Context: I successfully used the Windows USB installer to update Memtest86+ on a USB key, but I then failed to boot the result on a Lenovo ThinkPad P53s, a relatively high-end 2019 laptop which used to retail for 1439 Euro. It was only after I reran the installer that I remembered the warning about Secure Boot, went on to disable it and managed to use Memtest86+.
Looking at the installer again, I understand why I forgot the warning: it does not specifically warn about the behavior I experienced. When I tried booting specifically on the drive, the boot menu would just flash/refresh, as if the drive contained nothing to boot, without any error. If there had been a proper error message, I would certainly have disabled secure boot immediately, but instead, I went on to use PassMark's Memtest86 first.
The installer first shows the following:
This contains:
Installation Complete
Memtest86+ 7.20 USB Installer successfully installed Memtest86+ Boot Files on D:\
And then twice:
Installation Done, Your USB Drive should be able to boot on CSM or UEFI 32/64 bits!
Then comes the last screen:
…which reaffirms success:
The necessary files are installed on your USB drive and the drive is now bootable.
…but then comes with the important warning:
WARNING: Memtest86+ 7.20 is not signed by Microsoft for Secure Boot. Disable it from your BIOS options before trying
to boot on this USB Drive
Despite the uppercase "WARNING", this may not attract enough attention.
I can see a few issues:
The green, repeated success messages and exclamation marks seem to convey that all is good.
The warning does not attract much attention due to:
its format. Unlike the screen's title, it uses neither bold nor a bigger font. It also does not use yellow, orange or red.
its location:
On setup's last screen, which rarely conveys important information and is very easy to overlook for those who routinely go through Windows setup programs.
At the end of the text, after the reassuring text.
The absence of treatment of impact.
Improvements
I can only hope that my laptop's Secure Boot behavior is uniquely poor, but considering that it affects a modern laptop from a major manufacturer with an up-to-date BIOS (N2IETA5W (1.83) from 2024-06-20), I am afraid this behavior is widespread. It would be interesting to have more data on this behavior.
I believe changes similar to the following would suffice to solve this:
Display the warning either on its own screen or on the previous screen.
Display the warning at least in orange. Ideally, detect whether Secure boot is enabled (HWiNFO64 can do it) and if it is, use red.
Do not display "Your USB Drive should be able to boot on CSM or UEFI 32/64 bits!" on the progress screen. Move it on the last screen and drop the exclamation mark.
Do not display "Memtest86+ 7.20 USB Installer successfully installed Memtest86+ Boot Files on D:\" on the progress screen.
Consider indicating the impact of failing to enable secure boot. Specifically, that some PCs may quietly refuse to boot the drive without displaying any error.
By the way
I do not remember reading about "CSM" although I used Debian as my main OS for 15 years, have contributed to free software for decades and hold a CS bachelor's degree. I recommend expanding to "Compatibility Support Module".
"32/64 bits" should be in a parenthesis.
The warning is very poorly phrased. As a minimum, I would rephrase it as "Memtest86+ is not signed by Microsoft for Secure Boot. Trying to boot on this USB Drive on a computer with Secure Boot enabled in its BIOS configuration will fail."
Context: I successfully used the Windows USB installer to update Memtest86+ on a USB key, but I then failed to boot the result on a Lenovo ThinkPad P53s, a relatively high-end 2019 laptop which used to retail for 1439 Euro. It was only after I reran the installer that I remembered the warning about Secure Boot, went on to disable it and managed to use Memtest86+.
Looking at the installer again, I understand why I forgot the warning: it does not specifically warn about the behavior I experienced. When I tried booting specifically on the drive, the boot menu would just flash/refresh, as if the drive contained nothing to boot, without any error. If there had been a proper error message, I would certainly have disabled secure boot immediately, but instead, I went on to use PassMark's Memtest86 first.
The installer first shows the following:
And then twice:
Then comes the last screen:
…which reaffirms success:
…but then comes with the important warning:
Despite the uppercase "WARNING", this may not attract enough attention.
I can see a few issues:
Improvements
I can only hope that my laptop's Secure Boot behavior is uniquely poor, but considering that it affects a modern laptop from a major manufacturer with an up-to-date BIOS (N2IETA5W (1.83) from 2024-06-20), I am afraid this behavior is widespread. It would be interesting to have more data on this behavior.
I believe changes similar to the following would suffice to solve this:
By the way