When using UEFI, at some point if you receive an error screen saying — Selected boot image did not authenticate, then it means UEFI is having a problem figuring out if the boot image has tampered. UEFI offers Secure Boot, and if the boot image seems invalid, you will not be allowed boot into the computer. It is also possible that you may be using endpoint encryption, and the software cannot validate the certificate. In this post, we will suggest some methods to resolve the problem.
Selected boot image did not authenticate
The first thing you need to check if the error has a reference to any software that you might have for encryption. If yes, then follow the first method, else move to third.
- Disable Encryption Tool
- Disable Secure Boot
- Perform Startup Repair
If you are in a hurry, the second method is for you.
1] Disable Encryption Tool
There are reports that some encryption tools like ESET Endpoint Encryption will not let you boot into the computer if the system manufacturer doesn’t include the correct certificates as a part of the UEFI BIOS. As there is no way to bypass it, disable Secure Boot to boot into the computer. Get in touch with your IT admin or uninstall the software completely, and later enable the UEFI to see if it works.
2] Disable Secure Boot
If you are using UEFI, it is recommended to use Secure Boot. However, if it is not letting you boot into the device, its best to disable Secure Boot from your System BIOS, save the changes, and restart the computer. The system will proceed to boot as normal. However, it’s only a temporary solution. It will make the Selected boot image did not authenticate problem go away.
3] Perform Startup Repair
While disabling Secure Boot is an option, it’s not something many will agree to that. UEFI is there for a reason. So performing Startup Repair is a better option. I have seen reports in the forum, and it has worked for a few. Make sure to keep the Secure Boot option ON, and legacy mode disabled.
- Boot into the Advance Recovery Mode
- Select Troubleshoot > Startup Repair
- Follow the on-screen instructions and finish the repair.
- Then check if the block is gone once the reboot is complete.
Secure Boot ends with the loading of a certified Bootloader of the OS into memory. The digital certificate comes from the OEM or the Enterprise. In either case, the completely resolve the problem, you need to get in touch with IT admin or Microsoft support.