Created dateUpdated dateAffects versionFix version



Drive Eraser - 7.8.1 SB (and newer)N/A


Some devices may fail to boot Blancco Drive Eraser if "Allow Microsoft 3rd Party UEFI CA" is not enabled or "Enable MS UEFI CA Key" BIOS/UEFI option is disabled under the Secure Boot  settings.

This setting is named differently between the vendors but is normally located under Security and specifically Secure Boot settings section. Refer to below screenshots to identify the setting for different vendors:



This issue affects most of the latest generation devices and some examples listed below:

MakeModelSetting to allow booting Secure Boot enabled
LenovoX1 YogaAllow Microsoft 3rd Party UEFI CA - On
ThinkPad T14 Gen 3
Allow Microsoft 3rd Party UEFI CA - On
HPProBook 650 G8Enable MS UEFI CA key - checkbox selected
Latitude 5540
Enable Microsoft UEFI CA Key - On
Latitude 7310
Enable Microsoft UEFI CA Key - On


If Microsoft 3rd party UEFI CA is not allowed/enabled it is not possible to authenticate the Drive Eraser ISO leading the booting to fail.

This is due to a Microsoft requirement which instructs vendors to disable 3rd party certificates by default on newer devices. 

Lenovo offers an official statement for this behavior.


If Secure Boot cannot be fully disabled make sure that the Microsoft 3rd party UEFI CA is allowed/enabled to successfully boot Drive Eraser.