secure launch/firmware protection

leli eee 0 Reputation points
2024-11-19T17:43:27.8566667+00:00

hello I have an asus b5 b5404 with intel ultra 7 155h. I configured the group policy for vbs ennablement, but in defender it says secure launch/firmware protection is on. Also in event viewer I have an error Failed to update the SBAT value in FW. Can this be related to secure launch not working?

In registry RequirePlatformSecurityFeatures (DWORD) is set to 3. Is that ok?

Is there a program that can tell if my computer is capable of running secure launch, I tries the device evaluation tool from microsoft but I cannot understand the results.

Windows 11
Windows 11
A Microsoft operating system designed for productivity, creativity, and ease of use.
10,013 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Yanhong Liu 12,735 Reputation points Microsoft Vendor
    2024-11-21T08:13:29.34+00:00

    Hello

    issues with enabling secure launch on your Asus B5 B5404 with Intel Ultra 7 155H. Let's address each of your concerns step by step.

    Firstly, the error message "Failed to update the SBAT value in FW" in the Event Viewer could indeed be related to secure launch not working. This error typically indicates a problem with the firmware update process, which can affect secure boot and secure launch functionalities.

    Regarding the registry setting RequirePlatformSecurityFeatures being set to 3, this value is correct for enabling Virtualization-Based Security (VBS) and other platform security features. However, it's essential to ensure that all necessary firmware and hardware requirements are met for secure launch to function correctly.

    To determine if your computer is capable of running secure launch, you can use the Microsoft Device Guard and Credential Guard hardware readiness tool. This tool helps assess whether your hardware meets the requirements for secure launch and other security features. Here’s how you can use it:

    1. Download the Tool: You can download the Device Guard and Credential Guard hardware readiness tool from the Microsoft website.
    2. Run the Tool: Extract the downloaded files and run the DG_Readiness_Tool_v3.6.ps1 script in PowerShell with administrative privileges.
    3. Review the Results: The tool will generate a report indicating whether your system meets the requirements for secure launch and other security features.

    Best Regards,

    Yanhong

    ============================================

    If the Answer is helpful, please click "Accept Answer" and upvote it.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.