Ask a new question

System not booting with UEFI, unable to use Secure Boot

I've been struggling with enabling Secure Boot with Windows 10. The issue is basically that when I set UEFI in the Windows-specific options of my BIOS, the system gets stuck at the spinning windows dots and MSI logo. It's fine when I go back to CSM in the BIOS.

The PC was assembled and had Windows installed some time ago, all in CSM and "UEFI+Legacy" modes. I would like to avoid reinstalling the OS to not lose anything, unless it's necessary to do so. Also, there's no message like "No bootable system", just the spinning dots, so it doesn't seem to me like a reinstall is required (it also is fine back in CSM).

Here's what I've already done, verified and tried:
- The GPU was not working with UEFI. I've used the Nvidia firmware update tool to update it and now it works (no motherboard beeps, I can get to BIOS, the system attempts to load and displays the logo and spinning dots).
Both UEFI and UEFI+Legacy work fine in the Boot section of the BIOS settings, I have an M2 drive with the OS set as first priority, there are no more systems on the drives that could be interfering. The issue is with swithing from CSM to UEFI in Windows 10-specific settings in the BIOS.
- I have Fast Boot disabled in Windows Power Settings. I have not found a setting for fast boot in the BIOS.
I have updated my drivers (including CPU chipset, network, audio, GPU). I have not flashed a new BIOS as anything newer than what I have is listed as Beta in the MSI Product Downloads page.
- I have successfully performed dism, sfc and chkdsk.
- I have tried auto-repair in the Windows Recovery Environment. It just says that the problem could not be fixed. In the generated log it states that all tests have passed.
I have all my drives and partitions as GPT. I didn't reformat them, I luckly formatted them this way initially. When installing the drives and Windows.
Secure Boot with UEFI enabled does not help. I also had to do the trick in the BIOS to generate factory keys, but that only enabled me to turn on Secure Boot, not helping the endless loading.
- I have fTPM, TPM 2.0 etc. enabled in BIOS for the processor.

How can I get UEFI and in turn Secure Boot working?

The hardware is:
- MSI Tomahawk B350
- Ryzen 5 1600
- GTX 1080 Amp! Extreme
- The system is installed on an M2 SSD.

* Please try a lower page number.

* Please enter only numbers.

* Please try a lower page number.

* Please enter only numbers.

Hi, I am Dave, I will help you with this.

Most likely this is caused by the way Windows 10 was installed, click your Start Button, then just type msinfo and press Enter, please provide a screenshot of the resulting System Information window.
___________________________________________________________________

Power to the Developer!

MSI GV72 - 17.3", i7-8750H (Hex Core), 32GB DDR4, 4GB GeForce GTX 1050 Ti, 256GB NVMe M2, 2TB HDD

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

Hi, here are my msinfo cotents:

Image

Boot device seems important, but I don't know how to check which of my drives msinfo labeled with the "HarddiskVolume2"...

I also checked the log of the automatic repair tool and I realized a few things:

1. The previously mentioned log where everything is fine was generated in CSM, which makes it totally useless.

2. I ran the auto repair again in UEFI, (system did not boot as always) and I saw that the path to the log file was starting with "G:". The thing is, there is no such path to the log on my G: drive. What is more interesting is the fact that the G: drive is my old system drive, it used to be a "C:". After upgrading to a larger SSD for my system I formatted the previous one and assigned it as G:. Maybe some bootloader settings or something are still trying to use the old drive to boot in UEFI instead of the upgraded one.

3. I disconnected the G: SSD and tried to boot again, with no success. However, the auto repair tool ran for significantly longer and was doing some "Disk repairs". In the end it said that it could not fix the issues and system still does not boot. This time however the logs were written to disk, and two tests gave error codes: (I'm translating the logs as they are being generated in polish, I hope you get the gist of it from the translation)

From the top of the log:

"Session details

---------------------------

System disk = \Device\Harddisk1

Windows Catalogue = F:\WINDOWS"

Here the "System disk" has number 1, in msinfo it's HarddiskVolume2, no idea if this is the same or not...

Additionally, "F:\WINDOWS" shouldn't really exist... The drive letters in the recovery env are all kind of offset with regard to the actual drive letters. I checked their contents with the cmd line in recovery env and there my C: becomes F:, my D: becomes C:, my E: becomes D:, etc. Is this normal in the recovery env?...

Further down in the log, where the failed tests are:

"Found main cause:

---------------------------

Unspecified changes to the system configuration may cause a problem.

Repair actions:

Result: Failure. Error code = 0x32

Operation time = 359 ms

Repair action: Checking and repairing the integrity of system files

Result: Failure. Error code = 0x57

Operation time = 2562 ms"

In the DISM repair log file generated during autorepair I can see that it tries to use "G:" and "F:" drives, and fails I think. If the log would be useful I can send it here.

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

Thank you for the screenshot, Windows 10 is installed in UEFI Mode.

In BIOS on the TPM settings, is there an option to set TPM keys to factory keys, to see if you can then enable Secure Boot?

If that does not solve the problem, it would be best to contact support for your motherboard on the MSI website, it is not a problem with your Windows installation, since it is already installed in UEFI Mode.
___________________________________________________________________

Power to the Developer!

MSI GV72 - 17.3", i7-8750H (Hex Core), 32GB DDR4, 4GB GeForce GTX 1050 Ti, 256GB NVMe M2, 2TB HDD

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

In my BIOS there is no option for keys in TPM settings. These options are in the Custom mode of Secure Boot. As I wrote in my original question, to enable Secure Boot I had to generate factory keys. As I also said there, this does not change the situation.

The issue is not with enabling Secure Boot, it's with booting with UEFI selected instead of CSM. As UEFI is required to use Secure Boot I cannot use secure boot. The settings UEFI + Secure Boot, or UEFI + no Secure Boot cause the same behaviour where the system does not boot, all I get is Windows 10 loading circles spinning indefinetly. With CSM selected the Secure Boot option is not even avaliable.

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

Your Windows 10 is installed in UEFI Mode and your drive has a GPT partition style, so it should boot up if you have BIOS set to UEFI Mode, if it does not, you need to contact MSI Support, they may have a setting in your BIOS that is specific to that motherboard model.
___________________________________________________________________

Power to the Developer!

MSI GV72 - 17.3", i7-8750H (Hex Core), 32GB DDR4, 4GB GeForce GTX 1050 Ti, 256GB NVMe M2, 2TB HDD

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

Alright, thanks, I'll go do that.

If anyone has any other ideas regarding the boot loader, maybe some BCD settings to check, please do share them here.

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

Just a thought, please provide a photo of the Boot Priority list in your BIOS
___________________________________________________________________

Power to the Developer!

MSI GV72 - 17.3", i7-8750H (Hex Core), 32GB DDR4, 4GB GeForce GTX 1050 Ti, 256GB NVMe M2, 2TB HDD

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

Yeah, that's not it, especially since I unplugged the G: SSD drive I only have one drive listed in the boot options:

Both settings are set to the same option, Windows Boot Manager on my C: drive SSD. I'm certain that this is the correct drive since only this one has 500GB in my system, and the size is included in the name.

Btw. the "Boot mode select" option is not the one causing the issue here. This option takes values of either "UEFI" or "UEFI+Legacy", both work fine. The problematic UEFI option is in Advanced > Windows 10 settings, and it takes values of either "CSM" or "UEFI"

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

Thank you for those images, they are correct, please provide a photo of the tab showing the Secure Boot, TPM and CSM Support settings.
___________________________________________________________________

Power to the Developer!

MSI GV72 - 17.3", i7-8750H (Hex Core), 32GB DDR4, 4GB GeForce GTX 1050 Ti, 256GB NVMe M2, 2TB HDD

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

Here are the TPM settings:

Here are the Windows configuration settings:

- with CSM, no additional options are avialable:

- with UEFI the secure boot is available. If I change the Secure Boot Mode to Custom I can go into the key settings and Enroll all Factory defaults (I have done that). The GOP Information tab is empty at first and gets filled with GPU info after a restart.

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

* Please try a lower page number.

* Please enter only numbers.

* Please try a lower page number.

* Please enter only numbers.

 
 

Question Info

Last updated February 10, 2025 Views 242 Applies to: