How can I get secure boot working after manually creating EFI partition with diskpart?

boot uefi secure-boot efi windows-11-upgrade

motherboard: ASUS ROG STRIX X570-E GAMING Rev X.0x

I successfully enabled secure boot and installed Windows 11. Because of issues I decided to go back to Windows 10 and experiment on another machine. After resolving issues I want to install Windows 11 again.

A small partition existed other than the System Reserved partition without any type, name, or description, so I deleted it. My machine then would not boot. I used a tool to repair booting. It seemed after research that the partition I deleted was the EFI partition containing secure boot keys. I then followed instructions for creating the EFI partition with diskpart. I gave it 500mb.Now it plainly says "EFI System Partition" when I view the disk with Windows Disk Management.

I went into the BIOS, deleted the secure boot keys, and created again by clicking "create default keys". Launch CSM is enabled. Boot Device Control has "UEFI and legacy OPROM". If I set it to "UEFI only", no disks show in the list of bootable devices and it will not boot. It was set to "UEFI and legacy OPROM" when secure boot was previously working. If I insert a Windows install USB and set to "UEFI only" it will list the USB as bootable, so that confirms the disk does not have a UEFI attribute.

When I display disk information it says it's GPT, not MBR. The conversion tool does not give the convert option, so I'm sure it's GPT. I did however use the boot repair tool, but that was before I created the EFI partition and it may not have done everything needed.

The machine boots. The System Information screen says the Bios Mode is legacy.

What can I do to reenable secure boot again? I do not want to do a clean install.


Solution 1:

You seem to have created the EFI partition, but that is only the first part of the job. You have to format it (FAT) if this is not done, recreate the Windows boot loader.

With diskpart, you type set disk 0 To select your disk, list vol to show the volume, then sel vol n to select the nth volume. assign letter=G: to assign a letter. exit to exit diskpart.

cd /d G:\EFI\Microsoft\Boot\

Then bootrec /fixboot. Should do the job.

On recent version of Windows 10, a permission denied is claimed… try with bcdboot /s G: /f UEFI

Related

Error 0xc0000017 when trying to install windows 10 on brand new computer
sub-sub-folders in Thunderbird
Why doesn't sum of of the values in the commit size in the processes view match the commit size in the performance view in the Windows Task Manager?
How to install CertUtil to Windows 7?
How can I find out processes are using swap space?
How can I import LibreOffice Impress templates?
Error: *.default is not a constructor
Default value in lombok. How to init default with both constructor and builder
What's the difference between plugins and extends in eslint?
What is the alternate of HttpRequest.EnableRewind() in ASP.NET Core 3.0?
How do you introduce unit testing into a large, legacy (C/C++) codebase?
What do setUseWideViewPort() and setLoadWithOverviewMode() precisely do?