Created date | Updated date | Affects version | Fix version |
---|---|---|---|
|
| Drive Eraser - All versions | N/A |
Problem
Booting Blancco Drive Eraser fails due to a Secure Boot with a message "Secure Boot – Selected boot image did not authenticate” or “No valid digital signature found, booting stopped by Secure Boot”.
Cause
Microsoft has recently released a security update KB5012170 which includes changes to UEFI Secure Boot DBX (Forbidden Signature Database) module. These changes are targeted to fix the security vulnerability known as "There’s a Hole in the Boot" (ADV200011) which allows for Secure Boot bypass.
As part of these changes certain vulnerable UEFI modules are being added to the DBX and this prevents a lot of 3rd party applications from booting successfully on devices with Secure Boot enabled, including Blancco Drive Eraser.
Resolution
As a workaround, in order to boot Blancco software successfully on a machine which contains this security update the device needs to have:
- Secure Boot disabled
Or
- UEFI mode switched to legacy BIOS mode
For certain devices it may be enough to restore the Secure Boot keys to factory state/reset all Secure Boot keys to platform defaults through the BIOS/UEFI settings.
Long term fix to mitigate this change will be implemented in a future Blancco Drive Eraser release. Once implemented booting Secure Boot enabled devices will be supported.