Secure Boot Update Failure

Question

Secure Boot Update Failure

Jon Brookshire 0

Whatever update you guys pushed out broke my secure boot on Windows 11 Pro installation. The hardware is fine and I can see all my drives and the BIOS is up to date. Settings hasn't changed and is in UEFI mode. Got my system to boot off a Windows 11 CD and Event Viewer shows a critical log of a Secure Boot Update Failure. Boot is still broken if trying to restart. You're starting to get reckless with these updates. (2nd time this year) Breaking my OS installation. Haven't had these issues with my Linux environments. Going to try a BCD repair. Anything else I can try before another fresh install?

1 answer

Your answer

Answer 1

Hi @Jon Brookshire,

Welcome to Microsoft Q&A forum.

Thank you for reaching out and sharing the detailed observations regarding your Windows 11 Pro environment.

As you shared that following the most recent update, your system is experiencing an interruption during the startup process, preventing it from booting into the operating system. Based on the Event Viewer logs you accessed via the recovery media, it appears the system is encountering a conflict regarding the Secure Boot configuration keys during the update initialization.

This behavior typically happens when UEFI database needs a refresh to accept the modified signatures provided by the operating system update.

Based on the steps you tried, please try to attempt a reset of the Secure Boot keys within the BIOS before proceeding with invasive repairs or a fresh installation.

Step 1: Please try to isolate the secure boot feature

If BitLocker is enabled, suspend it first: manage-bde -protectors -disable %systemdrive% -RebootCount 2
Enter your BIOS/UEFI settings.
Temporarily disable Secure Boot.
Attempt to restart the machine.

If the system boots successfully: This confirms the OS integrity is intact, and the issue is related to the firmware key handshake.

Step 2: then reset secure boot keys (If step 1 confirms OS integrity)

Return to BIOS/UEFI settings (Security → Secure Boot → Key Management).
Select Install/Restore Factory (Default) Keys.
Avoid using “Clear Keys” unless you immediately reinstall default keys.
Re-enable Secure Boot and save changes.
If BitLocker was suspended, re-enable it:

manage-bde -protectors -enable %systemdrive%

For additional context on Secure Boot requirements and troubleshooting, you can reference this official Microsoft article: Windows 11 and Secure Boot - Microsoft Support

Please let me know the outcome of the steps above. Thank you for your patience and your understanding. If you have any questions, please feel free to reach out.

I'm looking forward to your reply.

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread

Ian-Ng 6,215 Reputation points Microsoft External Staff Moderator

2025-11-27T15:26:54.56+00:00

Hi @Jon Brookshire,

I hope everything is going well on your end.

I’m following up on the support thread we've been working through together. I wanted to check in and see if the information I shared in my previous answer helped resolve the issue you were experiencing.

If you're still experiencing any issues or have further questions, please feel free to reach out at any time. I’m always happy to help if you need anything else.

We want to ensure everything is functioning smoothly and that your experience remains seamless.

Thank you again for your collaboration throughout the troubleshooting process.

I look forward to hearing from you soon.

Share via

Secure Boot Update Failure

1 answer

Your answer