Please feel free to post screenshots of these UEFI firmware settings for your brand and model of PC or motherboard to help others.
- 03 Jan 2013 #1
Secure Boot - Enable or Disable in UEFIHow to Enable or Disable Secure Boot in UEFI
Published by
03 Jan 2013
Secure Boot - Enable or Disable in UEFI
How to Enable or Disable Secure Boot in UEFI
InformationUEFI (replaces BIOS) has a firmware validation process, called secure boot, which is defined in Chapter 27 of the UEFI 2.3.1 specification. Secure boot defines how platform firmware manages security certificates, validation of firmware, and a definition of the interface (protocol) between firmware and the operating system. Secure boot prevents “unauthorized” operating systems and software from loading during the startup process.
Quick summary
- UEFI allows firmware to implement a security policy
- Secure boot is a UEFI protocol not a Windows 8 feature
- UEFI secure boot is part of Windows 8 secured boot architecture
- Windows 8 utilizes secure boot to ensure that the pre-OS environment is secure
- Secure boot doesn’t “lock out” operating system loaders, but is a policy that allows firmware to validate authenticity of components
- OEMs have the ability to customize their firmware to meet the needs of their customers by customizing the level of certificate and policy management on their platform
- Microsoft does not mandate or control the settings on PC firmware that control or enable secured boot from any operating system other than Windows
For more information about secure boot, see:
Protecting the pre-OS environment with UEFI - Building Windows 8 - Site Home - MSDN Blogs
NoteThis tutorial will show you how to enable or disable secure boot in your PC's UEFI settings.
Any PC with a Windows 8 logo sticker has secure boot enabled by default. Secure boot can make Windows 8 very resistant to low-level malware such as rootkits.
WarningArm based Windows RT PCs and devices will have a locked boot loader, so you will not be able to disabled secure boot on them.
Do not enable secure boot with Windows 7, Vista, or XP installed. If you do, these OSs will not boot until secure boot is disabled.
Enable or Disable Secure Boot on "ASRock" Motherboards
OPTION ONE 
NoteThis steps below are for how to enable or disable secure boot on an ASRock X79 Extreme11 UEFI motherboard.
These steps will vary depending on what brand and model number your PC or UEFI motherboard is, so please read it's manual to compare with the steps below for how to do so with your specific PC and motherboard.
If you would like to post screenshots for your motherboard, then please do. Here are some others posted so far:
1. Do step 2 or 3 below depending on how you would like to boot to the UEFI firmware settings.
2. Boot to UEFI Firmware Settings in Windows 8 "Advanced Options" UI
A) Boot to the UEFI Firmware Settings, then go to step 4 below. (see screenshot below)
3. Boot to UEFI Firmware Settings at Boot
NOTE: This step can be used with any 32-bit or 64-bit Windows installed.
A) During the initial stages at boot, press the DELETE key to enter UEFI firmware settings, and go to step 4 below.
NOTE: Your PC may use another key to press instead, so be sure to read your PC's manual and/or the boot screen to see what key to press.
4. In the motherboard's UEFI firmware settings, click/tap on the Security menu, select the Secure Boot option, and click/tap/press Enter to enable or disable it. (see screenshot below)
5. Click/tap on the Exit menu, and click/tap on Save Changes and Exit (reboot). (see screenshot below)
NOTE: You can usually also press the F10 to save changes and exit.
6. The computer will now restart to startup Windows.
Enable or Disable Secure Boot on "Acer" PCs OPTION TWO
That's it,
Shawn
Related Tutorials
- How to Confirm Secure Boot Enabled or Disabled in Windows 8
- How to Boot to UEFI Firmware Settings from inside Windows 8
- How to Install Windows 8 Using "Unified Extensible Firmware Interface" (UEFI)
- How to Install Windows 7 Using "Unified Extensible Firmware Interface" (UEFI)
- How to Create a Bootable UEFI USB Flash Drive for Installing Windows 7 and Windows 8
- How to Downgrade Windows 8 to Windows 7
- How to Do a Dual Boot Installation with Windows 8 and Windows 7 or Vista
Published by
Administrator
Join Date: Jul 2009Posts: 8,269Tutorial Tools
- 03 Jan 2013 #1My System Specs
- 03 Jan 2013 #2
- 03 Jan 2013 #3My System Specs
Thank you Ray.
- 26 Jan 2013 #4My System Specs
Apparently this does not work on all systems.
I have tried this with UEFI enabled and with UEFI disabled and booting from Legacy Bios mode. I get stuck in and endless loop at the Advanced Options screen. When I click " Uefi Firmware Settings" I get a screen that says Reboot to change Firmware Settings- and when i hit it's restart button, it brings me back to my normal boot options prompt, which of course only gives me the same options i always have to go back to the system recovery options. The loop starts over. I never see any page that actually has firmware settings i can change. On hitting the Restart button Delete doesn't do anything. I have looked through my Maintenance and Service Guide and it does not even mention UEFI, only the options for Legacy Bios mode.
I have read that we should be able to with UEFI, disable settings, even change or add our own secure boot keys or even delete Microsoft's key if needed from such a settings page. Uefi is supposed to have way more flexibility than Legacy Bios. sadly, i cannot access this on my new HP Pavilion G7. Anyone else have this problem or a workaround for it?
I Can disable Secure Boot in Legacy Bios Settings but only by enabling Legacy Bios. ( I can access the Legacy Bios settings to switch manually between using Legacy Mode and UEFI's mode with Secure Boot - in other words.. what I'm calling Legacy Bios Settings, looks exactly like normal Legacy Bios. If I try to disable Secure Boot in this manner, Legacy Bios gets enabled. If I try to enable Legacy Bios, Secure Boot gets disabled. It really acts as a toggle switch. ( I understand this is not a true Legacy Bios but a legacy Bios comparability layer running within UEFI)
I was hoping I could keep UEFI Mode enabled and through the UEFI Firmware Settings, Only disable Secure Boot leaving UEFI intact but I never see any page similar to the above. I wanted to do this because i am trying to get other operating systems installed for dual boot with Windows 8 and i wanted them to still run under UEFI and not have to take a step backward and use Legacy bios - something I did not want to do. I thought if i could leave Uefi intact and only disable Secure Boot via the Firmware Settings, it would help me with these installs. I have UEFI bootloaders that should let UEFI see and install these OS's yet something still is keeping them from installing - I assume that something to be Secure Boot.
- 26 Jan 2013 #5My System Specs
Hello Dark Rider,
Yeah, unfortunately each manufacturer may have their own way of doing this. The tutorial is more of a guide to use with your manual to help on how to do it.
When you restart after clicking on the "UEFI Firmware Settings" option, are you able to quickly press esc and then F10 from page 78 of your HP Pavillion G7-2251dx PC's manual below?
Your manual is pretty lacking (none) in any details for UEFI. I couldn't find anything either in it.
- 26 Jan 2013 #6My System Specs
Yes, I can hit Esc and then F10 which only brings me to my normal looking Legacy bios settings. They are no different than if I go into bios settings at any other time. It's just the same bios we are all used to, not a special UEFI Firmware Settings page.
Edit:
I have contacted HP about this issue. Seems all non ARM Pc's are required by Microsoft's hardware certification to allow the user the ability to disable Secure Boot. HP may be in breach of contract if they are not allowing this on purpose. ( HP is known for not giving full access to bios settings) Info here: If I buy a computer with Windows 8 and Secure Boot, will I still be able to install Linux? - Super User AND Here: Windows Hardware Certification Requirements for Client and Server Systems See sections 14, 17 and 18.Last edited by Dark Rider; 27 Jan 2013 at 10:39 AM.
- 29 Jan 2013 #7My System Specs
Hi Dark Rider,
I was wondering what you'd heard from HP on this issue. I've been waiting to attempt to make my Win 8 HPdv7 a dual-boot Win7/8 box b/c Windows 8 has been such a nightmare in terms of updates breaking things, loss of functionality, etc. Have you made any headway?
Thanks so much!
- 29 Jan 2013 #8My System Specs
I actually did make some headway. HP over the course of the past few weeks sent out multiple Bios upgrades. I of course used the HP Support Assistant to download and install every one of them and even had them all verified as updating successful. Seems they are still finding and fixing bugs with this system and UEFI bios. But the updates didn't work right for everyone even though they were verified. To give me the ability to disable Secure Boot, I had to roll back to an earlier bios version and reinstall the updates over again. If your lucky, this will catch and start working correctly. ( it also helps to download and initialize these installs from Legacy Bios Mode and not when UEFI mode is running ( using HP Support Assistant))
On top of that HP makes things very confusing because the UEFI Firmware Settings page is exactly the same as the Legacy Bios page. There is nothing you will see that's any different - the only thing you will notice is some functionality change. Now, you can disable Secure Boot while still using UEFI and it will not switch to Legacy Bios mode by default. This way you are still in UEFI mode with Secure Boot disabled.
Hope this helps. HP still does not allow the correct functionality of being able to delete or add your own Secure Boot Keys as is required by Microsoft in the "Windows Hardware Certification Requirements for Client and Server Systems" as mentioned above. Hopefully they will have a bios update to fix this oversight soon.
BTW, Here is a closer look at UEFI. UEFI has many great features but it's buggy as hell and lots of those features (even without Secure Boot enabled) can give more problems than it's worth. The code is buggy and there are no good standards to help fix these problems as of yet. EFI and Linux: the future is here, and it's awful - Matthew Garrett - YouTube The first half of this tells you the benefits of UEFI and the last tell of it's nightmares. It's clearly not ready as an IO platform yet and Microsoft was dead wrong to insist on OEM's using it.Last edited by Dark Rider; 29 Jan 2013 at 02:43 PM.
- 30 Jan 2013 #9My System Specs
Thanks so much, Dark Rider!! I'm still very nervous about trying to do this, but it's impossible not to have a fully functional box for any longer.
Secure Boot - Enable or Disable in UEFI
| Similar Threads | ||||
| Tutorial | Forum | |||
| Secure Sign-in with Ctrl+Alt+Delete - Enable or Disable in Windows 8 | Tutorials | |||
| Can i still install windows 8 if my uefi does not have secure boot? | Installation & Setup | |||
| Windows 8: UEFI Secure Boot System for Linux | Windows 8 News | |||
| Add Features to Windows 8 - Enable or Disable | Tutorials | |||
| Store - Enable or Disable in Windows 8 | Tutorials | |||
