Z87's: Secure Boot isn't configured correctly" watermark on the desktop

Similar Messages

• What do I do if I see "Secure Boot isn't configured correctly" on my Desktop?

  QuestionWhat do I do if I see "Secure Boot isn't configured correctly" on my Desktop?
  AnswerSecure Boot is an option, introduced to most consumers in Windows 8, in the UEFI settings, which some people might call the BIOS. When enabled, your computer will only load drivers or operating system loads that have an acceptable digital signature. This means that Secure Boot ensures harmful software doesn't attempt to load during the boot process.
  This may become disabled for a variety of reasons. The most likely is that it was disabled to allow the computer to boot from an external device or to boot a previous version of Windows. In the original version of Windows 8, Windows gave no indication that Secure Boot was disabled. Windows 8.1 changed this by displaying a watermark on the desktop.
  If you intended Secure Boot to be disabled, there is no problem. The watermark can be safely ignored, but there is no setting to remove it.
  If you did not intent Secure Boot to be disabled, you can enable it. Open the Charms by swiping in from the right, moving the mouse cursor to top-right or bottom-right corner, or pressing Windows+C, then select the following:
  Settings > Power > Shift + Restart > Troubleshoot > UEFI Firmware Settings
  In the UEFI Firmware Settings, navigate to the Security tab and set Secure Boot to Enabled.
  For more information on the watermark, please see this article by Microsoft.
  "Secure Boot isn't configured correctly" watermark on the desktop

  It is a very small battery inside which keeps settings, your clock, etc. going. They usually last 3 - 5 years and I don't believe they are user replaceable. I would make an appointment at your nearest Genius Bar and have them do it.

• Microsoft Update for "Windows 8.1 SecureBoot isn't configured correctly" watermark

  Update removes the "Windows 8.1 SecureBoot isn't configured correctly" watermark in Windows 8.1 and Windows Server 2012 R2
  http://support.microsoft.com/kb/2902864
  ThinkPad: T530 / X1 Gen 2 / Helix - Yoga: Tablet 2 Pro (Win) / Yoga 3 Pro
  If you find a post helpful and it answers your question, please click the "Accept As Solution" button.
  Lenovo Advocate ~ I am not employed by Lenovo or Microsoft. I am a volunteer.
  Microsoft MVP - Consumer Security
  SpywareHammer

  The normal way would be 'just' to clone the inbuilt hdd to the new ssd via an external usb adapter and then interchange the drives. If you inbuilt drive is a WD type check for a free version of Acronis True Image which includes cloning facilities. Various vendors of ssds ( e.g. Samsung ) also have cloning software included.
  First start of newly cloned ssd will set up most of drivers automatically......
  Various PCs / Laptops ( sorry I still really love Dell and Fujitsu ;-))
  Supporting Customers ix2s and ix4s -- Love Networking ( not only technically ).
  I am not a Lenovo Employee.
  If you find a post helpful and it answers your question, please mark it as an "Accepted Solution"!

• The server isn't configured correctly

  I have an Ipad1 with iOS 4.3.3.
  I have a problem with the on-line videos (youtube - app and web - and other pages). My Ipad can't play videos greater than five or six minutes, and shows a pop-up window with the error "The server isn't configured correctly".
  Has anyone had this problem?
  Regards.

  Nobody can help me?
  Someone know how I can configure the server?
  Thanks for your help.

• The crawler could not communicate with the server. Check that the server is available and that the firewall access is configured correctly. If the repository was temporarily unavailable, an incremental crawl will fix this error

  We are getting the below error when we see in Crawl logs
  "The crawler could not communicate with the server. Check that the server is available and that the firewall access is configured correctly. If the repository was temporarily unavailable, an incremental crawl will fix this error."
  This is happening in FAST search.
  Here I can see soke of the logs related to this search crawl.
  Could anyone please help on this?
  web application 'http://xvy/' doesn't use search application 'FAST Query SSA', skipping it.
  ABC\sp_search' on web application 'http://xvy/'. 2d7dba01-3d2e-4903-b59f-9a8601627bcd
  07/30/2014 01:30:46.65  OWSTIMER.EXE (0x28DC)                    0x1BC0 SharePoint Server Search       Administration               
   dl2m Verbose  Search application 'Search Service Application 1': Skipping web application '48ed7882-9f70-424e-bf72-e3c9f5340b97' because its outbound url 'http://ebc:30347' was automatically added once.
  Ensure full read access to the indexing account 'ABC\sp_search' on web application 'http://nvcp/'. 85041609-d618-4132-ac8e-195a910d99a0
  07/30/2014 01:31:46.53  OWSTIMER.EXE (0x28DC)                    0x05F4 SharePoint Server Search       Administration               
   dl2m Verbose  Search application 'FAST Query SSA': Skipping web application '57718ea1-8cb5-4adc-abd2-9e55415e5791' because its outbound url 'http://nvcp' was automatically added once. 85041609-d618-4132-ac8e-195a910d99a0
  07/30/2014 01:31:46.53  OWSTIMER.EXE (0x28DC)                    0x05F4 SharePoint Server Search       Administration               
   dl2n Verbose  Search application 'FAST Query SSA': Adding start address 'http://nvcp' for web application '57718ea1-8cb5-4adc-abd2-9e55415e5791' to list of valid start addresses. 85041609-d618-4132-ac8e-195a910d99a0
  07/30/2014 01:31:46.53  OWSTIMER.EXE (0x28DC)                    0x05F4 SharePoint Server Search       Administration               
   dmb6 Verbose  Ensure full read access to the indexing account 'ABc\sp_search' on web application 'http://nvcp'ext/'. 85041609-d618-4132-ac8e-195a910d99a0
  07/30/2014 01:31:46.53  OWSTIMER.EXE (0x28DC)                    0x05F4 SharePoint Server Search       Administration               
   dl2m Verbose  Search application 'FAST Query SSA': Skipping web application '64d562a1-535e-4917-8979-88840e2a67fe' because its outbound url 'http://nvcp'ext' was automatically added once. 85041609-d618-4132-ac8e-195a910d99a0
  07/30/2014 01:31:46.53  OWSTIMER.EXE (0x28DC)                    0x05F4 SharePoint Server Search       Administration               
   dl2n Verbose  Search application 'FAST Query SSA': Adding start address 'http://nvcpext' for web application '64d562a1-535e-4917-8979-88840e2a67fe' to list of valid start addresses. 85041609-d618-4132-ac8e-195a910d99a0
  07/30/2014 01:31:46.53  OWSTIMER.EXE (0x28DC)                    0x05F4 SharePoint Server Search       Administration               
   dmb6 Verbose  Ensure full read access to the indexing account 'ABC\sp_search' on web application 'http://nvcpnew/'. 85041609-d618-4132-ac8e-195a910d99a0
  executing SQL query {? = call dbo.proc_MSS_PropagationIndexerGetReadyQueryComponents}  [propdatabase.cxx:70]  d:\office\source\search\native\ytrip\tripoli\propagation\propdatabase.cxx 
  07/30/2014 01:32:04.31  mssearch.exe (0x0588)                    0x1DE4 SharePoint Server Search       Propagation Manager          
   e3o3 Verbose  executing SQL query {? = call dbo.proc_MSS_PropagationIndexerGetReadyQueryComponents}  [propdatabase.cxx:70]  d:\office\source\search\native\ytrip\tripoli\propagation\propdatabase.cxx 
  07/30/2014 01:32:04.68  mssdmn.exe (0x15CC)                      0x1060 SharePoint Server Search       HTTP Protocol
  Handler          du4i                     0x29E4 SharePoint Server Search       HTTP
  Protocol Handler          du4i Verbose  CHttpAccessorHelper::InitRequestInternal - opening request for '/robots.txt'.   [httpacchelper.cxx:353]  d:\office\source\search\native\gather\protocols\http\httpacchelper.cxx 
  07/30/2014 01:32:04.70  mssdmn.exe (0x15CC)                      0x29E4 SharePoint Server Search       HTTP Protocol
  Handler          du54 High     CHttpAccessorHelper::InitRequestInternal - unexpected status (503) on request for 'http://ppecpnew/robots.txt' Authentication 0.  [httpacchelper.cxx:703] 
  d:\office\source\search\native\gather\protocols\http\httpacchelper.cxx 
  07/30/2014 01:32:04.70  mssearch.exe (0x0588)                    0x130C SharePoint Server Search       Gatherer                     
   cd11 Warning  The start address http://nvcp'/sites/quipme cannot be crawled.  Context: Application 'FAST_Content_SSA', Catalog 'Portal_Content'  Details: 
  The crawler could not communicate with the server. Check that the server is available and that the firewall access is configured correctly. If the repository was temporarily unavailable, an incremental crawl will fix this error.   (0x80041200) 
  07/30/2014 01:32:04.70  mssdmn.exe (0x15CC)                      0x104C SharePoint Server Search       HTTP Protocol
  Handler          du4i Verbose  CHttpAccessorHelper::InitRequestInternal - opening request for '/robots.txt'.   [httpacchelper.cxx:353]  d:\office\source\search\native\gather\protocols\http\httpacchelper.cxx 
  07/30/2014 01:32:04.70  mssdmn.exe (0x15CC)                      0x104C SharePoint Server Search       HTTP Protocol
  Handler          du54 High  
  07/30/2014 01:32:04.70  mssearch.exe (0x0588)                    0x2948 SharePoint Server Search       Gatherer                     
   cd11 Warning  The start address
  http://nvcp'/sites/MDPPubng cannot be crawled.  Context: Application 'FAST_Content_SSA', Catalog 'Portal_Content'  Details:  The crawler could not communicate with the server. Check that the server is
  available and that the firewall access is configured correctly. If the repository was temporarily unavailable, an incremental crawl will fix this error.   (0x80041200) 
   CHttpProbeHelper::ProbeServer: InitRequest failed for 'http://ppecpnew/_vti_bin/sitedata.asmx'. Return error to caller, hr=80041200  [stscommon.cxx:490]  d:\office\source\search\native\gather\protocols\common\stscommon.cxx 
  07/30/2014 01:32:26.06  mssdmn.exe (0x15CC)                      0x193C SharePoint Server Search       PHSts                        
   dvg0 High     STS3::COWSServer::InitializeClaimsCookie: Probing url 'http://pncvr' failed. Return error to caller, hr=80041200  [sts3util.cxx:1332]  d:\office\source\search\native\gather\protocols\sts3\sts3util.cxx 
  07/30/2014 01:32:26.06  mssdmn.exe (0x15CC)                      0x193C SharePoint Server Search       PHSts                        
   en0e High     CSTS3Accessor::InitURLType: Return error to caller, hr=80041200                 [sts3acc.cxx:2214]  d:\office\source\search\native\gather\protocols\sts3\sts3acc.cxx 
  07/30/2014 01:32:26.06  mssdmn.exe (0x15CC)                      0x193C SharePoint Server Search       PHSts                        
   dv3p High     CSTS3Accessor::GetServer fails, Url sts4://pnvpr/siteurl=sites/product/siteid={7ebfb072-08a8-4df7-8f74-e06730325d9a}/weburl=/webid={bd7ae724-1256-4b26-9633-416447d6bc5c}, hr=80041200  [sts3acc.cxx:185] 
  d:\office\source\search\native\gather\protocols\sts3\sts3acc.cxx 
  07/30/2014 01:32:26.06  mssdmn.exe (0x15CC)                      0x193C SharePoint Server Search       PHSts                        
   dvb1 High     CSTS3Accessor::Init fails, Url sts4:/mngbv/siteurl=sites/product/siteid={7ebfb072-08a8-4df7-8f74-e06730325d9a}/weburl=/webid={bd7ae724-1256-4b26-9633-416447d6bc5c}, hr=80041200  [sts3handler.cxx:312] 
  d:\office\source\search\native\gather\protocols\sts3\sts3handler.cxx 
  07/30/2014 01:32:26.06  mssdmn.exe (0x15CC)                      0x16FC SharePoint Server Search       HTTP Protocol
  Handler          du2z Verbose  CHttpProbeHelper::ProbeServer: Probing server with url 'http://pnvpr/_vti_bin/sitedata.asmx'.  [stscommon.cxx:476]  d:\office\source\search\native\gather\protocols\common\stscommon.cxx 
  07/30/2014 01:32:26.08  mssdmn.exe (0x15CC)                      0x193C SharePoint Server Search       PHSts                        
   dvb2 High     CSTS3Handler::CreateAccessorExD: Return error to caller, hr=80041200            [sts3handler.cxx:330]  d:\office\source\search\native\gather\protocols\sts3\sts3handler.cxx 
  07/30/2014 01:32:26.08  mssdmn.exe (0x15CC)                      0x16FC SharePoint Server Search       HTTP Protocol
  Handler          du4i Verbose  CHttpAccessorHelper::InitRequestInternal - opening request for '/_vti_bin/sitedata.asmx'.  [httpacchelper.cxx:353]  d:\office\source\search\native\gather\protocols\http\httpacchelper.cxx 
  earch application 'FAST Query SSA': Adding start address 'http://mnvfgext' for web application '64d562a1-535e-4917-8979-88840e2a67fe' to list of valid start addresses. a6b7948a-dc16-419d-b58a-0ee798a0bb9c
  07/30/2014 01:32:46.53  OWSTIMER.EXE (0x28DC)                    0x1444 SharePoint Server Search       Administration               
   dmb6 Verbose  Ensure full read access to the indexing account 'ABC\sp_search' on web application 'http://nvpr/'. a6b7948a-dc16-419d-b58a-0ee798a0bb9c
  07/30/2014 01:32:46.53  OWSTIMER.EXE (0x28DC)                    0x1444 SharePoint Server Search       Administration               
   dl2m Verbose  Search application 'FAST Query SSA': Skipping web application 'cea7b67b-fd5f-4c9a-a300-64a7d7ca3093' because its outbound url 'http://pnvpr' was automatically added once. a6b7948a-dc16-419d-b58a-0ee798a0bb9c
  07/30/2014 01:32:46.53  OWSTIMER.EXE (0x28DC)                    0x1444 SharePoint Server Search       Administration               
   dl2n Verbose  Search application 'FAST Query SSA': Adding start address 'http://pnvpr' for web application 'cea7b67b-fd5f-4c9a-a300-64a7d7ca3093' to list of valid start addresses. a6b7948a-dc16-419d-b58a-0ee798a0bb9c
  07/30/2014 01:32:46.53  OWSTIMER.EXE (0x28DC)                    0x1444 SharePoint Server Search       Administration               
   dl2k Verbose  web application 'http://abcrsp/' doesn't use search application 'FAST Query SSA', skipping it. a6b7948a-dc16-419d-b58a-0ee798a0bb9c
  07/30/2014 01:32:46.53  OWSTIMER.EXE (0x28DC)                    0x1444 SharePoint Server Search       Administration               
   dl2k Verbose  web application 'http://excb/' doesn't use search application 'FAST Query SSA', ski
  Anil Loka

  Hi,
  According to your post, my understanding is that you got error when communicating to the server.
  This happens when crawler is not able to connect to the server. Make sure server name is correct. Couple of steps to troubleshoot it
  You should be able to ping the server from the server having crawl component. Make sure there is an entry for the server in the host file under c:\Windows\System32\drivers\etc folder.
            Ping <servername>
        2.  You should be able to connect to the server using telnet command
  Telnet< servername> <port number>
  More information:
  Troubleshooting of FAST Search Configuration
  If the issue still exists, you can delete the old search application and recreate from the beginning.
  You can also reset the index and do a full crawl after.
  Here is a similar thread for your reference:
  http://social.technet.microsoft.com/Forums/en-US/f3c61b53-304a-4c2a-a370-d0e573219d1d/an-unrecognized-http-response-was-received-when-attempting-to-crawl-this-item?forum=sharepointadminprevious
  Best Regards,
  Linda Li
  Linda Li
  TechNet Community Support

• Windows 8.1 - Secure boot isn't properly configured

  Hello...
  i have brought new laptop...when i install 8.1
  it show the secure boot not correctly configure....
  please give me solution
                          How To Enable secure boot in bios...?????

  Dear Hiteshpadhara
  Welcome in lenovo community
  Have you tried to reset the BIOS using the F9 and F10 to save and exit ?
  Let us know
  Thanks 
  Alaa
  Did someone help you today? Press the star on the left to thank them with a Kudo!
  If you find a post helpful and it answers your question, please mark it as an "Accepted Solution"! This will help the rest of the Community with similar issues identify the verified solution and benefit from it.
  Follow @LenovoForums on Twitter!

• My media center M8000y no longer completes boot sequence...I turn on the desktop and sometimes the b

  HP Media Center M800y, System # GG755AV#ABA, Windows Vista Ultimate, Desktop will not complete boot sequence as the Blue & white HP screen which doesn't always appear, will give options to either
  a).Press F10 to enter setup or,
  b). to press f11 to start recovery partition in hard drive that doesn't work when tried.
  Can enter setup when blue & white HP screen appears but do not know what to look for when inside.
  If I pick none of the 2 options, the screen just turns black with a horizontal line "-" blinking at the upper left hand corner of the screen. Sometimes the screen will not even show the blue & white HP screen and it just stays black.
  I changed the CMOS battery and nothing happened except that now the blue & white HP screen with the 2 options appears even less when I attempt to start up... I also tried using the recovery disks to no avail...
  A power surge knocked out the power in my building and the computer suddenly stopped working while streaming netflix video afterwards... Then when attempting to re-boot once power was restored, The screen showed some very wierd, almost alien fonts on the top of the black screen that almost resembled Chinese or hyrogliphics. Upon further attempts to re-boot to no avail, I'm at a loss in diagnosing the possible causes or failure modes... Can somebody help me in the right direction???
  I'm leaning towards either a corrupted bios via virus, or a fried hard drive or both. If you think something else or this has happened before and anyone knows a fix, I would be eternally grateful for your guidance in resolving this problem I'm experiencing.
  Respectfully,
  Henry

  I would lean more to a hard drive problem.
  A quick test is to temporarily disconnect the hard drive - the system should quickly indicate it can't find the HDD, can't  boot, etc.  You should also have the option to press one of the function keys to enter system BIOS.
  If when you hook the drive up again - it starts getting flaky/slow again to do anything - you've likely found your culprit.
  -DM (a long-time HP employee)
  -DM (HP Retiree)
  NOTE: If this helps you or solved your problem - please say thanks by clicking the white kudos star on the left.
  If you think this would also help others, please mark 'Accept as Solution' to help them find it easier.

• Windows 8.1 - SecureBoot isn't configured correctly message after updating

  Hi,
  seit gestern habe ich mein x250 - ohne Recovery Medien. Immer wenn ich versuche einen Wiederherstellungslaufwerk zu erstellen, ist der Punkt "Kopieren Sie die Wiederherstellungspartition vom PC..." ausgegraut.
  Jedoch ist bei mir auf der SSD eine solche PArtiotion definitiv vorhanden. Layout der SSD:
  - 1 MB nicht belegt
  - WINRE_DRV - 1000 MB
  - SYSTEM_DRV - 260 MB
  - Other - 128 MB
  - C: Windows8_OS
  Lenovo_recovery - 12,77 GB; 7,52 GB belegt
  Der Computer erkennt weder die Windows noch die Lenovo Recovery Partition.
  Wie kann ich Windows neu installieren. Bzw. ein Upgrade auf eine andere SSD machen?
  Der Versuch, ein heruntergeladenes Win8.1 mit der Install.wim Datei aus Lenovo Recovery zu installieren schlägt bei der Product Key Eingabe fehl.
  Kann mir da jemand helfen?!?
  BG,
  Tom

  The normal way would be 'just' to clone the inbuilt hdd to the new ssd via an external usb adapter and then interchange the drives. If you inbuilt drive is a WD type check for a free version of Acronis True Image which includes cloning facilities. Various vendors of ssds ( e.g. Samsung ) also have cloning software included.
  First start of newly cloned ssd will set up most of drivers automatically......
  Various PCs / Laptops ( sorry I still really love Dell and Fujitsu ;-))
  Supporting Customers ix2s and ix4s -- Love Networking ( not only technically ).
  I am not a Lenovo Employee.
  If you find a post helpful and it answers your question, please mark it as an "Accepted Solution"!

• Open File - Security Warning box appears for several app on the desktop [solved]

  Hello,
  After googling around, I found why I get this warning, how it happens, how to manually fix it but I don't know how to prevent it.
  I got this warning when desktop integrity level drop to "low".
  Desktop integrity drop to "low" when launching IE (V9) with no network connection and the favorites folder has been redirected to a file server. If the favorites folder is not redirected, desktop integrity level remains the same.
  To fix it :
  icacls %\username%\desktop /setintegritylevel (OI)(CI)M
  But how can I prevent Windows (IE ?) from changing desktop integrity level ? I add the unc path of the file server hosting the favorites folders to the intranet zone to no avail.
  Thanks for your help.
  Chris

  Thanks for your reply.
  You never met this message, did you set folder redirection for your users ? Here you can find other people having this message
  http://www.lmgtfy.com/?q=open+file+security+warning+desktop+integrity+level
  I don't think process monitor or explorer will help because I already know the culprit : IE. If you read my message again, I need to tell IE : if the favorites folder is not accessible, don't modify my local desktop folder integrity level.
  Regards
  Chris

• MSI Z87 G45 + MSI R9 280X + Windows 8.1 secure boot difficulties

  After updating to Windows 8.1 Pro I had the "Secure Boot isn't configured properly" watermark as many others. I determined my disk is GPT partitioned, I enabled UEFI on the GPU by moving the physical switch from the 2 position to the 1 position, and enabled Windows 8 Feature + Secure Boot with standard settings in the G45 bios (ver 1.5). After doing save and reboot I'm presented with a blank screen with my monitor showing a "DVI no input" message. I reset the CMOS to allow me to boot again, but after a couple more tries with the secure boot settings such as enabling/disabling Fast Boot I have not been able to get it to work.
  System:
  MSI Z87 G45
  8GB DDR3 1600mhz Crucial ram
  I5-4670k
  MSI R9 280X
  Samsung 840 SSD 250gb
  Asus cd/dvd drive

  I want to know the same thing. I bought a MSI Z87-G45 Gaming motherboard this month and I can't activate Secure Boot on it because it's still in Setup Mode. I have no idea how to put the motherboard into User Mode and Google doesn't help me much further either. How to activate a key? I have a I5-5670K and GTX 770 by the way.

• Satellite C50 - Secure Boot not configured correctly Build 9600

  Hi,
  Recently purchased a refurbished Toshiba Satellite C50 running windows 8.1 operating system. Was very pleased with it but found the message 'SecureBoot not configured correctly Build 9600' in a watermark in the bottom right corner of my desktop.
  Decided to search the internet for a resolution and after going on 3 troubleshooting sites, found out about the BIOS Setup required, however it warned that this was for advanced users who know their stuff about the technicalities of computers. Whilst I am computer literate, I'm not someone who likes to mess with the advanced options. Then, I stumbled across a reliable computer blog which had a detailed post on SecureBoot.
  ( Link to blog and specfic post:
  www.techrepublic.com/blog/windows-and-office/deal-with-the-secureboot-isnt-configured-correctly-watermark-in-windows-81/ )
  I thought this would resolve my issue, and I will admit it did help, telling me to use windows powershell as a precaution before using the BIOS setup. I was glad I did as it came back telling me that I have a non-production SecureBoot policy present on my laptop in which case I would have to ask for technical support for a system specific solution which would typically be a firmware update.
  I did try to phone, but the line was very busy and felt it might be easier to post this issue on a forum.
  If anyone has an answer please help as I really would like to enable SecureBoot if possible, as I believe computers should be set up with the best security options possible and it makes me feel comfortable knowing that it is set up securely.

  Someone commented the blog and posted this solution:
  The registry fix to remove the watermark is as follows.
  1. Start the Registry Editor with Admin rights (C:\Windows\regedit)
  2. Navigate to the following path
  -> HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Policies \ System.
  3. There, the two values " ConsentPromptBehaviorAdmin "and" EnableLUA "set to" 0 ".
  You can also try to enable the secure boot option in BIOS (in case its not already enabled)
  To get into the BIOS, press F2 while powering ON the unit.
  Additionally recommend checking this Microsoft page:
  http://windows.microsoft.com/en-us/windows-8/secure-boot-watermark

• Windows 8 Installation Disc Won't Load UEFI-only (T420s). Also does T420S support Secure Boot?

  Question 1:
  I am unable to load the Windows 8 Installation DVD in UEFI (only) mode on my T420s. As a result, I can only run the installer in Legacy mode (or both UEFI/Legacy which effectively means the same thing). This in turn means Windows 8 is installed in Legacy BIOS mode.  Any idea how to install it in UEFI mode?
  I am using a DVD burned using the Windows utility from the Windows 8 64-bit ISO and have followed the instructions in HT073269, however I am unable to get to step 1 of the Windows 8 install after updating the BIOS, resetting to defaults, and switching to UEFI-only. On boot, after switching to UEFI-only, I am presented with a bootloader and prompted to select which drive to boot (DVDRAM or SSD). Selecting either makes the screen go blank for a moment and then returns back to the same screen with no result.
  Since then I have searched these forums extensively and Googled Technet, Notebook Review, and other sites to no avail. I've tried several several ideas, including using diskpart > clean to get the SSD in raw status (per HT051844). That did not make a difference. I also tried converting a Legacy-BIOS install of Windows 8 to UEFI using CharlyAR's instructions on TechNet (linked from another thread here). That seemed to get me to a Windows Boot Loader but still errored out and Windows Repair was unable to fix it.
  Any suggestions?
  Also, question 2:  Does anyone know if the T420S support secure boot? If not, any idea if it's slated for a future firmware update?

  nuncio wrote:
  pleon wrote:
  I use Win8 on my T420s in UEFI mode. [...] I do not understand, what do you mean that secure boot does not work? In BIOS there is no special switch for that, but "UEFI only" works without any problems.
  Secure Boot is a certificate-based approach to preventing rootkits, not the same thing as UEFI. Although Secure Boot requires UEFI, having UEFI does not mean having the additional Secure Boot feature. If Secure Boot is available, typically there will be an option to enable it in the firmware configuration. Since the latest firmware for the T420S (ver. 1.35) does not have such an option, I suspect ThorsHammer is correct that Secure Boot is not (yet) supported on the T420S. I'm keeping my fingers crossed that Lenovo will tell us that a firmware update is on its way though.
  My understanding is that it will never support secure boot.  The secure boot support starts at Ivy Bridge and the T430s.

• X220 BIOS/Firmware - does it support "Secure Boot" under Windows 8?

  I am getting ready to install W8x64 Pro.  I have a X220 with the latest BIOS (1.36 if I recall correctly) using Windows 7x64 currently.  I have run the Upgrade Assistant and it says: "Secure Boot isn't compatible with your PC."  "Your firmware doesn't support Secure Boot so you won't be able to use it in Windows 8."
  Assuming when I install W8x64 bit I have "Boot to UEFI First" and "UEFI BIOS Only" set in the BIOS - and the SSD formatted as a GPT SSD - should Secure Boot work?
  The 1.36 BIOS is not listed as Windows 8 compatible.  I see there is a BIOS for the X230 that is W8 compatible but I am not going to install it.
  At any rate - for any of you X220 users - you can click on "System Information" in W8 or type in "msinfo32" in the run script and it will say whether "Secure Boot" is Unsupported or On.
  Here is a Lenovo link for installing W7 using UEFI but it does not mention whether you would be able to be in "Secure Mode" at the end. 
  http://support.lenovo.com/en_US/downloads/detail.page?DocID=HT051844
  Kent

  Latest firmware is supposed to support Windows 8. But I don't know what support is supposed to mean... I'd say that if you've installed under UEFI and still doesn't enable, it doesn't.
  Thou now that I think of... After I installed using UEFI, I had to go back to the BIOS and change some setting. Reset-some-key or something. I can't restart the computer now but whenever I restart it I'll let you know which setting it was. (it can be several days)
  Good luck.
  If I helped you, please give me some kudos! ^^

• Secure boot?

  Hello,
  I have a question regarding the secure boot option in the BIOS.  I have a Satellite C855D with Windows 8.1.  I was trying to boot to a USB thumb drive that has a bootable Ultimate Boot CD on it.  I changed the boot mode from UEFI to CSM but cannot find where to disable "secure boot."  I have done it before but it's like it isn't there now. 
  I reformatted my drive about two months ago and it may be a coincidence but I don't think I've seen the option since then.

  "Secure Boot" isn't needed to install Windows 8.
  "Secure Boot" is merely a feature of newer UEFI BIOSes that allow the system to maintain control of the installation of certain rogue software. It locks down the system and only hands over execution to "white listed" program and operating systems.
  Please send KUDOs
  Frank
  {------------ Please click the "White Kudos" Thumbs Up to say THANKS for helping.
  Please click the "Accept As Solution" on my post, if my assistance has solved your issue. ------------V
  This is a user supported forum. I am a volunteer and I don't work for HP.
  HP 15t-j100 (on loan from HP)
  HP 13 Split x2 (on loan from HP)
  HP Slate8 Pro (on loan from HP)
  HP a1632x - Windows 7, 4GB RAM, AMD Radeon HD 6450
  HP p6130y - Windows 7, 8GB RAM, AMD Radeon HD 6450
  HP p6320y - Windows 7, 8GB RAM, NVIDIA GT 240
  HP p7-1026 - Windows 7, 6GB RAM, AMD Radeon HD 6450
  HP p6787c - Windows 7, 8GB RAM, NVIDIA GT 240

• MJG's signed Shim for UEFI Secure Boot now available

  There have been a number of posts about EFI and Secure Boot recently, so I thought some people might be interested in this:
  http://mjg59.dreamwidth.org/20303.html
  That's Matthew Garrett's announcement of a signed binary version of his Shim boot loader. Basically, this program will boot on a computer with Secure Boot active in its default mode (with Microsoft's keys in the firmware) and then launch another boot loader (called grubx64.efi, although it could be something other than GRUB in that filename) that you sign with your keys. The end result is something that's more secure than disabling Secure Boot entirely and easier than installing your own Secure Boot keys. I haven't yet tried this version of the binary, so I can't provide help beyond pointing you to MJG's own blog, but I thought some people might want to know about it.
  FWIW, although you could sign and launch my rEFInd boot manager with this version of Shim, the current version (0.4.7) won't be very useful when signed in this way, since it doesn't yet "talk" to Shim. I'm working on changing that, so that rEFInd will launch binaries signed in a way that Shim supports.

  kristof wrote:A signed bootloader is nice, but unless the Arch developers start distributing a version of the kernel that's also signed with a MOK, secure boot isn't being fully utilized.
  Largely true, but:
  Secure Boot is here, and seems likely to stay. Given this fact, all Linux distributions (including Arch) need a way to cope with it. There are basically two choices: Provide instructions on how to deal with it (difficult because of system-to-system differences) or provide signed binaries (a boot loader at a minimum, or preferably a boot loader and kernel).
  It's possible to "provide" a signed binary by generating the key locally and signing it locally. This could be done by scripts in the installation process, for example. Of course, that still leaves a need to get the installer booted on a Secure Boot system, but that could be handled with the Linux Foundation's pre-bootloader.
  To be truly effective, Secure Boot really requires support all the way up the software chain. Signing a kernel does no good if the kernel can load unsigned modules, for instance. Fedora's taking steps to provide such security, but Ubuntu seems to be going with a more relaxed approach. In truth, Linux isn't as bothered by malware as is Linux, so it's unclear that going with a Fedora-esque approach is really helpful; but OTOH, it's conceivable that malware authors will start using Linux as a vector to install boot-time malware if Windows becomes sufficiently locked down, so maybe some paranoia is in order.
  At the moment and as a practical matter, technical Linux users (including most Arch users) will find it quicker and easier to disable Secure Boot than to use shim. As shim and various support tools (signing utilities, boot managers, etc.) mature, though, this may not be the case. It may also be desirable or even necessary to leave Secure Boot enabled, in which case adopting shim now may make sense. Likewise if you want to learn about it now so that you can use it in the future.