ASUS FX504GE Secure Boot “Invalid Signature Detected” even after restoring keys
Hi everyone, I really need help because I’ve been stuck on this for hours.
Laptop: ASUS FX504GE
BIOS Version: 323
I accidentally exported my Secure Boot keys earlier, and after that I started getting:
“Secure Boot Violation / Invalid Signature Detected”
Things I already tried:
Restored factory Secure Boot keys
Cleared PK/KEK/db/dbx
Reinstalled default keys
Set Secure Boot Mode to Standard
OS Type = Windows UEFI Mode
Disabled CSM
Rebuilt EFI using:
bcdboot C:\Windows /s S: /f UEFI
Removed old boot entries with bcdedit
Loaded BIOS defaults
Set Windows Boot Manager as first boot option
I also noticed the EFI partition contains:
PK
KEK
db
dbx
dbt
Even after all of this, Secure Boot still says:
“Invalid Signature Detected. Check Secure Boot Policy in Setup”
Windows can boot if Secure Boot is disabled, but enabling it immediately causes the error again.
At this point I’m wondering:
Is my EFI partition corrupted?
Is ASUS NVRAM stuck with a bad boot entry?
Do I need to completely recreate the EFI partition?
Could the Secure Boot databases themselves be corrupted?
Any help would really mean a lot because I’m scared of making it worse.