Jump to content

FDE Missing UEFI SecureBoot certificate


Roul Steigauf
Go to solution Solved by Kstainton,

Recommended Posts

Hallo in die Runde,

wir haben inzwischen zwei HP-Geräte-Typen, bei welchen wir FDE nicht aktivieren können. Ein Gerät ist ein "HP Pro Mini 400 G9 Desktop PC" (Angabe aus ESET). Bei allen Versuchen auf allen Geräten haben wir im Status-Log einen gelben Status mit Scope "Compatibility" und dem Text "Missing UEFI SecureBoot certificate". Zudem beim Scope "Encryption" heißt es "Missing UEFI SecureBoot certificate" (Hardcopy anbei). Am Client kommt die Fehlermeldung "Fehler beim Starten der Verschlüsselung" (Hardcopy anbei), welche sagt, dass man im BIOS die externe Zertifizierungsstelle aktivieren soll (keine Ahnung wie) oder das Secure Boot deaktivieren soll (ebenfalls unklar wie). Im Log-File heißt es zum Schluss dann nur noch: "[inspector] [error] [3500] This system is not compatible with EFDE". Vor allem das o.g. Gerät ist komplett neu, getestet an zwei von zehn vorhandenen Kisten. Insgesamt an vier PCs mit dem gleichen Fehler, andere Geräte (rund 20 Stück) funktioniert problemfrei.

Hat jemand HP und kann mir sagen, was das Problem ist? 

Danke Euch.

HP-FDE-Problem.png

 

Log-File.png

Status-Meldungen.png

Machine translation:

We now have two HP device types on which we cannot activate FDE. One device is an "HP Pro Mini 400 G9 Desktop PC" (information from ESET). In all attempts on all devices, we have a yellow status in the status log with the scope "Compatibility" and the text "Missing UEFI SecureBoot certificate". In addition, the scope "Encryption" says "Missing UEFI SecureBoot certificate" (hard copy attached). The client displays the error message "Error starting encryption" (hard copy attached), which says that you should activate the external certification authority in the BIOS (no idea how) or deactivate Secure Boot (also unclear how). At the end of the log file it just says: "[inspector] [error] [3500] This system is not compatible with EFDE". Above all, the above-mentioned device is completely new, tested on two of ten existing boxes. A total of four PCs have the same error, other devices (around 20) work without any problems.

Does anyone have HP and can tell me what the problem is?

Link to comment
Share on other sites

  • ESET Staff
  • Solution

Hi @Roul Steigauf,

You'll need to look for and enable something similar to "Allow Microsoft 3rd Party UEFI CA" on your HP machines. Here is a KB for reference as to what I am talking about:

https://support.eset.com/en/kb8389-enable-3rd-party-certificates-in-secure-boot-for-eset-endpoint-encryption-and-eset-full-disk-encryption

I think on HPs I have seen it called "Enable MS UEFI CA key" in the past under the Advanced -> Secure Boot Configuration settings in the BIOS. To access the BIOS, I believe on the majority of HPs you need to press F10 during the initial boot process.

Once this is enabled to allow MS 3rd Party UEFI CA, please re-attempt encryption.

Thank you,

Kieran

Edited by Kstainton
Link to comment
Share on other sites

Hello Kieran,

it's nice to be able to work with specialists. Thank you for the super-fast and extremely perfect response. I found the value ‘Enable MS UEFI CA key’ in the BIOS Setup (F10), Security, ‘Secure Boot Configuration’. After I activated it, everything works.
Thank you very much and have a nice weekend.

Link to comment
Share on other sites

  • ESET Staff
8 minutes ago, Roul Steigauf said:

Hello Kieran,

it's nice to be able to work with specialists. Thank you for the super-fast and extremely perfect response. I found the value ‘Enable MS UEFI CA key’ in the BIOS Setup (F10), Security, ‘Secure Boot Configuration’. After I activated it, everything works.
Thank you very much and have a nice weekend.

HI @Roul Steigauf,

No worries at all, glad to be of assistance and great to hear that it resolved your issue.

Have a great weekend.

Thank you,

Kieran

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...