The short easy answer is you have a newer but older notebook that was pre-1607, during 1607 also known as the Anniversary Edition Microsoft extended (added too) the Secure Boot Policy Hash's, making them longer / more complex... What this means to your notebook is it is still a secure booting notebook that reads the new policys as policy's but will never see them as New Secure Policys implemented by microsoft.
Shortly after 1607 a (group) unofficially posted the better half of the new hash's on GIThub , statig they were fficail from MS and named them the Golden Keys, in fact it made world wide news,
What you can try to do to fix this is , head to your manufacter, ask for the latest firmware update to the FCU fall creators update, or use your manfactures UEFI Import tool to create / Clear your old keys and make your notebook FCU friendly.. There are a ton of tutorials around most UEFI AMBIOS manufactures that will have a free downloadable tool for you to use or a third party tool others choose Inclding the Official InSyde UEFI bootcheck tool on InSydes website.
Hope this helps, an dont give up your solution is on of the ones i listed, before i forget, it might be easier for you to just use the pre-made public keys created to Duel-Secure-Boot both Linux and Win10 those can also be found on GitHub, but they are public known generated keys, and that would be your roll of the dice if you dont mind giving up a little security for the time savings.
Thanks for your answer, i think i understand the problem but i don't understand the solution, so please can you guide me more?
what exactly can i do to solve my problem?
i have not to much experience and knowledge to do the correct steps, so please guide me, what tool must use and from where can i download it?
Honestly its going to be more trouble than its worth, and thats if you can select custom keys in the uefi, and physically see them, clearing through the default uefi only hides them in the menu, that is if you can see all the keys on the board, thats why we use a tool to check
which keys are present
which keys are missing/corrupted
and finally to show (which keys Microsoft has added to the latest updated OS currently install as your windows system)
Those would also read ( missing )
The explanation is long, dry, and you can find many tutorials on key creation on the internet, its not something i can explain in a AMD forum really, it would literally be pages upon pages long.
Try looking back into your UEFI, you mentioned you did happen to get the notebook to install/load and get to desktop to pull down a sys info that did in fact show you were running legacy....
so knowing that, all you have to do is Reinstall Windows10 ( Secure Boot On) and after first getting to your desktop, no problems yet,
Immediately update VC++ 2005-2017, Enable Framework 3.5, Enable Feature windows Process Model both Process Activation and the Feature .Net Environment.
After Reboot Deactivate Defender and UAC through this command line PowerShell Admin
C:\Windows\System32\cmd.exe /k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
To turn it back on use this command line
C:\Windows\System32\cmd.exe /k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 1 /f
Reboot to honor changes
OH before i forget run these commands to safly turn off Fast Boot
PowerShell Admin after the reboot
powercfg /h type REDUCED
powercfg /h off
Reboot and wait on CheckDisk to find and repair the hybrid.sys files and the rest the disk
Now head to Settings /Recovery / Startup Recovery WinRE Menu to get back to your UEFI, dont use F2, use the desktop settings menu. Pressing F2 int interrupts the boot process, as does fast boot but that's a whole other discussion.
You can look that up later
Now in your UEFI with UAC OFF, and Fast Boot Off in the power config menu
Disable Secure Boot
Turn on your CSM
Dont worry about deleting any keys or turning fast boot off, these will be forced actions that the UEFI will perform when flipping the switchs
Save and Exit, now HOLD F2
this will be the only time you press F2, check to make sure SecureBoot is OFF and CSM is on , you are now in the new Key Creation Setup Mode when CSM is OFF and Secure Boot keys are cleared
You are in UEFI Hardware setup mode when uefi CSM mis ON and Secure Boot is Cleared, thats something left to a tool though, but thought i should explain what your looking at, an when you get there and really look at it, it will start to become clear ok? ok moving on.
This is not Full Legacy, and you sys. info will still read UEFI and Secure Boot Off when you look at it,
Dont forget to Disable Defender each time you get to desktop, if you have third party Security you can use to force that dam thing off, more power too you, now install your Device drivers, you shouldn't have any more problems out of the drivers your manufacture provided for now on
After all drivers are installed and rebooted, follow my advice in reverse order, and use powercfg /h ON this time, and last step will be for you turn secure boot back on.
Then finally back to your desktop you will Enable UAC back On and turn your OS security back to ON
Secure Boot is not your enemy, its a simply boot handshake that just needs to be locked/unlocked and setup properly through the steps above, what keys if any your missing is something only you can find out through a Key Tool online from your uefi board manufacture
Happy Gaming and New years
Thank you (again) very much for the big and difficult answer and thank you for your time.
My laptop is not too old, there are much older laptops in which I installed the latest version of Windows 10 and there was no problem. This problem exists only on APU processors? and why this? and why Microsoft with AMD does not find an easy solution?
In your answer now....
The problem is in "HP PC Hardware Diagnostics UEFI"? or on "HP Notebook System BIOS Update (F.45 Rev.A-AMD Processors)"? (sorry but the names is from HP support and downloads page).
For me these instructions are a long and time consuming task,
Can you tell me (or give me a link) It is a third party software tool to do the job?
A clean installation on a new hard drive will solve the problem? although this is a big job (better a tool or your instructions).
So I have a few questions if you want to ask (please),
- what exactly are all these keys (the missing, corrupted etc)?
- how can I enable Framework 3.5? (from the control panel> Windows capabilities),
- how can I enable the Feature Window Process Process, both the Process Activation and the .Net Environment Feature? (trying to activate Windows OS over the Internet?),
- what is CSM? (a setting into the BIOS, like secure boot),
Best Regards and also Merry Christmas ....
1) this problem is also a problem for many users in many of AMD or HP forums and if you help me find a solution process you will help many people, thank you from all.
2) sorry for poor English, this is not my language (thanks to google translate)
If you dont have CSM then some option had to be given for you to complain the drivers install one way, but not another.
My instructions were clear.
If you dont have CSM, you will have the newer Secure Boot mode Off Legacy OptRom Policy on, by default, you should also have a UEFI mode Switch that list BOTH UEFI and Legacy, which is a seperate switch on your board for notebooks, so basically if you see non of these options, your only option will be to re-key your device using the UEFI manufactures Tool they provide. You will have to do your own research on your own device, no one can do this for you.
If i could provide a link, i would actually have your device in my hands. Sorry man no link to provide.
When you purchased your device you should have had (2) options to pick from. Purchase a new notebook with Ubuntu already installed OR Windows10 Pre-installed. If you dont have a Duel boot compatiable device then your only option will to be to re-key the notebook.
You can learn all about Key Creation through online studies, research, and through (actual) UEFI ) manufactures such as AmericanTrends for example or Pegatron(which used to be a Spin-Off from AsusTek) Pegatron - Wikipedia
There is no easy win answer to computers, they were never ment to be t(that) user friendly, i gave you best work arounds already, and i dont know which company manufactured your mian board.
You didnt include that information. If this is all over your head it will best suited for you to RMA or Purchase another device.
I dont celebrate Xmas, thats why i said Happy New Year, again apologies.
*Edit* To include sig info
Just to be clear, Microsoft doest work for AMD , it is AMD that works for microsoft like all other manufacture looking to gain from it.
The new drivers now carry the secure boot policy Sigh's, something you will get when you eventually create the corrected needed new secure boot policy keys for your device and make new pairings to each the device and windows-10
AMD nor any other manufacture has any control over microsofts securerity policy's and must create drivers that carry the sigantures, that apart of being digitally signed. You can agree with it or don't but microsoft already included starting at 1607 (policy's will NOT be reverted.)
Apple Boot Camp is a lot easier, you can import/update the missing certs directly from desktop. You can consider getting a Mac if you like, but they are expensive and just as locked.
Hope this edit help clear a few missing things up .
Just looked up Hp.com, becuase out of all this discussion, you never mentioned which Bios Firmware Version you are running. Are you running the latest Firmware update for your notebook?
HP Pavilion Notebook - 15-ab102nv
May 17, 2017
HP updated your Firmware which includes the new FCU secure boot keys found here
Scroll down to BIOS , download and follow the prompts in the command boxs that appear. I have a newer HP product myself , im familiar with HP and they used a nice firmware method to stay updated and secure,
If you have wiped and clean installed windows10 on a new HP like this , then that also could be your reason and you <<<< will have to recreate the actual UEFI folders needed for a newer HP to function properly. That also would mean HALF of your firmware diagnostics will be DeFunct because it cant navigate to those previous created folders and until recreated cant be manually navigated.
Sorry M8 , you might be calling HP support for this one to have a Walk through to get those important folders back and to get the corrected copies of a previous firmware update and the latest update back onto your HP system.
Funny, my HP is the only PC i seen that allowed custom key creation but forgot to include the key menu .... Anyways, GL with all that, i had my fun with mine and No i would never recommend HP ever again becuase of that experience i had. Cheers.
THANK YOU for all your answers and for all your help.
I'm sorry about my stupid questions and the missing information about my problem.
I'm (I think) an advanced user of windows but it seems not as good as you are and not quite advanced to understand all your instructions that are very good and clear.
I have the original hard disk drive with all the partitions and I just made the upgrades of the windows.
I have the latest BIOS version on my laptop. The vendor of BIOS is Phoenix Award BIOS.
I hope that based on your information I will look and feel I find a solution for my problem.
I wish you a happy new year with health.
Thanks again and Best regards.
hello atlasminor, according to the system info of my laptop, I have American Megatrends Inc. F.45, 4/28/2017 bios version installed. I would to know if the F.45 Rev A May 17 is the same as the bios I have installed or an updated version of the one I have installed.
Here is a link to the drivers for my laptop in case you need it.
ALways good to have a second pair of eyes. Your wanting the 15-ab102nv with APU AMD A10-8700P.
I compared the 2 and the Bios looks the same but they are different. use link to 15-ab102nv with APU AMD A10-8700P unless your model changed.
When i searched HP for 15-ab102nv with APU AMD A10-8700P it came up blank for a minutes then the drivers appeared. But yes thats the updated 2017-2018 firmware you needed to keep the notebook going.. Should last you a long time. Win10 notebooks are more set in stone and on the new Mobile system this was done so microsoft wont make mistakes, its been a rocky road for all win10 mobile products.
They just released 3 huge AMD updates this month coupled with cumulative s alongside BugZilla. No, this isnt a new malware detection Bugzilla has now been deployed to Windows10 to fix most problems we all are facing, why they didn't have this from day one of public release beats me.
Keep a look out for new ways to Feedback and bugzilla news. Is about anyone can do. That firmware you linked has everything you would need.
No problem bud,
If you do get a hold of HP, which is something the previous owner of the HP i inherited .... did talk to HP and they try to sell the Recovery Disks usb/DVD selection, you will want to AVOID getting one of those unless your detwermined to Lock Windowss-10 to the original factory build, my HP shipped with 1607.
But using the HP recovery media they offer runs about 30$ U.S. and that will take your comp back to the stone ages. I do however have a good link that will explain the 'current' state of win10 security, its a youtube link, but the acttual Conferace filmed from is very much real, as are the groups supporting it.
This will not be over your head an is simply ment for learning purposes, im not trying get someone to take over the world with a clearly throttles commecial PC
Lead speaker is current Microsoft security rep, but what you will want to do is ( fast forward to through the wheel of dry) to the Secure Boot portion of the speach.
Those guys will slide show and explain the different modes UEFI goes into when setting different setting configs. This will be a great place to start looking into things, an you should be able to grab words to research based on whats in the Secure Boot portion of the lecture.
Thanks for info, very interest !
I think you know on Intel and Nvidia CPU-GPU there is not those problems, i have an 7 years old Intel i3 laptop and runs the latest windows, drivers and all that without any problem...
Also i try to clear the "all secure boot keys" and "load hp default keys" from BIOS settings but the problem not solved (after restart the laptop the drivers not working at all), but please if you want take a look to my thread on HP forum for the same problem and please tell me your opinion...
Ok, the reason they are suggesting you use the HP updated drivers is because the default secure boot keys on your notebook are probably not the latest X.509 certified keys that windows10 changed to during 1607 ...
That being known UEFI . org with microsoft provide the necessary tools and latest updated PKI's and KEK's required to stay compatible.
From there you will have access to the Learning Center along with links to videos and tutorials also the links to the actual tools needed to (Erase) not clear your keys and update your firmware following there instructions.
Clearing your keys did nothing, you need to physically ERASE them, they have full detailed PDF's on the website as well. You will have the opportunity to join the community.
Please be sure to take a look at the officail UEFI website before giving up.
This seems like a lot of trouble to go through for a notebook that wasn't graded for gaming and promoted as such, because even after all is said and done, other problems might occure, such as finding out the memory write protects your manufacture placed on it are dead locked, and that is something meant to never change. There is also the unknown write protects that were placed on the GPU's memory, this was all done to protect the notebook, but after microsoft decided it needed more policy's this became a problem.
Anyways glad to have given some insight onto the problem your facing, Before i forget, when clean installing or switching OS's your PK key will always need to be reset before preparation of the drive. That should have been in a lecture somewhere but it is almost always overlooked.