Forum Discussion
b26063 - Bug Bash - Windows Security > Device Security - Cannot enable VBS anymore - FIXED
Ok fixed it. There is a new (BETA) BIOS, released some days ago, which addresses the issue. It is not mentioned in the release notes though.
I have the strong feeling it is related to the UEFI secure boot changes described in the linked article.
Believe we could need an urgent advisory. A blogpost isn't enought if this is true.
If the February changes (not yet fully proven) are able to disable security with unpatched UEFI devices, this would be something very noteable.
Mind that admins / users don't regularly do BIOS / UEFI updates on Servers or Clients.Solution in a summary
Hello Lien how are you doing?
No it has been solved for 22H2.
- update my UEFI from a 2023 to a 2024 beta version from Asrock
- redeploying Secure Boot keys and make sure it's enabled
- enabling Core Isolation on the Hyper-V Host (HCVI) which also enables VBS
- enable vTPM on the Azure Stack HCI nested virtualization VM (mslab)
Ok fixed it. There is a new (BETA) BIOS, released some days ago, which addresses the issue. It is not mentioned in the release notes though.
I have the strong feeling it is related to the UEFI secure boot changes described in the linked article.
Believe we could need an urgent advisory. A blogpost isn't enought if this is true.
If the February changes (not yet fully proven) are able to disable security with unpatched UEFI devices, this would be something very noteable.
Mind that admins / users don't regularly do BIOS / UEFI updates on Servers or Clients.
Solution in a summary
Hello Lien how are you doing?
No it has been solved for 22H2.
- update my UEFI from a 2023 to a 2024 beta version from Asrock
- redeploying Secure Boot keys and make sure it's enabled
- enabling Core Isolation on the Hyper-V Host (HCVI) which also enables VBS
- enable vTPM on the Azure Stack HCI nested virtualization VM (mslab)
For now, I can only interpret this as a local issue.