Hello.

My PC's Product ID says OEM and I bought it from an online store. I have not yet activated windows. I'd like to know:

1. If I choose the option (after using Novo Button) "secure boot >  restore factory keys":

   a) will I lose any functionality?

   b) Will I lose any updates to the secure keys/databases? If so, will the machine update these automatically?

   c) Will the factory secure databases/keys PK, KEK, DB and DBX be older than those eventually installed by the OEM? Or are the factory default databases/keys exactly the ones installed/updated by the OEM?

2. If I also do a "Full Drive Clean", to restore windows 10 to factory defaults, will this automatically Restore Secure Boot keys to factory values?

Thanks!

Hi 0Luc10,

Welcome to the Community Forums.

Would you be able to share a snapshot of the Novo menu option with the secure boot you are referring?

You may also share the machine type model or MTM from the sticker to help us identify the machine and if it came with which particular Windows OS.

On a preloaded OEM system running with Windows 8 and Windows 10, secure boot are  laid on its UEFI settings. OEM keys are embedded on the system for automatic activation and there is no need for any product key as long as you are installing the same OS version that came with it.

All other OEM keys are restored on the machine expected to be automatically activated even if you clean install. OEM factory restore to initial setup reimage the C: drive but does preserve the other data partitions as done by One Key Recovery. 

In both events (OKR and Clean install), it still always advise to backup personal data in a different location.

Do reply back soon as convenient.

Regards

It is windows home 10s, for the moment I prefer not to disclose the PC model; I provided the requested picture (sorry for quality).

Trying to be clearer about what I really want: I do not care about windows keys or activation, those I can manage myself. I can also perform a full drive clean. What I know little about is the AMD PlatformSecurityProcessor and the Secure Boot.

I want to know how far I can go regarding the options you see in the picture: "Clear AMD P.S.P. Key" and "Restore Factory Keys". The reason is this:

I want to assume someone tampered with my new PC before it came to my hands. This is why I will do a full drive clean, which will restore the windows installation to the factory state.

However, I also wish to assume that someone tampered with the PC, AMD P.S.P. and Secure Boot Databases and keys (I am referring to these: microsoft doc). So, I want to revert to factory keys, white and blacklist certificate databases, PK and KEKs.

The problem: I don't know if I can achieve this by choosing the options you see in the picture: "Clear AMD PSP key" and "Restore Factory Keys" OR if  these options will simply have unwanted consequences.

(I do not wish to go as far as Linus Thoravald instructs here, I do not have the time nor knowledge.) 

Thank you.

Hi 0Luc10,

Greetings.

As this informations are stored and managed by the BIOS, assuming that someone may have performed changes on it I would rather suggest that you clean install Windows using a local administrator as an account and proceed flashing the BIOS.

BIOS would automatically restore and update all defaults recommended for the system by the OEM. Latest BIOS would be available from the support site.

This would be a simpler fix to such situation.

Regards

I understand and thank you for your time, however, given the rate of failure of that operation (I find testimonies everywhere of people who have broken their BIOS that way) I would never risk flashing the BIOS.

Would you at least consider pointing me to some online resources that are enlightening regarding the effects of restoring the Secure Boot Factory keys and also the Clearing of AMD PSP key, please? I've searched for days and found nothing good, so far.

Thank you very much!

Will do, and right after that I'll fully clean the drive using the UEFI advanced options to get Win10 also reset as from factory. 

Given my lack of knowledge I need to settle for an intermediate solution.

Will also consider the vantage utility as you said.

Thanks!