I woke up to a troubling message on my HP OMEN: 'Disable MS UEFI CA. Code signed with MS UEFI CA key is not allowed to execute during reboot and may render your system unable to boot.' Instead of selecting 'discard and continue without changing,' I chose 'agree and continue startup,' which allowed my system to boot. After that, I was taken to the Microsoft BitLocker screen and had to enter a recovery key. Everything seemed fine afterwards until I shut down my computer. When I tried to power it back on, I ended up with a black screen. The caps lock key was blinking five times slowly and then three times fast. What went wrong, and how do I fix this?
1 Answer
It sounds like you inadvertently modified the UEFI trust chain by agreeing to disable the MS UEFI CA. This change triggered BitLocker to ask for a recovery key because it detected a shift in trust between the bootloader and Secure Boot. The blinking caps lock indicates a BIOS issue likely linked to those changes. Here's how to try fixing it: 1) Perform a full reset of the EC and BIOS: unplug the power, hold the power button for 15 seconds, then reconnect and try pressing F10 again. 2) If that doesn't work, try HP's BIOS recovery: Power off, hold the Win + B keys, press the power button for a few seconds while continuing to hold Win + B until the BIOS recovery screen shows up. 3) Once there, restore the factory Secure Boot keys, re-enable Microsoft UEFI CA, set Secure Boot to 'Standard,' save the settings and reboot. This should get you past the BitLocker screen without any issues. Your data is safe; this is strictly a firmware problem, not a disk issue.
Thanks for the detailed steps! I’m a bit anxious about messing with BIOS though.
What caused the initial prompt in the first place? Was it because of my earlier choice? Could this happen again?