System Guard Secure Launch Fails to Boot Windows in UEFI Mode.
Specialists responsible for information security in enterprises may experience difficulties in booting Windows 10 (1809) and Windows Server 2019 with UEFI safe boot enabled. The problem occurs when using Microsoft Security Baseline with the System Guard Secure Launch feature activated, regardless of whether the hardware supports this feature. According to Microsoft expert Aaron Margosis, after installing the updates, the device reboots and a blank screen appears. It is impossible to predict the occurrence of a problem, since it appears when a number of conditions collide. The problems are related to the authentication of the catalog file, and their occurrence depends on the settings and the order of the signed components in the download path. In other words, a failure in loading Windows 10 (1809) and Windows Server 2019 can occur at any time, and it is impossible to predict it. As already mentioned, the problem affects only Windows 10 (1809) and Windows Server 2019, whose administrators have installed the Microsoft Security Compliance Toolkit 1.0 and enabled the System Guard Secure Launch feature (ConfigureSystemGuardLaunch). Moreover, only the Windows 10 Education and Windows 10 Enterprise versions are affected, since the Home, Pro and Business policies have not added the ConfigureSystemGuardLaunch policy. Setting Group Policy System Guard Secure Launch protects the Virtualization Based Security environment from exploiting vulnerabilities in device firmware on supported hardware. Currently, Microsoft is working to fix the problem, but for now, in order to prevent problems with booting the system, users can disable ConfigureSystemGuardLaunch.