What's new

Secure Boot - Enable or Disable in UEFI

How to Enable or Disable Secure Boot in UEFI

UEFI (replaces BIOS) has a firmware validation process, called secure boot, which is defined in Chapter 27 of the UEFI 2.3.1 specification. Secure boot defines how platform firmware manages security certificates, validation of firmware, and a definition of the interface (protocol) between firmware and the operating system. Secure boot prevents “unauthorized” operating systems and software from loading during the startup process.

Quick summary

  • UEFI allows firmware to implement a security policy
  • Secure boot is a UEFI protocol not a Windows 8 feature
  • UEFI secure boot is part of Windows 8 secured boot architecture
  • Windows 8 utilizes secure boot to ensure that the pre-OS environment is secure
  • Secure boot doesn’t “lock out” operating system loaders, but is a policy that allows firmware to validate authenticity of components
  • OEMs have the ability to customize their firmware to meet the needs of their customers by customizing the level of certificate and policy management on their platform
  • Microsoft does not mandate or control the settings on PC firmware that control or enable secured boot from any operating system other than Windows

For more information about secure boot, see:



This tutorial will show you how to enable or disable secure boot in your PC's UEFI settings.

Any PC with a Windows 8 logo sticker has secure boot enabled by default. Secure boot can make Windows 8 very resistant to low-level malware such as rootkits.

If you have secure boot enabled, you may sometimes need to disable secure boot first before being able to boot from a USB flash drive depending on your UEFI firmware settings.


If you would like to post screenshots of your motherboard's secure boot settings, then please do. Here are some others posted so far:


warning   Warning
Arm based Windows RT PCs and devices will have a locked boot loader, so you will not be able to disabled secure boot on them.

If you have a Windows 8.1 device that has the device encryption feature turned on and disable secure boot, then you may not be able to access the data on the disk until you enable secure boot again.

Do not enable secure boot with Windows 7, Vista, or XP installed. If you do, these OSs will not boot until secure boot is disabled.


EXAMPLE: "SecureBoot isn't configured correctly" watermark in Windows 8.1

SecureBoot_isn't_configured_correctly_watermark.jpg

You will see this watermark on the bottom right corner of your desktop if you have Windows 8.1 installed with UEFI and secure boot is not configured correctly even when enabled. To remove this watermark, you will just need to enable and configure secure boot correctly.

Sometimes the watermark doesn't go away even if you correct the settings in UEFI/BIOS or your BIOS doesn't support this feature at all.

Microsoft has acknowledged this issue and released a hotfix KB2902864 to solve this problem. Once you install this hotfix, it'll remove the annoying watermark from your Windows 8.1 desktop.

Windows 8.1 users who have the "SecureBoot isn't configured correctly" watermark on the desktop, can download this hotfix from the following links:

Update removes the "Windows 8.1 SecureBoot isn't configured correctly" watermark in Windows 8.1 and Windows Server 2012 R2






OPTION ONE

Enable or Disable Secure Boot on ASRock Motherboards



This steps below are for how to enable or disable secure boot on an ASRock X79 Extreme11 UEFI motherboard.

These steps will vary depending on what brand and model number your PC or UEFI motherboard is, so please read it's manual to compare with the steps below for how to do so with your specific PC and motherboard.


1. Do step 2 or 3 below depending on how you would like to boot to the UEFI firmware settings.

2. Boot to UEFI Firmware Settings in Windows 8/8.1 "Advanced Options" UI

A) Boot to the UEFI Firmware Settings, then go to step 4 below. (see screenshot below)

Advanced-options.jpg

3. Boot to UEFI Firmware Settings at Boot
NOTE: This step can be used with any 32-bit or 64-bit Windows installed.

A) During the initial stages at boot, press the DELETE key to enter UEFI firmware settings, and go to step 4 below.
NOTE: Your PC may use another key to press instead, so be sure to read your PC's manual and/or the boot screen to see what key to press.

4. In the motherboard's UEFI firmware settings, click/tap on the Security menu, select the Secure Boot option, and click/tap/press Enter to enable or disable it. (see screenshots below)


Asrock_X79_Extreme_11_Secure-Boot-1.jpg


5. If you enabled secure boot, then click/tap on the "Install default Secure Boot keys" option. (see screenshot below)
NOTE: This is to configure secure boot.


Asrock_X79_Extreme_11_Secure-Boot-2.jpg




A) Click/tap on Yes to approve. (see screenshot below)


Asrock_X79_Extreme_11_Secure-Boot-3.jpg


B) Secure boot has now been enabled and configured. (see screenshot below)

Secure_Boot-1.jpg

8. Click/tap on the Exit menu, and click/tap on Save Changes and Exit (reboot). (see screenshot below)
NOTE: You can usually also press the F10 to save changes and exit.


Secure_Boot-2.jpg

9. The computer will now restart to startup Windows.






OPTION TWO

Enable or Disable Secure Boot on Acer PCs



1. See: How to Enable or Disable Secure Boot

[video=youtube;5nG4zMdrHKs]






OPTION THREE

Enable or Disable Secure Boot on HP PCs



1. See: Secure Boot (Windows 8) | HP® Support


c03980379.jpg



That's it,
Shawn


 

Attachments

  • Uefi_logo.png
    Uefi_logo.png
    6.4 KB · Views: 353
Last edited by a moderator:

yu gnomi

New Member
Member
yes. I have 4 partitions on my boot drive, all created by windows, System Info tells me Bios mode is UEFI

How do you clear the secure boot keys?


edit: looking in my motherboard manual, there seems to be a secureboot mode setting that can be set to [custom], which will then enable a key management sub-menu. I am not seeing any info on that sub-menu though.
 

My Computer

System One

  • OS
    Win 8.1 Pro
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Home Built
    CPU
    Intel i5-4590
    Motherboard
    MSI h97 PC Mate
    Memory
    Kingston Valu Ram 2 x 8 gb
    Graphics Card(s)
    Radeon r7 265
    Monitor(s) Displays
    Viewsonic 22" flat display
    Screen Resolution
    1920 x 1080
    Hard Drives
    Samsung 250 gb 840 evo SSD,
    WD Blue 1 TB HD,
    Fantom 2 TB ext HD
    PSU
    Corsair 600 W
    Case
    Antec 1
    Cooling
    stock CPU cooler, 4 x case fans, GPU fan and P/S fan
    Keyboard
    HP ps/2 keyboard
    Mouse
    Logitech Trackman Marble
    Internet Speed
    50 mb/s
    Browser
    Chrome
    Antivirus
    Norton Security Suite

yu gnomi

New Member
Member
Ok, entered UEFI, set secureboot mode to custom, accessed the key management menu, and set every option to [load default], or whatever exactly it said, and could then enable secureboot.

after restarting and getting a "bad configuration" error message from windows, and restarting again, I was able to see that system information now tells me that secureboot is on.

I shut down, and started back up cold, just to make sure I hadn't broken my operating system doing this. It appears that so far I haven't.


Should I leave it like this, or is there some configuring I should do? (and if so could you help me out with said configuring)
 

My Computer

System One

  • OS
    Win 8.1 Pro
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Home Built
    CPU
    Intel i5-4590
    Motherboard
    MSI h97 PC Mate
    Memory
    Kingston Valu Ram 2 x 8 gb
    Graphics Card(s)
    Radeon r7 265
    Monitor(s) Displays
    Viewsonic 22" flat display
    Screen Resolution
    1920 x 1080
    Hard Drives
    Samsung 250 gb 840 evo SSD,
    WD Blue 1 TB HD,
    Fantom 2 TB ext HD
    PSU
    Corsair 600 W
    Case
    Antec 1
    Cooling
    stock CPU cooler, 4 x case fans, GPU fan and P/S fan
    Keyboard
    HP ps/2 keyboard
    Mouse
    Logitech Trackman Marble
    Internet Speed
    50 mb/s
    Browser
    Chrome
    Antivirus
    Norton Security Suite

Brink

Administrator
Administrator
mvp
It appears that you have now successfully enabled secure boot if you are not getting anymore errors at boot. :)
 

My Computer

System One

  • OS
    64-bit Windows 10
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Custom self built
    CPU
    Intel i7-8700K OC'd to 5 GHz
    Motherboard
    ASUS ROG Maximus XI Formula Z390
    Memory
    16 GB (8GBx2) G.SKILL TridentZ DDR4 3200 MHz
    Graphics Card(s)
    ASUS ROG-STRIX-GTX1080TI-O11G-GAMING
    Sound Card
    Integrated Digital Audio (S/PDIF)
    Monitor(s) Displays
    2 x Samsung Odyssey G7 27"
    Screen Resolution
    2560x1440
    Hard Drives
    1TB Samsung 970 EVO Plus M.2,
    250GB Samsung 960 EVO M.2,
    6TB WD Black WD6001FZWX
    8TB WD MyCloudEX2Ultra NAS
    PSU
    OCZ Series Gold OCZZ1000M 1000W
    Case
    Thermaltake Core P3
    Cooling
    Corsair Hydro H115i
    Keyboard
    Logitech wireless K800
    Mouse
    Logitech MX Master 3
    Internet Speed
    1 Gb/s Download and 35 Mb/s Upload
    Browser
    Internet Explorer 11
    Antivirus
    Malwarebyte Anti-Malware Premium
    Other Info
    Logitech Z625 speaker system,
    Logitech BRIO 4K Pro webcam,
    HP Color LaserJet Pro MFP M477fdn,
    Linksys EA9500 router,
    Arris SB8200 cable modem,
    APC SMART-UPS RT 1000 XL - SURT1000XLI,
    Lumia 1520 phone

yu gnomi

New Member
Member
no more errors

Hopefully factory defaults are good enough. I am pretty far out of my depth with this stuff, and don't know where to begin furnishing my own values to replace those.

Thank you for assisting me
 

My Computer

System One

  • OS
    Win 8.1 Pro
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Home Built
    CPU
    Intel i5-4590
    Motherboard
    MSI h97 PC Mate
    Memory
    Kingston Valu Ram 2 x 8 gb
    Graphics Card(s)
    Radeon r7 265
    Monitor(s) Displays
    Viewsonic 22" flat display
    Screen Resolution
    1920 x 1080
    Hard Drives
    Samsung 250 gb 840 evo SSD,
    WD Blue 1 TB HD,
    Fantom 2 TB ext HD
    PSU
    Corsair 600 W
    Case
    Antec 1
    Cooling
    stock CPU cooler, 4 x case fans, GPU fan and P/S fan
    Keyboard
    HP ps/2 keyboard
    Mouse
    Logitech Trackman Marble
    Internet Speed
    50 mb/s
    Browser
    Chrome
    Antivirus
    Norton Security Suite

Brink

Administrator
Administrator
mvp
You're most welcome. Glad you got it sorted. :)
 

My Computer

System One

  • OS
    64-bit Windows 10
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Custom self built
    CPU
    Intel i7-8700K OC'd to 5 GHz
    Motherboard
    ASUS ROG Maximus XI Formula Z390
    Memory
    16 GB (8GBx2) G.SKILL TridentZ DDR4 3200 MHz
    Graphics Card(s)
    ASUS ROG-STRIX-GTX1080TI-O11G-GAMING
    Sound Card
    Integrated Digital Audio (S/PDIF)
    Monitor(s) Displays
    2 x Samsung Odyssey G7 27"
    Screen Resolution
    2560x1440
    Hard Drives
    1TB Samsung 970 EVO Plus M.2,
    250GB Samsung 960 EVO M.2,
    6TB WD Black WD6001FZWX
    8TB WD MyCloudEX2Ultra NAS
    PSU
    OCZ Series Gold OCZZ1000M 1000W
    Case
    Thermaltake Core P3
    Cooling
    Corsair Hydro H115i
    Keyboard
    Logitech wireless K800
    Mouse
    Logitech MX Master 3
    Internet Speed
    1 Gb/s Download and 35 Mb/s Upload
    Browser
    Internet Explorer 11
    Antivirus
    Malwarebyte Anti-Malware Premium
    Other Info
    Logitech Z625 speaker system,
    Logitech BRIO 4K Pro webcam,
    HP Color LaserJet Pro MFP M477fdn,
    Linksys EA9500 router,
    Arris SB8200 cable modem,
    APC SMART-UPS RT 1000 XL - SURT1000XLI,
    Lumia 1520 phone

yu gnomi

New Member
Member
question- does secureboot increase the time it takes for a PC to wake from sleep?

I generally put mine to sleep whenever I am not using it, and it seems like it generally takes anywhere from 5 to 10 seconds to wake up now. It used to be the case that waking it from sleep frequently took next to no time (like 1 or 2 seconds).
 

My Computer

System One

  • OS
    Win 8.1 Pro
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Home Built
    CPU
    Intel i5-4590
    Motherboard
    MSI h97 PC Mate
    Memory
    Kingston Valu Ram 2 x 8 gb
    Graphics Card(s)
    Radeon r7 265
    Monitor(s) Displays
    Viewsonic 22" flat display
    Screen Resolution
    1920 x 1080
    Hard Drives
    Samsung 250 gb 840 evo SSD,
    WD Blue 1 TB HD,
    Fantom 2 TB ext HD
    PSU
    Corsair 600 W
    Case
    Antec 1
    Cooling
    stock CPU cooler, 4 x case fans, GPU fan and P/S fan
    Keyboard
    HP ps/2 keyboard
    Mouse
    Logitech Trackman Marble
    Internet Speed
    50 mb/s
    Browser
    Chrome
    Antivirus
    Norton Security Suite

Brink

Administrator
Administrator
mvp
Hello Yu Gnomi,

It shouldn't make any noticable difference it boot times.

Double check to make sure that you have "Fast Boot" enabled in your motherboard's UEFI firmware settings, and have fast startup turned on in Windows to see if that may help. :)
 

My Computer

System One

  • OS
    64-bit Windows 10
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Custom self built
    CPU
    Intel i7-8700K OC'd to 5 GHz
    Motherboard
    ASUS ROG Maximus XI Formula Z390
    Memory
    16 GB (8GBx2) G.SKILL TridentZ DDR4 3200 MHz
    Graphics Card(s)
    ASUS ROG-STRIX-GTX1080TI-O11G-GAMING
    Sound Card
    Integrated Digital Audio (S/PDIF)
    Monitor(s) Displays
    2 x Samsung Odyssey G7 27"
    Screen Resolution
    2560x1440
    Hard Drives
    1TB Samsung 970 EVO Plus M.2,
    250GB Samsung 960 EVO M.2,
    6TB WD Black WD6001FZWX
    8TB WD MyCloudEX2Ultra NAS
    PSU
    OCZ Series Gold OCZZ1000M 1000W
    Case
    Thermaltake Core P3
    Cooling
    Corsair Hydro H115i
    Keyboard
    Logitech wireless K800
    Mouse
    Logitech MX Master 3
    Internet Speed
    1 Gb/s Download and 35 Mb/s Upload
    Browser
    Internet Explorer 11
    Antivirus
    Malwarebyte Anti-Malware Premium
    Other Info
    Logitech Z625 speaker system,
    Logitech BRIO 4K Pro webcam,
    HP Color LaserJet Pro MFP M477fdn,
    Linksys EA9500 router,
    Arris SB8200 cable modem,
    APC SMART-UPS RT 1000 XL - SURT1000XLI,
    Lumia 1520 phone

yu gnomi

New Member
Member
My motherboard has a utility which tells me that fast boot is enabled and I also have Intel rapid start enabled.

As for windows, this is the page with my power options - I don't know how to enable windows fast startup, or check to see if it is already enabled.


Power%20Options%20System%20Settings.png
 
Last edited by a moderator:

My Computer

System One

  • OS
    Win 8.1 Pro
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Home Built
    CPU
    Intel i5-4590
    Motherboard
    MSI h97 PC Mate
    Memory
    Kingston Valu Ram 2 x 8 gb
    Graphics Card(s)
    Radeon r7 265
    Monitor(s) Displays
    Viewsonic 22" flat display
    Screen Resolution
    1920 x 1080
    Hard Drives
    Samsung 250 gb 840 evo SSD,
    WD Blue 1 TB HD,
    Fantom 2 TB ext HD
    PSU
    Corsair 600 W
    Case
    Antec 1
    Cooling
    stock CPU cooler, 4 x case fans, GPU fan and P/S fan
    Keyboard
    HP ps/2 keyboard
    Mouse
    Logitech Trackman Marble
    Internet Speed
    50 mb/s
    Browser
    Chrome
    Antivirus
    Norton Security Suite

Brink

Administrator
Administrator
mvp
Clicking on the link in my post above will help show you how to check Fast Startup. It requires that you have hibernate enabeled though.
 

My Computer

System One

  • OS
    64-bit Windows 10
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Custom self built
    CPU
    Intel i7-8700K OC'd to 5 GHz
    Motherboard
    ASUS ROG Maximus XI Formula Z390
    Memory
    16 GB (8GBx2) G.SKILL TridentZ DDR4 3200 MHz
    Graphics Card(s)
    ASUS ROG-STRIX-GTX1080TI-O11G-GAMING
    Sound Card
    Integrated Digital Audio (S/PDIF)
    Monitor(s) Displays
    2 x Samsung Odyssey G7 27"
    Screen Resolution
    2560x1440
    Hard Drives
    1TB Samsung 970 EVO Plus M.2,
    250GB Samsung 960 EVO M.2,
    6TB WD Black WD6001FZWX
    8TB WD MyCloudEX2Ultra NAS
    PSU
    OCZ Series Gold OCZZ1000M 1000W
    Case
    Thermaltake Core P3
    Cooling
    Corsair Hydro H115i
    Keyboard
    Logitech wireless K800
    Mouse
    Logitech MX Master 3
    Internet Speed
    1 Gb/s Download and 35 Mb/s Upload
    Browser
    Internet Explorer 11
    Antivirus
    Malwarebyte Anti-Malware Premium
    Other Info
    Logitech Z625 speaker system,
    Logitech BRIO 4K Pro webcam,
    HP Color LaserJet Pro MFP M477fdn,
    Linksys EA9500 router,
    Arris SB8200 cable modem,
    APC SMART-UPS RT 1000 XL - SURT1000XLI,
    Lumia 1520 phone

yu gnomi

New Member
Member
regarding the extra time it takes my PC to wake from sleep I mentioned a few posts back- I have discovered that it starts up just as quick as before if I do not have my Windows phone connected to the USB on the front. So secure boot was never the issue, I have just been leaving my phone connected to my PC a lot recently.
 

My Computer

System One

  • OS
    Win 8.1 Pro
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Home Built
    CPU
    Intel i5-4590
    Motherboard
    MSI h97 PC Mate
    Memory
    Kingston Valu Ram 2 x 8 gb
    Graphics Card(s)
    Radeon r7 265
    Monitor(s) Displays
    Viewsonic 22" flat display
    Screen Resolution
    1920 x 1080
    Hard Drives
    Samsung 250 gb 840 evo SSD,
    WD Blue 1 TB HD,
    Fantom 2 TB ext HD
    PSU
    Corsair 600 W
    Case
    Antec 1
    Cooling
    stock CPU cooler, 4 x case fans, GPU fan and P/S fan
    Keyboard
    HP ps/2 keyboard
    Mouse
    Logitech Trackman Marble
    Internet Speed
    50 mb/s
    Browser
    Chrome
    Antivirus
    Norton Security Suite

Brink

Administrator
Administrator
mvp
Great news. Thank you for posting back with your findings. :)
 

My Computer

System One

  • OS
    64-bit Windows 10
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Custom self built
    CPU
    Intel i7-8700K OC'd to 5 GHz
    Motherboard
    ASUS ROG Maximus XI Formula Z390
    Memory
    16 GB (8GBx2) G.SKILL TridentZ DDR4 3200 MHz
    Graphics Card(s)
    ASUS ROG-STRIX-GTX1080TI-O11G-GAMING
    Sound Card
    Integrated Digital Audio (S/PDIF)
    Monitor(s) Displays
    2 x Samsung Odyssey G7 27"
    Screen Resolution
    2560x1440
    Hard Drives
    1TB Samsung 970 EVO Plus M.2,
    250GB Samsung 960 EVO M.2,
    6TB WD Black WD6001FZWX
    8TB WD MyCloudEX2Ultra NAS
    PSU
    OCZ Series Gold OCZZ1000M 1000W
    Case
    Thermaltake Core P3
    Cooling
    Corsair Hydro H115i
    Keyboard
    Logitech wireless K800
    Mouse
    Logitech MX Master 3
    Internet Speed
    1 Gb/s Download and 35 Mb/s Upload
    Browser
    Internet Explorer 11
    Antivirus
    Malwarebyte Anti-Malware Premium
    Other Info
    Logitech Z625 speaker system,
    Logitech BRIO 4K Pro webcam,
    HP Color LaserJet Pro MFP M477fdn,
    Linksys EA9500 router,
    Arris SB8200 cable modem,
    APC SMART-UPS RT 1000 XL - SURT1000XLI,
    Lumia 1520 phone

btowngurl1974

New Member
Okay...
I have successfully reinstalled a fresh, nice and new Win 8.1 on laptop. All looks good. Strong password. I encrypted (using Bitlocker) my USB in which I used to reinstall. Now, I want to use the Bitlocker on my C drive. But it looks as if you have to be the Admin, in which I am (I created two accounts, one local, one Admin, no Microsoft Account). When opening the TPM it said something like the platform could not be loaded, etc. I returned to UEFI (F12) and checked it out. This is what I see, and I'm a little confused at the 'Custom' or 'Standard' settings.

Under BOOT option:
>Legacy Boot
>UEFI Boot:

Secure Boot <Enabled>
Load Legacy Option Rom <Disabled>
Boot List Option <UEFI>
Secure Boot Mode <Standard> ------ ALSO HAS THE OPTION OF CUSTOM.
>>>>> IF, I choose CUSTOM, then I have the option to: RESTORE FACTORY DEFAULTS or DELETE ALL SECURITY BOOT KEYS

and then...
Add Boot Option (If I click on this, "Input Option Name?" pops up.
Delete Boot Option (Greyed Out)
View Boot Option Properties (Greyed Out)

I don't recall seeing the Custom/Standard before.....All I recall is Enabled/Disabled. Does this mean that someone else has already configured a 'Custom' boot option? Should I select 'Custom' and 'Restore Factory Defaults', or 'Add Boot Option'?
A bit confused on this part.....and what it has to do with the TPM module ....
Thanks.
 

My Computer

System One

  • OS
    Windows 8
    Computer type
    Laptop
    System Manufacturer/Model
    Dell Inspiron 15 3521
    CPU
    Intel Core i3-3227U CPU 1.90GHz
    Motherboard
    EUFI
    Memory
    4.00 GB
    Graphics Card(s)
    Intel HD Graphics 4000
    Sound Card
    Name High Definition Audio Device
    Monitor(s) Displays
    Name Intel(R) HD Graphics 4000
    Screen Resolution
    Resolution 1366 x 768 x 60 hertz
    Hard Drives
    Manufacturer (Standard disk drives)
    Model ST500LT012-9WS142
    Media Type Fixed hard disk
    Description Disk drive
    Manufacturer (Standard disk drives)
    Model SanDisk Cruzer Glide USB Device
    Keyboard
    Description Standard PS/2 Keyboard
    Mouse
    Hardware Type Dell Touchpad
    Browser
    IE11
    Antivirus
    Windows Defender and Norton 360
    Other Info
    1394ohci 1394 OHCI Compliant Host Controller c:\windows\system32\drivers\1394ohci.sys Kernel Driver No Manual Stopped OK Normal No No
    3ware 3ware c:\windows\system32\drivers\3ware.sys Kernel Driver No Manual Stopped OK Normal No No
    acpi Microsoft ACPI Driver c:\windows\system32\drivers\acpi.sys Kernel Driver Yes Boot Running OK Critical No Yes
    acpiex Microsoft ACPIEx Driver c:\windows\system32\dri

Brink

Administrator
Administrator
mvp
Hello Lisa,

You would want to temporarily disable Secure Boot until you have finished with encrypting the drive with BitLocker.

Since you only have the "Standard" and "Custom" options for Secure Boot in your UEFI settings, selecting to use "Custom" and "Delete all security boot keys" should disable it for you.
 

My Computer

System One

  • OS
    64-bit Windows 10
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Custom self built
    CPU
    Intel i7-8700K OC'd to 5 GHz
    Motherboard
    ASUS ROG Maximus XI Formula Z390
    Memory
    16 GB (8GBx2) G.SKILL TridentZ DDR4 3200 MHz
    Graphics Card(s)
    ASUS ROG-STRIX-GTX1080TI-O11G-GAMING
    Sound Card
    Integrated Digital Audio (S/PDIF)
    Monitor(s) Displays
    2 x Samsung Odyssey G7 27"
    Screen Resolution
    2560x1440
    Hard Drives
    1TB Samsung 970 EVO Plus M.2,
    250GB Samsung 960 EVO M.2,
    6TB WD Black WD6001FZWX
    8TB WD MyCloudEX2Ultra NAS
    PSU
    OCZ Series Gold OCZZ1000M 1000W
    Case
    Thermaltake Core P3
    Cooling
    Corsair Hydro H115i
    Keyboard
    Logitech wireless K800
    Mouse
    Logitech MX Master 3
    Internet Speed
    1 Gb/s Download and 35 Mb/s Upload
    Browser
    Internet Explorer 11
    Antivirus
    Malwarebyte Anti-Malware Premium
    Other Info
    Logitech Z625 speaker system,
    Logitech BRIO 4K Pro webcam,
    HP Color LaserJet Pro MFP M477fdn,
    Linksys EA9500 router,
    Arris SB8200 cable modem,
    APC SMART-UPS RT 1000 XL - SURT1000XLI,
    Lumia 1520 phone

btowngurl1974

New Member
Hello Lisa,

You would want to temporarily disable Secure Boot until you have finished with encrypting the drive with BitLocker.

Since you only have the "Standard" and "Custom" options for Secure Boot in your UEFI settings, selecting to use "Custom" and "Delete all security boot keys" should disable it for you.

Okay, much thanks.
I went in and actually did that 'before' encrypting and then continued to encrypt. So I actually encrypted while it was on, but all security boot keys were disabled.....is this going to cause security issues nowo ? Do I need to go back, disable and delete, and re-encrypt?
 

My Computer

System One

  • OS
    Windows 8
    Computer type
    Laptop
    System Manufacturer/Model
    Dell Inspiron 15 3521
    CPU
    Intel Core i3-3227U CPU 1.90GHz
    Motherboard
    EUFI
    Memory
    4.00 GB
    Graphics Card(s)
    Intel HD Graphics 4000
    Sound Card
    Name High Definition Audio Device
    Monitor(s) Displays
    Name Intel(R) HD Graphics 4000
    Screen Resolution
    Resolution 1366 x 768 x 60 hertz
    Hard Drives
    Manufacturer (Standard disk drives)
    Model ST500LT012-9WS142
    Media Type Fixed hard disk
    Description Disk drive
    Manufacturer (Standard disk drives)
    Model SanDisk Cruzer Glide USB Device
    Keyboard
    Description Standard PS/2 Keyboard
    Mouse
    Hardware Type Dell Touchpad
    Browser
    IE11
    Antivirus
    Windows Defender and Norton 360
    Other Info
    1394ohci 1394 OHCI Compliant Host Controller c:\windows\system32\drivers\1394ohci.sys Kernel Driver No Manual Stopped OK Normal No No
    3ware 3ware c:\windows\system32\drivers\3ware.sys Kernel Driver No Manual Stopped OK Normal No No
    acpi Microsoft ACPI Driver c:\windows\system32\drivers\acpi.sys Kernel Driver Yes Boot Running OK Critical No Yes
    acpiex Microsoft ACPIEx Driver c:\windows\system32\dri

Brink

Administrator
Administrator
mvp
No, that's fine. BitLocker would have given you an error shortly after starting if it couldn't encrypt the drive because of that. :)
 

My Computer

System One

  • OS
    64-bit Windows 10
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Custom self built
    CPU
    Intel i7-8700K OC'd to 5 GHz
    Motherboard
    ASUS ROG Maximus XI Formula Z390
    Memory
    16 GB (8GBx2) G.SKILL TridentZ DDR4 3200 MHz
    Graphics Card(s)
    ASUS ROG-STRIX-GTX1080TI-O11G-GAMING
    Sound Card
    Integrated Digital Audio (S/PDIF)
    Monitor(s) Displays
    2 x Samsung Odyssey G7 27"
    Screen Resolution
    2560x1440
    Hard Drives
    1TB Samsung 970 EVO Plus M.2,
    250GB Samsung 960 EVO M.2,
    6TB WD Black WD6001FZWX
    8TB WD MyCloudEX2Ultra NAS
    PSU
    OCZ Series Gold OCZZ1000M 1000W
    Case
    Thermaltake Core P3
    Cooling
    Corsair Hydro H115i
    Keyboard
    Logitech wireless K800
    Mouse
    Logitech MX Master 3
    Internet Speed
    1 Gb/s Download and 35 Mb/s Upload
    Browser
    Internet Explorer 11
    Antivirus
    Malwarebyte Anti-Malware Premium
    Other Info
    Logitech Z625 speaker system,
    Logitech BRIO 4K Pro webcam,
    HP Color LaserJet Pro MFP M477fdn,
    Linksys EA9500 router,
    Arris SB8200 cable modem,
    APC SMART-UPS RT 1000 XL - SURT1000XLI,
    Lumia 1520 phone

slyronit

New Member
Hello. I got my HP Omni 10 back from HP because of Touch Screen issues. Looks like they re-did Windows and Secure Boot is disabled. "C" is not encrypted either.

If I generate new keys & turn on SecureBoot in BIOS, will it stop Windows from booting due to any reason? I ask because I do not have the HP recovery media and having HP restore it is a pain.

Also, do I encrypt C first or enable Secure Boot first, or does enabling Secure Boot automatically start the encryption process?
 

My Computer

System One

  • OS
    Windows 8.1

Brink

Administrator
Administrator
mvp

My Computer

System One

  • OS
    64-bit Windows 10
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Custom self built
    CPU
    Intel i7-8700K OC'd to 5 GHz
    Motherboard
    ASUS ROG Maximus XI Formula Z390
    Memory
    16 GB (8GBx2) G.SKILL TridentZ DDR4 3200 MHz
    Graphics Card(s)
    ASUS ROG-STRIX-GTX1080TI-O11G-GAMING
    Sound Card
    Integrated Digital Audio (S/PDIF)
    Monitor(s) Displays
    2 x Samsung Odyssey G7 27"
    Screen Resolution
    2560x1440
    Hard Drives
    1TB Samsung 970 EVO Plus M.2,
    250GB Samsung 960 EVO M.2,
    6TB WD Black WD6001FZWX
    8TB WD MyCloudEX2Ultra NAS
    PSU
    OCZ Series Gold OCZZ1000M 1000W
    Case
    Thermaltake Core P3
    Cooling
    Corsair Hydro H115i
    Keyboard
    Logitech wireless K800
    Mouse
    Logitech MX Master 3
    Internet Speed
    1 Gb/s Download and 35 Mb/s Upload
    Browser
    Internet Explorer 11
    Antivirus
    Malwarebyte Anti-Malware Premium
    Other Info
    Logitech Z625 speaker system,
    Logitech BRIO 4K Pro webcam,
    HP Color LaserJet Pro MFP M477fdn,
    Linksys EA9500 router,
    Arris SB8200 cable modem,
    APC SMART-UPS RT 1000 XL - SURT1000XLI,
    Lumia 1520 phone

Brink

Administrator
Administrator
mvp
You're most welcome. I'm glad to hear all went well. :)
 

My Computer

System One

  • OS
    64-bit Windows 10
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Custom self built
    CPU
    Intel i7-8700K OC'd to 5 GHz
    Motherboard
    ASUS ROG Maximus XI Formula Z390
    Memory
    16 GB (8GBx2) G.SKILL TridentZ DDR4 3200 MHz
    Graphics Card(s)
    ASUS ROG-STRIX-GTX1080TI-O11G-GAMING
    Sound Card
    Integrated Digital Audio (S/PDIF)
    Monitor(s) Displays
    2 x Samsung Odyssey G7 27"
    Screen Resolution
    2560x1440
    Hard Drives
    1TB Samsung 970 EVO Plus M.2,
    250GB Samsung 960 EVO M.2,
    6TB WD Black WD6001FZWX
    8TB WD MyCloudEX2Ultra NAS
    PSU
    OCZ Series Gold OCZZ1000M 1000W
    Case
    Thermaltake Core P3
    Cooling
    Corsair Hydro H115i
    Keyboard
    Logitech wireless K800
    Mouse
    Logitech MX Master 3
    Internet Speed
    1 Gb/s Download and 35 Mb/s Upload
    Browser
    Internet Explorer 11
    Antivirus
    Malwarebyte Anti-Malware Premium
    Other Info
    Logitech Z625 speaker system,
    Logitech BRIO 4K Pro webcam,
    HP Color LaserJet Pro MFP M477fdn,
    Linksys EA9500 router,
    Arris SB8200 cable modem,
    APC SMART-UPS RT 1000 XL - SURT1000XLI,
    Lumia 1520 phone

s0urce

New Member
Hello,

I changed my system from Legacy/MBR to UEFI/GPT. Do i need to enable Secure Boot? Everything runs normally, i don't really understand what Secure Boot is or if it needs to be enabled for some reason.
 

My Computer

System One

  • OS
    Windows 10
    Computer type
    PC/Desktop
Top