Skip to main content

Error "Already instrumented" displayed after attempting FDE Safe Start - Kennisbank / ESET Endpoint Encryption - ESET Tech Center

Error "Already instrumented" displayed after attempting FDE Safe Start

Authors list

Problem

When attempting to start full disk encryption using Safe Start the Safe Start countdown does not show during the process and fails as a result. If you attempt to run Safe Start again it fails with an error stating "The disk is already instrumented (Error 0xC0010018)"

This problem applies to systems using UEFI for booting the system only.

 

Cause

When full disk encryption is applied to a UEFI system the boot order within the BIOS is adjusted so that the DESlock+ boot loader is loaded when the system powers on.  This means when the system boots it will display the DESlock+ pre-boot screen for the user to enter their credentials and then allow the encrypted system to boot.

We have found that the implementation of the UEFI specification on some models of machine do not follow the UEFI specification correctly.  The UEFI specification mandates a set of boot time variables that are used to describe to the firmware what to execute on power up.  Machines that do not follow this specification fail to implement these variables and simply boot directly to the Microsoft Windows boot loader because the boot location is hard coded.  This prevents Safe Start from completing correctly and prevents encryption from starting.

This behaviour can cause problems with other encryption products and non-Microsoft operating systems being used on these machines.  The use of Safe Start prevents the machine from failing to boot due to the incorrect UEFI firmware.

 

Solution

There are two possible solutions to a system that exhibits this behaviour. 

Update BIOS

It is possible that a newer BIOS version will improve the UEFI implementation on the system.  You should ensure you are running the latest BIOS from your machines manufacturer.  Please see their relevant website for availability and instructions.

Later DESlock+ builds

We have implemented a workaround for this problem in the latest DESlock+ client v4.8.0 onwards which will be released shortly. 

 

Keywords: dell, hp, hewlett, packard, toshiba, evny, sleekbook, pavilion, samsung, 535u3c, acer, aspire, e1-571, 0xC00B003D

Add a comment

Please log in or register to submit a comment.

Need a password reminder?