I have a Surface Pro 4 and I guess my secure boot keys got messed up somehow. On Surface Pro 3 this fix is as easy as going into the UEFI and resetting to the default keys, but there's no such option on the SP4 UEFI. I previously disabled secure boot to dual boot Arch. I've since deleted that partition. Every time I try to enable Secure Boot it returns "The system failed to update the Secure Boot certificate keyset." Does anyone have any clue on how I can go about resetting this? I have re-installed Windows and re-installed the SP4 firmware already. TPM is enabled as well.
Asked
Active
Viewed 4,756 times
3
-
Is there any specific reason you need secure boot on? Why not just leave it off? – Next-Door Tech Aug 09 '18 at 07:09
-
1It slows down boot and there's an ugly red bar at the top of the screen. I really just want it back on because that's how it came. – Thomas Boxley Aug 10 '18 at 05:41
-
Thomas - If you get a chance, look over my post here: https://superuser.com/questions/1104810/clearing-tpm-does-not-ask-for-new-password-but-change-owner-password-asks-for/1115768#1115768 and in particular look over the **PowerShell Resetting TPM** and **How to Clear the TPM Chip of any previous Ownership Credentials** sections for steps that may help you with this. It may be worth the read if nothing else at least for those two sections. – Vomit IT - Chunky Mess Style Aug 11 '18 at 00:24
-
Thank you. I tried these steps and am still unable to enable secure boot. – Thomas Boxley Aug 15 '18 at 03:51
-
Have you tried to [factory reset the Surface Pro 4](https://www.hardreset.info/devices/microsoft/microsoft-surface-pro-4/hardreset/first-method/)? I suggest to backup first your files. – harrymc Aug 15 '18 at 13:32