Secure Boot Violation message when trying to boot the bootable USB drive

Hi All, I have just atttempted installing Zorin Pro on a Samsung Galaxy Book 4 Pro with intel 5 series processor. However, when choose the bootable USB with Zorin, a message comes up saying: " Secure Boot Violation -Invalid Signature detected. If this error persists seek technical assistance". Any insights? I have used this same USB drive to install Zorin on three other computers and this never came up.

Did you turn off secure boot ?

2 Likes

The other computers may not have had secure boot turned on. The fastest solution would be to turn off secure boot in your UEFI, which I'd recommend if you're not dual booting. If you ARE dual booting, you may want to keep Secure Boot, in which case my first step is to ask which software you used to make the bootable drive.

2 Likes

Oh dear, Samsung. Just a side note, Samsung are notorious for not issuing BIOS updates. A member from Brazil had a similar issue and it just was not possible to update the BIOS. From experience on the older forum, a lot of installation issues were resolved if the machine's BIOS was updated.

1 Like

Do You want creating a Dual-Boot System or install Zorin only? If Zorin only, You can simply turn off Secure Boot in the BIOS like @Michel and @Locklear93 already wrote.

1 Like

HI Everyone, thank you so much for replying back so quickly. Yes, I need dual boot. I used balenaEtcher to create the bootable drive. So i should use a differente software, create a another bootable drive and try it again? Which software, please?

Hi, thank you for replying back. i am actually in Brazil and i have just purchased this computer here. It arrived today. I have a 7 day return period, so if i cant make it work, i will have to return it. Updating the BIOS is very important regardless if you ar running windows or LInux, right? And we cant update it ourselves, right?

Thanks for replying. I need dual boot, unfortunately, i still need Microsoft occasionally.

Nope. Didn´t even know this was a thing.

I personally recommend Ventoy for installing distributions over Balena Etcher. Balena's been troublesome for me in the past, and the distribution I'm currently using (I like Zorin, but am not on it this minute) actually switched from recommending Balena to recommending Ventoy. Ventoy does support secure boot, but the OS you're installing also needs to.

Since you've said you need Windows still, my recommendation is to try Ventoy, but, and this is a very, very big but, if you're using Bitlocker encryption in Windows, turn it off. If things work out, you can turn it on again afterward, but Bitlocker will shut you out to protect data if it detects changes to secure boot. Once it's off, install Ventoy on a USB drive (this will wipe the drive), and then copy the ISO on. What Ventoy does is makes a bootable drive that shows you a menu of the ISOs you've copied onto it, and you can then boot that ISO from the menu. My Ventoy drive has Zorin, Nobara, Windows 10, Windows 11, and two backup utilities on it, for example.

With a Ventoy USB ready, boot from that, and you should get a menu that lets you select the ISO. Just use the arrow keys and hit enter.

If you get the same secure boot error, you should try redownloading the ISO in case it somehow got corrupted. If even a redownloaded version doesn't work, you're in BIOS update territory, and as Swarfendor mentioned, Samsung isn't great about providing updates. It's absolutely possible to update BIOS yourself, but you need the manufacturer to provide the file.

If you've hit this point and you can't find a BIOS update file that matches your computer on Samsung's support site, then I'd recommend you exercise your return option while you still can.

2 Likes

I mentioned the issue with Samsung as I searched on behalf of Brazilian forum member about the BIOS and all that was available for his Notebook was the manual. Additionally, when the debacle of Intel's Meltdown came to light and they provided a tool to see if your machine was susceptible, Intel advised users to contact computer manufacturers for a fix. Students which our service supported were issued with Samsung P530 devices and were susceptible to the Meltdown flaw. Samsung never issued a fix unlike Dell and other hardware prducers. I would seriously be considering taking it back saying it does not meet your needs, but don't say anything about wanting to put GNU/Linux on it.

Thank you. I don't think my Windows has Bitlocker since I haven't installed it and it is not going to come pre-installed from the factory, right? And if my Windows doesn't have Bitlocker, and it is not encrypted then the issue must be either Balena Etcher or the BIOS, correct? Regarding the BIOS, even if i manage to install Zorin now, what about in a few years from now in case I need to reinstall it or install another distribution? Since Samsung is known for not providing updates for BIOS, could i find my self unable to install an OS in the future due to lack of BIOS update? Or what else could happen from lack of BIOS updates besides vulnerability such as with what happened with the Intel meltdown in 2018 that swarfendor437 mentioned?

Thank you for mentioning the issue with Samsung. I would like to return the computer and purchase one from Dell. But it is more than double of the price for a Dell with the same configuration. Lets see what i will do. I think Samsung did not updated the BIOS after the Intel Meltdown because their computers are sold to consumers rather than companies, and they know most of the consumers dont have a clue about what BIOS is, nevertheless that Intel processors were vulnerable. Dell, HP and others, on the other hand, sell to companies as well, that have an IT department that is knowledgeable. Had they not updated the BIOS to fix the Intel issue they would have lost clients and gotten sued.

Better to check. Try these instructions to be sure:
https://answers.microsoft.com/en-us/windows/forum/all/unsure-if-bitlocker-is-active/76fafe12-bcdd-4ea9-ab1a-9793fbe08762

Hard to say, but those are my first two suspicions. On the BIOS, it's also possible that it doesn't need an update, but is configured not to allow new keys for secure boot. Changing that would require instructions specific to the BIOS, so I couldn't begin to guess.

In theory, this is a bug, and updating BIOS would fix a bug and thus even if they don't provide additional updates, you should be okay in the future. In practice, it's impossible to say, and lack of BIOS updates could expose you to any number of vulnerabilities over time, depending on what hackers cook up. It's just not possible to predict the future.

1 Like

Could you please tell me the best way to download Ventoy? i tried this website but it downloads an image, and I am not sure if this is the best option. Ventoy - Browse Files at SourceForge.net

Tryu here: Ventoy - Browse /v1.0.99 at SourceForge.net There's a ZIP file with the Windows version, which sounds like the easiest option for you right now. The ISO is for a live environment which you don't want if you can avoid it in this case.

1 Like

Take a look here regarding BIOS update:

https://us.community.samsung.com/t5/Computers/Samsung-Galaxy-Book-4-pro-BIOS-update-issue/td-p/2926131

Just had a look at amazon.br. The prices of laptops are ridiculously high. I feel for you.

1 Like

Okay, because You are on Windows, I can recommend Rufus to create a bootable USB Stick. Then I would suggest to turn off Secure Boot and look in the BIOS if it is in UEFI or Legacy Mode. If You can use UEFI, it could make it easier. But when it is in Legacy Mode it will work, too.

One Thing is important here: when you use Rufus, look at ''Partition Sheme''. When Your BIOS is in UEFI use there GPT and when it is in Legacy use MBR:

1 Like

Oh, thats horrible. thanks for sharing. I managed to find the issue. When I press F2 right after turning the computer on, it takes me to a menu called "Samsung BIOS Configuration" and there is a sub item called Secure Boot Control and it was set to boot from Windows only. I changed it to boot from supported OS and tried to boot again with the USB drive and the menu to intall Zorin appears. However, I am now considering returning this computer and buying this Dell Notebook Inspiron 14 (https://www.dell.com/pt-br/shop/laptops/inspiron-14/spd/inspiron-14-5440-laptop/brpichbto5440gzrkwthat) which has the option to come with Ubuntu. I am assuming that if it works with Ubuntu, it will work perfectly with Zorin. Plus Dell seems to be responsible when it comes to security updates for BIOS. Any thoughts on this Dell computer?