What Is Secure Boot, and How to Solve “Unsigned Driver” Issue in Windows 10 Anniversary Update

We just want to let you know that we fixed “Secure Boot” issue in the latest update of HFS+ for Windows 11. We explain what was the hindrance down below.  By the way, HFS+ for Windows 11 is a part of  Paragon UFSD Value Pack for cross-platform users, that goes with lifetime upgrade assurance. More info at the end of the article.

Modern PCs start up with the “Secure Boot” feature, part of the UEFI firmware that replaced traditional BIOS.

BIOS is a computer’s Basic Input-Output System — low-level software that resides on a chip built into the motherboard. BIOS’s job is to start up various components when you turn on your PC, make sure they’re functioning, then pass functionality off to your operating system or another boot loader. Prior to 1981, computers used very different ways to perform this operation, until IBM presented the 5150 that became standard for hardware compatibility

IBM 5150 used a 16-bit Intel 8088 processor, matching the BIOS itself which allowed 1MB of address space. It also used a Master Boot Record (MBR) to specify the computer’s partition table, which in turn told BIOS where the operating system was.

BIOS was a good system, providing an interface where you could enable or disable individual components and advanced hardware options. But as time passed, BIOS obsolesced compared to the newer hardware in development. To make up for its shortcomings, extensions were developed. But over time, the limitations had to be overcome by a brand-new system.

old bios


UEFI soon inherited BIOS’s legacy. Unified Extensible Firmware Interface was originally developed by Intel to circumvent BIOS issues for their 64-bit Itanium-based servers. Many changes were made compared to BIOS.

First, the visual layout was fundamentally overhauled. While pictures aren’t necessary, they can be helpful for things like overclocking. Second, UEFI can function in 32-bit and 64-bit modes, allowing far greater amounts of RAM to be addressed by more complex processes; by comparison, BIOS was limited to 16-bit processes and 1MB of memory addressing. Third, UEFI uses the GUID Partition Table, which utilizes Globally Unique IDs to address partitions, and allows booting from hard disks as large as 9.4ZB (one zettabyte = one billion terabytes), while MBR is limited to four primary partitions per disk and bootable disks are limited in size to 2.2TB.

So, the UEFI “Secure Boot” protocol is one the new features that prevents your PC to boot from “untrusted” firmware.

When you boot your PC, it checks hardware devices against the configured boot order, then attempts to boot from them. Typical PCs will find and boot the Windows bootloader, which then launches the full Windows operating system.

Traditional BIOS will boot any software, and some malwares, such as a rootkit, can replace your bootloader. Rootkits could load your normal operating system with no indication anything was wrong, remaining invisible and undetectable on your system. Secure Boot was designed to prevent this.

win10-architecture unsigned-drivers

UEFI checks the bootloader prior to launching it, ensuring that it’s signed by Microsoft. If a rootkit or another malware has forged or replaced your bootloader, UEFI won’t allow it to boot. This prevents malware from hijacking your boot process and concealing itself inside your operating system.

However, with the Windows 10 Anniversary Update, Microsoft has changed this policy. All new Windows 10 kernel mode drivers must be submitted to the Windows Hardware Developer Center Dashboard portal (Dev Portal) to be digitally signed by Microsoft. If they were not, Windows 10 could fail to load new, unsigned kernel drivers. Thus, when you install the Windows 10 Anniversary Update, some drivers may not work the way they used to. For instance, our driver Paragon HFS+ for Windows 11 used to require “Secure Boot” disabled, but we fixed it by having it officially signed by Microsoft. 

Anyhow, this issue might affect others, so we show you a workaround in case you encounter it. You can disable the “Secure Boot” feature by following these steps:

1) Open the PC BIOS menu by pressing a key during the boot-up sequence, such as F1, F2, F12, or Esc (depending on your PC), or hold down the Shift key while selecting Restart while Windows is running.

2) Go to Troubleshoot -> Advanced Options -> UEFI Firmware Settings.

3) Find the Secure Boot setting and set it to Disabled. This option is typically found in either the Security tab, the Boot tab, or the Authentication tab.

4) Save changes and reboot your PC.

In conclusion, while Secure Boot does create a safer environment for users by preventing the installation of malicious driver software, not every honest developer has yet managed to pass through Microsoft’s registration process for a variety of reasons.

P.S. We have an awesome pack of five useful drivers for cross-platform users – Paragon UFSD (Universal File System Driver) Value Pack. It has been developed for users working with multiple operating systems to instantly solve compatibility issues. The UFSD Value Pack comes with a lifetime free upgrade guarantee, and is available for just $49.95 — a savings of nearly $100 compared to purchasing the included tools separately. For existing Paragon NTFS for Mac 14 customers, the UFSD Value Pack is available for just $19.95 in their personal MyParagon accounts. For all users with NTFS for Mac 12 version and lower the final bundle price is $24.95.

Check out your offer now >>