Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Preinstall 3.0 update - Resolution chapter rephrased completely and removed reference to correct settings from the above table due to confusion.
Created dateUpdated dateAffects versionFix version



Drive Eraser - 7.8.1 SB (and newer)N/APreinstall - 3.0


Some devices may fail to boot Blancco Drive Eraser if "Allow Microsoft 3rd Party UEFI CA" is not enabled or "Enable MS UEFI CA Key" BIOS/UEFI option is disabled under the Secure Boot  settings.


This issue affects most of the latest generation devices and some examples listed below:

Setting to allow booting Secure Boot enabled
LenovoX1 Yoga
Allow Microsoft 3rd Party UEFI CA - OnAllow Microsoft 3rd Party UEFI CA - On
ThinkPad T14 Gen 3

HPProBook 650 G8
Enable MS UEFI CA key - checkbox selected
Latitude 5540

Enable Microsoft UEFI CA Key - OnEnable Microsoft UEFI CA Key - On

Latitude 7310


If Microsoft 3rd party UEFI CA is not allowed /enabled it is not possible to authenticate the Drive Eraser ISO leading the booting to fail.


Lenovo offers an official statement for this behavior.


Starting from Blancco Preinstall 3.0 it is possible to disable the Secure Boot on selected Lenovo Secured-core devices automatically before booting to Blancco Drive Eraser. Below requirements need to be met in order to use this feature: 

  • An existing supervisor password needs to be set on the device and passed to Blancco Preinstall.
  • This feature is supported on all Lenovo ThinkPad models from 2020 or newer. Select models released before 2020 may support the feature but this cannot be guaranteed.

If Secure Boot cannot be fully disabled make sure that Alternatively you can opt to fully disable Secure Boot manually or allow the Microsoft 3rd party UEFI CA is allowed/enabled to successfully boot Drive Eraserfrom the device UEFI settings to resolve this issue.