Hii,
In the case of the error of Invalid or Expired keys?
Search for msinfo32.exe in the search bar, take a screenshot, and post it here so we can see the correct laptop model or desktop configuration.
Thanks
How to fix secure boot mismatch in keys on ASUS D700SA
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(102.4, 73%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ED%3C/text%3E%3C/svg%3E)
DDK105
25
Reputation points
Had a USB overage issue popping up, so finally reinstalled Windows 11 Pro on this computer, now secure boot does not work when I turn on. Get error and I think the keys are corrupted or mismatched. Tried restoring factory in Bios but did now help
Windows for home | Windows 11 | Security and privacy
2 answers
Sort by: Most helpful
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(92.8, 25%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EIB%3C/text%3E%3C/svg%3E)
Ivan B 113.7K Reputation points Independent Advisor2026-06-03T19:42:30.45+00:00 -
DDK105 25 Reputation points
2026-06-03T20:32:27.87+00:00 I hope this works, not sure if it will let me post / attach system info screenshot
-
Ivan B 113.7K Reputation points Independent Advisor
2026-06-03T20:55:59.5833333+00:00 Hi,
I understand if you have difficulty taking a screenshot, upload it to OneDrive or Google Drive and post the link here.
Thanks
-
Deleted
This comment has been deleted due to a violation of our Code of Conduct. The comment was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.
-
DDK105 25 Reputation points
2026-06-03T23:05:08.5733333+00:00 your link did not work, but I asked copilot to take relevant information and put in form that would be acceptable to post here. Will see if this is allowed-System Summary (sanitized):
SMBIOS Version: 3.2
BIOS Mode: UEFI
BaseBoard Manufacturer: ASUSTeK COMPUTER INC.
BaseBoard Product: D700SA
BaseBoard Version: 1.0
Platform Role: Desktop
Secure Boot State: Off
Kernel DMA Protection: On
Virtualization-based Security: Running
VBS Services: Hypervisor Enforced Code Integrity
App Control for Business: Enforced
-
Ivan B 113.7K Reputation points Independent Advisor
2026-06-03T23:08:38.5233333+00:00 Hi,
Do you know how to access the BIOS and check the boot menu to see if it says Windows Boot Manager, UEFI, or Hard Disk?
Check if CSM is disabled.
Thanks
-
DDK105 25 Reputation points
2026-06-03T23:18:30.6166667+00:00 Bios says Windows Boot Manager, UEFI. Pretty sure CSM disabled
-
Ivan B 113.7K Reputation points Independent Advisor
2026-06-03T23:28:58.0966667+00:00 Hi,
I recommend updating the BIOS.
Remember that updating the BIOS is recommended, but it carries risks. If you interrupt the process, your laptop may not boot. Therefore, if you are not experienced with hardware and software, I recommend skipping this step, although it is highly recommended.
To update the BIOS, you first need to disable BitLocker. To do this, open the command prompt (as administrator) and run the command:
manage-bde -off C:, wait for the decryption process and restart your computer.After that, you can download the BIOS from the link below:
https://www.asus.com/supportonly/d700sa/helpdesk_bios/
How to perform the BIOS update procedure: https://www.asus.com/support/faq/1008276/
After updating the BIOS, you will need to reset the BIOS settings to default and save the settings.
Start windows After that you will restart access the bios check if CSM is disabled if it is disable save the bios let windows start > restart the PC access the bios activate secure boot.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable email notifications if you want to receive the related email notification for this thread.
While this is not a Microsoft website, it is the official site of [D700SA/ ASUS].
Thanks
-
DDK105 25 Reputation points
2026-06-04T01:58:16.86+00:00 I updated through windows I thought, but that did not work, so Asus website says can download to USB and flash that way in bios, but can't figure out how to get to where I can do that in bios, have the USB drive with update on it
-
Ivan B 113.7K Reputation points Independent Advisor
2026-06-04T11:58:06.9333333+00:00 Hi,
Updating through Windows works. If it didn't work and there was an error, please let me know.
Check in the BIOS if it's the latest version compared to the ASUS website.
If it is the latest version,
you will access the BIOS, go to the key management tab, take a picture and post it here.
Thanks
Sign in to comment -
-
AI answer
2026-06-03T18:57:02.4566667+00:00 Follow these steps to repair Secure Boot key issues and get Secure Boot working again.
- Boot into UEFI/BIOS setup
- Turn on or restart the ASUS D700SA.
- While it is starting, press the ASUS firmware key repeatedly (commonly F2, Del, F10, F11, or F12) until the firmware/BIOS menu opens. If the key is unclear or the screen passes too fast, check ASUS support.
- Alternatively, from Windows: select Power > hold Shift while selecting Restart, then choose Troubleshoot > Advanced options > UEFI Firmware Settings and restart into firmware.
- Disable Secure Boot temporarily
- In the firmware menus, go to the Security, Boot, or Authentication tab.
- Locate Secure Boot and set it to Disabled.
- Save changes and restart to confirm Windows still boots normally.
- Reset Secure Boot keys to factory defaults
- Boot back into the UEFI/BIOS setup.
- In the Secure Boot section, look for options related to keys, such as Install Default Keys, Restore Factory Keys, or Reset to factory defaults.
- Use the option that resets or installs the manufacturer’s default Secure Boot keys (avoid any option labeled only Clear; prefer Reset or Install default so the keys are restored, not just erased).
- Save changes and exit.
- Re‑enable Secure Boot
- Boot again into the UEFI/BIOS setup.
- Confirm the system is set to UEFI boot mode (not Legacy/CSM). If CSM/Legacy is enabled, disable it so the system boots in pure UEFI mode.
- In the Secure Boot section, set Secure Boot to Enabled.
- If the firmware offers a mode such as Standard or Windows UEFI mode, select that.
- Save changes and exit. The PC should reboot into Windows with Secure Boot on.
- If the PC fails to boot after enabling Secure Boot
- Enter UEFI/BIOS again and disable Secure Boot so the system can start.
- From Windows, open an elevated Command Prompt and repair boot files if needed:
-
mountvol s: /s -
del s:\*.\* /f /s /q -
bcdboot %systemroot% /s S:Run each command separately and press Enter after each.
-
- Restart the device back into Windows.
- Go back into UEFI/BIOS, re‑enable Secure Boot, save, and reboot.
- If Secure Boot still cannot be enabled
- Disable Secure Boot again so the device can start.
- In UEFI/BIOS, reset Secure Boot keys to factory defaults once more (using Reset rather than Clear if both exist).
- If problems persist, contact ASUS support for this specific model, as the key store or firmware may require vendor‑specific recovery.
These steps address corrupted or mismatched Secure Boot keys by resetting them to factory defaults, rebuilding Windows boot files if necessary, and then re‑enabling Secure Boot.
References:
- Disabling Secure Boot
- How to manage the Windows Boot Manager revocations for Secure Boot changes associated with CVE-2023-24932
- Boot to UEFI Mode or legacy BIOS mode
- Windows 11 and Secure Boot
- Secure the Windows boot process
- Windows devices for home users, businesses, and schools with Microsoft-managed updates
- why don't i have the 2023 secure boot keys - Microsoft Q&A
- Secure boot state is still off tried alot of things - Microsoft Q&A
AI-generated content may be incorrect. Read our transparency notes for more information. - Boot into UEFI/BIOS setup