Windows 10: my laptop with secure boot, TPM 2.0, UEFI bios, DEP enabled and 2.40 GHz not able to enable...

Discus and support my laptop with secure boot, TPM 2.0, UEFI bios, DEP enabled and 2.40 GHz not able to enable... in Windows 10 Software and Apps to solve the problem; In my laptop with secure boot, TPM 2.0, UEFI bios, DEP enabled and 2.40 GHz mother board i3-7100U, I am not able to enable core isolation and memory... Discussion in 'Windows 10 Software and Apps' started by Prof P V Sreenivasaiah, Dec 11, 2022.

  1. PROF P V SREENIVASAIAH
    Prof P V Sreenivasaiah Win User

    my laptop with secure boot, TPM 2.0, UEFI bios, DEP enabled and 2.40 GHz not able to enable...


    In my laptop with secure boot, TPM 2.0, UEFI bios, DEP enabled and 2.40 GHz mother board i3-7100U, I am not able to enable core isolation and memory integrity. Security icon displays yellow triangle with exclamatory mark; but, no issue isshown when I opened the security folder. Under device security, it displays "Standard Hardware security not supported.

    :)
     
    Prof P V Sreenivasaiah, Dec 11, 2022
    #1
  2. SALTGRASS
    Saltgrass Win User

    cannot enable secure boot

    In order to enable secure boot in the Bios, the system needs to be configured as UEFI which means it has a EFI System partition. It will not work with a Legacy install.

    In addition to Secure Boot, the CSM must be disabled. (page 3-22)

    The TPM requirement is normally allowed by enabling the PTT option, paragraph 3.6.6 PCH-FW
     
    Saltgrass, Dec 11, 2022
    #2
  3. GREG CARMACK - WINDOWS MVP 2010-2020
    Greg Carmack - Windows MVP 2010-2020 Win User
    TPM 2.0 Enabled but not showing in windows

    Hi Luke-

    Is Secure Boot also turned on in BIOS?

    Are you checking in System Information? What tells you WIndows doesn't recognize it exactly?

    Fixes for Windows not detecting TPM 2.0 enabled in BIOS:

    https://winaero.com/how-to-enable-secure-boot-a...

    https://www.dell.com/support/kbdoc/en-us/000103...

    https://www.slashgear.com/windows-11-tpm-2-0-up...

    If you still can't get it recognized in Windows, then I'd run a Repair Install to see if it's picked up this time. A Repair Install reinstalls WIndows while saving your files and apps in place, brings it up to the latest version by the most stable method, takes about an hour, resolves most problems: https://www.yourwindowsguide.com/2016/06/how-to...
     
    Greg Carmack - Windows MVP 2010-2020, Dec 11, 2022
    #3
  4. FELIPE-CA
    felipe-ca Win User

    my laptop with secure boot, TPM 2.0, UEFI bios, DEP enabled and 2.40 GHz not able to enable...

    Inaccessible Boot Device - Likely due to TPM and Secure Keys

    When I boot my custom build desktop, I'm getting Inaccessible Boot Device. I then get to WinRE and I am able to go to the command prompt and I can see the windows installation on driver D.

    I tried running

    • Startup Repair - No luck, nothing fixed, issue remains
    • cmd prompt - sfc/SCANNOW /OFFBOOTDIR=d:\ /OFFWINDIR=d:\windows [enter].
    • cmd prompt - chkdsk d: /r (answered yes to dismount)
    • Restart Options - disable driver signature enforcement
    • Restart Options - disable early launch anti-malware protection
    • Safe mode
    • playing with different settings in BIOS
    How did I get into this messy situation:

    • Win 10, tried to upgrade to Win 11. TPM was not enabled in BIOS
    • Enabled fTPM in mobo (ASUS Prime X570-Pro)
    • Win 10 was using legacy MBR. Successfully converted to GPT. Changed mobo to UEFI in compatibility mode (UEFI and Legacy OPROM, storage devices and PCIe devices in UEFI only mode). Boot Device is an NVME SSD (PCIE-4 compatible). Bitlocker was never enabled.
    • No issues so far and I was able to start Win11 installation.
    • After a few auto-reboots, at around 75% the installation failed. Inaccessible Boot Device
    • Win11 installation was successfully reverted and I was able to login to Win10
    • restarted the win11 install. same issue at aroung 75%
    • Upgraded Mobo Firmware (v2407 to v4021).
    • Win 11 installation failed again.
    • Changed bios configs and could not boot anymore
    Unfortunately I don't have the exact sequence of steps but these are the areas I played with

    • I never run the TPM module in windows after enabling TPM in the BIOS.
    • I was looking into Bios as some forum post suggested making sure SATA was set to AHCI. But I am using RAID on my SATA spinning HDDs. The system is booting from NVMe SSD
    • I noticed that Bios -> Boot -> Boot/Secure Boot -> OS Type - Was set to "Other OS" and changed it to "Windows UEFI Mode"
    • Unfortunately I don't remember if I changed any other settings at this point.
    Other things I have tried

    • Bios - Saved secured keys to USB drive and deleted existing keys (only after changing the OS type and the issue already present)
    • Bios - installed default secure boot keys
    • Bios - Restored saved secure boot keys
    • Disabled fTPM (by setting it to discrete TPM - there are no external TPM module in my setup)
    • Bios -> Advanced -> Trusted Computing -> Security Device Support - Disable
    • Bios -> Advanced -> Trusted Computing -> Disable Block Sid -> Enable (only for next boot)
    • A few combinations of the configs above, though likely not exhaustive of all combinations
    I also tried to boot from the Win 10 Installation DVD and try to repair the win10 installation, but no success. Though it is possible I could have had a a bad choice of bios settings when trying this.

    Any ideas on what I can do next? What would be the best procedure to try to recover the system?

    • fTPM enabled
    • Should I clear the Secure Boot Keys? Leave them empty or install default ones?
    • Security Device Support - Leave it enabled? there are some options such as platform hierarchy and storage hierarchy (both enabled)
    • TPM 2.0 UEFI Spec version is TCG_2 / Physical Presence Spec Version is 1.3
    • Try to repair windows with the settings above?
    • Try to re-install Win10 preserving personal files?
    Thanks,

    Felipe.
     
    felipe-ca, Dec 11, 2022
    #4
Thema:

my laptop with secure boot, TPM 2.0, UEFI bios, DEP enabled and 2.40 GHz not able to enable...

Loading...

  1. my laptop with secure boot, TPM 2.0, UEFI bios, DEP enabled and 2.40 GHz not able to enable... - Similar Threads - laptop secure boot

  2. how to enable secure boot even if UEFI and secure boot control is on/enabled

    in Windows 10 Gaming
    how to enable secure boot even if UEFI and secure boot control is on/enabled: as how the question goes, I can't find a way to manually enable secure boot itself even if secure boot control and UEFI is on and used. how do I enable it? like the secure boot in the BIOS settings of mine can't be changed but the secure boot control can be changed, I have...

  3. how to enable secure boot even if UEFI and secure boot control is on/enabled

    in Windows 10 Software and Apps
    how to enable secure boot even if UEFI and secure boot control is on/enabled: as how the question goes, I can't find a way to manually enable secure boot itself even if secure boot control and UEFI is on and used. how do I enable it? like the secure boot in the BIOS settings of mine can't be changed but the secure boot control can be changed, I have...

  4. my laptop with secure boot, TPM 2.0, UEFI bios, DEP enabled and 2.40 GHz not able to enable...

    in Windows 10 Gaming
    my laptop with secure boot, TPM 2.0, UEFI bios, DEP enabled and 2.40 GHz not able to enable...: In my laptop with secure boot, TPM 2.0, UEFI bios, DEP enabled and 2.40 GHz mother board i3-7100U, I am not able to enable core isolation and memory integrity. Security icon displays yellow triangle with exclamatory mark; but, no issue isshown when I opened the security...

  5. Secure Boot Enabling W10 UEFI; for W11

    in Windows 10 Installation and Upgrade
    Secure Boot Enabling W10 UEFI; for W11: Please help me.I using W10 on UEFI/GPT. But SecureBootState is Off.What have i done: 1 in ASUS UEFI i selected Windows UEFI Mode instead of Other OS and broke boot process - Windows Boot Manager invoked repair procedure.2 I turned off driver signature enforcement F7 keyword...

  6. Enable TPM on BIOS

    in AntiVirus, Firewalls and System Security
    Enable TPM on BIOS: Do I need to clean install Windows 10 after I enable TPM on BIOS? 182028

  7. Enable TPM on BIOS

    in Windows 10 Support
    Enable TPM on BIOS: Do I need to clean install Windows 10 after I enable TPM on BIOS? 182028

  8. How to enable secure boot in bios to uefi converted laptop.

    in Windows 10 Customization
    How to enable secure boot in bios to uefi converted laptop.: Hello, my laptop was having Windows 7 in Legacy bios and i installed windows 10 in Legacy bios then i cleared disk 0 and installed windows 10 in uefi bios but secure boot opyion is not available as before in legacy bios.i have lenovo thinkpad edge e420....

  9. UEFI bios enabled but no secure boot on windows 10?

    in Windows 10 Support
    UEFI bios enabled but no secure boot on windows 10?: So i had secure boot up and running on my windows 8.1 machine after a clean install, but now since microsoft upgraded me to windows 10 it seems as my secure boot is off again, but it's enabled in my bios is so weird, it's enabled in bios but off in windows 10? Is not much of...

  10. UEFI Installation With Secure boot enabled

    in Windows 10 Installation and Upgrade
    UEFI Installation With Secure boot enabled: Hello tech guys, i need emergency help, i posting this thread from my frined's computer, i have a HP laptop, and few days ago i send it to tech shop for motherboard repair, and they did it as well, but after few days i am facing problem with BIOS, i cant change bios...