How to Disable UEFI Secure Boot to Dual Boot Any System
Whatsapp Pinterest
Advertisement

Have you ever tried to install a second operating system alongside Windows? Depending on what you tried to install, you might have encountered the UEFI Secure Boot feature. If Secure Boot doesn’t recognize the code you’re trying to install, it will stop you. Secure Boot is handy for preventing malicious code running on your system. But it also stops you booting some legitimate operating systems, like Kali Linux, Android x86, or TAILS.

But there is a way around it. This short guide will show you how to disable UEFI Secure Boot to let you dual boot any operating system you like.

UEFI Secure Boot

Let’s take a second to consider precisely how Secure Boot keeps your system safe.

Secure Boot is a feature of the Unified Extensible Firmware Interface (UEFI). UEFI itself is the replacement for the BIOS interface found on many devices. UEFI is a more advanced firmware interface with many more customization and technical options.

Computer Security, UEFI, BIOS, Dual Boot

Secure Boot is something of a security gate. It analyzes code before you execute it on your system. If the code has a valid digital signature, Secure Boot lets it through the gate. If the code has an unrecognized digital signature, Secure Boot blocks it from running, and the system will require a restart.

At times, code that you know is safe, and comes from a reliable source, might not have a digital signature in the Secure Boot database.

For example, you can download numerous Linux distributions directly from their developer site, even verifying the distribution checksum to check for tampering. But even with that confirmation, Secure Boot will still reject some operating systems and other types of code (such as drivers and hardware).

How to Disable Secure Boot

Now, we don’t advise disabling Secure Boot lightly What You Need to Know about Windows 10 Secure Boot Keys What You Need to Know about Windows 10 Secure Boot Keys Secure Boot should prevent tablet and PC owners from installing their own OS choice on a Windows 10 device -- but thanks to the accidental leak of the "golden keys", Secure boot is dead. Read More . It really does keep you safe (check out the Secure Boot vs. Petya Ransomware video below, for example), especially from some of the nastier malware variants like rootkits and bootkits What You Don’t Know About Rootkits Will Scare You What You Don’t Know About Rootkits Will Scare You If you don't know anything about rootkits, it's time to change that. What you don't know will scare the hell out of you, and force you to reconsider your data security. Read More (others would contend it was the security measure to stop Windows pirating). That said, sometimes it gets in the way.

Please note that turning Secure Boot back on may require a BIOS reset. This does not cause your system to lose any data. It does, however, remove any custom BIOS settings. Moreover, there are some examples where users are permanently no longer able to turn Secure Boot, so please bare that in mind.

Okay, here’s what you do:

  1. Turn your computer off. Then, turn it back on and press the BIOS enter key during the boot process. This varies between hardware types How to Enter the BIOS on Your Computer How to Enter the BIOS on Your Computer Inside the BIOS you can change basic computer settings, like the boot order. The exact key you need to strike depends on your hardware. We have compiled a list of strategies & keys to enter... Read More , but is generally F1, F2, F12, Esc, or Del; Windows users can hold Shift while selecting Restart to enter the Advanced Boot Menu. Then select Troubleshoot > Advanced Options: UEFI Firmware Settings.
  2. Find the Secure Boot. If possible, set it to Disabled. The Secure Boot option is usually found in the Security tab, Boot tab, or Authentication tab.
  3. Save and Exit. Your system will reboot.

You have successfully disabled Secure Boot. Feel free you grab your nearest previously unbootable USB drive and finally explore the operating system. Kali Linux and TAILS are a great places to start 6 Ways Mr. Robot Is Putting Linux in the Public Eye 6 Ways Mr. Robot Is Putting Linux in the Public Eye Mr. Robot debuted in 2015 to critical acclaim. But did you know that there's quite a bit you can learn about Linux from watching Mr. Robot? Read More .

How to Re-Enable Secure Boot

Of course, you might want to turn Secure Boot back on. After all, it does help protect against nefarious malware and other unauthorized code The Best Computer Security and Antivirus Tools The Best Computer Security and Antivirus Tools Need a security solution for your PC? Concerned about malware, ransomware, viruses, and intruders through your firewalls? Want to back up vital data? Just confused about it all? Here's everything you need to know. Read More . If you directly install an unsigned operating system, you’ll need to remove all traces before attempting to turn Secure Boot back on. Otherwise, the process will fail.

  1. Uninstall any unsigned operating systems or hardware installed when Secure Boot was disabled.
  2. Turn your computer off. Then, turn it back on and press the BIOS enter key during the boot process. This varies between hardware types, but is generally F1, F2, F12, Esc, or Del; Windows users can hold Shift while selecting Restart to enter the Advanced Boot Menu.
  3. Find the Secure Boot If possible, set it to Enabled. The Secure Boot option is usually found in the Security tab, Boot tab, or Authentication tab.
  4. If Secure Boot doesn’t enable, try to Reset your BIOS to factory settings. Once you restore factory settings, attempt to enable Secure Boot again.
  5. Save and Exit. Your system will reboot.
  6. In the event the system fails to boot, disable Secure Boot again.

Troubleshooting Secure Boot Enable Failure

There are a few small fixes we can try to get your system booting with Secure Boot enabled.

  • Make sure to turn UEFI settings on in the BIOS menu; this also means making sure Legacy Boot Mode and equivalents are off.
  • Check your drive partition type How to Set Up a Second Hard Drive in Windows: Partitioning How to Set Up a Second Hard Drive in Windows: Partitioning You can split your drive into different sections with drive partitions. We'll show you how to resize, delete, and create partitions using a default Windows tool called Disk Management. Read More . UEFI requires GPT partition style, rather than the MBR used by Legacy BIOS setups. To do this, type Computer Management in your Windows Start menu search bar and select the best match. Select Disk Management from the menu. Now, find your primary drive, right-click, and select Properties. Now, select the Volume Your partition style is listed here.
    • If you need to switch from MBR to GPT there is only one option to change the partition style: back up your data and wipe the drive.
  • Some firmware managers have the option to Restore Factory Keys, usually found in the same tab as the other Secure Boot options. If you have this option, restore the Secure Boot factory keys. Then Save and Exit, and reboot.

Computer Security, UEFI, BIOS, Dual Boot

Trusted Boot

Trusted Boot picks up where Secure Boot stops, but really only applies to the Windows 10 digital signature. Once UEFI Secure Boot passes the baton, Trusted Boot verifies every other aspect of Windows 7 Windows 10 Security Features & How to Use Them 7 Windows 10 Security Features & How to Use Them Windows 10 is all about security. Microsoft recently instructed its partners that in sales, Windows 10's security features should be the primary focus. How does Windows 10 live up to this promise? Let's find out! Read More , including drivers, startup files, and more.

Much like Secure Boot, if Trusted Boot finds a corrupted or malicious component, it refuses to load. However, unlike Secure Boot, Trusted Boot can at times automatically repair the issue at hand, depending on the severity. The below image explains a little more about where Secure Boot and Trusted Boot fit together in the Windows boot process.

Computer Security, UEFI, BIOS, Dual Boot

To Secure Boot or Not?

Disabling Secure Boot is somewhat risky. Depending on who you ask, you’re potentially putting your system security at risk.

Secure Boot is arguably more useful than ever at the current time. Bootloader attacking ransomware is very real Everything You Need to Know About the NotPetya Ransomware Everything You Need to Know About the NotPetya Ransomware A nasty form of ransomware dubbed NotPetya is currently spreading around the world. You probably have some questions, and we definitely have some answers. Read More . Rootkits and other particularly nasty malware variants are also out in the wild. Secure Boot provides UEFI systems with an extra level of system validation to give you peace of mind.

Enjoyed this article? Stay informed by joining our newsletter!

Enter your Email

Leave a Reply

Your email address will not be published. Required fields are marked *

  1. John
    April 20, 2018 at 3:27 pm

    If you run Windows at all you will want Secure Boot enabled. If you only run Linux then for compatibility sake I would disable it so drivers can install correctly. Although Linux such as Ubuntu fully support Secure Boot some other less popular Linux distros do not. Linus Torvalds was not so supportive of Secure Boot at first but later relented it was useful if security was important. Although I probably think his statement didn't reflect what he did and probably does not run Secure Boot.

  2. Dj
    April 1, 2018 at 3:18 am

    Sigh. Of course the powers that be completely hijacked the secure boot implementation turning it into "authorized boot", and of course they decide what is authorized. The end-user feature we need is *we* re-sign the boot record after *we* install an OS we trust.

  3. Ian
    March 31, 2018 at 6:13 pm

    Thank you for not advocating people disable UEFI (the title had me worried). Secure Boot is just one feature of UEFI and isn't a requirement. Additionally, almost every modern Linux OS has full support for UEFI and leaving it enabled can actually make dual booting easier.

    • Graeme
      April 1, 2018 at 10:40 am

      Yeah, I thought the same, title for this article is inaccurate and misleading.

    • Gavin Phillips
      April 1, 2018 at 9:11 pm

      Thanks for the heads up, we've changed the title. "Secure Boot" seems to have slipped through the net somehow!