Poster @Charlie has questions about ASUS motherboards and the August Win7 Monthly Rollup: I was all set to go ahead with the August Updates when I rea
[See the full post at: Caution updating Win7 if you have an ASUS motherboard and get a “Secure Boot Violation” warning]
![]() |
Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don't do it. |
SIGN IN | Not a member? | REGISTER | PLUS MEMBERSHIP |
-
Caution updating Win7 if you have an ASUS motherboard and get a “Secure Boot Violation” warning
Home » Forums » Newsletter and Homepage topics » Caution updating Win7 if you have an ASUS motherboard and get a “Secure Boot Violation” warning
- This topic has 15 replies, 12 voices, and was last updated 5 years, 6 months ago.
AuthorTopicwoody
ManagerSeptember 7, 2019 at 4:09 pm #1942034Viewing 7 reply threadsAuthorReplies-
Ascaris
AskWoody MVPSeptember 7, 2019 at 5:42 pm #1942232My Acer Swift, a newer device that came with Windows 10 preinstalled (and therefore it must support secure boot, per Microsoft licensing requirements) will accept any bootloader signed by Microsoft’s trusted key, but it also has an option for the user to mark any EFI bootloader as “safe,” which allows secure boot to be enabled (and useful) even if that OS doesn’t itself support secure boot, as long as it supports UEFI booting. I imagine that what it does is takes a hash of the bootloader at the moment it is marked as safe by the user, and if it changes, it alerts the user in the same way that it would if the hash changed on a signed image (the signature becomes invalid once the hash no longer matches the hash at the time of signing). It’s doing the same thing, essentially, through slightly different means. Instead of the reference hash being part of the bootloader signature put there by Microsoft, it’s stored in non-volatile memory in the UEFI settings. Otherwise, the same thing happens; at each boot, the UEFI firmware compares the bootloader to the hash, and if it is not the same, it issues the warning.
I would imagine that this is approximately what is happening in the Asus models in question. It looks like the update has changed the bootloader, and since it is not possible for Microsoft to certify the change as they would if the OS supported secure boot (by signing the new bootloader), it would be necessary to go into the UEFI and mark the new bootloader as safe manually.
Normally it would be a cause for alarm to see that the bootloader had changed, and you would not want to just go in there and mark the new one as safe, since the change could be the result of malicious action. In this case, though, we know it was a Windows update, so it would be safe to mark the new bootloader as safe and proceed.
Edit: I just went and read the Asus directions to fix the issue. It involves clearing the platform key state, but not switching off secure boot. I am not completely certain on this, but I think that’s doing just what I descrived above… it is deleting the old hash (platform key, apparently), and the next time the system boots, I am guessing it will generate a new platform key for the new bootloader.
It’s quite evident why the signed bootloader method employed by Microsoft starting with Windows (and also employed by major Linux distros) is preferred. The average user could be quite alarmed by this, and they may not have the resources to find out how to fix it once it’s broken. On the other hand, it does allow secure booting Windows 7, so there’s that…
Dell XPS 13/9310, i5-1135G7/16GB, KDE Neon 6.2
XPG Xenia 15, i7-9750H/32GB & GTX1660ti, Kubuntu 24.04
Acer Swift Go 14, i5-1335U/16GB, Kubuntu 24.04 (and Win 11)-
This reply was modified 5 years, 6 months ago by
Ascaris.
-
This reply was modified 5 years, 6 months ago by
-
geekdom
AskWoody_MVPSeptember 7, 2019 at 5:59 pm #1942288How to identify your motherboard:
https://www.wikihow.com/Identify-the-MotherboardOn permanent hiatus {with backup and coffee}
offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender
offline▸ Acer TravelMate P215-52 RAM8GB Win11Pro 22H2.22621.1265 x64 i5-10210U SSD Firefox106.0 MicrosoftDefender
online▸ Win11Pro 22H2.22621.1992 x64 i5-9400 RAM16GB HDD Firefox116.0b3 MicrosoftDefender -
pmcjr6142
AskWoody PlusSeptember 8, 2019 at 9:49 am #1943536How to identify your motherboard:
https://www.wikihow.com/Identify-the-MotherboardGeekdom….thank you. I was about to post “who the heck knows what kind of mother board they have”. Turns out my Dell PC has a Dell motherboard, but I didn’t know if that would necessarily be the case.
iPhone 13, 2019 iMac(SSD)
1 user thanked author for this post.
-
Alex5723
AskWoody Plus -
Charlie
AskWoody PlusSeptember 8, 2019 at 12:51 pm #1943688We have reached the point where in order to continue to use Windows Update you need to have updates installed that support SHA-2 encryption. Some have come in earlier months, and this month (Aug.) it is KB4474419. This shouldn’t be a problem but it seems that you need to have KB3133977 already installed for it to work. Therein lies the problem with updating this month especially for people with ASUS motherboards.
Being 20 something in the 70's was far more fun than being 70 something in the insane 20's
-
GoneToPlaid
AskWoody Loungerbagman
AskWoody PlusSeptember 8, 2019 at 8:52 pm #1944190Hi there,
I have a Asus Motherboard (Z87-Deluxe).
Also have KB3133977 installed. I am not getting the boot message that is bring referred to.
Checked the BIOS as per Asus article and the Motherboard does have secure boot enabled.
On the basis of “if it ain’t broke don’t fix it” in your learned opinion should I follow the steps in the ASUS article or wait until I get a “Secure Boot Violation” message ?
Very much appreciate your advice.
Cheers
bagman
-
Paul T
AskWoody MVP -
PKCano
Manager -
GeoffB
AskWoody PlusSeptember 10, 2019 at 1:15 am #1946215PKCano: I am Win 7 x64 Group A. I have an ASUS K61IC laptop (about 2011 vintage).
I’ve had KB 3133977 installed since 03/2017 and have successfully installed KB 4490628 (03/2019) and the updated 08/2019 version of KB 4474419.
If you already have KB3133977 installed, you should not worry and just go about August updating as usual. You’ve already passed the hurdle.
Am I clear to install KB 4512506, which I have ‘hidden’ at the moment?
Appreciate your advice.
Geoff B
-
Charlie
AskWoody PlusSeptember 9, 2019 at 1:29 pm #1945380I’ve checked my ASUS BIOS and the BIOS section of the ASUS mobo instruction manual and didn’t see or find any reference to the Secure Boot as indicated in the ASUS article. I’m thinking that I’m okay to go ahead with the S.O. updates and start with KB3133977.
I feel like I’m doing the right thing as the next bunch of “stuff” for Sept. is coming in and I want to clear out the August stuff. I really don’t like this feeling of being a guinea pig, but it’s par for the course.
Any comments are very welcome, even if they’re just “good luck”.
Being 20 something in the 70's was far more fun than being 70 something in the insane 20'sSusan Bradley
ManagerSeptember 10, 2019 at 1:07 pm #1946983https://support.microsoft.com/en-us/help/4474419/sha-2-code-signing-support-update
This security update was updated September 10, 2019 to include boot manager files to avoid startup failures on versions Windows 7 SP1, Windows Server 2008 R2 SP1 and Windows Server 2008 SP2.
Susan Bradley Patch Lady/Prudent patcher
-
GeoffB
AskWoody Plus
Viewing 7 reply threads -

Plus Membership
Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.
AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments.
Get Plus!
Welcome to our unique respite from the madness.
It's easy to post questions about Windows 11, Windows 10, Win8.1, Win7, Surface, Office, or browse through our Forums. Post anonymously or register for greater privileges. Keep it civil, please: Decorous Lounge rules strictly enforced. Questions? Contact Customer Support.
Search Newsletters
Search Forums
View the Forum
Search for Topics
Recent Topics
-
Woody Leonhard (1951–2025)
by
Will Fastie
10 minutes ago -
What I learned from Woody Leonhard
by
B. Livingston
4 hours, 27 minutes ago -
Windows Settings today
by
Simon Bisson
4 hours, 28 minutes ago -
Mail Merge magic in Microsoft Word
by
Peter Deegan
4 hours, 29 minutes ago -
Businesses in the crosshairs
by
Susan Bradley
17 minutes ago -
Double-row taskbar?
by
CWBillow
4 hours, 37 minutes ago -
Upgrading non-supported HW to Win 11
by
RetiredGeek
1 hour, 4 minutes ago -
Audio locks up after 15 minutes
by
WSArthurR
16 hours, 52 minutes ago -
Copilot app uninstalled
by
Susan Bradley
1 minute ago -
Strongbox Password Manager Sold to Applause Group – Cost Escalation Imminent
by
Paul T
1 day, 14 hours ago -
SharePoint
by
CBFPD-Chief115
12 hours, 31 minutes ago -
Google replacing Google Assistant with Gemini AI assistant
by
Alex5723
1 day, 17 hours ago -
You can no longer stop Alexa from sending voice recordings to Amazon
by
Alex5723
1 day, 17 hours ago -
Meeting Woody in person
by
Susan Bradley
2 days, 4 hours ago -
Bear with me – getting some options regarding membership
by
Susan Bradley
2 days, 8 hours ago -
Difficulty installing Microsoft Office Home and Business 2024
by
Kathy Stevens
1 day, 13 hours ago -
HOT NEWS: privacy focused VPN released
by
Microfix
2 days, 15 hours ago -
‘ClickFix’ Phishing Scam Impersonates Booking.com to Target Hospitality
by
Alex5723
3 days, 2 hours ago -
OpenAI urges U.S. to allow AI models to train on copyrighted material
by
Alex5723
1 day ago -
Windows 11 Insider Preview Build 22631.5116 (23H2) released to Release Preview
by
joep517
3 days, 13 hours ago -
Windows 11 Insider Preview build 27813 released to Canary
by
joep517
3 days, 13 hours ago -
Windows 10 Build 19045.5674 (22H2) to Release Preview Channel
by
joep517
3 days, 13 hours ago -
PartWork™ for Windows
by
bbearren
2 days, 9 hours ago -
Toll road scams are back: What to do if you get a text saying you owe money
by
Alex5723
2 days, 4 hours ago -
Windows update download issue…
by
CAS
18 hours, 53 minutes ago -
WUMgr & KB5053602 Update/Install fail
by
dataman1701
2 days, 14 hours ago -
Finding Microsoft Office 2021 product key
by
Kathy Stevens
2 days, 17 hours ago -
Over-the-Top solves it!
by
RetiredGeek
4 days, 7 hours ago -
To Susan – Woody Leonhard, the “Lionhearted”
by
Myst
2 days, 20 hours ago -
Extracting Data From All Sheets
by
WSJon5
4 days, 16 hours ago
Recent blog posts
Key Links
Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.
Mastodon profile for DefConPatch
Mastodon profile for AskWoody
Home • About • FAQ • Posts & Privacy • Forums • My Account
Register • Free Newsletter • Plus Membership • Gift Certificates • MS-DEFCON Alerts
Copyright ©2004-2025 by AskWoody Tech LLC. All Rights Reserved.