Created dateUpdated dateAffects versionFix version



Drive Eraser - All versions
USB Creator
PreInstall MSI



Booting Blancco Drive Eraser fails due to a Secure Boot with a message "Secure Boot – Selected boot image did not authenticate” or “No valid digital signature found, booting stopped by Secure Boot”.


Microsoft has recently released a security update KB5012170 which includes changes to UEFI Secure Boot DBX (Forbidden Signature Database) module. These changes are targeted to fix the security vulnerability known as "There’s a Hole in the Boot" (ADV200011) which allows for Secure Boot bypass.

As part of these changes certain vulnerable UEFI modules are being added to the DBX and this prevents a lot of 3rd party applications from booting successfully on devices with Secure Boot enabled, including Blancco Drive Eraser.


As a workaround, in order to boot Blancco software successfully on a machine which contains this security update the device needs to have:

  • Secure Boot disabled


  • UEFI mode switched to legacy BIOS mode

For certain devices it may be enough to restore the Secure Boot keys to factory state/reset all Secure Boot keys to platform defaults through the BIOS/UEFI settings.

Long term fix to mitigate this change will be implemented in a future Blancco Drive Eraser release. Once implemented booting Secure Boot enabled devices will be supported.

  • No labels