Versions Compared

Old Version 3

changes.mady.by.user Niko Puruskainen

Saved on

compared with

New Version 4

changes.mady.by.user Sami Purho

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Minor rewording and added references to other vendors
Created dateUpdated dateAffects versionFix version

 24 Aug

 

Drive Eraser - 7.8.1 SBN/A

...

Some devices may fail to boot Blancco Drive Eraser if "Allow Microsoft 3rd Party UEFI CA" is not enabled or "Enable MS UEFI CA Key" BIOS/UEFI option is disabled under the " Secure Boot Key Management" settings in Secure Boot Configuration.

Image Removed

Boot  settings.

This setting is named differently between the vendors but is normally located under Security and specifically Secure Boot settings section. Refer to below screenshots to identify the setting for different vendors:

UI Tabs
UI Tab
titleLenovo - Allow Microsoft 3rd Party UEFI CA

Image Added

UI Tab
titleHP - Enable MS UEFI CA key

Image Added 

UI Tab
titleDell - Enable Microsoft UEFI CA

 Image Added

This issue affects most of the latest generation devices and some examples listed belowThe name of the setting can be different for different vendors. A list of devices mentioned below are known to be affected by this issue:

MakeModelSetting to allow booting Secure Boot enabled
LenovoX1 YogaHPProBook 650 G8Allow Microsoft 3rd Party UEFI CA - On
Lenovo
ThinkPad T14 Gen 3
Allow Microsoft 3rd Party UEFI CA - On
HPProBook 650 G8X1 YogaEnable MS UEFI CA KeyLenovo
ThinkPad T14 Gen 3Enable MS UEFI CA Keykey - checkbox selected
Dell
Latitude 5540
Enable MS Microsoft UEFI CA Key - On
Dell
Latitude 7310
Enable MS Microsoft UEFI CA Key - On

Cause

With the mentioned setting disabled If Microsoft 3rd party UEFI CA is not allowed/enabled it is not possible to authenticate the Drive Eraser ISO leading the booting to booting the failfail.

This is due to a Microsoft requirement which instructs vendors to disable 3rd party certificates by default on newer devices. 

Lenovo offers an official statement for this behavior.

Resolution

If Secure Boot cannot be fully disabled make sure that the "Enable MS Microsoft 3rd party UEFI CA Key" option is allowed/enabled as well to allow successfully boot Drive Eraser to boot successfully.Lenovo offers a official statement for this behavior.