Retrofitted a new SSD and Windows 8.1 - Secure Boot issue

Mikoyan

Mikoyan

Mikoyan

Soldato
Joined
4 Aug 2004
Posts
2,734
Location
on OCUK
Hi all,

Strange issue, I retrofitted a clean and brand new SSD in a Lenovo X1 Carbon, no matter what I could not even use the standard recovery install disks to re-image this.

Had to in the end disable Secure Boot and enable Legacy\CSM, I am successfully booted into the OS.

Now if I try to enable Secure Boot, it refuses to load and boot into the os unless I turn off Secure Boot?

What is going on :(
 
I think - but may be wrong having not used secure boot myself - that windows needs to be installed with secure boot enabled. As you are using recovery media, I am not sure you can do this.
 
there is a new BIOS update http://support.lenovo.com/in/hi/downloads/ds030685

Update: this has got me thinking now? You must be able to replace a drive without this problem from secure boot. Was it lenovo software you used for the re-image of 8.1

To make a system image backup in Windows 8.1, from the original drive, you must navigate to file history. (Not history settings) Using Smart Search, and look for image recovery (bottom left of control panel) this will start the wizard


How this works out on a real-world Windows 8 Certified system for uefi
The OEM generates its own PK (platform key) and Microsoft provides a KEK that the OEM is required to pre-load into the KEK database. Microsoft then signs the Windows 8 Bootloader, and uses their KEK to put this signature in the Authorized Database. When UEFI boots the computer, it verifies the PK, verifies Microsoft’s KEK, and then verifies the bootloader. If everything looks good, then the OS can boot.

have a read of this:http://support2.microsoft.com/kb/2800988
 
Last edited:
Hi,

Yes did a recovery image creation via USB Stick via Lenovo Recovery. Did not use the Windows System Image though..

Latest BIOS update has been applied on the X1 Carbon 20A7

The MS link..

To work around this issue, Secure Boot must first be disabled before installing new hardware. For more information on disabling Secure Boot in your computer's BIOS, reference the manual that came with your motherboard or contact your motherboard manufacturer. If you are in an enterprise environment, contact your system administrator.

Thats what I did, as it was the only way to get it to work...but says nothing about re-enabling :p
 
I can only think that Lenovo's drive is specific in the ROM firmware with uefi and it now thinks your new drive is bogus?

I'm sure Lenovo will help with this problem, but would probably ask you to return laptop at a cost to you :confused:

or if want, you could try using the inbuilt re-image from Microsoft on original drive

To be perfectly honest, in the 'corporate world' or OEM/Microsoft, secure boot is maybe a progress for them in some instances.
If you look into this, it checks things that in a normal world is just paranoid for most circumstances, such as signed drivers, original installed software and hardware?

if you know nobody else has access to your laptop, then why bother with secure boot at all.
 
Last edited:
You must log in or register to reply here.
Back
Top Bottom