Secure Boot - Enable or Disable in UEFI

How to Enable or Disable Secure Boot in UEFI

UEFI (replaces BIOS) has a firmware validation process, called secure boot, which is defined in Chapter 27 of the UEFI 2.3.1 specification. Secure boot defines how platform firmware manages security certificates, validation of firmware, and a definition of the interface (protocol) between firmware and the operating system. Secure boot prevents “unauthorized” operating systems and software from loading during the startup process.

Quick summary

  • UEFI allows firmware to implement a security policy
  • Secure boot is a UEFI protocol not a Windows 8 feature
  • UEFI secure boot is part of Windows 8 secured boot architecture
  • Windows 8 utilizes secure boot to ensure that the pre-OS environment is secure
  • Secure boot doesn’t “lock out” operating system loaders, but is a policy that allows firmware to validate authenticity of components
  • OEMs have the ability to customize their firmware to meet the needs of their customers by customizing the level of certificate and policy management on their platform
  • Microsoft does not mandate or control the settings on PC firmware that control or enable secured boot from any operating system other than Windows

For more information about secure boot, see:



This tutorial will show you how to enable or disable secure boot in your PC's UEFI settings.

Any PC with a Windows 8 logo sticker has secure boot enabled by default. Secure boot can make Windows 8 very resistant to low-level malware such as rootkits.

If you have secure boot enabled, you may sometimes need to disable secure boot first before being able to boot from a USB flash drive depending on your UEFI firmware settings.


If you would like to post screenshots of your motherboard's secure boot settings, then please do. Here are some others posted so far:


warning   Warning
Arm based Windows RT PCs and devices will have a locked boot loader, so you will not be able to disabled secure boot on them.

If you have a Windows 8.1 device that has the device encryption feature turned on and disable secure boot, then you may not be able to access the data on the disk until you enable secure boot again.

Do not enable secure boot with Windows 7, Vista, or XP installed. If you do, these OSs will not boot until secure boot is disabled.


EXAMPLE: "SecureBoot isn't configured correctly" watermark in Windows 8.1

SecureBoot_isn't_configured_correctly_watermark.jpg

You will see this watermark on the bottom right corner of your desktop if you have Windows 8.1 installed with UEFI and secure boot is not configured correctly even when enabled. To remove this watermark, you will just need to enable and configure secure boot correctly.

Sometimes the watermark doesn't go away even if you correct the settings in UEFI/BIOS or your BIOS doesn't support this feature at all.

Microsoft has acknowledged this issue and released a hotfix KB2902864 to solve this problem. Once you install this hotfix, it'll remove the annoying watermark from your Windows 8.1 desktop.

Windows 8.1 users who have the "SecureBoot isn't configured correctly" watermark on the desktop, can download this hotfix from the following links:

Update removes the "Windows 8.1 SecureBoot isn't configured correctly" watermark in Windows 8.1 and Windows Server 2012 R2






OPTION ONE

Enable or Disable Secure Boot on ASRock Motherboards



This steps below are for how to enable or disable secure boot on an ASRock X79 Extreme11 UEFI motherboard.

These steps will vary depending on what brand and model number your PC or UEFI motherboard is, so please read it's manual to compare with the steps below for how to do so with your specific PC and motherboard.


1. Do step 2 or 3 below depending on how you would like to boot to the UEFI firmware settings.

2. Boot to UEFI Firmware Settings in Windows 8/8.1 "Advanced Options" UI

A) Boot to the UEFI Firmware Settings, then go to step 4 below. (see screenshot below)

Advanced-options.jpg

3. Boot to UEFI Firmware Settings at Boot
NOTE: This step can be used with any 32-bit or 64-bit Windows installed.

A) During the initial stages at boot, press the DELETE key to enter UEFI firmware settings, and go to step 4 below.
NOTE: Your PC may use another key to press instead, so be sure to read your PC's manual and/or the boot screen to see what key to press.

4. In the motherboard's UEFI firmware settings, click/tap on the Security menu, select the Secure Boot option, and click/tap/press Enter to enable or disable it. (see screenshots below)


Asrock_X79_Extreme_11_Secure-Boot-1.jpg


5. If you enabled secure boot, then click/tap on the "Install default Secure Boot keys" option. (see screenshot below)
NOTE: This is to configure secure boot.


Asrock_X79_Extreme_11_Secure-Boot-2.jpg




A) Click/tap on Yes to approve. (see screenshot below)


Asrock_X79_Extreme_11_Secure-Boot-3.jpg


B) Secure boot has now been enabled and configured. (see screenshot below)

Secure_Boot-1.jpg

8. Click/tap on the Exit menu, and click/tap on Save Changes and Exit (reboot). (see screenshot below)
NOTE: You can usually also press the F10 to save changes and exit.


Secure_Boot-2.jpg

9. The computer will now restart to startup Windows.






OPTION TWO

Enable or Disable Secure Boot on Acer PCs



1. See: How to Enable or Disable Secure Boot

[video=youtube;5nG4zMdrHKs]






OPTION THREE

Enable or Disable Secure Boot on HP PCs



1. See: Secure Boot (Windows 8) | HP® Support


c03980379.jpg



That's it,
Shawn


 

Attachments

  • Uefi_logo.png
    Uefi_logo.png
    6.4 KB · Views: 500
Last edited by a moderator:
I'm buy asus k64cb wx126d (Free dos ) No have license os // No have menu uefi boot

FreeDOS on it?

WX126D...
The only one I found is k46cb here.

and then I go here:
K46CB - Notebooks & Ultrabooks - ASUS

I don't see any FreeDOS option but it might get the price a little lower and I don't know if differences in the BIOS exist (secureBoot is for Win8 machines).

If you install Win8 make sure you upgrade the BIOS too, if possible, check version first: it might not be needed.

Anyway that's a new laptop that can have UEFI enabled by default.
 

My Computer

System One

  • OS
    Windows 10 x64
    Computer type
    Laptop
    System Manufacturer/Model
    HP Envy DV6 7250
    CPU
    Intel i7-3630QM
    Motherboard
    HP, Intel HM77 Express Chipset
    Memory
    16GB
    Graphics Card(s)
    Intel HD4000 + Nvidia Geforce 630M
    Sound Card
    IDT HD Audio
    Monitor(s) Displays
    15.6' built-in + Samsung S22D300 + 17.3' LG Phillips
    Screen Resolution
    multiple resolutions
    Hard Drives
    Samsung SSD 250GB + Hitachi HDD 750GB
    PSU
    120W adapter
    Case
    small
    Cooling
    laptop cooling pad
    Keyboard
    Backlit built-in + big one in USB
    Mouse
    SteelSeries Sensei
    Internet Speed
    slow and steady
    Browser
    Chromium, Pale Moon, Firefox Developer Edition
    Antivirus
    Windows Defender
    Other Info
    That's basically it.

My Computer

System One

  • OS
    ME, XP,Vista,Win7,Win8,Win8.1
    Computer type
    PC/Desktop
    Other Info
    Notebooks x 3

    Desktops x 5

    Towers x 4
I guess that explains why the options are not available then.
 

My Computer

System One

  • OS
    64-bit Windows 10
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Custom self built
    CPU
    Intel i7-8700K OC'd to 5 GHz
    Motherboard
    ASUS ROG Maximus XI Formula Z390
    Memory
    64 GB (4x16GB) G.SKILL TridentZ RGB DDR4 3600 MHz (F4-3600C18D-32GTZR)
    Graphics Card(s)
    ASUS ROG-STRIX-GTX1080TI-O11G-GAMING
    Sound Card
    Integrated Digital Audio (S/PDIF)
    Monitor(s) Displays
    2 x Samsung Odyssey G7 27"
    Screen Resolution
    2560x1440
    Hard Drives
    1TB Samsung 990 PRO M.2,
    4TB Samsung 990 PRO PRO M.2,
    8TB WD MyCloudEX2Ultra NAS
    PSU
    OCZ Series Gold OCZZ1000M 1000W
    Case
    Thermaltake Core P3
    Cooling
    Corsair Hydro H115i
    Keyboard
    Logitech wireless K800
    Mouse
    Logitech MX Master 3
    Internet Speed
    1 Gb/s Download and 35 Mb/s Upload
    Browser
    Internet Explorer 11
    Antivirus
    Malwarebyte Anti-Malware Premium
    Other Info
    Logitech Z625 speaker system,
    Logitech BRIO 4K Pro webcam,
    HP Color LaserJet Pro MFP M477fdn,
    APC SMART-UPS RT 1000 XL - SURT1000XLI,
    Galaxy S23 Plus phone
I guess that explains why the options are not available then.

IF you have installed windows 8 license UEFI Boot menu or not.

Looks like to me, the ASUS K46CB with DOS Pre-installed have the old UEFI/BIOS firmware, & the ASUS K46CD with Windows 8 Pre-installed have the new updated UEFI/BIOS firmware.
 

My Computer

System One

  • OS
    ME, XP,Vista,Win7,Win8,Win8.1
    Computer type
    PC/Desktop
    Other Info
    Notebooks x 3

    Desktops x 5

    Towers x 4
I followed all the instructions that Shawn posted. According to the UEFI Firmware Settings, my Secure Boot is enabled. The Security Boot Not configured watermark still shows on my desktop.

What else should I do to get rid of the water mark?

Thanks in advance.
 

My Computer

System One

  • OS
    Windows 8.1
    Computer type
    Laptop
    System Manufacturer/Model
    Gateway NE51B19u
Hello Bobi, and welcome to Eight Forums.

Once secure boot is enabled, it will still need to configured properly for the secure boot keys. Usually you should have an option to load them. Give me a minute, and I'll add a screenshot to the tutorial of mine to help show this better. :)

Unfortunately, your NE51B manual at the Gateway link below doesn't mention anything about this.

Gateway Support - Downloads & Support Documents - Notebook / NE Series / NE51B
 

My Computer

System One

  • OS
    64-bit Windows 10
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Custom self built
    CPU
    Intel i7-8700K OC'd to 5 GHz
    Motherboard
    ASUS ROG Maximus XI Formula Z390
    Memory
    64 GB (4x16GB) G.SKILL TridentZ RGB DDR4 3600 MHz (F4-3600C18D-32GTZR)
    Graphics Card(s)
    ASUS ROG-STRIX-GTX1080TI-O11G-GAMING
    Sound Card
    Integrated Digital Audio (S/PDIF)
    Monitor(s) Displays
    2 x Samsung Odyssey G7 27"
    Screen Resolution
    2560x1440
    Hard Drives
    1TB Samsung 990 PRO M.2,
    4TB Samsung 990 PRO PRO M.2,
    8TB WD MyCloudEX2Ultra NAS
    PSU
    OCZ Series Gold OCZZ1000M 1000W
    Case
    Thermaltake Core P3
    Cooling
    Corsair Hydro H115i
    Keyboard
    Logitech wireless K800
    Mouse
    Logitech MX Master 3
    Internet Speed
    1 Gb/s Download and 35 Mb/s Upload
    Browser
    Internet Explorer 11
    Antivirus
    Malwarebyte Anti-Malware Premium
    Other Info
    Logitech Z625 speaker system,
    Logitech BRIO 4K Pro webcam,
    HP Color LaserJet Pro MFP M477fdn,
    APC SMART-UPS RT 1000 XL - SURT1000XLI,
    Galaxy S23 Plus phone
Thank you Brink for the welcome and your quick reply to my post.

I have been struggling with this since I upgraded to 8.1 this morning. Your post was the only one that made sense to me and I have been everywhere on the "Net", looking for a solution. I did try my Gateway manual, didn't find any answers.

I appreciate your help.
 

My Computer

System One

  • OS
    Windows 8.1
    Computer type
    Laptop
    System Manufacturer/Model
    Gateway NE51B19u
Ok Bobi. I added the extra screenshots for my motherboard in the tutorial. I hope that they will help with yours. If not, then please go ahead and post some screenshots showing your secure boot settings in UEFI to see if we may be able to help sort it.
 

My Computer

System One

  • OS
    64-bit Windows 10
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Custom self built
    CPU
    Intel i7-8700K OC'd to 5 GHz
    Motherboard
    ASUS ROG Maximus XI Formula Z390
    Memory
    64 GB (4x16GB) G.SKILL TridentZ RGB DDR4 3600 MHz (F4-3600C18D-32GTZR)
    Graphics Card(s)
    ASUS ROG-STRIX-GTX1080TI-O11G-GAMING
    Sound Card
    Integrated Digital Audio (S/PDIF)
    Monitor(s) Displays
    2 x Samsung Odyssey G7 27"
    Screen Resolution
    2560x1440
    Hard Drives
    1TB Samsung 990 PRO M.2,
    4TB Samsung 990 PRO PRO M.2,
    8TB WD MyCloudEX2Ultra NAS
    PSU
    OCZ Series Gold OCZZ1000M 1000W
    Case
    Thermaltake Core P3
    Cooling
    Corsair Hydro H115i
    Keyboard
    Logitech wireless K800
    Mouse
    Logitech MX Master 3
    Internet Speed
    1 Gb/s Download and 35 Mb/s Upload
    Browser
    Internet Explorer 11
    Antivirus
    Malwarebyte Anti-Malware Premium
    Other Info
    Logitech Z625 speaker system,
    Logitech BRIO 4K Pro webcam,
    HP Color LaserJet Pro MFP M477fdn,
    APC SMART-UPS RT 1000 XL - SURT1000XLI,
    Galaxy S23 Plus phone
Well, something didn't go right...but I'm getting tired and brain fog is setting in.

I'll give it a try tomorrow and report back to you then.

Thanks so much.:)
 

My Computer

System One

  • OS
    Windows 8.1
    Computer type
    Laptop
    System Manufacturer/Model
    Gateway NE51B19u
Ok. See you then.
 

My Computer

System One

  • OS
    64-bit Windows 10
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Custom self built
    CPU
    Intel i7-8700K OC'd to 5 GHz
    Motherboard
    ASUS ROG Maximus XI Formula Z390
    Memory
    64 GB (4x16GB) G.SKILL TridentZ RGB DDR4 3600 MHz (F4-3600C18D-32GTZR)
    Graphics Card(s)
    ASUS ROG-STRIX-GTX1080TI-O11G-GAMING
    Sound Card
    Integrated Digital Audio (S/PDIF)
    Monitor(s) Displays
    2 x Samsung Odyssey G7 27"
    Screen Resolution
    2560x1440
    Hard Drives
    1TB Samsung 990 PRO M.2,
    4TB Samsung 990 PRO PRO M.2,
    8TB WD MyCloudEX2Ultra NAS
    PSU
    OCZ Series Gold OCZZ1000M 1000W
    Case
    Thermaltake Core P3
    Cooling
    Corsair Hydro H115i
    Keyboard
    Logitech wireless K800
    Mouse
    Logitech MX Master 3
    Internet Speed
    1 Gb/s Download and 35 Mb/s Upload
    Browser
    Internet Explorer 11
    Antivirus
    Malwarebyte Anti-Malware Premium
    Other Info
    Logitech Z625 speaker system,
    Logitech BRIO 4K Pro webcam,
    HP Color LaserJet Pro MFP M477fdn,
    APC SMART-UPS RT 1000 XL - SURT1000XLI,
    Galaxy S23 Plus phone
Hi

I can't get secure boot to work.
When i enable it, and restarts the computer it stops att "Shell>"
And then i tried to change some other secure boot settings.
And after that restart it stopped at "Shell>" again. and nothing worked. My keyboar for example.
I had to clear my cmos, to get i t working again.

i don't know what to do?

I only want to enable it, because i don't like the watermark on my screen :)

Computer specs:


MB: MSI Z77A-GD65
CPU:
i7 3770K
GPU:
GTX780
 

My Computer

System One

  • OS
    Windows 8.1
Hi

I can't get secure boot to work.
When i enable it, and restarts the computer it stops att "Shell>"
And then i tried to change some other secure boot settings.
And after that restart it stopped at "Shell>" again. and nothing worked. My keyboar for example.
I had to clear my cmos, to get i t working again.

i don't know what to do?

I only want to enable it, because i don't like the watermark on my screen :)

Computer specs:


MB: MSI Z77A-GD65
CPU:
i7 3770K
GPU:
GTX780

Are installed in UEFI mode?

As the new MOBO's now have a uEFI/BIOS firmware.
How to install Windows 64 bit on a uEFI/BIOS firmware:
http://www.eightforums.com/tutorial...e-firmware-interface-install-windows-8-a.html
 

My Computer

System One

  • OS
    ME, XP,Vista,Win7,Win8,Win8.1
    Computer type
    PC/Desktop
    Other Info
    Notebooks x 3

    Desktops x 5

    Towers x 4
Hi

I can't get secure boot to work.
When i enable it, and restarts the computer it stops att "Shell>"
And then i tried to change some other secure boot settings.
And after that restart it stopped at "Shell>" again. and nothing worked. My keyboar for example.
I had to clear my cmos, to get i t working again.

i don't know what to do?

I only want to enable it, because i don't like the watermark on my screen :)

Computer specs:


MB: MSI Z77A-GD65
CPU:
i7 3770K
GPU:
GTX780

Are installed in UEFI mode?

As the new MOBO's now have a uEFI/BIOS firmware.
How to install Windows 64 bit on a uEFI/BIOS firmware:
http://www.eightforums.com/tutorial...e-firmware-interface-install-windows-8-a.html

Hum. i upgraded from win8 trough windows store.
And Win8 i got by upgrading my win7 installation.

So i suppose i haven't installed it in UEFI mode?

Does it mean that i have to first re-install windows 7 in UEFI mode. And then upgrade to win8, and then upgrade to win8.1?
If that is the case, then i don't care as much about the watermark :D
 

My Computer

System One

  • OS
    Windows 8.1
Oh My God Thank You SO MUCH!!!! I was having problems with changing things in DEP and I heard I had to disable Secure Boot Thank you so much!:thumbsup:
 

My Computer

System One

  • OS
    Windows 8.1 x64
    Computer type
    Laptop
    System Manufacturer/Model
    Acer Aspire M5-583P-9688
    CPU
    Intel® Core™ i7-4500U 1.80 GHZ with Turbo Boost up to 3.0GHz
    Motherboard
    Acer Dazzle_HW Type2 - A01 Board Version
    Memory
    8.00 GB
    Graphics Card(s)
    Intel HD Graphics 4400
    Sound Card
    Realtek High Definition Audio
    Monitor(s) Displays
    Generic PnP Monitor
    Screen Resolution
    1366 x 768
    Hard Drives
    WDC WD10SPCX-22HWST0
    PSU
    Microsoft ACPI-Compliant Control Method Battery
    Cooling
    Fan
    Keyboard
    Acer Aspire M5-583P-9688 Keyboard
    Mouse
    Synaptics PS/2 Port TouchPad AND Jite Wireless 2.4G 6D Gaming Mouse
    Browser
    Google Chrome
    Antivirus
    Trend Micro Titanium Internet Security
Good point David. I added this below to the red warning box at the top of the tutorial to help. :)

If you have a Windows 8.1 device that has the device encryption feature turned on and disable secure boot, then you may not be able to access the data on the disk until you enable secure boot again.
 

My Computer

System One

  • OS
    64-bit Windows 10
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Custom self built
    CPU
    Intel i7-8700K OC'd to 5 GHz
    Motherboard
    ASUS ROG Maximus XI Formula Z390
    Memory
    64 GB (4x16GB) G.SKILL TridentZ RGB DDR4 3600 MHz (F4-3600C18D-32GTZR)
    Graphics Card(s)
    ASUS ROG-STRIX-GTX1080TI-O11G-GAMING
    Sound Card
    Integrated Digital Audio (S/PDIF)
    Monitor(s) Displays
    2 x Samsung Odyssey G7 27"
    Screen Resolution
    2560x1440
    Hard Drives
    1TB Samsung 990 PRO M.2,
    4TB Samsung 990 PRO PRO M.2,
    8TB WD MyCloudEX2Ultra NAS
    PSU
    OCZ Series Gold OCZZ1000M 1000W
    Case
    Thermaltake Core P3
    Cooling
    Corsair Hydro H115i
    Keyboard
    Logitech wireless K800
    Mouse
    Logitech MX Master 3
    Internet Speed
    1 Gb/s Download and 35 Mb/s Upload
    Browser
    Internet Explorer 11
    Antivirus
    Malwarebyte Anti-Malware Premium
    Other Info
    Logitech Z625 speaker system,
    Logitech BRIO 4K Pro webcam,
    HP Color LaserJet Pro MFP M477fdn,
    APC SMART-UPS RT 1000 XL - SURT1000XLI,
    Galaxy S23 Plus phone
this is my 2nd attempt at enabling secureboot. 1st time my drives were MBR partitioned, and I had no hope of accomplishing this. Now my drives are GPT partitioned. I am attempting to enable secureboot on a custom machine I built myself, from parts ordered from Amazon.

when I attempt to enable secureboot in UEFI, it does not let me. I see a message that says "secureboot can be enabled only when the Platform Key (PK) is enrolled and running in user mode and CSM function is disabled"

so it appears there are 3 or 4 things I need to do still - make a platform key (unless I already have one and don't know it), enroll said platform key, put my platform in user mode (I think it is in setup mode), and disable CSM function.

This is all unfamiliar territory to me, any help?
 

My Computer

System One

  • OS
    Win 8.1 Pro
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Home Built
    CPU
    Intel i5-4590
    Motherboard
    MSI h97 PC Mate
    Memory
    Kingston Valu Ram 2 x 8 gb
    Graphics Card(s)
    Radeon r7 265
    Monitor(s) Displays
    Viewsonic 22" flat display
    Screen Resolution
    1920 x 1080
    Hard Drives
    Samsung 250 gb 840 evo SSD,
    WD Blue 1 TB HD,
    Fantom 2 TB ext HD
    PSU
    Corsair 600 W
    Case
    Antec 1
    Cooling
    stock CPU cooler, 4 x case fans, GPU fan and P/S fan
    Keyboard
    HP ps/2 keyboard
    Mouse
    Logitech Trackman Marble
    Internet Speed
    50 mb/s
    Browser
    Chrome
    Antivirus
    Norton Security Suite
Hello Yu Gnomi,

Do you have Windows 8.1 installed with UEFI and not legacy BIOS mode?

If you do have it with UEFI, then see if you are able to clear the secure boot keys while in your UEFI firmware settings first, then see if you area able to enable secure boot and install the default keys.
 

My Computer

System One

  • OS
    64-bit Windows 10
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Custom self built
    CPU
    Intel i7-8700K OC'd to 5 GHz
    Motherboard
    ASUS ROG Maximus XI Formula Z390
    Memory
    64 GB (4x16GB) G.SKILL TridentZ RGB DDR4 3600 MHz (F4-3600C18D-32GTZR)
    Graphics Card(s)
    ASUS ROG-STRIX-GTX1080TI-O11G-GAMING
    Sound Card
    Integrated Digital Audio (S/PDIF)
    Monitor(s) Displays
    2 x Samsung Odyssey G7 27"
    Screen Resolution
    2560x1440
    Hard Drives
    1TB Samsung 990 PRO M.2,
    4TB Samsung 990 PRO PRO M.2,
    8TB WD MyCloudEX2Ultra NAS
    PSU
    OCZ Series Gold OCZZ1000M 1000W
    Case
    Thermaltake Core P3
    Cooling
    Corsair Hydro H115i
    Keyboard
    Logitech wireless K800
    Mouse
    Logitech MX Master 3
    Internet Speed
    1 Gb/s Download and 35 Mb/s Upload
    Browser
    Internet Explorer 11
    Antivirus
    Malwarebyte Anti-Malware Premium
    Other Info
    Logitech Z625 speaker system,
    Logitech BRIO 4K Pro webcam,
    HP Color LaserJet Pro MFP M477fdn,
    APC SMART-UPS RT 1000 XL - SURT1000XLI,
    Galaxy S23 Plus phone
Back
Top