FTL 2 Posted December 13, 2023 Share Posted December 13, 2023 (edited) In the absense of an official KB article at the mo ill just put it here incase it trips anybody else up and google brings them here. New BIOS update on the Surface (Laptop 5 in my case) with FDE installed turns it into a brick - all you will see is a flashing white Microsoft Logo and it will not boot They have added a new setting into the UEFI bios called Secure Code - you need to turn this off and then your surface device will boot again. Edited December 13, 2023 by FTL Link to comment Share on other sites More sharing options...
ESET Staff AAndrejko 11 Posted December 13, 2023 ESET Staff Share Posted December 13, 2023 Hi @FTL Thank you for sharing this information with everyone. Indeed we are currently experiencing an issue with the Surface Laptop 5 with Secure Core enabled when booting a fully encrypted system on Full Disk Encryption & Endpoint Encryption. The current and only workaround for this is to turn Secure Core off as you've stated above. We're currently still investigating the issue, but we do actually have a Surface Laptop 5 which we're able to replicate the issue on so I am hopeful we can find a solution to it soon. I can see some investigation work has already been carried out on the matter, however I imagine a fixed version wouldn't be available until after the new year the very least. I'd like to also note other devices with Secure Core enabled don't seem to be affected so it seems targeted towards that BIOS update of the Surface. I'm sorry for any inconvenience this has caused to yourself or anyone else affected. I will speak to my team to see if we can publish something in the meantime. Kind regards, Ashley NobelDwarf 1 Link to comment Share on other sites More sharing options...
ESET Staff Kstainton 37 Posted December 13, 2023 ESET Staff Share Posted December 13, 2023 5 minutes ago, AAndrejko said: Hi @FTL Thank you for sharing this information with everyone. Indeed we are currently experiencing an issue with the Surface Laptop 5 with Secure Core enabled when booting a fully encrypted system on Full Disk Encryption & Endpoint Encryption. The current and only workaround for this is to turn Secure Core off as you've stated above. We're currently still investigating the issue, but we do actually have a Surface Laptop 5 which we're able to replicate the issue on so I am hopeful we can find a solution to it soon. I can see some investigation work has already been carried out on the matter, however I imagine a fixed version wouldn't be available until after the new year the very least. I'd like to also note other devices with Secure Core enabled don't seem to be affected so it seems targeted towards that BIOS update of the Surface. I'm sorry for any inconvenience this has caused to yourself or anyone else affected. I will speak to my team to see if we can publish something in the meantime. Kind regards, Ashley Yes, seems to only affect what we believe to be Firmware Version 9.101.143.0 at this time for the Surface Laptop 5 specifically and not the former Firmware Version 7.10.143.0. So some people may notice their Surface Laptop 5 machines be fine initially and then once updated to the latest firmware start experiencing the issue and need to disable 'Secured Core' as mentioned previously. NobelDwarf 1 Link to comment Share on other sites More sharing options...
FTL 2 Posted December 13, 2023 Author Share Posted December 13, 2023 (edited) My laptop 5 is still under warranty so when it first happened couple of weeks back it was from a round of surface updates which included said BIOS update that killed it when it rebooted from them. Flashing windows logo on surface is a failed SSD in most cases so whipped it out put a new one in, booted fine so got Microsoft to repair it under warranty assuming it was a failed SSD. They sent it back as fixed - spent all day updating Windows as it come back with W10 21H2 on it, all my apps etc, inc FDE, all was good - then applied surface updates last and bang gone again - assumed dodgy BIOS update again. Back onto MS who sent out an advanced replacement device which i recieved today, thought sod it im going to install Surface updates on it first - all was good so at that point knew today at least it wasnt a dodgy update, installed all apps etc then lastly FDE and bang, dead - found the culprit. Spoke to support and the guy who answered knew straight away what the problem was - I disabled Secure Code and viola was back in and running. Just hope MS Support and service centre dont read this 🙂 Edited December 13, 2023 by FTL Link to comment Share on other sites More sharing options...
Recommended Posts