[SOLVED] Help Clearing Motherboard Keys in Asus bios

Status
Not open for further replies.

AParsh135i

Distinguished
Sep 28, 2012
32
1
18,530
Hey guys,
Firstly, thanks in advance.

I own a computer business and we sell factory refurbished motherboards from a variety of manufacturers including asus, msi, gigabyte, etc.
Lately we have been having a huge issue with windows installations freezing right around the time before you would normally get to the first blue screen asking what language you speak, during the time when the dots are spinning in a circle after the reboot. We had this issue on newer motherboards that were both AMD and Intel and tried using different CPUs, different memory, different SSDs, different windows 10 installers, different flash drivers, different BIOSes, and many different settings in the motherboard options..

We think we finally pinpointed the issue is coming from stored keys inside the motherboards from a previous user, it seems that the manufacturers are not always clearing those keys out during their refurbishing process. This isn't surprising because they don't typically update BIOS either.

So we are now at a point that we are trying to clear the codes in the secure boot area of the bios and we're getting an error that reads "secure variable update is locked down" and that it suggest a restart. Restarting doesn't change anything though. Does anyone have any recommendations for how we can get these keys to clear? I've tried deleting them individually as well but I'm locked out from that as well. I am wondering if maybe a previous user used one of those TPM keys and locked the board to it? Maybe i need to clear that but have not figured that out yet either.

Thanks again for any advice!
 
  • Like
Reactions: Theon.Soong
Solution
The secure areas usually store things such as MAC addresses and serial numbers, also license keys but more on embedded systems. Those can be changed or cleared with external tools only (the way they are designed, the protection is on hardware level). I hardly believe this would cause the installation issue. The encryption module is a hardware cyphering module for storage and system lockdown, if BIOS is accessible - it should have an option to turn those off.

P.S some things can be changed from within live linux distro with a flashing tool, but again, chances of bricking are a real concern. And it is not addressing the issue.
The way you describe it, the windows installation might be missing storage drivers and turning CSM on may fix it.
The secure areas usually store things such as MAC addresses and serial numbers, also license keys but more on embedded systems. Those can be changed or cleared with external tools only (the way they are designed, the protection is on hardware level). I hardly believe this would cause the installation issue. The encryption module is a hardware cyphering module for storage and system lockdown, if BIOS is accessible - it should have an option to turn those off.

P.S some things can be changed from within live linux distro with a flashing tool, but again, chances of bricking are a real concern. And it is not addressing the issue.
The way you describe it, the windows installation might be missing storage drivers and turning CSM on may fix it.
 
Solution
If you are able to boot Windows installation, you should be able to boot live Ubuntu from USB drive. It's because Ubuntu comes with Microsoft signed bootloader. Once you are booted up, just follow steps described here in Method 2.

After that secure variable update should be unlocked and you should be able to clear Secure Boot keys.
 
THIS WORKED FOR ME!!! THANK YOU RUBANS! YOU ARE AMAZING GOOD SIR!

This one was the most frustrating problems I have ever come across I followed method two using ubuntu and I was able to go in and delete the PK key. Then I was able to install windows perfectly fine after that. If anyone comes across this issue make sure you follow what is posted above. I did everything else possible you could imagine. I don't know why OP never came back to say this what worked for them, but perhaps it has to do with their line of work. So I am not gonna be that guy and I am here to say this worked!

PS When re-entering the password during the method two process make sure you are inputting the password character in the position it asks for.

Example: When it says input password character 6, if your password was 12345678 like mine was then you would enter 6 and then it will ask for another character in a different position and you have to enter all them correctly. If you simply just type the password you entered prior it will not work and you will get an invalid character error.
 
Last edited:
  • Like
Reactions: Theon.Soong
Status
Not open for further replies.