Secure Boot — what this utility is and how to disable it?


What is the Secure Boot, and how to disable it? This utility — a specific fuse that does not allow users to install on a computer running Windows 8, 8.1 and 10 any other OS. To download any other operating system on the PC the user must first disable the tool in the UEFI interface.

Principle of operation and features of Secure Boot

The technology protection system was not invented by Microsoft developers but by specialists from Unified EFI Forum, which created a new interface BIOS — UEFI.
The function provides the ability to disable the ban installation of another operating system and key management on any laptop and desktop PCs.

For computers with Windows 8, and 10 utility works in two modes:

  1. Setup mode allows you to configure and allows to replace the main keys Platform Key and the KEK, as well as the base and permitted revocation DB and DBX keys;
  2. User mode, where the computer is running by default.
    To remove a function you should use the first mode.

Replacement keys, which are compared with the code signatures, will bypass the restriction on reset.

How to know the download mode?

Check that your PC or laptop has turned on Secure Boot function in two ways:

  • even during attempts to put new Windows instead of the old when you do not get to do it, and the system displays a message;
  • by running the command line (open as administrator) Confirm-SecureBootUEFI team. If the regime is working on True it appears on the screen, if it does not work — False. Other reports, including Cmdlet are not supported on this platform.

After determining the mode in which Secure Boot is running, you should check the type of its policies with the same command line. For this we introduce a different team — Get-SecureBootPolicy.

It can return a value of {77FA9ABD-0359-4D32-BD60-28F4E78F784B}, indicating a properly configured security policy. Any other characters indicate a safe working load in test mode.

Message type Secure Boot policy is not enabled on this machine means that the mode is not supported by the motherboard.

Disabling the utility

If your computer is required to turn off safe mode, and provide the download of a new operating system, perform the following steps:
Sign in UEFI interface settings;
Change the BIOS setting one of the possible ways, depending on the motherboard manufacturer.
There are 2 main ways to enter the BIOS:
Go to the «Options» menu in the right pane, select the parameter change, then «Update and recovery» and «Recovery»;

After that, click «Reload», and then configure UEFI software. It remains to wait for a reboot, after which the entrance to the BIOS interface will be made automatically;

Press the function key when you turn on your computer (Delete, F2, or other).
It depends on the brand and model of computer motherboard.

For example, for HP laptops you must find tab System Configuration in BIOS, scroll to Boot Options and change the value of the indicator on the Secure Boot Disabled.

Lenovo and Toshiba devices have the Security tab, and Dell — UEFI Boot menu, which also must disable Secure Boot.

For the Asus devices, in addition to failure, it requires further choose to install a new operating system by setting out in paragraph Other OS Type.

Asus desktop computers disable the feature by going to the Authentication section. And Gigabyte brand motherboards require a transition in the BIOS menu Features.
Trouble Shooting

Sometimes Secure Boot settings may be incorrect.

In this case, even installing a system in the corner of your desktop, you can see an error like «Professional Secure downloads (SecureBoot) configured correctly Build 9600».

The cause of this information is not in the fact that the operating system was unlicensed or was incorrectly activated, but only about computer security, and reducing the need for the following actions:

  • Determination with one of the three known methods, is Secure Boot working currently;
  • Check the type of security policy;

If the mode is disabled, in order to eliminate signs of security problems youshould turn it on (during system installation, you can choose the SB off again), reboot your computer, enter the BIOS and enable Secure Boot.

If the applied method does not resolve the issue, try setting UEFI to reset to factory settings.
The only option — installing such updates from Microsoft as KB288320, which is in the package GA Rollup A.

You can download it from the official site of the manufacturer, carefully considering the capacity of your system — x86 or 64.

Found a mistake? Highlight the text and press Ctrl + Enter

Добавить комментарий

Ваш адрес email не будет опубликован. Обязательные поля помечены *

Notify me of followup comments via e-mail. You can also subscribe without commenting.