Windows System Guard Launch Causes Blank Boot Screen in UEFI PCs

Blank Screen Bug in Windows 10 Version 1809 and Server 2019

Since Windows 10 version 1809, October 2018 Update was released on October 2, 2018, there are always many issues are caused, such as documents loss, BSOD screen, no sound, and more. Even so, currently this update is in the process of being pushed automatically to devices across the world.

And Microsoft warns of another update issue that may affect certain machines. This software giant says that many customers who have deployed Microsoft’s Security Baseline for Windows Server 2019 and Windows 10 version 1809 are possible to be troubled by a device boot issue if they have enabled UEFI secure boot.

In a TechNet article, Microsoft says the devices with the System Guard Secure Launch setting are the ones experiencing the boot failure. And this article further explains that the setting will lead to a blank screen at boot in most of the cases.

What’s more, according to Microsoft, in the Windows security configuration baselines, the Device Guard GPO setting to enable Virtualization Based Security includes enabling the System Guard Secure Launch (“ConfigureSystemGuardLaunch”) setting.

And this setting is able to protect the Virtualization Based Security environment from exploited vulnerabilities in device firmware on supported hardware. Since it is newly introduced in Windows 10 V1809, it is only included in the baselines for Windows Server 2019 and Windows 10 V1809.

Microsoft says in its article that it has discovered a boot issue that may have an influence on all computers where the System Guard Secure Launch setting is enabled, regardless of whether the underlying hardware support for the feature is present.

And this boot issue appears automatically after an update whereupon the device restarts to a blank screen. Well then, what is the reason for this issue?

“The issue has been root caused to a problem with catalog file validation and whether it shows up is highly dependent on set and order of signed components in the boot path so it is not predictable when or whether a system will hit this issue.”Microsoft

Fix for Windows System Guard Launch Issue Is Already under Development

Currently, Microsoft is working to release a fix for the issue blank boot screen in UEFI PCs via a Windows update.

Besides, this company recommends Windows version 1809 and Windows Server 2019 users who are affected by this boot issue to change the ConfigureSystemGuardLaunch Group Policy setting to Not Configured or Disabled.

Just press Windows logo plus R key to open the Run dialogue, input gpedit.msc and click OK to open Local Group Policy Editor to find the path and change it.

This way will be a temporary solution. Once the fix is released, remember to re-enable the setting in Group Policy.

Besides, Microsoft says that disabling the policy will not have an influence on systems that don’t come with the hardware support for System Guard Secure Launch. And now, there are no words saying when the fix will be rolled out. Perhaps it is released on the Patch Tuesday on February 12.