Run the following commands from an Administrator command prompt to restore the boot files in EFI system boot partition. Type each command separately and then press Enter:

Added the Note below the download link for the Make2023BootableMedia.ps1 PowerShell script. The PowerShell script described in this article can be used to update Windows bootable media so that the media can be used on systems that trust the “Windows UEFI CA 2023” certificate.

When you turn on your Surface, it displays the following message: Couldn't find a bootable operating System. Check the Boot Configuration to try to fix this. On older devices, the Surface turns on and displays a drive icon with an X in the top right corner. When you turn on your Surface, it boots to UEFI (Unified Extensible Firmware Interface).

Fixes an issue in the Cdboot.efi, Cdboot_noprompt.efi, Efisys.bin, and Efisys_noprompt.bin files that causes a "Boot failed" error message. This issue occurs when you start a UEFI-enabled computer from the installation DVD of a 64-bit version of Windows 7 or Windows Server 2008 R2.

Start your device from the USB drive that was created with Recovery Drive. The process to boot from a USB drive may vary by manufacturer, so refer to your device's manual if needed. Create a recovery drive to reinstall Windows in case you experience a major issue such as hardware failure.

Windows updates released on and after February 13, 2024 include the ability to apply the Windows UEFI CA 2023 certificate to UEFI Secure Boot Allowed Signature Database (DB). Updating the DB will enable devices to receive future boot loader updates that are included in monthly updates.

Plan and perform Secure Boot certificate updates across your device fleet through preparation, monitoring, deployment, and remediation. In this section.

Learn about the standard terminology that is used to describe Microsoft software updates.

ブートキットは、オペレーティング システムの起動を制御するために、デバイスのブート シーケンスでできるだけ早く読み込むよう設計された悪意のあるプログラムです。 セキュア ブート は、Unified Extensible Firmware Interface (UEFI) から Windows カーネルのトラスト ブート シーケンスを介して安全で信頼できるパスを作成するために Microsoft によって推奨されています。 セキュア ブートは、ブート シーケンスにおけるブートキット マルウェアの防止に役立ちます。 セキュア ブートを無効にすると、デバイスがブートキット マルウェアに感染する危険にさらされます。

To help keep Windows devices secure, Microsoft maintains several Secure Boot related components, including the Secure Boot signature databases (DB and DBX), the key exchange key (KEK), and the Windows boot manager.