Some article numbers may have changed. If this isn't what you're looking for, try searching all articles. Search articles

Article Number: 000126406

Dell Encryption protected devices fail to boot with Operating System Loader failed signature verification

Summary: Devices fail to boot with Operating System Loader failed signature verification when protected by Dell Data Protection | Encryption.

This article may have been automatically translated. If you have any feedback regarding its quality, please let us know using the form at the bottom of this page.

Article Content

Symptoms

Affected Products:

Dell Encryption
Dell Data Protection | Encryption

Affected Platforms:

Windows 8.1
Windows 10RTM
Windows 10 1511

Cause

Microsoft has released an update (MS16-100 aka KB3172729) for Windows 8.1, Windows 10 RTM, and Windows 10 1511; This update has an update for SecurBook that may cause the EFI boot partition to be mounted as a nonsystem disk, causing Dell Encryption (formerly Dell Data Protection | Encryption) to encrypt the files on that partition. This leads to an error stating that the Operating System Loader Signature is invalid:

Figure 1: (English Only) Operating System Loader Signature is invalid

Resolution

How can I prevent this?

This can be mitigated completely by adding an exclusion to an EFI folder to Fixed Disk and General setting policies.

-^3F#:\EFI\

This policy when added to the current encryption policies prevent this from occurring. It is suggested to add this to both policies to prevent Common and SDE from affecting these files.

How can I remediate a device in this state?

Note: A Windows recovery disk or installation media that matches the major operating system level that is installed on the device (Windows 8.1, Windows 10 build 10240, or Windows 10 build 10586) is required.