• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

UEFI/Secure Boot or not to UEFI/SB, that is the question..


#1
I am in the process of doing a number of clean installs. I am trying to make a decision as to whether or not to utilize the UEFI and Secure Boot modes which are available on the MBs.

It seems from an initial attempt, that I cannot simply use UEFI/GPT without turning on Secure Boot...that is one must NOT use CSM (turn it off) and USE Secure Boot. You cannot use UEFI without Secure Boot.

Is this correct? I am considering us9ng UEFI without Secure Boot because I hear it is faster.

However, I am concerned that I will run into all sorts of trouble turning Secure Boot on with respect to double booting Win 10...and additionally with creating images with Acronis.

I have been in the habit of creating a new PC with an extra drive with a cloned OS...then disconnecting the drive so that if the first OS drive fails, the person can boot up quickly with the other drive. I am concerned that there will be a problem with Secure Boot.

I mean, how many times have I been infected with a root kit.....some virus that take over at boot time...Answer...never since I started with PCs in 1991!

So, anyone really think Secure Boot is worth it?
 

My Computer

System One

  • OS
    Windows 7

genet

New Member
Guru
Posts
879
#2
I am considering using UEFI without Secure Boot because I hear it is faster.
Secure Boot does not affect the speed of your computer.

However, I am concerned that I will run into all sorts of trouble turning Secure Boot on with respect to double booting Win 10...and additionally with creating images with Acronis.
Windows 8/8.1/10 are compatible with the Secure Boot.

I don't know about Acronis True Image but Macrium Reflect is compatible with the Secure Boot.

So, anyone really think Secure Boot is worth it?
It is a very important security feature.

Microsoft designed Secure Boot to protect the computer from low-level exploits and rootkits and bootloaders. A security process shared between the operating system and Unified Extensible Firmware Interface (UEFI, replacing the BIOS), Secure Boot requires all the applications that are running during the booting process to be pre-signed with valid digital certificates. This way, the system knows all the files being loaded before Windows 8 loads and gets to the login screen have not been tampered with.

If a bootloader has infected your computer and it tries to load during the boot-up sequence, Secure Boot will be able to undo all the changes and thwart the attack. Having Secure Boot means it is that much harder for attackers to try to compromise the start up sequence.
 

My Computer

System One

  • OS
    Windows 10
    Computer type
    Laptop
    System Manufacturer/Model Number
    Lenovo G580
    CPU
    Intel Core i5-3230M
    Memory
    8 GB
    Graphics Card(s)
    Intel HD Graphics 4000
    Browser
    Microsoft Edge
    Antivirus
    Windows Defender, standard user account
    Other Info
    UEFI firmware (BIOS) embedded Windows 8 product key.
#3
Yes, I know that secure boot has nothing to do with the speed of boot up. However, I heard, and don't know that it is true, that if one uses the compatability setting rather than the UFEI setting, that it is not as fast.

I have ceretainly had my share of malware and use both Malwarebytes and Supermalwarebytes as well as Open DNS in an attempt to prevent it, but I have never had a root-kit infection, which is why I was wondering about how important it is for most people that use PCs.

Acronis claims a number of their products have been updtated including TI 2014 which is what have been using. I have not updated to 2015 because I usually adhere to if it is not broke, don't fix it. I have also used the Acronis available to Western Digital HD owners and it is very similar except without the ability to do a bare bones restore. However, I have never tried to do a restore with secure boot. I have to see if it require PE or not which would be an added headache.

So, what I am trying to find out is if one canb use UEFI without secure boot and if doing so makes boot up faster than using the older BIOS setting via the compatibility setting.

For my ASUS MBs, by the way, it is a little confusing. To avoid secure boot, one has to select other OS.
 

My Computer

System One

  • OS
    Windows 7

Clintlgm

Active Member
Pro User
Lacombe, Louisiana

Posts
894
#4
I am considering using UEFI without Secure Boot because I hear it is faster.
Secure Boot does not affect the speed of your computer.

However, I am concerned that I will run into all sorts of trouble turning Secure Boot on with respect to double booting Win 10...and additionally with creating images with Acronis.
Windows 8/8.1/10 are compatible with the Secure Boot.

I don't know about Acronis True Image but Macrium Reflect is compatible with the Secure Boot.

So, anyone really think Secure Boot is worth it?
It is a very important security feature.

Microsoft designed Secure Boot to protect the computer from low-level exploits and rootkits and bootloaders. A security process shared between the operating system and Unified Extensible Firmware Interface (UEFI, replacing the BIOS), Secure Boot requires all the applications that are running during the booting process to be pre-signed with valid digital certificates. This way, the system knows all the files being loaded before Windows 8 loads and gets to the login screen have not been tampered with.

If a bootloader has infected your computer and it tries to load during the boot-up sequence, Secure Boot will be able to undo all the changes and thwart the attack. Having Secure Boot means it is that much harder for attackers to try to compromise the start up sequence.
:ditto:

I believe that you can run UEFI without secure boot, simply turn off Secure boot in your UEFI interface. Although I there is no need to for booting USB thumb drive etc. all you have to do is Hit the Esc key or f8 or which other key brings up a boot menu then select the device you want to boot from. Secure boot is for the general public to have some protection with out having to think about it. And for those time we brain fart and click on that link we knew we shouldn't have.
 

My Computer

System One

  • OS
    Windows 8.1 Pro MC
    Computer type
    Laptop
    System Manufacturer/Model Number
    Asus G75VW / Z97 Pro
    CPU
    Intel Core i7-3610QM / I7-4790K
    Motherboard
    Z97 Pro
    Memory
    16 GB Hyundai HTM315156CFR8C-PB PC3-12800
    Graphics Card(s)
    nVIDIA GeForce GTX 670M (GF114M)
    Sound Card
    VIA 6.0.10.1600
    Screen Resolution
    1080
    Hard Drives
    Samsung 850 Pro 256, Samsung 850 Pro 1TB
    Internet Speed
    30 down 3 up
    Browser
    Explorer 11
    Antivirus
    NIS and Malwarebytes