[SOLVED] in BIOS secure boot is on but in msinfo32 it is unsupported how to I get secure boot working

[rhine]

at first in the BIOS secutre boot was off and it couldn't turn it on and it displayed Secure Boot can be enabled when Platform is in User Mode. Repeat operation after enrolling Platform Key (PK). I was able to get it turned on by changing the Secure Boot Mode from custom to stander and it allowed me to turn it on and said that it was on but msinfo32 said it was unsupported and the windows 11 benchmark system agrees how can I get secure boot to work.

 

[USAFRet]

at first in the BIOS secutre boot was off and it couldn't turn it on and it displayed Secure Boot can be enabled when Platform is in User Mode. Repeat operation after enrolling Platform Key (PK). I was able to get it turned on by changing the Secure Boot Mode from custom to stander and it allowed me to turn it on and said that it was on but msinfo32 said it was unsupported and the windows 11 benchmark system agrees how can I get secure boot to work.

What are the FULL specs of this system?

 

[rhine]

processor AMD Ryzen 5 2600 six-core procesor 3.4 GHz
Ram 8 GB
graphic card NVDIA Geforce GTX 1650
500 GB storage
runs window 10

 

[rhine]

Base Board made by ASRock
Base Board Product A320M-HDV R4.0

 

[USAFRet]

OK, just checking to see if your CPU was on the current list.
https://docs.microsoft.com/en-us/wi...supported/windows-11-supported-amd-processors

As far as Win 11.....patience.
Don't worry about upgrading to 11 for several months. Things may change.

 

[rhine]

I am on the list

 

[USAFRet]

I am on the list

Yes it is.

But....

1. There is no compelling need for Win 11 vs Win 10
2. Win 11 won't actually be released for several months.
3. Patience.

 

[rhine]

ok

 

[Colif]

I had secure boot turned on my bios, but Windows 10 said it is off

so what solved the problem is

1. reset the bios
2. turn on legacy mode and restart .........that will say no os
3. go back to bios turn on uefi and reboot...still secure boot off
4. go to bios disable secure boot and reboot .....secure boot is off
5. go back to bios and turn on secure boot this time and reboot ......in windows hopefully like me your secure boot option will be on

https://superuser.com/questions/102...ugh-it-is-turned-on-in-uefi-firmware-settings

is there an option in the secure boot menu in bios to reset keys as that can also be a cause, as it might not have the microsoft keys there.
your manual isn't overly informative as to whats in menu. Page 72 - https://download.asrock.com/Manual/A320M-HDV R4.0.pdf

 

[rhine]

one question my bios looks like it only can be turned to legacy in two places one in the launch PXE OpROM Policy and two the launch Storage OpROM Policy both under CSM (Compatibility Support Module) and in the Boot screen of bios will this turn it to legacy or is there more I need to do like turning off CSM

 

[rhine]

one interesting this I found is in msinfo32 Device Encryption Support it said "Reasons for failed automatic device encryption: TPM is not usable, PCR7 binding is not not supported, Hardware Security Test interface failed and device is not Modern standby, Un-allowed DAM capable bus/device(s) detected, TPM is not usable

 

[rhine]

didn't work though maybe I did it wrong. to get in to with I think was legacy mode I changed the launch PXE OpROM Policy and the launch Storage OpROM Policy to legacy and on step 4 you say to turn secure boot off but when I reset the bios it turned that off because of that in step three I turned secure boot on manual then did step 4 and 5 but in the end msinfo32 still said Unsupported

 

[Colif]

TPM is not usable, PCR7 binding is not not supported, Hardware Security Test interface failed and device is not Modern standby, Un-allowed DAM capable bus/device(s) detected, TPM is not usable

PCR description
Modern standby seems to be Fast startup - https://docs.microsoft.com/en-us/windows-hardware/design/device-experiences/modern-standby
Un-allowed DAM capable bus/device - not so clear, can mean you using MBR but that seems unlikely if you can't boot legacy. Seems outdated drivers can cause this - try updating chipset drivers - https://www.amd.com/en/support/chipsets/amd-socket-am4/a320

Microsoft have removed the test, its possible it will pass your system in a few months so I wouldn't worry about it until then.

 

[rhine]

ok

 

[rhine]

I think I know without the problem is my computer BIOS is stuck in legacy mode and needs CSM on for it to boot and I think CSM or legacy mode disables secure boot

 

[Colif]

CSM
Enable to launch the Compatibility Support Module. Please do not disable unless you’re running a WHCK test.

Launch PXE OpROM Policy
Select UEFI only to run those that support UEFI option ROM only. Select Legacy only to run those that support legacy option ROM only.
Select Do not launch to not execute both legacy and UEFI option ROM.

Launch Storage OpROM Policy
Select UEFI only to run those that support UEFI option ROM only. Select Legacy only to run those that support legacy option ROM only.
Select Do not launch to not execute both legacy and UEFI option ROM.

page 74 here - https://download.asrock.com/Manual/A320M-HDV R4.0.pdf (I didn't look very hard last time)

if you are using legacy boot then yes, secure boot won't turn on

I did do up this - https://forums.tomshardware.com/thr...-what-you-can-do-to-resolve-problems.3711259/

what I would do is nothing now. I would wait until win 11 is actually out before changing my PC to fit it.

 

[rhine]

the werd thing is I have the OpROM Policy's in UEFI only but msinfo32 said boot is in legacy mode

 

[Colif]

You may find only way to get it right would be a clean install and its up to you if you think thats worth it now to change a value

 

[rhine]

problem fixed I was in legacy mode and used https://www.maketecheasier.com/convert-legacy-bios-uefi-windows10/ to turn to uefi that let secure boot run