Jump to content

New Surface BIOS update breaks FDE and renders laptop unbootable!


FTL

Recommended Posts

In the absense of an official KB article at the mo ill just put it here incase it trips anybody else up and google brings them here.

New BIOS update on the Surface (Laptop 5 in my case) with FDE installed turns it into a brick - all you will see is a flashing white Microsoft Logo and it will not boot

They have added a new setting into the UEFI bios called Secure Code - you need to turn this off and then your surface device will boot again.

 

 

Edited by FTL
Link to comment
Share on other sites

  • ESET Staff

Hi @FTL

Thank you for sharing this information with everyone. Indeed we are currently experiencing an issue with the Surface Laptop 5 with Secure Core enabled when booting a fully encrypted system on Full Disk Encryption & Endpoint Encryption. The current and only workaround for this is to turn Secure Core off as you've stated above.

We're currently still investigating the issue, but we do actually have a Surface Laptop 5 which we're able to replicate the issue on so I am hopeful we can find a solution to it soon. I can see some investigation work has already been carried out on the matter, however I imagine a fixed version wouldn't be available until after the new year the very least. I'd like to also note other devices with Secure Core enabled don't seem to be affected so it seems targeted towards that BIOS update of the Surface.

I'm sorry for any inconvenience this has caused to yourself or anyone else affected.

I will speak to my team to see if we can publish something in the meantime.

Kind regards,

Ashley

Link to comment
Share on other sites

  • ESET Staff
5 minutes ago, AAndrejko said:

Hi @FTL

Thank you for sharing this information with everyone. Indeed we are currently experiencing an issue with the Surface Laptop 5 with Secure Core enabled when booting a fully encrypted system on Full Disk Encryption & Endpoint Encryption. The current and only workaround for this is to turn Secure Core off as you've stated above.

We're currently still investigating the issue, but we do actually have a Surface Laptop 5 which we're able to replicate the issue on so I am hopeful we can find a solution to it soon. I can see some investigation work has already been carried out on the matter, however I imagine a fixed version wouldn't be available until after the new year the very least. I'd like to also note other devices with Secure Core enabled don't seem to be affected so it seems targeted towards that BIOS update of the Surface.

I'm sorry for any inconvenience this has caused to yourself or anyone else affected.

I will speak to my team to see if we can publish something in the meantime.

Kind regards,

Ashley

Yes, seems to only affect what we believe to be Firmware Version 9.101.143.0 at this time for the Surface Laptop 5 specifically and not the former Firmware Version 7.10.143.0. So some people may notice their Surface Laptop 5 machines be fine initially and then once updated to the latest firmware start experiencing the issue and need to disable 'Secured Core' as mentioned previously.

Link to comment
Share on other sites

My laptop 5 is still under warranty so when it first happened couple of weeks back it was from a round of surface updates which included said BIOS update that killed it when it rebooted from them.

Flashing windows logo on surface is a failed SSD in most cases so whipped it out put a new one in, booted fine so got Microsoft to repair it under warranty assuming it was a failed SSD.

They sent it back as fixed - spent all day updating Windows as it come back with W10 21H2 on it, all my apps etc, inc FDE, all was good - then applied surface updates last and bang gone again - assumed dodgy BIOS update again.

Back onto MS who sent out an advanced replacement device which i recieved today, thought sod it im going to install Surface updates on it first - all was good so at that point knew today at least it wasnt a dodgy update, installed all apps etc then lastly FDE and bang, dead - found the culprit.

Spoke to support and the guy who answered knew straight away what the problem was - I disabled Secure Code and viola was back in and running.

Just hope MS Support and service centre dont read this 🙂

Edited by FTL
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...