Share via

The Secure Boot on the Surface Laptop 5 disabled unexpectedly

Amin 10 Reputation points
2025-07-17T14:35:48.2566667+00:00

Today, I turned on my Surface Laptop 5, but it crashed and asked me to enter the BitLocker recovery key.

I checked and found that Secure Boot was disabled. Additionally, the model name changed to "OEMID SKU Number," and the serial number changed to "123123123". I managed to sign in to Windows with difficulty and reset it, but the problem still persists.

Can anyone help me with this?Screenshot 2025-07-17 071911

Surface | Surface Laptop | Install and update

3 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2025-07-17T19:19:35.74+00:00

    Hello Amin,

    To restore Secure Boot and allow Surface updates, you need to:

    Confirm the issue.

    Check UEFI settings.

    Enable Secure Boot.

    Restore correct system identifiers (SMBIOS).

    Verify everything is working.

    Press Windows + R, type msinfo32, and press Enter.

    In the System Summary, check:

    BIOS Mode → should be UEFI

    Secure Boot State → currently says Unsupported

    System Manufacturer / Model / SKU → shows OEMID, OEMID Product, etc.

    If BIOS Mode is Legacy, Secure Boot cannot be enabled. Surface devices should always use UEFI.

    STEP 2: Enter UEFI Firmware Settings

    Go to Settings > System > Recovery.

    Under Advanced startup, click Restart now.

    After reboot, choose:

    Troubleshoot > Advanced options > UEFI Firmware Settings

    Click Restart to enter the UEFI (BIOS) menu.

    STEP 3: Enable Secure Boot in UEFI

    Once inside the UEFI menu:

    Navigate to the Security or Boot Configuration tab.

    Look for Secure Boot:

    If it’s Disabled, change it to Enabled.

    If it’s Missing or Greyed Out, this confirms the system identifiers are corrupted or missing.

    Save changes and exit (usually by pressing F10).

    STEP 4: Restore Correct System Identifiers (SMBIOS)

    Your device likely has corrupted or generic SMBIOS data (e.g., OEMID), which prevents Secure Boot and Surface updates.

    Fix Method: Surface Platform Installer (SPI)

    This is a Microsoft internal tool used to reprogram SMBIOS data.

    Option A: Contact Microsoft Support

    Go to https://support.microsoft.com/contactus

    Select:

    Surface > Identify your Surface device

    Provide:

    Your device serial number

    A screenshot of msinfo32

    A message like:

    “My Surface Laptop 5 shows generic OEMID values and Secure Boot is unsupported. I believe the SMBIOS needs to be reprogrammed using the Surface Platform Installer.”

    Option B: Visit a Microsoft Authorized Service Center

    Go to https://support.microsoft.com/en-us/help/4036281

    Select (Country) and find a nearby service center.

    Bring your device and explain the issue.

    STEP 5: Verify Secure Boot and System Identity

    After the identifiers are restored:

    Reboot your device.

    Run msinfo32 again.

    Confirm:

    System Manufacturer → should say Microsoft Corporation

    System Model → should say Surface Laptop 5

    Secure Boot State → should say ON

    BIOS Mode → should be UEFI

    Optional: Message Template for Support

    Here’s a message you can copy-paste when contacting Microsoft:

    Hello,

    I have a Surface Laptop 5, but in msinfo32, the System Manufacturer, Model, and SKU show as OEMID, OEMID Product, and OEMID SKU Number.

    Secure Boot State is also showing as Unsupported.

    I believe the SMBIOS needs to be reprogrammed with the correct identifiers using the Surface Platform Installer.

    Can you assist me with this?

    Thank you!

    Please let me know if it works. I await your response.

    Warm regards,

    JayMark.D | Microsoft Community Support Specialist

  2. Anonymous
    2025-07-17T18:44:14.7966667+00:00

    Hello Amin,

    it means it is not compatible,

    Step 1: Check Your Device Model

    You need to confirm whether your device is actually a Surface Laptop 5.

    How to check:

    Press Windows + R to open the Run dialog.

    Type msinfo32 and press Enter.

    In the System Information window, look for:

    System Model: This should say Surface Laptop 5 if you're using the correct device.

    If it says something else (e.g., Surface Laptop 4, Surface Pro, or another brand), the update is not compatible.

    Step 2: Download the Correct Update

    If your device is not a Surface Laptop 5, you’ll need to find the update that matches your actual device.

    How to do this:

    Go to the official Microsoft Surface Drivers and Firmware page.

    Select your device model from the list.

    Download the latest firmware and driver package for your device.

    Run the installer and follow the on-screen instructions.

    Step 3: If You Are Using Surface Laptop 5

    If your device is a Surface Laptop 5 and you're still getting the error:

    Try these troubleshooting steps:

    Ensure Windows is up to date:

    Go to Settings > Windows Update and install any pending updates.

    Run the installer as Administrator:

    Right-click the update installer and choose Run as administrator.

    Check for system integrity issues

    Open Command Prompt as administrator and run:

    sfc /scannow

    This will scan and fix any corrupted system files.

    Please let me know if it works. I await your response.

    Warm regards,

    JayMark.D | Microsoft Community Support Specialist

  3. Anonymous
    2025-07-17T15:29:36.1+00:00

    Hello Amin

    Thank you for providing some screenshots

    here some steps you can take

    Step 1: Download the Latest Firmware

    Go to the official Microsoft download page for Surface Laptop 5:

    Surface Laptop 5 Drivers and Firmware 1 (https://www.microsoft.com/en-us/download/details.aspx?id=104679)

    Click Download and choose the .msi file that matches your Windows version (e.g., Windows 11).

    Save the file to your device.

    Step 2: Prepare Your Surface

    Plug in your charger – Ensure your Surface is connected to power.

    Connect to the internet – Required for installation and verification.

    Close all apps – To avoid interference during installation.

    Step 3: Install the Firmware

    Locate the .msi file you downloaded.

    Double-click to run the installer.

    Follow the on-screen instructions. The installer will:

    Update system drivers

    Reflash the UEFI/BIOS firmware

    Attempt to restore correct model and serial number

    Important: Do not turn off or restart your Surface during this process.

    Step 4: Restart and Check System Info

    After installation, restart your Surface.

    Enter the UEFI/BIOS:

    Press and hold the Volume Up button, then press and release the Power button.

    Keep holding Volume Up until the UEFI screen appears.

    Check:

    Model name – Should now show "Surface Laptop 5"

    Serial number – Should reflect the correct value

    Secure Boot – Should be enabled

    TPM – Should be active

    Step 5: Re-enable BitLocker (if needed)

    If BitLocker was disabled or reset:

    Open Control Panel > System and Security > BitLocker Drive Encryption

    Turn BitLocker back on and save the recovery key securely.

    Please let me know if it works. I await your response.

    Warm regards,

    JayMark.D | Microsoft Community Support Specialist

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.