The Highguard Machine Integrity Failed error (0xE0670402) usually appears when Secure Boot or TPM 2.0 is disabled on your system. To resolve this issue, both Secure Boot and TPM must be enabled.
⚠️ Important Warning
Before making any changes in the BIOS:
- If you are not comfortable modifying BIOS settings, contact your system manufacturer’s technical support.
- Incorrect BIOS changes can cause serious problems, including boot failure.
- If you use a PIN to sign in to Windows, make sure you also know your Windows account password, as the PIN may stop working after these changes.
Step 1: Check Secure Boot Status in Windows
Type msinfo32 in the Windows search box and open System Information.
Look for Secure Boot State.
- If it says On, Secure Boot is already enabled.
- If it says Off, you need to enable it in BIOS.
Step 2: Check TPM Status
Type tpm.msc in the Windows search box and open it.
If you see “TPM cannot be found”, TPM is disabled and must be enabled in BIOS.
Step 3: Access UEFI / BIOS Settings
Open Windows Settings → Windows Update → Advanced options.
Click Recovery, then under Advanced startup, select Restart now.
After restart:
- Select Troubleshoot
- Go to Advanced options
- Choose UEFI Firmware Settings
- Click Restart
Your system will now boot into the BIOS.
Step 4: Enable Secure Boot
Inside the BIOS, go to Boot Configuration (menu names vary by manufacturer).
- Make sure Boot Mode is set to UEFI
- Scroll down and find Secure Boot
- Set Secure Boot to Enabled
- Click Apply Changes, then confirm with OK
Step 5: Enable TPM 2.0
Go to the Security section in BIOS.
- Look for TPM, Intel Platform Trust Technology (PTT), or AMD fTPM
- Enable the option
- Click Apply Changes, then OK
Step 6: Save and Exit
Select Exit, then allow the system to restart.
After reboot:
- You may not be able to log in using your PIN
- Use your Windows account password instead
- Once logged in, Windows will reconfigure security settings automatically
Conclusion:
This error is not caused by software bugs or drivers.
It’s a system security requirement enforced by Highguard.
Once Secure Boot and TPM 2.0 are enabled, the error should be fully resolved.
If the error persists even after enabling both features, contact your PC or motherboard manufacturer, as firmware limitations may be involved.
