[KB8389] Enable 3rd party certificates in Secure Boot for ESET Endpoint Encryption and ESET Full Disk Encryption

Issue

Your computer does not boot normally after a Safe Start or Full Disk Encryption in ESET Endpoint Encryption and ESET Full Disk Encryption
Microsoft Surface
Lenovo
Boot loading loop

Solution

Affected models

The default Secure Boot mode is set to load Microsoft bootloader files only. Update the UEFI BIOS settings to allow third-party configuration, including ESET Endpoint Encryption and ESET Full Disk Encryption files.

Microsoft Surface

Open the UEFI Security page.
Click Change configuration.

Figure 1-1
Select Microsoft & 3rd-party CA and click OK.

Figure 1-2

Lenovo

Lenovo versions

The steps below apply to the following versions of Lenovo:

E14
L14
T14
P15 generation 3 models
P16/P16s

Some P15 and P16 models may not include the option outlined below.

Open ThinkPad Secure Boot Configuration.
Click Security. Click the toggle next to Allow Microsoft 3rd Party UEFI CA.

Figure 2-1

Boot loading loop

Users with Secured Core enabled may experience a boot loading loop. Disable Secured Core to boot the machine normally.

Affected versions:

Microsoft Surface Laptop 5 Firmware version 9.101.143 and later
Microsoft Surface Pro 9 Firstware version 12.200.143.0 and later

Last Updated: Aug 6, 2024

[KB8389] Enable 3rd party certificates in Secure Boot for ESET Endpoint Encryption and ESET Full Disk Encryption

Issue

Solution

Affected models

Microsoft Surface

Lenovo

Lenovo versions

Boot loading loop

Additional resources

User Guides

ESET Forum

YouTube videos

Need further assistance?

More Information