have expected any VM running above Hyper-V to be in the same state, i.e., Secure Boot State Off?
  When the underlying Hyper-V layer changed I would have expected that to change Essentials view of the world?  So it looks to me as though this is not being handled correctly?
  Thanks for any assistance you can provide.
  P.S.  In case this makes any difference I am using a motherboard with a TPM and both the C and D drives were encrypted with BitLocker.  The C drive used a TPM key and the D drive had a password and was setup to autounlock.
  After I re-installed Hyper-V on the C drive I then manually entered the BitLocker password in order to access the Essentials VM on the D drive.
  Theokrat

  Sophia,
  Sorry for the delay.  Since I'm working other problems with this server it took a while before I could double check the configuration.
  In case it matters on this server I'm using an Asus Z87-WS motherboard.
  I'm setup for BIOS rather than UEFI boot.  There is a "Secure Boot" menu.
  Secure Boot State - Disabled
  Platform Key (PK) state - Unloaded
  OS Type - Windows UEFI Mode
  Then on the "Advanced Trusted Computing" menu I have -
  Security Device Support - Enabled
  TPM State - Enabled
  Pending Operation - None
  Current Status Information - Enabled
  TPM Enabled Status - Activated
  TPM Owner Status - Unowned
  When I initially installed the software (on my new RAID6 controller) I was in the process of enabling BitLocker when I ran into problems with the RAID6 controller.  I don't believe the state of the TPM should have any influence on the Secure Boot state
  anomaly I'm asking about?
  When I checked C:\Windows\Panther\Setupact.log there is a line in that file that confirms a BIOS boot.  When I logged onto Hyper-V Server 2012 R2 and ran MSINFO32 (as noted above) there is a line that also shows BIOS and Secure Boot state as Off (which
  is expected).  But within the VM running Essentials 2012 R2 when I run MSINFO32 I see a Secure Boot state of On (which is unexpected).  I don't recall off hand if MSINFO32 within Essentials showed BIOS or UEFI for the boot?  I think it was BIOS,
  but would have to double check.  (I won't be able to do that until I get issues with my RAID controller fixed.  Or until I give up and try some other method to setup the hard drives and re-install Essentials.)
  Thanks for your help.
  Theokrat

• IPad 2 iCloud is switched off how to enable?

  iPad 2 iCloud is switched off how to enable?

  Go to Settings -> iCloud there you will find all different iCloud settings which can be toggled ON/OFF.
  If you want to enable iCloud backup then got to Settings -> iCloud ->Storage & Backup -> iCloud Backup and toggle it on.

• Secure Boot Status: DISABLED. Cannot enable Secure Boot via BIOS.

  BIOS Security Page displays:
  Secure Boot ENABLED
  Secure Boot Status DISABLED
  I have attempted to ENABLE Secure Boot multiple times but Secure Boot Status remains DISABLED
  This problem occured after BIOS Upgrade to v3.07
  I have Lenovo G510 Laptop
  Windows 8.1
  BIOS Version 79CN48WW (v3.07)
  I have tried the recommended solution of "Reset to Setup Mode" and "Restore Factory Keys".
  This did not solve the problem, Secure Boot Status still indicates DISABLED.
  Please suggest an alternative solution to this problem.

  I was scared to attempt the recommended solution of "Reset to Setup Mode" and "Restore Factory Keys", but it actually worked for me!
  U430p

• Yoga S1 wont PXE, secure boot affecting it.

  Help needed....
  I have a Lenovo S1 yoga, and i cant PXE boot it. SIMPLE, there is o option to NIC option shown.
  I have a Microsoft System center 2012 which deploys images via pxe, this works for T540. M93 and T440 and previous same model Yogas. The base image is a company version of Windows 8.1Pro.
  I have a Lenovo Onelink dock, and have included the one dock driver into the wim image.
  The problem lies with the BIOS and the the function you cant switch OFF the secure boot and put boot into both boot mode, legacy first, i have saved it and every time it saves and reboots it SWITCHES the secure boot back ON !
  This doesn't display any option to boot from anything other the HDD or windows boot manager on restart.
  i have also disabled the OS optimized defaults which switches back on after reboot.....
  This has been successful in the past and i have captured the base image for our Yoga machines.
  i have even upgraded firmware 1.18 -1.20 hoping it might put the feature back or do something.
  The FEATURE has rendered the machines useless and if i cant find an answer back to supplier it is..
  I have bought 4 of these machines and i don't know what has changed but might have to rethink our Lenovo structure as this feature renders them non company friendly.
  20CDOOCUAU
  i7 2.0GHZ
  8GB
  Can anyone help.....please
  P.S
  Went to look at the old machines which was successful, they are on FW 1.15, was this an addition?

  Went to look at the old machines which was successful, they are on FW 1.15, was this an addition?

• How to re-enable secure boot ?

  Hi All,
  On my X1 Carbon, I had to move from Win 8.1 pro to 8.1 Ent. I did a fresh install from scratch to only install what I need.
  During my setup, I had to disable Secure boot, to boot on a USB Key, install 8.1 Enterprise. Now that everything is working, I would like to re-enable the secure boot option.
  If I don't it directly in the BIOS, the laptop doesn't book any more.
  ANy idea how to do it ? Do I have to import key from my 8.1 Ent to the Bios or something like this ?
  Thank you
  Christopher
  Solved!
  Go to Solution.

  If you want to install Windows 8.1 in UEFI mode, and thus be able to Secure Boot it, you must set your machine to Secure Boot off, while installing, and in the Startup section of the BIOS, set UEFI/Legacy Boot to UEFI only.
  NB, for a USB device to be able to install a UEFI version, it must be formatted to Fat32. I have no clue why this is required, but it is. I have installed Vista / 7 / 8 in EFI/UEFI mode from a basic Fat32 drive for many years if required.
  I have seen this go wrong on a couple of machines, mainly because the HD is initialized as a MBR drive, and the generic MS Windows 8.1 ISO will not give you an option to initialize it as a GPT or a MBR drive, which the Recovery Media from Lenovo for Windows 8 actually does.
  You can then either use a Windows bootable media to enter Repair/Recovery mode, and formatting your HD through the DISKPART utility or what is simpler, boot up a liveCD image of gParted and clear your drive completely by initializing the drive as GPT, exit the utility and then installing Windows 8.1, which will, due to the UEFI only selection in the Startup procedure, boot up your Windows 8.1 installation in UEFI mode and once finished, you will be able to turn Secure Boot back on.
  Hope this helps!
  Cheers!
  ThinkPad W540 (20BG) - i7-4800MQ/24GB // ThinkPad T440s (20AQ) - i7-4600U/12GB
  ThinkPad T440p (20AW) - i7-4800MQ/16GB // ThinkPad Helix (3698-6EU) - i5-3337U/4GB
  ThinkPad W520 (4282-W4Q) - i7-2720QM/32GB // ThinkPad T400 (2767-W1C) - P9500/8GB
  ThinkPad T61 (7665-CTO) - T7700/4GB // ThinkPad T60p (8741-C2G) - T7400/4GB

• How do I get macbook air to boot up off of the network

  how do i get macbook air to boot up off of the network

  Install Mavericks, Lion/Mountain Lion Using Internet Recovery
  Be sure you backup your files to an external drive or second internal drive because the following procedure will remove everything from the hard drive.
  Boot to the Internet Recovery HD:
  Restart the computer and after the chime press and hold down the COMMAND-OPTION- R keys until a globe appears on the screen. Wait patiently - 15-20 minutes - until the Recovery main menu appears.
  Partition and Format the hard drive:
  Select Disk Utility from the main menu and click on the Continue button.
  After DU loads select your newly installed hard drive (this is the entry with the mfgr.'s ID and size) from the left side list. Click on the Partition tab in the DU main window.
  Under the Volume Scheme heading set the number of partitions from the drop down menu to one. Click on the Options button, set the partition scheme to GUID then click on the OK button. Set the format type to Mac OS Extended (Journaled.) Click on the Partition button and wait until the process has completed. Quit DU and return to the main menu.
  Reinstall Lion/Mountain Lion. Mavericks: Select Reinstall Lion/Mountain Lion, Mavericks and click on the Install button. Be sure to select the correct drive to use if you have more than one.
  Note: You will need an active Internet connection. I suggest using Ethernet if possible because it is three times faster than wireless.
  This should restore the version of OS X originally pre-installed on the computer.

• How to Enable Secure Boot on UEFI Systems?

  SymptomsWhen attempting to enable Secure Boot, the system does not allow you to select the option to enable or disable Secure Boot.  This is due to the way Acer's UEFI implementation requires a Supervisor Password be set in order to access this option.
  UEFI is a newer technology that replaces the older standard BIOS.
  DiagnosisCreating a Supervisor Password in UEFI will allow you to access the Secure Boot options. It is important that you remember this password as it will be required to make any changes in the UEFI interface.
  SolutionCreate a Supervisor Password to gain access to the Secure Boot option. 
  Refer to our FAQ for all the steps on how to access Secure Boot on Desktops, Notebooks, and Tablets:
  Enable or Disable Secure Boot in Windows 8

  Das macht man 2-3 mal und dann ist nix mehr mit Bios. Dann kommt Passwort ist falsch und das war's dann. Hab ich schon auf verschiedenen Lappis gehabt. Sprich TOSHIBA... und Aspire E1-571g. Beim Toshi den Baustein ausgelötet neuen gekauft, beschrieben und wieder eingelötet. Kostet schlappe 150,-€. Mal schauen was beim Acer rauskommt.Vielleicht gibt es ja noch einen Jumper um das UEFI BIOS zurückzusetzen

• My phone when i try to boot it up its keeps going to the apple sign and turns right back off. how do i fix this?

  My phone when i try to boot it up its keeps going to the apple sign and turns right back off. how do i fix this? If its not on charger it wont start up at all. but if its on charger. it goes to the apple screen and turns off and on repeatedly Any suggestions?

  Restore the phone --> http://support.apple.com/kb/HT1808
  If this does not resolve the problem you have a hardware problem.

• How do you unsync resync ipod touch apps?  It keeps booting me off.

  How do you unsync resync ipod touch apps?  It keeps booting me off.

  - Reset the iPod, nothing is lost
  Reset iPod touch: Hold down the On/Off button and the Home button at the same time for at
  least ten seconds, until the Apple logo appears.
  - Purchase/install any new app
  - The remaining items of:
  iOS: Troubleshooting applications purchased from the App Store
  - Last, restore the iPod

• Turn off secure boot on my HP envy phoenix 180-145qe

  I
  This question was solved.
  View Solution.

  If I may ask, for what specific reason do you want to do that?
  Did you mean to type HP Envy Phoenix 810 instead of 180?
   Enter the BIOS
  Once you have pressed F10 to accept the change, click on the File tab then click on Save CHanges and Exit.  You have disabled secure boot.
  ****Please click on Accept As Solution if a suggestion solves your problem. It helps others facing the same problem to find a solution easily****
  2015 Microsoft MVP - Windows Experience Consumer

• I can't disable secure boot.

  This is actually rediculous and i've seen so many people become infuriated over this same issue that SHOULDN'T be an issue at all. I've been trying for FOUR hours to install ubuntu and get rid of shi**y windows 8.1. That's right FOUR hours. Not only have I had to redo the USB write to make it bootable multiple times i've had to sit through countless slow reboots because 8.1 is just a piece of malware that i've had to deal with for about a year due to the fact that I have no choice in what operating system I use on my laptop. Oh, and before someone says try burning it to a CD heres something funny, My Toshiba Satellite C55T-B5109 came with a fake optical drive so.... I've changed boot order i've switched to CSM boot, I only have two boot options and when I switched it booted a black screen with white text talking about how I need to insert a usb or cd(sorry i cant) and try again which I did, so i just switched back to the original boot option. I've already disabled fast boot and I updated my BIOS to v1.4 (the latest version) but that of course didnt do anything because toshiba is probably getting paid to make it almost (if not) impossible to use anything but the virus that is windows 8.1. Nobody speak a word if you dont know how to directly solve the problem. I don't want to see "Thats happening to me too! plz help" or "that sucks" be constructive or dont bother. The only solution or "you should try" should directly correlate to secure boot. Not the load order. The boot options. This needs to be solved immediately because the fact that the choice of a different OS should be available to everyone its my computer. I bought it.

  That would be great but when I try CSM Boot it just says insert a valid USB or something of that nature. To which I keep unplugging and re-plugging the USB but it still doesnt get detected as a bootable drive. So I practically HAVE to use UEFI boot and no matter what I do it kicks windows back into my face. I can try selecting the boot from USB option but that doesn't work. I but USB at the top of my load order and my HDD at the bottom, but that doesn't work. I also opened BIOS at startup and clicked the USB but all it does is kick me into windows once again. I disabled fast boot, I finally forced secure boot off, but I still can't install Ubuntu. I've re-written the USB multiple times and I would try to burn it to a CD but I don't have an optical drive. I opened msconfig and had a look at the boot tab but it only lists the C: drive with windows 8 as the default OS. I've looked up everything and I have tried it. It seriously should not be this hard to install the OS of your choice because Windows decides that you have to use their OS. I must be doing something wrong so please tell me i'm out of ideas.

• Upcoming issues for secure boot and arch installs

  I came across this rather worrying article indicating that when Microsoft starts approving hardware for Window 10 machines they may not allow secure boot to be turned off, and thereby make it very difficult for users to install arch on such a machine unless it can be booted using secure boot:
  http://arstechnica.com/information-tech … a-reality/
  I suppose at some point there will need to be a method of getting the appropriate certificates for arch to allow booting on machines using secure boot.

  mcloaked wrote:
  mychris wrote:
  I've heard the systemd guys are working on integrating secure boot with systemd and gummiboot. So you might be able to sign everything yourself and secureboot your GNU/Linux/Systemd machine.
  But currently I don't know anything about it and don't care about it. Like trilby said, if I'm not able to use a specific hardware I will not use it.
  Sure I won't buy hardware that I can't install Arch on - but what is a potential problem is if OEMs are forced into only selling locked hardware if they wish to sell it with Windows on it in the future - that would give MS a monopoly position - and for laptops it is not so easy to find hardware that is free of MS apart from a limited range of laptops that have Ubuntu installed when supplied (and of course IOS and chromeos based machines). For desktops it is not too difficult to buy components or barebones systems that you can customise and install whatever you like on - but laptops don't generally fall into that option range.  I do have to keep Windows for some tasks that it is close to impossible to do without Windows (like satnav updates for example) though it principle a VM could be used with Windows on it. It is a shame that for this kind of task there isn't a linux alternative that avoids Windows altogether! It would be nice to find barebones laptops that you can install any OS of choice on with none on the machine at the time of purchase.
  I know this argument was discussed at length before Secure Boot appeared in the machines that are on the market now - and at the time I thought that the basic principle of not having one O/S manufacturer monopolising the market and excluding other O/Ses had been established and expected to continue along this path - but the news item indicates that a significant departure from that policy may now take place over the next year or two. Giving users the option to disable Secure Boot has no impact on the security of the Windows O/S on a particular machine unless the user actively disables it but that should remain the user's choice. The only reason to lock down the BIOS in this way is to attempt to close off competition to Windows. In a true free market there should be hardware that is not so locked - or at least have as much choice of hardware that is not incumbent on control from MS. There are worries that the BIOS is vulnerable to firmware hacking but that could in principle happen even if the Secure Boot option is designed to have no user control to turn it off.  Maybe devices that will re-flash the BIOS with one that does allow Secure Boot will be developed - I seem to remember that some machines are "operated on" during delivery to customers in that kind of way to install firmware components that are not in place at manufacture - so that kind of technology already exists.
  It will no doubt be interesting to see how this plays out over the next couple of years.
  Edit:  I guess if it comes to the crunch that people will start to play with the information such as at https://wiki.archlinux.org/index.php/Un … ecure_Boot
  I've tried using VB as a PXE client for Arch, and VB keeps blowing up.  It's better if you just run it straight.

• Secure Boot testing/verification

  Greetings,
  You have just built a new system with a motherboard that supports secure boot.  You have turned on secure boot in the bios, you have turned off legacy boot, and you have no graphics
  card and are using the onboard graphics.  You have installed Windows 8.1 Enterprise 64-bit.  There are no errors, no warnings.  All seems to be fine.
  How do you know if
  secure boot is really there and working?
  Just like there is an EICAR test file to determine if your anti-malware product is functioning, is there an equivalent test file or procedure to verify that secure boot/elam is functioning? 
  Or, even just some entry somewhere that says the boot-up process passed secure boot?
  Inquiring minds need to know.
  Doc
  Computers verified since 1972

  Run msinfo32.exe and it displays the status of secure boot:
  "A programmer is just a tool which converts caffeine into code"

• Secure Boot Platform Key?

  I am stumped on how to enable Secure Boot on my MSI Z87-G43 Gaming motherboard..
  I have a MSI GTX770 flashed to gop, I have my solid state drive set to GPT and uefi with windows 8.1 pro installed, Windows 8 Boot, Fast Boot, etc all work, except When I try to enable Secure Boot, it says:
   "secure boot can be changed only in user mode, try installing Platform Key (PK)"
  What is the platform key and how can i enable it or how can I get in usermode?
  I thought maybe it meant set up a bios password, one for Administrator, and one for User, so i did that, and tried logging in under User, and no luck, instead everything is greyed out.
  I tried googling that message's keywords but no luck...
  Any ideas or help would be appreciated.

  Thank you very much for the reply, just as you replied, I was about to write a follow up. I ended up stumbling upon a guide at Intel: https://communities.intel.com/community/vproexpert/blog/2012/06/26/microsoft-windows-8--enabling-secure-boot
  Worked like a charm.
  Set the mode from Standard to Custom, had it generate the factory keys, went back, set it back to standard and it allowed me to Enable Secure Boot 
  Thanks!