Windows 8 - System found unauthorized changes on the firmware

Question

I have a PC running windows 8 from Asus. A couple of days ago, I downloaded a windows update and the next morning when I tried to boot up the computer, it sent me directly to the BIOS, after giving me an error message:

Secure Boot Violation

The system found unauthorized changes on the firmware, operating system or UEFI drivers. Press [OK] to run the next boot device, or enter directly to BIOS Setup if there are no other boot devices installed. Go to BIOS Setup > Advanced > Boot and change the current boot device into other secured boot devices.

After a lot of googling, I realized that this seemed to have happened to a lot of Windows 7 users a few months ago after a Windows update because of some Secure boot setting in the BIOS (see System found unauthorized changes on the firmware). I tried changing this setting and following the steps given in that question, at which point the error above stopped showing up but it still went to BIOS.

I tried rebooting it a lot of times and it still didn't work. Luckily I have a backup saved, so I attempted to go into system recovery mode (by pressing F9 while booting) and going to System restore, and wiped the drive that the windows OS is on and restored it to the factory default. After this finished and after it rebooted, it went straight into the BIOS again.

Under the Boot tab in the BIOS menu, I have 3 boot options: "Windows Boot Manager", "KINGSTON RBU-SC100S37128GD" (SSD that has the OS on it), and "P6: TSSTcorp DVDWBD SN-406AB", and they are currently configured in that order (Boot option #1 is "WIndows Boot Manager", Boot option #2 is the SSD, and Boot option #3 is the DVD thing).

Besides the windows update the night before this happened, I made no changes to the BIOS settings (haven't touched it since I got the computer), hardware, etc. What should I do? I've called Asus and they aren't being particularly helpful. Thanks

Answer 1

Your computer is running into a Secure Boot violation. In all probability, this means that the computer's boot loader has been replaced with one that was not properly signed by Microsoft (or any other entity whose keys are part of the computer's firmware). In other words, you may well have accidentally installed malware on the computer, and the firmware has detected this fact and is preventing you from running the malware. You SHOULD NOT ATTEMPT TO DISABLE SECURE BOOT unless and until you've confirmed that your computer is malware-free. The sort of pre-boot malware against which Secure Boot defends can be notoriously difficult to remove once installed.

I'm not all that familiar with Windows malware tools (I'm more of a Linux person), but you may need to do this by downloading (on another computer) appropriate virus scanners on a bootable disk image and checking your computer. Note that, if you do have malware, it resides on the FAT32 EFI System Partition (ESP), not on the main Windows partition, so be sure that your anti-malware software scans the ESP.

All that said, it's possible that you're running into another problem, such as:

• The Secure Boot keys on your computer may have been damaged or deleted. This is very hard to do accidentally, but it could be Microsoft's update included a bug that managed the task, or it could have happened because of a hardware fault that coincidentally popped up at the same time as the Windows update.
• Microsoft may have accidentally distributed an improperly-signed boot loader. This would be a major blunder on Microsoft's part, so I'd expect to see it all over the news.
• If you were running any third-party boot loader (like GRUB from a Linux installation), the update may have included a Secure Boot blacklist key that locked out that boot loader. I'd normally expect the system to fall back to the Windows boot loader in that case, but this might not have happened for any number of reasons.
• Your firmware may have a bug that's causing it to mis-identify Microsoft's properly-signed boot loader as being improperly signed. I've seen such bugs before, but they normally affect properly-signed third-party boot loaders; I've not heard of this in reference to Microsoft's boot loader. Still, it's a real possibility. If this is the problem, a firmware update should fix it. You may need to contact the computer's manufacturer for help.

The last two of those seems like the most likely explanations, aside from an actual malware infection.

Answer 2

Although this is for W7, any newly installed driver or software can cause this issue in W8 and that board, the instructions below should work to get it booting until you can figure out what triggered this issue on your PC

Some users may encounter a "Secure Boot Violation" , which makes the system fail to boot into the operating system.

To protect user's systems from malware attacks, ASUS motherboards implement the Microsoft Secure Boot feature by default. This feature performs a legal loader check to boot into the OS.

Please change UEFI Secure Boot settings as outlined in the steps below, this will allow the system to boot into the operating system successfully.

Step 1: Enter the UEFI and navigate to Advanced Mode Menu->Boot->Secure Boot

Step 2: Change “OS type” to “Other OS”

Step 3: Press F10 to Save the changes and reboot

Step 4: Check the UEFI Advanced Menu->Boot->Secure Boot, and confirm whether the “Platform Key (PK) State” is switched to be “Unloaded”.

Step 5: Exit the UEFI, and the system will now boot normally.

Source of Information

Answer 3

Similar thing happened to me this article pointed me out to the issue: http://twomorecents.com/cant-boot-linux-windows-boot-loader-has-taken-over/