I am working on a Linux live usb custom distribution built with Yocto and I wanted to enable secure boot using custom keys.
For that purpose I used meta-secure-code meta layer https://github.com/jiazhang0/meta-secure-core  to patch my image and include the secure boot keys on it.
I checked everything with Virtual Box (ok!) and then use the USB key on my laptop for validation.

Unfortunately I encountered the same behavior that KrissN on its messages => Black screen after enabling secure boot and installing custom keys (https://h30434.www3.hp.com/t5/Notebook-Operating-System-and-Recovery/Black-screen-after-enabling-sec...  )

 As describe on that other topic, my image is well recognized (because it is correctly signed by my custom keys) and I was able to boot on the USB key blindly by entering Boot menu (F9) and then trying each entry one by one and... cross fingers :-).
Unlike I was not able to see the HP Startup menu (ESC at laptop startup), I was able to navigate on the different options blindly. Except for the BIOS setup menu (F10).
Like KrissN : "I got a second, identical laptop from a collegue at work to serve as a guide for blindly walking through the menus. I have initially tried to walk through the BIOS Setup to reset it to factory settings, but I noticed that I was not hearing the beeps where I was hearing them on the working laptop's BIOS Setup so this got me to the conclusion that the Setup is not working."

Other solutions to update BIOS, using WIN+B or WIN+V => none were working

It was also impossible to update Keys using tools such as efi-updatevar ()

KrissN solved the issue by changing the motherboard.. I found a way to unbrick my laptop with software 🙂

And I will share the procedure, which could be helpful for someone else, who knows !!

So if you are facing the same black-screen issue :
- First of all it will be useful (even necessary) for you to have a second identical working computer in order to facilitate the process. At least a computer providing the same Startup menu (similar BIOS)
If you have the same computer than mine, you may follow my indications below without one be cross-checking with the BEEP/NO BEEP indications I am providing.

- You will need 2 USB keys, one for each computer

- on each USB key (formated as FAT) you will copy:
- noPK.auth file (at the root folder) => that file should be generated during your keys process generation. It is associated to you current flash PK key. That key will allow you to fallback to setup mode and then unbrick the startup menu.
- KeyTool.efi at the root folder => That file contains the KeyTool application that will allow you to update the PK to noPK key. The efi binary SHALL BE SIGNED with your DB.key. Otherwise it will not be executed

Check that only these two files are present on the USB keys. it will be easier to navigate blindly on the key with only these two files

The following procedure is the one that worked on my Probook 640 G2. Should work on any other BIOS/computer but the navigation will be different. You will have to adapt the procedure for your case, using the other computer.

- Then power on the two computers and enter the Startup Menu (ESC on my case)
Hit ESC several times in order to be sure that Startup menu is reached. You should hear several BEEP.
The BEEP sound will be very helpful at this stage. Take some time to navigate on the both computer at the same time. Verify that your are navigating on the same pages. For example go to F1 (System Information) - NO-BEEP then Escape to exit (BEEP).
Try System Diagnostics (F2) - NO-BEEP then arrow down three time to highlight Exit - NO BEEP, hit ENTER, arrow up to select YES - NO-BEEP, hit ENTER => BEEP. You should experience the same feedback (BEEP/NO-BEEP) from the black-screen computer.

Before next step => insert the USB KEY. Do not insert the USB key BEFORE laptop power up. Why ? because inserting the key AFTER will present the USB key as the latest drive on the "Boot from file menu" (you will understand later.)

Ok next step will be : executing the KeyTool.efi binary
For that you will need to go to
- Boot Menu (F9) => BEEP
- Boot from file => it is the latest entry. So I suggest you to hit arrow down key several times (10 or 20 times if you want). You will be on the "boot from file" item for sure. Then hit ENTER key => BEEP
- Here the boot menu will present you the list of device that are connected (hard drive or usb keys). As the USB key was inserted after the system powerup, I experienced that the USB key is always at the end of the list. So you can hit the down array key several times to be sure that the USB is selected. Hit ENTER => BEEP
- We are now browsing the key to select the EFI file. The KeyTool.efi file is the first and only one file recognized and is highlighted => hit ENTER => NO-BEEP
- The KeyTool menu is now displayed. There are four choices "Save Keys", "Edit Keys", "Execute Binary", and "Exit".

Verification Step:
If you want to be sure that you are on the good place (and to avoid any mistake after...), hit ENTER to select Save Keys option(NO-BEEP). Then you have to select your USB drive. Hit down arrow key several times like before and then hit ENTER (NO BEEP). The displayed menu request you to validate the operation => hit ENTER (NO BEEP).
You are now on the KeyTool startup menu. Unplug the USB key and check that the key contains all PK.esl, KEK.esl and DB.esl files. If yes, good news ! you managed to execute the right EFI application and to access the keys. You will now be able to remove the PEK key and unbrick your computer 🙂
Before continuing, remove all the esl files and check that there are still only 2 files on the keys (no .Trash folder following the files removal)
Plug back the USB key

PK Key Removal Step:
- Select the "Edit keys" option, hit one time down arrow key and hit ENTER (NO-BEEP)
- Select the "The Platform Key (PK) option => this is the first entry so hit ENTER => NO-BEEP
- Select Replace Key(s) => this is the first and only entry so hit ENTER => NO-BEEP
- You have to select the drive where the key is located. Hit down arrow key several times and hit ENTER (NO-BEEP)
- the only file displayed is the noPK.auth file. Hit ENTER => (NO-BEEP) and wait several minutes

Shut down your computer, remove the USB key and power up the computer.
The Startup menu should be displayed now 🙂