• ×
    Information
    Need Windows 11 help?
    Check documents on compatibility, FAQs, upgrade information and available fixes.
    Windows 11 Support Center.
  • post a message
  • ×
    Information
    Need Windows 11 help?
    Check documents on compatibility, FAQs, upgrade information and available fixes.
    Windows 11 Support Center.
  • post a message
Guidelines
Join the HP Community Solve‑a‑thon | Help Others & Share Your Solutions | Live on Zoom | 2:30 PM to 2:30 AM IST | Every Wednesday Click here to know more
Locked

‎08-27-2025 03:32 AM

HP Recommended

Hi,

I've seen this topic several time in the Forum, but I do not find a clear answer.

 

I want to enable Secure Boot and use my own keys:

photo_2025-08-27_11-21-59.jpg

 

As it says in the documentation: https://h10032.www1.hp.com/ctg/Manual/c06696065.pdf

 

When checked and system is rebooted, custom secure
boot keys are imported from the EFI\HP directory from
the hard drive or USB device. The custom keys consist of
PK, KEK, DB, and Dbx .bin files. When import succeeds or
fails, a preboot prompt shows the results of each key bin
file.

 

Then, I format a USB 4GB stick as follows (I've tried with msdos partition table too):

 

When checked and system is rebooted, custom secure
boot keys are imported from the EFI\HP directory from
the hard drive or USB device. The custom keys consist of
PK, KEK, DB, and Dbx .bin files. When import succeeds or
fails, a preboot prompt shows the results of each key bin
file.

 

HP_BIOS$ tree .
.
└── EFI
   └── HP
       ├── DB.bin
       ├── DBX.bin
       ├── KEK.bin
       └── PK.bin

3 directories, 4 files

But I have the following error:

"Failed to import Secure Boot custom * from \EFI\HP\*.bin, or the file was not found.

 

photo_2025-08-27_11-22-32.jpg

 

This is my current setup:

photo_2025-08-27_11-22-36.jpg

 

What I am doing wrong?

 

Thanks,

 

Javier

1 REPLY 1

‎01-06-2026 07:22 AM

HP Recommended

Hello 0xHex,

 

Thank you for posting your concern,

 

To enable Secure Boot and use your own custom Secure Boot keys on an HP system, you need to follow a specified process. Here is a general outline of the steps involved:

  1. Prepare Your Keys: Before proceeding with the setup, ensure you have your custom Platform Key (PK), Key Exchange Keys (KEK), and signatures for trusted execution (DB and DBX) ready. These should be stored as .bin files.
  2. Access Secure Boot Settings:
    • Access the BIOS Setup by pressing the appropriate key during the system boot (usually F10 for HP systems).
    • Navigate to the Security tab and select Secure Boot Configuration.
  3. Set Up for Custom Keys:
    • Set Secure Boot to Enabled.
    • Change Key Management from HP Keys to Custom Keys. This will disable Secure Boot temporarily, allowing changes to the key database.
  4. Import Your Custom Keys:
    • Place your .bin files (PK, KEK, DB, DBX) in the EFI\HP directory on your primary hard drive or a USB device.
    • Reboot your system. The system should prompt you about importing keys. Follow the on-screen instructions to proceed with the import.
  5. Verify the Import Process:
    • You may be notified whether the import succeeded or failed. Make sure your keys are aligned correctly if there is any failure.
  6. Final Steps:
    • Once your custom keys are successfully imported, you can re-enable Secure Boot. The system will now use your customized keys for boot validation.

These steps allow you to ensure that only your specified software can be executed during the boot process, enhancing the security of your system with your selected keys.

Ensure that you carefully manage your keys and follow any specific detailed instructions that apply to your particular system and BIOS version.

I am an HP Employee. Although I am speaking for myself and not for HP.
Click Helpful = Yes to say Thank You.
Question / Concern Answered, Click "Accept as Solution"
Was this reply helpful? Yes No
Warning
Be alert for scammers posting fake support phone numbers and/or email addresses on the community.
If you think you have received a fake HP Support message, please report it to us by clicking on "Flag Post".
† The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.
Didn't find what you were looking for? Ask the community
† The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the <a href="https://www8.hp.com/us/en/terms-of-use.html" class="udrlinesmall">Terms of Use</a> and <a href="/t5/custom/page/page-id/hp.rulespage" class="udrlinesmall"> Rules of Participation</a>.