Windows 11 Update: Users report unexpected logout problems!

Windows 11 Update: Users report unexpected logout problems!

The recently released April update for Windows 11 is causing significant problems for users who have activated the “System Guard Secure Launch” or “Dynamic Root of Trust for Measurement” functions. Those affected report massive difficulties logging in, especially when using Windows Hello. Many users are suddenly locked out of their devices because both facial recognition and PIN entry no longer work. Error messages such as “Face recognition could not be set up” and “Something went wrong, your PIN is not available” are increasing, which leads to blockage of access to the system. In such cases, the only option often left is to reset the PIN to regain access.

Microsoft has acknowledged the incidents, but describes the problems as isolated cases. The difficulties particularly arise after a reset process with the “Keep my files” option, which causes frustration among users. Such incidents shed light on the fragility of safety-critical systems, especially those with advanced features such as System Guard.

Background to System Guard Secure Launch

Microsoft's technologies, including System Guard Secure Launch, provide comprehensive security measures, especially for secured-core PCs. These PCs are specifically designed to prevent malware attacks and minimize firmware vulnerabilities via a clean, trustworthy boot state. Since virtualization-based security is enabled by default, users benefit from a high level of protection, which is complemented by Hypervisor Protected Code Integrity (HVCI). This mechanism protects system memory and ensures that all executable files come from known and approved sources.

A basic requirement for the effective operation of “System Guard Secure Launch” is the use of the Dynamic Root of Trust for Measurement (DRTM), which works in accordance with the UEFI Secure Boot process. This forces the system into a hardware-controlled trustworthy state, thereby minimizing the possibility of attacks on the firmware. Administrator rights are required to enable or disable this security feature if necessary. Microsoft offers instructions for this that can be done via Windows Security or the Registry Editor.

Activating and deactivating System Guard

Enabling or disabling Microsoft Defender System Guard Secure Launch can be done through both Windows Security and Registry Editor. The steps include, but are not limited to:

1. Windows Sicherheit öffnen.
2. Auf „Gerätesicherheit“ klicken.
3. Die Details zur Kernisolierung aufrufen und den Firmware-Schutz aktivieren oder deaktivieren.
4. Falls der Firmware-Schutz gesperrt ist, müssen entsprechende DWORD-Werte im Registrierungseditor angepasst werden.
5. Den Computer anschließend neu starten.

To ensure that these features are configured correctly, users can also view the system information on their device and check the virtualization-based security services. Such information is essential in order to optimally manage the security settings and avoid possible difficulties, such as the current April update.

For more information about the security architecture and protection provided by System Guard Secure Launch, users can consult Microsoft's official resources. These provide deeper insights into how security features work and are configured.