Are you facing an error that’s keeping your ASUS computer from booting into Windows? You are stuck in the UEFI screen with a Secure Boot Violation error message that reads “Invalid signature detected. Check Secure Boot Policy in Setup”.
The problem is not specific to ASUS users. It could also occur on other laptop brands.
Your first reaction, naturally, might be to panic. No one likes encountering a system issue. But put your mind at ease. Don’t lose hope just yet.
With the troubleshooting steps we’ll provide in this guide, you will be able to fix this error in the comfort of your home or office. So, there would be no need to plan a visit to your PC repair expert.
What Is The “Invalid Signature Detected” Error?
The issue began on Windows 7, after the KB3133977 update was released. KB3133977 was meant to fix a problem that prevented drive encryption by BitLocker.
The purpose was achieved but coincidentally, the update also resulted in the “Invalid signature detected” error on ASUS PCs.
This happened because the Secure Boot Technology present in ASUS motherboards is not compatible with some versions of Windows. It is therefore not fully enabled on machines running on the OS.
But once the update is installed, Secure Boot gets fully activated. When the PC is turned on, and the OS that’s detected is not compatible with the feature, a boot is prevented and the Secure Boot Violation error message is displayed.
Although the problem was later patched by Microsoft, it somehow still exists in later versions of Windows, including Windows 10.
The error can occur in any of the following scenarios:
- After the installation of a secondary operating system on your PC (dual boot configuration).
- After flushing or resetting UEFI/BIOS to factory settings.
- After upgrading to a new version of Windows.
- You fixed in a new hard disk drive (HDD) or solid state drive (SSD).
- After the Digital Signature Driver Verification (Windows Driver Signature Enforcement) has been enabled.
Whatever the cause may be, let’s go ahead and see how to fix “Secure boot violation – invalid signature detected” on Windows 10.
How to Get Rid Of the “Secure Boot Violation – Invalid Signature” Error on Windows 10
To fix the issue, you’ll need to head to BIOS or UEFI (depending on the one your laptop uses. The latter is present in more modern computers) and make some adjustments.
The method of accessing the BIOS/UEFI screen will vary based on the brand of your PC. But it usually involves restarting your computer and pressing any of the following keys repeatedly: F1, F2, Fn + F2, or Del. Another way is to click OK on the error message.
Step 1: Set Boot Priority or Disconnect External Drive
If you encountered the “Secure Boot Violation” error when an external drive (whether a hard drive or USB flash drive) was connected to your PC prior to start up, access the BIOS/UEFI settings and configure boot priority (boot order). Make sure the system is loading from the internal hard disk or Windows Boot Manager and not from Removable Devices. See that Hard Drive comes first in the Boot order.
To make things easier, simply turn off the computer, unplug the external drive, and reboot the system.
In any other case, you’ll have to perform the following fixes:
- Disable Secure Boot Control
- Enable CSM and disable Fast Boot
- Set all keys under Key Management to Not Installed
- Disable Driver Signature Enforcement
Step 2: Disable Secure Boot Control
This is often sufficient in resolving the “Invalid signature Detected” error. Here’s what you have to do:
- Enter BIOS.
- From the main tab, use the right arrow key (→) to navigate to the Security tab, Authentication tab, or Boot tab. You’ll find the Secure Boot menu under one of them (depending on your BIOS/UEFI setup utility). Use the down arrow key (↓) to select the option and then press Enter.
- Select Secure Boot Control.
- Choose Disabled.
There’s another way to disable Secure Boot. If there is an option that says “OS type” in the menu from No.2 above, navigate to it and select “Other OS”. That should do the trick. It doesn’t matter that your PC is running on Windows operating system.
Step 3: Enable CSM and Disable Fast Boot
After completing the procedure in Step 2:
- Look for the Fast Boot option. It will be located under the Security, Authentication, or Boot tab depending on your BIOS.
- Select the option and press Enter.
- Now, choose Disable.
- Move down to Launch CSM and choose Enabled.
- Go to the Save and Exit tab.
- Select Save Changes and Exit.
- Choose Yes to confirm the action.
problem yourself, you can
ask our certified PC technicians for immediate assistance in the chat right on this page.
You can also save the changes made to the BIOS by pressing F10 on your keyboard. However, this also depends on your device.
When you are done performing the above fixes, the error in discussion should now be resolved. However, if it persists, enter BIOS or UEFI once again and try the solutions below.
Step 4: Set all keys under Key Management to Not Installed
The “Invalid signature detected” error might happen after UEFI/BIOS update. In this particular scenario, the boot loader is now able to recognize a mismatch between the operating system and saved keys. You’ll then have to reset the keys to fix it.
Here’s how to do so:
- Enter BIOS and head to the Security tab.
- Locate Key Management and select it.
- Set all the keys to Not Installed.
Step 5: Disable Driver Signature Enforcement
If the issue still persists at this point, it could be that there are unsigned device drivers that are conflicting with the system protection module.
To resolve this, you’ll have to disable the digital signature verification of drivers.
- To access the recovery environment, boot Windows 10 from the installation media.
- Press Shift + F10 once the installation screen comes up.
- Now, to permanently disable driver signature enforcement, input the following lines in the Command prompt window and press Enter after each one:
- bcdedit.exe -set loadoptions DISABLE_INTEGRITY_CHECKS
- bcdedit.exe -set TESTSIGNING ON
The system should be able to boot afterwards without any setback. You will find a “Test Mode” watermark at the bottom-right corner of your PC screen. This indicates that the installation of unsigned or unverified drivers is no longer restricted.
Now, you’ll need to locate and remove the unsigned drivers that caused the “Invalid signature detected” error. Follow the steps below to achieve this:
- Press the Windows logo key + R on your keyboard to open the Run dialog.
- Type sigverif into the text box and click OK or press Enter. This will open the File Signature Verification utility.
- Click the start button.
- A full-system scan will begin. All unsigned drivers that are installed on your computer will be detected.
- Once the scan is complete, you’ll be presented with a list. Uninstall the problematic drivers through Device Manager and then install a signed version that’s up to date.
We highly recommend you use Auslogics Driver Updater to get the latest manufacturer-recommended versions of your device drivers. The tool detects outdated, missing, and faulty drivers after running a full-system scan. Afterwards, it automatically downloads and installs the signed and verified versions.
Since it identifies the specifications of your computer, you don’t have to worry about installing the wrong drivers.
No doubt, the tool offers a fool-proof service that protects you from experiencing such inconveniences as the “Secure Boot Violation – Invalid Signature” error. Use it today and kiss driver-related issues on your PC goodbye. Ensure your computer is in its best state at all times.
Keep in mind that Driver Signature Enforcement is an important security protocol. Without it, your system will be under serious safety threats (becoming vulnerable to virus and malware attacks via untrusted drivers). You therefore have to enable the feature once again. Follow these easy steps to get it done:
- Press the Windows logo key + R on your keyboard to open the Run dialog.
- Type CMD in the text box and press Enter or click the OK button. This will open the Command Prompt window.
- Enter the following commands and press Enter after each one:
- exe /set nointegritychecks off
- bcdedit /set testsigning off
- Close the window and reboot your computer.
By the time you’re reading this paragraph, it is expected that the issue that led you to this guide should be successfully resolved. You can now use your computer without any more setbacks.
We hope you’ve found this content useful.
If you have any comments, questions, or further suggestions, please feel free to leave us a comment in the section below.
We’ll love to hear from you.