On 5/2/24 5:24 PM, Jim Henderson wrote:
On Thu, 2 May 2024 17:09:41 -0400, Joe Salmeri wrote:
When I installed the new BIOS yesterday I did the Load Optimized BIOS defaults, I'll have to look further for a setting to reinstall the default certificates.
Do you recall the verbiage it used ?
There are hundreds of setting in the BIOS on this motherboard.
On my system, it was under the Secure Boot settings - I ended up asking the vendor for a pointer (because, like yours, there are lots of settings in mine as well). There was a section for managing the certificates, as I recall, and there were two options - one to delete, and one to reinstall the defaults. I deleted them, rebooted, and tried running the update, but it didn't run, so I reinstalled the defaults, and then the update ran.
Ok, I dug out the mb manual as I cannot reboot the system right now. In the Secure Boot settings there is a section "Key Management" with an option "Install Default Secure Boot keys", which says: Allows you to immediately load the default Secure Boot keys, Platform key (PK), Key exchange Key (KEK), Signature database (db) and revoked Signatures (dbx). When the default Secure boot keys are loaded the PK state will change from Unloaded mode to loaded mode. Not sure what they mean about the PK state changing..... I thought that during the TW install that they install a key that is signed by Microsoft so that TW can use Secure Boot ? Don't we need to do something so that gets reinstalled ? Cannot afford to brick this system ! -- Regards, Joe