Note This update is re-released on October 13, 2015, with a smaller boot loader file bootmgfw.efi.
Note You can enter a 48-digit BitLocker recovery key to continue using the computer after TPM is locked out.
Method 1: Windows UpdateThis update is provided as an Optional update on Windows Update. For more information about how to run Windows Update, see How to get an update through Windows Update.
Method 2: Microsoft Download CenterThe following files are available for download from the Microsoft Download Center:
|All supported x86-based versions of Windows 8.1||Download the package now.|
|All supported x64-based versions of Windows 8.1||Download the package now.|
|All supported x64-based versions of Windows Server 2012 R2||Download the package now.|
For more information about how to download Microsoft support files, click the following article number to view the article in the Microsoft Knowledge Base:
PrerequisitesTo install this update, install April 2014, update rollup for Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2 (2919355) in Windows 8.1 or Windows Server 2012 R2.
Registry informationTo apply this update, you don't have to make any changes to the registry.
Restart requirementYou may have to restart the computer after you apply this update.
Update replacement informationThis update doesn't replace a previously released update.
Known issues about this updateSome Windows 8.1-based computers that installed the first version of this update may experience Secure Boot failures. Microsoft is aware of the issue and has re-released this update to fix this problem.
Affected devices that are known to Microsoft:
- The Dell Venue line (Dell Venue 8, Dell Venue 10, Dell Venue 11 are known to be affected).
- Other AMI BIOS-based systems, including the Linx 7 inch tablet.
The firmware in these devices can't handle a larger code signing signature that was applied to the boot loader file bootmgfw.efi.
SymptomsDevices experience boot failures after you install this update.The firmware on these devices produces an error message that looks something like:
Invalid signature detected. Check Secure Boot Policy in Setup.
WorkaroundTo work around this problem, use the following methods:
- Turn off Secure Boot temporarily, and enter the BitLocker recovery key during startup.
- Install the re-release of this update.
- Re-enable Secure Boot.
Article ID: 3084905 - Last Review: Oct 15, 2015 - Revision: 1