What Is Secure Boot? How to Enable and Disable It in Windows? [MiniTool Wiki]
What Is Secure Boot?
Nowadays, the modern computers come in a feature named Secure Boot . Do you have any idea about it? Secure Boot is a part of Microsoft’s Windows 8 and the above versions of Microsoft Windows operating system.
As we know, a traditional BIOS will boot form anywhere, while Secure Boot which is working on the top of UEFI is used to make sure that Windows operating system remains safe from Malware. To put it more clearly, Secure Boot ensures that a device boots using only the software that is trusted by the Original Equipment Manufacturer.
How Does Secure Boot Work?
Once you power on a PC, it starts the process of executing code that configures the processor, memory, and hardware peripherals to make a preparation for the operating system to boot.
During the preparation, Secure Boot checks the signature of firmware code that exists on hardware peripherals like storage deices.
During the boot process, secure Boot will check for an embedded signature inside of the fireware module. If the signature match against a database of signature in Secure Boot, the nodule is allowed to execute.
It can be said that Secure Boot works like a security gate. Code with valid credentials can get through the security gate and execute. Surely, code with bad credentials or no credential will be refused.
Enable Secure Boot
Seeing the function of Secure Boot, you may want to enable it. In order to use it, your PC must meet the following requirements.
- Secure Boot must be enabled after an operating system has been installed.
- Secure Boot requires a recent version of UEFI. Update the firmware with Device Manager if you are in doubt.
- Secure Boot requires Windows 8 or higher versions like Windows 10.
- A system password on some devices should be set to turn on the necessary system firmware options.
Now, lets see how to enable Secure Boot. Please following the steps below.
Step 1: Boot into the system settings by powering on the system and using the manufacture’s method to access the system settings.
Step 2: Look through the menu and select UEFI as the boot mode.
Step 3: Navigate to the Secure Boot option and turn it on.
Step 4: Save the changes and exit the menu. You can now boot to media that supports Secure Boot and install an operating system. Please pay attention that Windows will partition storage with GPT partitions instead of mbr (click here to learn about how to convert MBR to GPT).
Step 5: After the operating system is installed, you can verify that Secure Boot is enabled by opening msinfo32.exe (type the command in the open box) and checking that the value for Secure Boot State is “ on ”.
Disable Secure Boot in Windows 10
Let’s see how to disable Secure Boot in Windows 10.
Step 1: Please click the following terms in order: Settings , Update & security , Recovery , Restart now , Troubleshoot , Advanced options , UEFI Firmware Settings , and Restart .
Step 2: When you access the UEFI utility screen, please move to the Boot tab on the top menu. According to the information on the screen, use the arrow key to go to the Secure Boot option.
Step 3: Use + or - to change its value to Disable .
Warning: After disabling Secure Boot and installing other software and hardware, it may be difficult to re-active Secure Boot unless you restore your PC to the factory state. Please be careful when you make some changes on your BIOS settings, and be sure to follow the manufacturer’s instructions exactly.