Secure Boot - Enable or Disable in UEFI

How to Enable or Disable Secure Boot in UEFI

UEFI (replaces BIOS) has a firmware validation process, called secure boot, which is defined in Chapter 27 of the UEFI 2.3.1 specification. Secure boot defines how platform firmware manages security certificates, validation of firmware, and a definition of the interface (protocol) between firmware and the operating system. Secure boot prevents “unauthorized” operating systems and software from loading during the startup process.

Quick summary

  • UEFI allows firmware to implement a security policy
  • Secure boot is a UEFI protocol not a Windows 8 feature
  • UEFI secure boot is part of Windows 8 secured boot architecture
  • Windows 8 utilizes secure boot to ensure that the pre-OS environment is secure
  • Secure boot doesn’t “lock out” operating system loaders, but is a policy that allows firmware to validate authenticity of components
  • OEMs have the ability to customize their firmware to meet the needs of their customers by customizing the level of certificate and policy management on their platform
  • Microsoft does not mandate or control the settings on PC firmware that control or enable secured boot from any operating system other than Windows

For more information about secure boot, see:



This tutorial will show you how to enable or disable secure boot in your PC's UEFI settings.

Any PC with a Windows 8 logo sticker has secure boot enabled by default. Secure boot can make Windows 8 very resistant to low-level malware such as rootkits.

If you have secure boot enabled, you may sometimes need to disable secure boot first before being able to boot from a USB flash drive depending on your UEFI firmware settings.


If you would like to post screenshots of your motherboard's secure boot settings, then please do. Here are some others posted so far:


warning   Warning
Arm based Windows RT PCs and devices will have a locked boot loader, so you will not be able to disabled secure boot on them.

If you have a Windows 8.1 device that has the device encryption feature turned on and disable secure boot, then you may not be able to access the data on the disk until you enable secure boot again.

Do not enable secure boot with Windows 7, Vista, or XP installed. If you do, these OSs will not boot until secure boot is disabled.


EXAMPLE: "SecureBoot isn't configured correctly" watermark in Windows 8.1

SecureBoot_isn't_configured_correctly_watermark.jpg

You will see this watermark on the bottom right corner of your desktop if you have Windows 8.1 installed with UEFI and secure boot is not configured correctly even when enabled. To remove this watermark, you will just need to enable and configure secure boot correctly.

Sometimes the watermark doesn't go away even if you correct the settings in UEFI/BIOS or your BIOS doesn't support this feature at all.

Microsoft has acknowledged this issue and released a hotfix KB2902864 to solve this problem. Once you install this hotfix, it'll remove the annoying watermark from your Windows 8.1 desktop.

Windows 8.1 users who have the "SecureBoot isn't configured correctly" watermark on the desktop, can download this hotfix from the following links:

Update removes the "Windows 8.1 SecureBoot isn't configured correctly" watermark in Windows 8.1 and Windows Server 2012 R2






OPTION ONE

Enable or Disable Secure Boot on ASRock Motherboards



This steps below are for how to enable or disable secure boot on an ASRock X79 Extreme11 UEFI motherboard.

These steps will vary depending on what brand and model number your PC or UEFI motherboard is, so please read it's manual to compare with the steps below for how to do so with your specific PC and motherboard.


1. Do step 2 or 3 below depending on how you would like to boot to the UEFI firmware settings.

2. Boot to UEFI Firmware Settings in Windows 8/8.1 "Advanced Options" UI

A) Boot to the UEFI Firmware Settings, then go to step 4 below. (see screenshot below)

Advanced-options.jpg

3. Boot to UEFI Firmware Settings at Boot
NOTE: This step can be used with any 32-bit or 64-bit Windows installed.

A) During the initial stages at boot, press the DELETE key to enter UEFI firmware settings, and go to step 4 below.
NOTE: Your PC may use another key to press instead, so be sure to read your PC's manual and/or the boot screen to see what key to press.

4. In the motherboard's UEFI firmware settings, click/tap on the Security menu, select the Secure Boot option, and click/tap/press Enter to enable or disable it. (see screenshots below)


Asrock_X79_Extreme_11_Secure-Boot-1.jpg


5. If you enabled secure boot, then click/tap on the "Install default Secure Boot keys" option. (see screenshot below)
NOTE: This is to configure secure boot.


Asrock_X79_Extreme_11_Secure-Boot-2.jpg




A) Click/tap on Yes to approve. (see screenshot below)


Asrock_X79_Extreme_11_Secure-Boot-3.jpg


B) Secure boot has now been enabled and configured. (see screenshot below)

Secure_Boot-1.jpg

8. Click/tap on the Exit menu, and click/tap on Save Changes and Exit (reboot). (see screenshot below)
NOTE: You can usually also press the F10 to save changes and exit.


Secure_Boot-2.jpg

9. The computer will now restart to startup Windows.






OPTION TWO

Enable or Disable Secure Boot on Acer PCs



1. See: How to Enable or Disable Secure Boot

[video=youtube;5nG4zMdrHKs]






OPTION THREE

Enable or Disable Secure Boot on HP PCs



1. See: Secure Boot (Windows 8) | HP® Support


c03980379.jpg



That's it,
Shawn


 

Attachments

  • Uefi_logo.png
    Uefi_logo.png
    6.4 KB · Views: 526
Last edited by a moderator:
Hello s0urce, and welcome to Eight Forums. :)

Secure Boot is a security feature that prevents “unauthorized” operating systems and software from loading during the startup process. For example, a rootkit virus.

It's up to you to enable or disable Secure Boot, but if you would like better security, it's recommended to enable.
 

My Computer

System One

  • OS
    64-bit Windows 10
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Custom self built
    CPU
    Intel i7-8700K OC'd to 5 GHz
    Motherboard
    ASUS ROG Maximus XI Formula Z390
    Memory
    64 GB (4x16GB) G.SKILL TridentZ RGB DDR4 3600 MHz (F4-3600C18D-32GTZR)
    Graphics Card(s)
    ASUS ROG-STRIX-GTX1080TI-O11G-GAMING
    Sound Card
    Integrated Digital Audio (S/PDIF)
    Monitor(s) Displays
    2 x Samsung Odyssey G7 27"
    Screen Resolution
    2560x1440
    Hard Drives
    1TB Samsung 990 PRO M.2,
    4TB Samsung 990 PRO PRO M.2,
    8TB WD MyCloudEX2Ultra NAS
    PSU
    OCZ Series Gold OCZZ1000M 1000W
    Case
    Thermaltake Core P3
    Cooling
    Corsair Hydro H115i
    Keyboard
    Logitech wireless K800
    Mouse
    Logitech MX Master 3
    Internet Speed
    1 Gb/s Download and 35 Mb/s Upload
    Browser
    Internet Explorer 11
    Antivirus
    Malwarebyte Anti-Malware Premium
    Other Info
    Logitech Z625 speaker system,
    Logitech BRIO 4K Pro webcam,
    HP Color LaserJet Pro MFP M477fdn,
    APC SMART-UPS RT 1000 XL - SURT1000XLI,
    Galaxy S23 Plus phone
Thank you, Brink.

It should be okey for me to enable it now or it should be done before installing a new OS? I did a clean install of Windows 10 but i don't know if we can still enable it without breaking anything.
 

My Computer

System One

  • OS
    Windows 10
    Computer type
    PC/Desktop
I'd enable it afterwards.
 

My Computer

System One

  • OS
    64-bit Windows 10
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Custom self built
    CPU
    Intel i7-8700K OC'd to 5 GHz
    Motherboard
    ASUS ROG Maximus XI Formula Z390
    Memory
    64 GB (4x16GB) G.SKILL TridentZ RGB DDR4 3600 MHz (F4-3600C18D-32GTZR)
    Graphics Card(s)
    ASUS ROG-STRIX-GTX1080TI-O11G-GAMING
    Sound Card
    Integrated Digital Audio (S/PDIF)
    Monitor(s) Displays
    2 x Samsung Odyssey G7 27"
    Screen Resolution
    2560x1440
    Hard Drives
    1TB Samsung 990 PRO M.2,
    4TB Samsung 990 PRO PRO M.2,
    8TB WD MyCloudEX2Ultra NAS
    PSU
    OCZ Series Gold OCZZ1000M 1000W
    Case
    Thermaltake Core P3
    Cooling
    Corsair Hydro H115i
    Keyboard
    Logitech wireless K800
    Mouse
    Logitech MX Master 3
    Internet Speed
    1 Gb/s Download and 35 Mb/s Upload
    Browser
    Internet Explorer 11
    Antivirus
    Malwarebyte Anti-Malware Premium
    Other Info
    Logitech Z625 speaker system,
    Logitech BRIO 4K Pro webcam,
    HP Color LaserJet Pro MFP M477fdn,
    APC SMART-UPS RT 1000 XL - SURT1000XLI,
    Galaxy S23 Plus phone
hi
i have a GA-P85-D3 (rev. 1.x)
how do i enable secure boot?
thanks in advance
 

My Computer

System One

  • OS
    windows 8.1
    Computer type
    PC/Desktop
    CPU
    Intel Core i5 4xxx @ 3.00GHz
    Motherboard
    Gigabyte Technology Co., Ltd. P85-D3
    Memory
    8.00 GB Dual-Channel DDR3 @ 797MHz
    Graphics Card(s)
    NVIDIA GeForce GTX 750 Ti
    Sound Card
    Realtek High Definition Audio
    Monitor(s) Displays
    L22T-7 LED on NVIDIA GeForce GTX 750 Ti
    Screen Resolution
    1920x1080 pixels
    Hard Drives
    WD 1 TB
    SSD 120 GB
    Keyboard
    Microsoft Desktop 2000
    Mouse
    Microsoft Desktop 2000
    Browser
    chrome
    Antivirus
    Eset Smart security
Hello avismile,

I'm not sure if this is exactly the same for your GIGABYTE motherboard, but it should get you close. :)

9grxJb6.jpg
 

My Computer

System One

  • OS
    64-bit Windows 10
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Custom self built
    CPU
    Intel i7-8700K OC'd to 5 GHz
    Motherboard
    ASUS ROG Maximus XI Formula Z390
    Memory
    64 GB (4x16GB) G.SKILL TridentZ RGB DDR4 3600 MHz (F4-3600C18D-32GTZR)
    Graphics Card(s)
    ASUS ROG-STRIX-GTX1080TI-O11G-GAMING
    Sound Card
    Integrated Digital Audio (S/PDIF)
    Monitor(s) Displays
    2 x Samsung Odyssey G7 27"
    Screen Resolution
    2560x1440
    Hard Drives
    1TB Samsung 990 PRO M.2,
    4TB Samsung 990 PRO PRO M.2,
    8TB WD MyCloudEX2Ultra NAS
    PSU
    OCZ Series Gold OCZZ1000M 1000W
    Case
    Thermaltake Core P3
    Cooling
    Corsair Hydro H115i
    Keyboard
    Logitech wireless K800
    Mouse
    Logitech MX Master 3
    Internet Speed
    1 Gb/s Download and 35 Mb/s Upload
    Browser
    Internet Explorer 11
    Antivirus
    Malwarebyte Anti-Malware Premium
    Other Info
    Logitech Z625 speaker system,
    Logitech BRIO 4K Pro webcam,
    HP Color LaserJet Pro MFP M477fdn,
    APC SMART-UPS RT 1000 XL - SURT1000XLI,
    Galaxy S23 Plus phone

My Computer

System One

  • OS
    windows 8.1
    Computer type
    PC/Desktop
    CPU
    Intel Core i5 4xxx @ 3.00GHz
    Motherboard
    Gigabyte Technology Co., Ltd. P85-D3
    Memory
    8.00 GB Dual-Channel DDR3 @ 797MHz
    Graphics Card(s)
    NVIDIA GeForce GTX 750 Ti
    Sound Card
    Realtek High Definition Audio
    Monitor(s) Displays
    L22T-7 LED on NVIDIA GeForce GTX 750 Ti
    Screen Resolution
    1920x1080 pixels
    Hard Drives
    WD 1 TB
    SSD 120 GB
    Keyboard
    Microsoft Desktop 2000
    Mouse
    Microsoft Desktop 2000
    Browser
    chrome
    Antivirus
    Eset Smart security
You're most welcome. :)
 
Last edited:

My Computer

System One

  • OS
    64-bit Windows 10
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Custom self built
    CPU
    Intel i7-8700K OC'd to 5 GHz
    Motherboard
    ASUS ROG Maximus XI Formula Z390
    Memory
    64 GB (4x16GB) G.SKILL TridentZ RGB DDR4 3600 MHz (F4-3600C18D-32GTZR)
    Graphics Card(s)
    ASUS ROG-STRIX-GTX1080TI-O11G-GAMING
    Sound Card
    Integrated Digital Audio (S/PDIF)
    Monitor(s) Displays
    2 x Samsung Odyssey G7 27"
    Screen Resolution
    2560x1440
    Hard Drives
    1TB Samsung 990 PRO M.2,
    4TB Samsung 990 PRO PRO M.2,
    8TB WD MyCloudEX2Ultra NAS
    PSU
    OCZ Series Gold OCZZ1000M 1000W
    Case
    Thermaltake Core P3
    Cooling
    Corsair Hydro H115i
    Keyboard
    Logitech wireless K800
    Mouse
    Logitech MX Master 3
    Internet Speed
    1 Gb/s Download and 35 Mb/s Upload
    Browser
    Internet Explorer 11
    Antivirus
    Malwarebyte Anti-Malware Premium
    Other Info
    Logitech Z625 speaker system,
    Logitech BRIO 4K Pro webcam,
    HP Color LaserJet Pro MFP M477fdn,
    APC SMART-UPS RT 1000 XL - SURT1000XLI,
    Galaxy S23 Plus phone
Gramma Nazi:

*You're
 

My Computer

System One

  • OS
    Windows 8.1
    Computer type
    Laptop
    System Manufacturer/Model
    Inspiron M731R (5735, Late 2013)
    CPU
    1.70 GHz AMD A8 5545M Elite Quad Core
    Motherboard
    No idea
    Memory
    8GB DDR3
    Graphics Card(s)
    AMD 8510G Radeon(tm) HD Graphics
    Sound Card
    Realtek
    Monitor(s) Displays
    17.3" Inch Display
    Screen Resolution
    1600 x 900
    Hard Drives
    500GB 6GB/s Crucial BX100 SSD
    Case
    Blue Aluminum Finish
    Cooling
    Laptop Fan (Currently Unknown Name)
    Keyboard
    Came with it
    Mouse
    Utech Smart Optical Gaming Mouse US-D4000-GM
    Browser
    Google Chrome / Safari (On my iPod and iPad)
    Antivirus
    Vipre InternetSecurity2015/MalwareBytes Anti-Malware PREMIUM

My Computer

System One

  • OS
    64-bit Windows 10
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Custom self built
    CPU
    Intel i7-8700K OC'd to 5 GHz
    Motherboard
    ASUS ROG Maximus XI Formula Z390
    Memory
    64 GB (4x16GB) G.SKILL TridentZ RGB DDR4 3600 MHz (F4-3600C18D-32GTZR)
    Graphics Card(s)
    ASUS ROG-STRIX-GTX1080TI-O11G-GAMING
    Sound Card
    Integrated Digital Audio (S/PDIF)
    Monitor(s) Displays
    2 x Samsung Odyssey G7 27"
    Screen Resolution
    2560x1440
    Hard Drives
    1TB Samsung 990 PRO M.2,
    4TB Samsung 990 PRO PRO M.2,
    8TB WD MyCloudEX2Ultra NAS
    PSU
    OCZ Series Gold OCZZ1000M 1000W
    Case
    Thermaltake Core P3
    Cooling
    Corsair Hydro H115i
    Keyboard
    Logitech wireless K800
    Mouse
    Logitech MX Master 3
    Internet Speed
    1 Gb/s Download and 35 Mb/s Upload
    Browser
    Internet Explorer 11
    Antivirus
    Malwarebyte Anti-Malware Premium
    Other Info
    Logitech Z625 speaker system,
    Logitech BRIO 4K Pro webcam,
    HP Color LaserJet Pro MFP M477fdn,
    APC SMART-UPS RT 1000 XL - SURT1000XLI,
    Galaxy S23 Plus phone
Hi everyone
i was wondering if anyone could let me know how to disable secure boot on my gigabyte ga-990fxa-ud3 rev 4.0 motherboard. I am trying to install windows 10(yes i know this is windows 8 forum but u guys look like u know what ur doing) and i have a MRB partition table on my disk and it only works on a GPT disk. So in order to install it on my mbr i have to apparently disable secure boot but idk if there is one in my bios so i would appreciate any suggestions.

btw here is the link to my windows 10 thread on my whole issue installing if ur interested in helping: Need Help trying to set up dual boot into windows 7&10 on single ssd - Windows 10 Forums

good day to everyone and thnx in advance :D
 

My Computer

System One

  • OS
    windows 7

My Computer

System One

  • OS
    64-bit Windows 10
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Custom self built
    CPU
    Intel i7-8700K OC'd to 5 GHz
    Motherboard
    ASUS ROG Maximus XI Formula Z390
    Memory
    64 GB (4x16GB) G.SKILL TridentZ RGB DDR4 3600 MHz (F4-3600C18D-32GTZR)
    Graphics Card(s)
    ASUS ROG-STRIX-GTX1080TI-O11G-GAMING
    Sound Card
    Integrated Digital Audio (S/PDIF)
    Monitor(s) Displays
    2 x Samsung Odyssey G7 27"
    Screen Resolution
    2560x1440
    Hard Drives
    1TB Samsung 990 PRO M.2,
    4TB Samsung 990 PRO PRO M.2,
    8TB WD MyCloudEX2Ultra NAS
    PSU
    OCZ Series Gold OCZZ1000M 1000W
    Case
    Thermaltake Core P3
    Cooling
    Corsair Hydro H115i
    Keyboard
    Logitech wireless K800
    Mouse
    Logitech MX Master 3
    Internet Speed
    1 Gb/s Download and 35 Mb/s Upload
    Browser
    Internet Explorer 11
    Antivirus
    Malwarebyte Anti-Malware Premium
    Other Info
    Logitech Z625 speaker system,
    Logitech BRIO 4K Pro webcam,
    HP Color LaserJet Pro MFP M477fdn,
    APC SMART-UPS RT 1000 XL - SURT1000XLI,
    Galaxy S23 Plus phone
yeah i saw that picture before but for some reason (maybe because I'm running windows 7) i do not seem to have "Secure Boot state" option. Here are some screenshot so you can understand what I mean:
IMG_20150802_091418.jpgIMG_20150802_091428.jpg
 

My Computer

System One

  • OS
    windows 7
lol actually never mind i somehow was able to get the installation to work :D

I just tried setting the legacy usb as first in the boot order(which oddly enough i was positive i tried multiple times yesterday) and not the uefi usb option and it worked !

fyi the legacy option is the usb drive without uefi in front of it

thanks for the reply and i hope u have a great day.
 

My Computer

System One

  • OS
    windows 7
Great news. :party:
 

My Computer

System One

  • OS
    64-bit Windows 10
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Custom self built
    CPU
    Intel i7-8700K OC'd to 5 GHz
    Motherboard
    ASUS ROG Maximus XI Formula Z390
    Memory
    64 GB (4x16GB) G.SKILL TridentZ RGB DDR4 3600 MHz (F4-3600C18D-32GTZR)
    Graphics Card(s)
    ASUS ROG-STRIX-GTX1080TI-O11G-GAMING
    Sound Card
    Integrated Digital Audio (S/PDIF)
    Monitor(s) Displays
    2 x Samsung Odyssey G7 27"
    Screen Resolution
    2560x1440
    Hard Drives
    1TB Samsung 990 PRO M.2,
    4TB Samsung 990 PRO PRO M.2,
    8TB WD MyCloudEX2Ultra NAS
    PSU
    OCZ Series Gold OCZZ1000M 1000W
    Case
    Thermaltake Core P3
    Cooling
    Corsair Hydro H115i
    Keyboard
    Logitech wireless K800
    Mouse
    Logitech MX Master 3
    Internet Speed
    1 Gb/s Download and 35 Mb/s Upload
    Browser
    Internet Explorer 11
    Antivirus
    Malwarebyte Anti-Malware Premium
    Other Info
    Logitech Z625 speaker system,
    Logitech BRIO 4K Pro webcam,
    HP Color LaserJet Pro MFP M477fdn,
    APC SMART-UPS RT 1000 XL - SURT1000XLI,
    Galaxy S23 Plus phone
If Im trying to do process of elimination on why I'm having windows 8 boot issues, is it okay to leave secure boot disabled and switch from UEFI to Legacy mode in bios? That should have no negative impact on booting windows?

"Secure boot doesn’t “lock out” operating system loaders, but is a policy that allows firmware to validate authenticity of components"
 

My Computer

System One

  • OS
    windows 8.1
If Im trying to do process of elimination on why I'm having windows 8 boot issues, is it okay to leave secure boot disabled and switch from UEFI to Legacy mode in bios? That should have no negative impact on booting windows?

"Secure boot doesn’t “lock out” operating system loaders, but is a policy that allows firmware to validate authenticity of components"
Hello, :)

Disabling Secure Boot by itself shouldn't cause an issue with boot. Be sure you turn off Device Encryption or BitLocker first.

However, switching from UEFI to Legacy BIOS (CSM) will often break boot, and require a clean install to stay on Legacy BIOS if you don't want to switch back to UEFI.
 

My Computer

System One

  • OS
    64-bit Windows 10
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Custom self built
    CPU
    Intel i7-8700K OC'd to 5 GHz
    Motherboard
    ASUS ROG Maximus XI Formula Z390
    Memory
    64 GB (4x16GB) G.SKILL TridentZ RGB DDR4 3600 MHz (F4-3600C18D-32GTZR)
    Graphics Card(s)
    ASUS ROG-STRIX-GTX1080TI-O11G-GAMING
    Sound Card
    Integrated Digital Audio (S/PDIF)
    Monitor(s) Displays
    2 x Samsung Odyssey G7 27"
    Screen Resolution
    2560x1440
    Hard Drives
    1TB Samsung 990 PRO M.2,
    4TB Samsung 990 PRO PRO M.2,
    8TB WD MyCloudEX2Ultra NAS
    PSU
    OCZ Series Gold OCZZ1000M 1000W
    Case
    Thermaltake Core P3
    Cooling
    Corsair Hydro H115i
    Keyboard
    Logitech wireless K800
    Mouse
    Logitech MX Master 3
    Internet Speed
    1 Gb/s Download and 35 Mb/s Upload
    Browser
    Internet Explorer 11
    Antivirus
    Malwarebyte Anti-Malware Premium
    Other Info
    Logitech Z625 speaker system,
    Logitech BRIO 4K Pro webcam,
    HP Color LaserJet Pro MFP M477fdn,
    APC SMART-UPS RT 1000 XL - SURT1000XLI,
    Galaxy S23 Plus phone
Back
Top