diff --git a/clients/cascades-tucson/reports/2026-04-17-chef-jd-no-boot-repair.md b/clients/cascades-tucson/reports/2026-04-17-chef-jd-no-boot-repair.md new file mode 100644 index 0000000..610303c --- /dev/null +++ b/clients/cascades-tucson/reports/2026-04-17-chef-jd-no-boot-repair.md @@ -0,0 +1,38 @@ +# Chef JD laptop — "no boot device" repair + +**Date:** 2026-04-17 +**Technician:** Howard Enos +**User:** JD Martin (Chef, Cascades of Tucson) +**Machine:** Acer laptop (JD's workstation) +**Symptom:** Laptop reports "no boot device detected" at power-on. + +## Diagnosis + +Pulled the internal drive and connected via USB-SATA adapter (appeared as E:). Drive hardware was healthy; GPT partition layout intact (MSR + 100 MB ESP + 222 GB Windows + 1 GB Recovery). Windows install at `E:\Windows` was fully intact. + +**Root cause:** The EFI System Partition's `\EFI\Microsoft\Boot\` directory was empty. UEFI firmware expects `bootmgfw.efi` and the BCD at that path; without them, firmware cannot find a boot loader and reports "no boot device." A stray copy of the Microsoft boot files existed under `\EFI\OEM\Boot\` but UEFI does not boot from that path. Fallback `\EFI\Boot\bootx64.efi` was present but the firmware's NVRAM boot entry pointed at the Microsoft path specifically. + +## Repair steps + +1. Mounted the ESP to drive letter `S:` (elevated). +2. Ran: `bcdboot E:\Windows /s S: /f UEFI` + - Result: "Boot files successfully created." + - Rebuilt `\EFI\Microsoft\Boot\` with `bootmgfw.efi` (3.0 MB), `bootmgr.efi`, `memtest.efi`, `SecureBootRecovery.efi`, BCD, language packs, fonts, resources. +3. Verified BCD with `bcdedit /store S:\EFI\Microsoft\Boot\BCD /enum all`: + - `{bootmgr}` → `\EFI\Microsoft\Boot\bootmgfw.efi` + - `{default}` "Windows 11" → `E:\Windows\system32\winload.efi` +4. Unmounted `S:`, reinstalled drive in laptop. + +## Secondary issue + +On first boot attempt, firmware reported "invalid signature detected — check Secure Boot." The Acer's Secure Boot database did not trust the restored `bootmgfw.efi` signature (either custom-mode keys or a DBX revocation state mismatch). + +**Resolution:** Secure Boot disabled in BIOS → system booted normally into Windows. + +## Outstanding / recommended follow-up + +- **Secure Boot is currently OFF.** Recommend re-enabling after next Windows Update cycle, which should refresh the firmware's Secure Boot DBX and signing trust. Procedure: + a. Let Windows Update run to completion (reboots included). + b. Enter BIOS (F2) → Security → Secure Boot → Enabled. + c. If "invalid signature" returns: BIOS → Security → "Erase all Secure Boot Settings" → "Restore Factory Default Keys" → Secure Boot Enabled → Save. +- No data loss; user profile, installed apps, and files unaffected.