How to Disable Secure Boot

Secure Boot is a great security feature, but it can go overboard

Secure Boot is a security feature in the latest generation of the Unified Extensible Firmware Interface (UEFI) in Windows. It replaced the aging BIOS architecture of modern PCs. It's designed to protect your system from threats and is enabled by default, but in some instances, you may want to disable it. Here's how to disable secure boot.

Secure Boot is supported by Windows 8, 8.1, Windows 10, and both Windows Server 2012 and its second revision.

What Is Secure Boot?

Ratified as part of the UEFI 2.3.1 Errata 3 specification, Secure Boot is a protocol that protects the system's boot process by preventing drivers or operating systems from loading if they are not signed with a valid digital signature. In practical terms, it makes sure that the operating system is a legitimate one and not one that's masquerading as the real thing.

Secure Boot
 Jon Martindale

How Does Secure Boot Work?

Secure Boot works like a bouncer, checking identification before allowing entry. The operating system and driver code which attempts to launch during the system boot process must present Secure Boot with a valid key that can be checked against a database of platform keys. If the right key is presented, the code can run. If the wrong key is presented, or no key at all, the code is blocked before it can (potentially) do any damage.

Should You Disable Secure Boot?

Secure Boot is an important tool in protecting your system. If you don't know what you're doing and leave it disabled, it's possible that malware or malicious code could execute on your system before other protective measures can boot up, leaving you vulnerable.

If in doubt, leave it enabled.

As a security feature, Secure Boot should remain enabled unless you are absolutely sure it needs to be disabled. Make sure you aren't being coerced into making your PC less secure before doing so.

That said, there are valid reasons you may want to disable it. At least temporarily. There are completely valid operating systems, like Linux Distributions, which do not have valid security keys for a variety of reasons. Even some that pass muster in all manner of checks can sometimes fall foul of Secure Boot.

If you're trying to install one of those operating systems, disabling Secure Boot may be your only valid option.

How to Disable Secure Boot

Disabling Secure Boot can only be achieved in the UEFI (sometimes colloquially known as its predecessor, the BIOS). To access it and disable Secure Boot, follow these steps:

  1. Restart your system.

  2. As it begins to start up again, you need to press the UEFI entry key. This varies from system to system, so you may need to check your manual, but it's typically Delete, Escape, F1, F2, F10, or F12.

  3. Look for a Security section and navigate to it using your mouse or keyboard. Navigating each UEFI is different for each manufacturer, so check your manual if you need help.

  4. Look for a Secure Boot option. Toggle it to Disabled.

  5. Press F10 to save your settings and restart your system.

  6. Wait for it to boot up. Secure Boot should now be disabled.

To re-enable Secure Boot, first remove any hardware or software which may be caught out by it. Then follow the above steps in the same way, but toggle Secure Boot to Enabled instead.