1829

  • Updated on Feb 6, 2026
  • 2 minute(s) read
  • VN
 Prev Next

Summary:  SDClean.exe is a support tool that clears all NVRAM SecureDoc Boot variables to ensure there are no pointers to a previous SecureDoc installation remaining on the device before or after a "bare metal" re-image. This tool cleans all SD NVRAM variables including, FBO (Specific to HP systems), boot entries, and drivers (SDDRV) so that after running, they can be sure that the bios NVRam is "clean".  This tool can be run either before re-imaging or before reinstalling the SecureDoc client on a re-imaged PC.

Environment Info:
SecureDoc for Windows Client (Any version)
Computer system configured for UEFI bios boot mode (Any Vendor)

Note: SecureDoc has the ability to either use "UEFI Boot Order" or "Patch" windows boot manager.  In either scenario, NVRAM entries may be created for a UEFI driver that is used to protect the boot process, and also for a depreciated "FBO" setting on HP devices.  Due to this, use of this tool may be applicable in both scenarios.  Many UEFI bios's can perform their own clean up tasks, but as that cannot be guaranteed, this tool was created.

Issue: When doing a bare metal reimage of a device, the device bios will sometimes retain the boot entries for SecureDoc even though they are no longer valid.

Program Usage:
SDclean.exe [all] [clearfbo] [clearbord] [cleardord]

all - Clear all SecureDoc related NVRAM entries from the firmware.  Equivalent to SDClean.exe clearfbo clearbord cleardord
clearfbo  - Clears the HP FBO (FilterBootOrder) entry only.
clearbord - Clears SecureDoc entries from the BootOrder list.
cleardord - Clears SecureDoc entries from the DriverOrder list.

Note: No leading dashes or slashes are required in front of the parameters

Example of Usage:
System configured with SecureDoc Software encryption operating in Native UEFI boot mode:

WinPE Method

  1. Copy the utility onto a WinPE image/stick
  2. Boot into WinPE on the SecureDoc device that is to be re-imaged
  3. Run the command "SDClean.exe all" without quotes
  4. On a non HP system or HP system where "FBO" is not present, an FBO error may appear, this is normal
  5. To confirm that the NVRAM variables have been removed, restart the device - you should not see preboot, and windows should fail to load with a BSOD
  6. Reimage the device per company process

Windows Method

  1. Perform the same steps as for WinPE but from within the regular Windows Operating system
  2. It is required to run the tool with Administrator rights
  3. You can confirm the absence of the SecureDoc Boot Entry via the bcdedit command:  bcdedit /enum firmware
  4. You should not see an entry for SecureDoc
  5. Reimage the device per company process

Result: SD Clean Tool has cleared all SecureDoc NVRAM entries.  As demonstrated above, this tool operates in the Windows OS as well as in WinPE thus providing flexibility for multiple deployment scenarios.

SD Clean Tool Download link: http://downloads.winmagic.info/SD8.5/Tool/SDClean.zip

Related articles