Asus BIOS message - "Secure Boot Violation"

[suicidal_orange]

Just switched on my computer to be greeted by a BIOS message about secure boot.  Apparently 'the system found unauthorised changes on the firmware,operating system or UEFI drivers' and would like me to boot another device, which isn't going to happen.  My last boot was to Windows but I didn't update anything so should I consider that a virus infested no-go zone from now on and stay in Linux or is BIOS being silly?

Any thoughts appreciated.

[Leslieann]

99.99% of these seem to be a false detection due to a Windows update, Asus in particular seems to have it more often than most (even without an update it seems).

My bet is everything's fine, however go into bios and make sure your settings are retained.  I'm wondering if maybe the cmos battery has died.

If you want what I would personally do, I'd check the bios because I do wonder about the battery, and then I would boot into Linux, either on the system or by stick (preferable) and make sure your backups are good and check the S.M.A.R.T. data*. Only then would I get into Windows and run a virus scan, if you can...

Is all this necessary? That's up to you but it is what I would do if a customer presented this to me.  Keep in mind, if you have a ransomware infection and no backups, you're probably already screwed as you shut down windows and locked in any encryption. Going in through Linux first may let you get the files before it destroys everything, maaaybe.

*On S.M.A.R.T., accessible through Gnome Disks among other methods (in Windows I find Defraggler the easiest), you want to check "reallocated sector count" and "uncorrectable sector count", these are the most common things that will predict failure. Current pending can also indicate a problem but not always an oncoming failure.  If there is anything in the raw data output you have a problem, you may have already lost some data, hopefully not a lot, or important stuff. The drive may last another year barring that minor hiccup or it could fail on next boot up, unfortunately there's no way to know other than the fact that it will only get worse, on the other hand at least you saw it before it completely failed. Which should be your tip-off... Start with your most important data first and work towards a full backup. Then either keep using it knowing it's on borrowed time (with constant backups) or replace it.

[suicidal_orange]

Thant Leslieann, I found lots about a windows update in 2014 causing this message and plenty about another slightly different message but these hide the general possible causes.  Windows update is disabled so hopefully it's just Asus weirdness.

BIOS battery... put my spare in my mum's car key a couple of weeks back ) Interesting thought, will have to check if it's reset.

Or possible hard drive death?  The irony, only last week after reading the thread about making Chrome run faster did I disable the pagefile as I usually do (don't do anything important in Windows so stability is optional) which resulted in a crash alerting me to the fact I'd put 2x4gb in when I swapped mobo a couple of months back instead of 2x8 so my SSD has probably seen significantly more IO than it should, but I'd be disappointed if it's dead already.

I have an old bootable drive with Linux on I could plug that in in the morning if the BIOS looks good but I'd rather not as it's an ITX mobo hiding beneath a huge heatsink so adding a cable will surely mean a sliced finger or three.

[tp4tissue]

Dis' why Tp4 has switched to grey market Merch instead of Arrrgh-Matey publishers.

Virus be crzy these days.  Also, Rolling back up images. Every day, easy revert.

[Leslieann]

Dis' why Tp4 has switched to grey market Merch instead of Arrrgh-Matey publishers.

Virus be crzy these days.  Also, Rolling back up images. Every day, easy revert.

A known good torrent (pirated or not) is every bit, if not more safe than some "reliable" software sites, which keep getting hacked. Attacking the software source is now a major point of infection, so in many ways, a locked, known good torrent is better. Then there are the companies buying up browser plugins from known good publishers and loading them with stuff, this one is fun on Chrome because once they install it can be hard to clear it from all your devices (Google had to step in and help on this one it was such a problem). Then of course you have Microsoft sideloading things you didn't even ask for.

Basically assume nothing is safe, at least an older torrent has been checked out by others.


As for your backup system, while it may work, it's slow and wasteful, there's little need to backup the OS itself. I An image carries over all bad files, registry issues, and more, not to mention the sheer size and time it takes to make it.

[yui]

I still tend to disable secure boot as i do not want to deal with it and at the start of it very few distros did support it. I actually never heard of it managing to get a real positive either false positive and even false negative seems to be the majority of what it does. Still as long as you know what you are doing it should not hurt either way and use a decent anti-virus/malware (even on linux or macOS)

[suicidal_orange]

Went in BIOS, carefully tuned fan profiles are missing but overclock still in place

Feeling lazy booted Linux from the drive and did a 'backup' (<500mb), no problem with encryption.  SMART looked clean with only Average Block Erase Count and Percent Lifetime Used at 99% and everything else at 100%. 4tb written to a 240gb drive in 3000 hours, it's still a baby.

Knowing there's nothing dodgy installed ever let alone on the last boot I removed the USB3 SD card reader (exfat formatted, the reason for windows) and booted to windows.  Malware bytes came up clean and virus scan ongoing but looks like the BIOS freaked out at the sight of an SD card?

First encounter with secure boot, can't say I'm impressed...

Thanks again for the walkthrough Leslieann

Edit:  Virus scan completed, nothing found

[Leslieann]

You're welcome, glad things worked out.

I have no doubt a dodgy sd card/reader can cause weird things, it's why the first step in diagnostics is reduce the things that can be causing the problems (I.e. remove anything non essential). I've seen network cards and usb hubs cause kernel panics and I recently had a usb wireless card MELT in the port and cause a short which took down the system (It booted normal after the wifi was removed, thanks to a good psu).

Whenever a drive is involved though, minimal tests then go straight to backups.
Parts and most data can be replaced, lost family pictures cannot.

I still tend to disable secure boot as i do not want to deal with it and at the start of it very few distros did support it. I actually never heard of it managing to get a real positive either false positive and even false negative seems to be the majority of what it does. Still as long as you know what you are doing it should not hurt either way and use a decent anti-virus/malware (even on linux or macOS)

I've never seen Secure Boot be of any use other than to help MS lock out Linux.

As for the AV use on Linux, that depends on the Distro, some respond to threats (MUCH) faster than the AV vendors can.