/
Blancco Drive Eraser Boot Failure due to secure boot

Blancco Drive Eraser Boot Failure due to secure boot

Owned by Niko Puruskainen
Last updated: Nov 28, 2024 by Sujan Karanjeet
Created dateUpdated dateAffects versionFix version

 

  

Drive Eraser - All versions
USB Creator
PreInstall MSI

N/A

Problem

Booting Blancco Drive Eraser fails due to a Secure Boot with a message "Secure Boot – Selected boot image did not authenticate” or “No valid digital signature found, booting stopped by Secure Boot”.

Cause

Microsoft has released several security updates (see below) which include changes to the UEFI Secure Boot DBX (Forbidden Signature Database) module. These changes are targeted to fix security vulnerabilities such as "There’s a Hole in the Boot" (ADV200011) which allows for Secure Boot bypass.

Patch codeVulnerability codeRelease dateDrive Eraser fix version

KB5012170

CVE-2022-34301 / 34302 / 34303August 2022

7.6.0_SB

KB5025885

CVE-2023-24932May 2023

7.7.1_SB
7.6.0_SB2
7.8.2_SB
7.9.1_SB
 7.10.0_SB
7.11.0

KB5041571CVE-2024-38143April 20247.14.0*

*tentative release

Workarounds

As a workaround, in order to boot Blancco software successfully on a machine which contains this security update the device needs to have:

  • Secure Boot disabled
  • UEFI mode switched to legacy BIOS mode
  • Use Drive Eraser version containing fix

For certain devices it may be enough to restore the Secure Boot keys to factory state/reset all Secure Boot keys to platform defaults through the BIOS/UEFI settings.


May 2023

Windows Security update, released on 9th of May, fixes a vulnerability CVE-2023-24932 Secure Boot Security Feature Bypass Vulnerability. This Security update affects to Drive Eraser 7.6.0 limited Secure boot version.

Blancco has released Limited Drive Eraser 7.7.1 Secure Boot variant which includes a fix for the Secure Boot issue. Contact Blancco Technical Support for more details.

February 2023 

Introduced a limited availability variant of Drive Eraser 7.6.0 which includes a fix to the Secure Boot issue. Contact Blancco Technical Support for more details.


Update November 2022 - January 2023 

Blancco has added some updates on the SHIM and on the application, the Linux community has asked a couple of questions, but still ”in-progress”.

Update November 2022

Blancco submits a new SHIM (as well as an official application) to be signed by Microsoft. This SHIM has to be reviewed by the Linux community first, then by Microsoft. If everything is OK, Microsoft signs the SHIM and Blancco can add it into Blancco Drive Eraser.

This procedure is not in the hands of Blancco and there is no clear ETA on when the Linux community will review the SHIM or when Microsoft will approve it.

Update October 2022

Blancco Development team starts building a new SHIM (binary that is signed by both Microsoft and Blancco, re-enabling the Secure Boot process).

Related content