ASUS laptops users quite often facing a problem when the computer is loading and the following error message appears: Secure Boot Violation. Invalid signature detected. Check Secure Boot Policy in Setup.
According to the text of the message, the operating system can’t be loaded because of the detection of an invalid signature by the security policy. This laptop error can be fixed without contacting the service center, and in this article, we will consider how to do this.
Error Invalid signature detected, as a rule, can occur in the following cases:
- When you upgrade your old Windows to Windows 10 or install a new Windows 10 build;
- In case you installed a second operating system on your laptop (dual boot configuration);
- When you connect a new or additional HDD or SSD drive;
- After BIOS/UEFI factory reset or when it is flashed;
- If you enable the Digital Signature Driver Verification.
In this post, we’ll show you some simple ways to fix the problem and restore the system boot to a normal state.
Change “OS Type”
If the error occurs after connecting a second disk or a USB flash drive (which you are not going to use for the OS boot), make sure that you are booting from the correct drive (from the hard disk or Windows Boot Manager) or disconnect the attached drive—perhaps this will fix the problem.
The next step is to check the Secure Boot settings in BIOS or UEFI (you can access this screen with the system settings is either immediately after clicking OK in the error message or by standard BIOS input methods, by pressing F1, F2, Fn + F2 or Delete).
In most cases, you just need to disable Secure Boot (or Security Boot Control) by changing its state to Disabled. In most ASUS laptops, this option is located in the Security, Authentication or Boot tab. If there is an OS type selection entry in UEFI, then try to choose Other OS (even if you have Windows). If Enable CSM (or Launch CSM) option is available, change it to Enabled.
After the changes made to the BIOS, they need to be saved. Usually, the settings are saved with the F10 key, but again, it depends on the BIOS version.
Disable Integrity Checks
Rarely the error can occur because of unsigned drivers, that conflicting with the system protection module. As a solution, first of all try to disable driver signature verification on Windows. To do this, boot from the Windows 10 install media and on the first installation screen press Shift + F10. At the Command prompt run the following commands:
bcdedit.exe -set loadoptions DISABLE_INTEGRITY_CHECKS
bcdedit.exe -set TESTSIGNING ON
After that, the system should boot. The next step is when the user will need to find and remove the problem driver, then enable driver signature verification (security of the computer will be under serious threat without this).
In some cases, an Invalid signature detected error appears after the UEFI/BIOS update performed. In this case, the bootloader can detect a mismatch between saved keys and the operating system. To reset the keys, in the Key management menu delete all protection keys and create them again (or leave “not installed”).
If none of the above helps, you should resort to reinstalling Windows via the recovery drive system. To do this, you need to record Windows 10 to the USB flash drive and start from it via UEFI. After that, go to the “Troubleshoot” → “Recover from a drive” section.
Next, select the action for your files ― save them or delete them. Then click “Recover” to begin the reinstallation process. At the end of the process, the computer will restart. After that, follow the initial Windows setup instructions.
An alternative to reinstalling is to use the system restore point on the local drive. Of course, for this, it must be created at a time when Windows was fully operational. If there is such a recovery point:
- Enter the “Troubleshoot” section on USB Flash with Windows 10 (described above).
- Select “Advanced options”.
- Press “System Restore”.
- Choose a restore point, then press “Next”.
- To start the operation, press “Finish” and wait for it to finish.
After that, the system will be restored to the specified operating state.