Secure Boot Verification Failed (0x1A)
How to diagnose and fix the "Verification failed (0x1A) Security Violation" UEFI Secure Boot error when booting live USBs.
The Verification failed: (0x1A) Security Violation error is thrown by UEFI Secure Boot when it blocks an unauthorized operating system, bootloader (for example Ventoy), or modified firmware from loading. It shows up most often when booting a Linux live USB, or after a motherboard/firmware update changes the stored keys.
Secure Boot only loads binaries signed with a key it trusts. The error means the thing you're trying to boot isn't signed with a recognised key — not that the media is broken. Pick one of the three fixes below depending on whether you want to keep Secure Boot on.
Solution 1 — Temporarily disable Secure Boot (quickest fix)
The fastest way past the error is to turn Secure Boot off in firmware. Use this if you just need to boot the USB once and don't need Secure Boot enforced.
Enter firmware setup
Restart the machine and repeatedly tap the firmware/BIOS key during power-on. It's usually F2, F10, F12, or Delete, depending on the manufacturer.
Find the Secure Boot setting
Open the Security, Boot, or Authentication tab and locate the Secure Boot option.
Disable and save
Set Secure Boot to Disabled, then save and exit — typically F10. The machine will reboot and the USB should now load.
Re-enable Secure Boot afterwards if the machine's normal OS (or a corporate policy such as BitLocker / Device Guard) expects it on. Leaving it off weakens boot integrity.
Solution 2 — Enrol the key via MOK Manager (keep Secure Boot on)
If you're booting a tool like Ventoy and want to leave Secure Boot enabled, authorise its bootloader through Machine Owner Key (MOK) management instead of disabling anything.
Trigger MOK Manager
When the blue MOK management screen appears after the error, press any key to enter it (rather than letting it time out).
Enrol a key from disk
Choose Enroll key from disk.
Select the Ventoy certificate
Browse to the VTOYEFI partition and select ENROLL_THIS_KEY_IN_MOKMANAGER.cer.
Confirm and reboot
Continue, choose Yes to enrol the key, then reboot. The bootloader is now trusted and Secure Boot stays enforced.
Solution 3 — Reset Secure Boot keys to factory defaults
If the error started after you modified the BIOS keys yourself, restoring the manufacturer defaults usually clears it.
Enter firmware setup
Reboot into the BIOS/UEFI menu using the firmware key for your machine.
Open key management
Go to the Security or Boot tab and look for Secure Boot Keys or Restore Factory Keys.
Restore defaults and reboot
Select Reset to Factory Default (wording varies by vendor), save, and reboot.
Which fix to reach for: Solution 1 for a one-off boot, Solution 2 when Ventoy/live USBs must coexist with an enforced Secure Boot policy, and Solution 3 when the machine's own keys got into a bad state after firmware changes.
Force-Deleting Protected Windows Folders
Take ownership and delete folders that resist removal even from an Administrator account, using takeown, icacls, and an escalation ladder.
Dell Laptop Troubleshooting & Hard Reset Guide
General troubleshooting steps for Dell laptops, including hard reset methods and BIOS password bypass.