Re: Inaccessible_Boot_Device BSOD after upgrading to Win 11 ... - HP Support Community

harfri · ‎02-07-2023

Hi,

We've recently seen an influx of issues regarding the Windows 11 22H2 rollout, anyone else seen this issue and is there a solution available from HP?

Problem description:

System fails to boot after Windows 11 upgrade to 22H2, it will boot loop with BSOD “INACCESSIBLE_BOOT_DEVICE” and automatic repair.

Affected system (HP)

HP EliteDesk 800 G5 with i5-9500

Requirements for the issue to occur
1. System needs to have “Kernel DMA Protection” or similar setting enabled in BIOS
2. Windows security feature(s) utilizing any Viritualization Base Security is enabled
3. Running Windows 11 22H2
4. 8. og 9. Gen Intel CPUs (Unsure if this is directly related)

Typical fault scenario:

System is updated from Windows 10 21H2 or 22H2 to Windows 11 22H2 through windows update, during the update the system will fail to boot and enter the boot loop described earlier.
System is installed with Windows 11 22H2 directly, during SCCM deployment it will not recover by itself.
1. However, if it’s a clean install, the system will recover itself automatically, it will fail to boot (BSOD) but then disable the Memory Integrity setting and enter OOBE.

The issue is not limited to HP but of the cases we've seen, all the Lenovo laptops have been resolved by updating BIOS.

Current workaround

Disable kernel DMA protection in BIOS, we’re then able to enter the BitLocker recovery key and boot the system, it will continue the upgrade and boot normally when completed.

We have not been able to re-enable the Kernel DMA Protection setting in BIOS and then booting afterwards, system will get BSOD INACCESSIBLE_BOOT_DEVICE whenever Kernel DMA Protection is enabled. Even when Memory Integrity is disabled prior to changing the BIOS setting.

On systems where we have upgraded manually from Win 10 21H2 or Win 11 21H2 with upgrade assistant, we are able to upgrade with Kernel DMA Protection enabled, and Memory integrity disabled, but on those systems if we try to enable Memory integrity the system fails to boot and deactivates the Memory integrity feature automatically.

More information:

All these systems work fine with both Kernel DMA Protection and Memory Integrity enabled on both Windows 11 21H2 and Windows 10 22H2 without issues.
No memory dumps are created when the systems BSODs
System will trigger an HP DMA warning at boot.

Dinar_Galimov · ‎03-02-2023

Hello everybody,

We are seeing exactly the same issue with the HP EliteDesk 800 G5 SFF and 800 G5 DM and W11-22H2

We don't disable DMA Protection, we just disable HVCI manually using WinRE and after restarting the workstation, the task sequence continues.

The Microsoft DG readiness script shows that there are no HVCI incompatible drivers in the OS, but if I re-enable HVCI using the Windows Security app and after a restart, I see the Inaccessible_Boot_Device BSOD again. However, after another reboot, the OS disables HVCI automatically and boots W11-22H2.

We've opened Microsoft case to clarify the citation, and then we will transfer this question to HP if it's required.

harfri · ‎03-02-2023

Thanks for your reply, which CPUs are the affected devices running?

We've also escalated this issue with Microsoft, however not much progress on that front.

Dinar_Galimov · ‎03-03-2023

Hi,

HP EliteDesk 800 G5 SFF - Intel(R) Core(TM) i5-9500 CPU @ 3.00GHz

HP EliteDesk 800 G5 Desktop Mini - Intel Core i5-9500T CPU @ 2.20GHz

The whole behavior looks like the OS has a non-HVCI compliant driver installed, but the Microsoft validator cannot identify it until HVCI (Code Integrity) is enabled, and after a BSDO has occurred, rolls back HVCI enable.

Maybe we have to highlight it to MSFT ask to find the driver and add it to Microsoft recommended driver block rules

https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-co...

Alanoo · ‎03-29-2023

Guys, thanks for the workarounds !

This has been driving me nuts for the last 24 hours.

Dinar_Galimov · ‎03-29-2023

We have been working on the issue of the question for the last 3 months with Microsoft collaboration. Three support cases were opened simultaneously.

Now we know how to Prevent HVCI from being auto-enabled during setup a new workstation using SCCM OSD Task Sequence.

We created additional step with SCCM package execution in TS after applying OS but before it first starts:

reg.exe load HKLM\Temp "C:\Windows\System32\config\SYSTEM"

reg.exe add "HKLM\Temp\ControlSet001\Control\DeviceGuard\Scenarios\HypervisorEnforcedCodeIntegrity" /v "BlockAutoenablement" /t REG_DWORD /d 1 /f

reg.exe unload "HKLM\Temp"

As a result, a HP EliteDesk 800 G5 DM workstation has successfully been imaged and HVCI is off.

You can try test it at your side.

Inaccessible_Boot_Device BSOD after upgrading to Win 11 22H2

Create an account on the HP Community to personalize your profile and ask a question