I just purchased a "HP Pavilion 15-B055ca (C7C80UA#ABL) Ultrabook" from my local computer store the other day, as well as an SSD hard drive.
I removed the original 500GB HDD, installed a 120GB SSD, loaded an Ubuntu live CD via USB and used "GParted" to first shrink the windows partitions on the 500GB HDD and then copy them onto my SSD, leaving some space to dual boot Ubuntu 12.10 later on…
I had to re-flag my windows partition to "boot", and I wasn't able to copy over a small partition with the drive formatted to "msft" I believe (probably a proprietary Microsoft formatting that GParted couldn't deal with?), as well as enable legacy mode on my UEFI capable motherboard, but I was finally able to run my pre-installed version of Windows 8 on an SSD, after copying it from the HDD originally provided by HP. I felt pretty good about myself after that! It's an appreciably noticeable difference, that's for sure.
I now wish to disable legacy mode and re-enable secure boot, but whenever I do either of those two things I am told that "Selected boot image could not authenticate" by the UEFI Secure Boot app I presume. Which is odd to me, since I am technically using the exact same windows image installed on the computer when it was manufactured, I have only changed the drive type, size, and removed a small msft formatted partition because I couldn't copy it.
My question is: How do I re-sign my Windows boot loaders and/or re-enable Secure Boot on my laptop and be able to boot into Windows 8?
Thank you for reading.
Best Answer
You can't re-sign anything with Microsoft's key -- only Microsoft can do that. Unless you've modified the boot loader binary, it's still signed with Microsoft's key. Thus, the message you're seeing about a failure to authenticate a binary probably applies to some other EFI binary -- perhaps an EFI version of GRUB. It's really hard to tell what's going on from your description, though; there are just too many technical details you haven't specified. Thus, I recommend you download and run the Boot Info Script, which collects these details in a file called
RESULTS.txt. Post a link to that file here.Chances are you can get this working, but you may need to do an MBR-to-GPT conversion and/or use a tool like Linux's
efibootmgror thebcfgcommand available in an EFI version 2 shell to re-enable the Windows boot loader. You may also need to install shim or PreBootloader if you want to boot Linux with Secure Boot active. I'm not providing details yet because those depend on your current configuration, which I won't know until I see thatRESULTS.txtfile.