[SOLVED] Can't figure out proper settings to get secure boot working.

[tjtowelljr]

Hello, I am currently preparing my windows 10 pc for the windows 11 upgrade. The two things I had to complete before I could upgrade was to enable TPM2.0 and enable secure boot in the bios. I was able to get TPM2.0 to enable properly, however I can't figure out why secure boot completely bricks my motherboard. I have amd ryzen processor paired with the gigabye b450m ds3h motherboard. I'm also using a Nvidia RTX 2070 founders edition.

Basically, I have to disable CSM to enable Secure Boot in the bios. However, when I try to reboot, nothing posts. I then have to CMOS reset my mobo. I believe my issues are either the fact that I have MBR file partitions instead of GPT, or that my gpu might not be able to run in secure boot.

If the issue is because of my partition types, how would I go about changing them? would i have to disable csm in bios, then boot to a windows installation media tool to reinstall windows? or could I do it an easier way?

If the issue is my gpu, how could I fix that if I even can?

The goal is to not have to buy anything as I'm trying to upgrade to windows 11 with my current specs which are:

AMD Ryzen 9 3900x
RTX 2070 TI Founders Edition
Gigabyte B450m DS3H

I tried to include as much information as possible to try and help aid in answering this question, I apologize if it lacks crucial details that I'm missing, I will be happy to add more information.

 

[Darkbreeze]

If secure boot/Full UEFI mode wasn't enabled when Windows was installed, it's not going to boot after you enable it. You would need to enable secure boot and all UEFI related settings in the BIOS, THEN do a clean install. So yes, your problem is almost certainly an MBR vs GPT issue.

You would need to boot to the installation media, by manually selecting the installation media in the BIOS or as part of a one time boot configuration setting during startup, rather than trying to boot from your existing Windows installation.

As far as I know you can convert MBR partitions to GPT, but that won't change the information in the Windows boot manager that allows secure boot and full UEFI operation to occur. That has to happen prior to the installation of Windows. Try backing up everything important including browser favorites, personal documents, music, movies, pictures, anything that can't be lost (And SHOULD already have been backed up elsewhere so that when the drive fails, which it will sooner or later because they ALL do) and then configure the BIOS for secure boot, and then boot to your installation media, and proceed to do a clean install from the installer media. Trying to do as an upgrade through Windows likely isn't going to work in your situation if you are currently running a Windows installation that was done with the system in legacy/CSM mode.