| Created date | Updated date | Affects version | Fix version |
|---|---|---|---|
|
| Drive Eraser - 7.8.1 SB (and newer) | Preinstall - 3.0 |
Problem
Some devices may fail to boot Blancco Drive Eraser if "Allow Microsoft 3rd Party UEFI CA" is not enabled or "Enable MS UEFI CA Key" BIOS/UEFI option is disabled under the Secure Boot settings.
This setting is named differently between the vendors but is normally located under Security and specifically Secure Boot settings section. Refer to below screenshots to identify the setting for different vendors:
This issue affects most of the latest generation devices and some examples listed below:
| Make | Model |
|---|---|
| Lenovo | X1 Yoga |
| Lenovo | ThinkPad T14 Gen 3 |
| HP | ProBook 650 G8 |
| Dell | Latitude 5540 |
| Dell | Latitude 7310 |
Cause
If Microsoft 3rd party UEFI CA is not allowed it is not possible to authenticate the Drive Eraser ISO leading the booting to fail.
This is due to a Microsoft requirement which instructs vendors to disable 3rd party certificates by default on newer devices.
Lenovo offers an official statement for this behavior.
Resolution
Starting from Blancco Preinstall 3.0 it is possible to disable the Secure Boot on selected Lenovo Secured-core devices automatically before booting to Blancco Drive Eraser. Below requirements need to be met in order to use this feature:
- An existing supervisor password needs to be set on the device and passed to Blancco Preinstall.
- This feature is supported on all Lenovo ThinkPad models from 2020 or newer. Select models released before 2020 may support the feature but this cannot be guaranteed.
Alternatively you can opt to fully disable Secure Boot manually or allow the Microsoft 3rd party UEFI CA from the device UEFI settings to resolve this issue.