How To Disable Secure Boot

How to Disable Secure Boot

Disabling Secure Boot can only be achieved in the UEFI (sometimes colloquially known as its predecessor, the BIOS). To access it and disable Secure Boot, follow these steps: To re-enable Secure Boot, first remove any hardware or software which may be caught out by it. Then follow the above steps in the same way, but toggle Secure Boot to Enabled instead.

What Is Secure Boot?

Ratified as part of the UEFI 2.3.1 Errata 3 specification, Secure Boot is a protocol that protects the system’s boot process by preventing drivers or operating systems from loading if they are not signed with a valid digital signature. In practical terms, it makes sure that the operating system is a legitimate one and not one that’s masquerading as the real thing.

How Does Secure Boot Work?

Secure Boot works like a bouncer, checking identification before allowing entry. The operating system and driver code which attempts to launch during the system boot process must present Secure Boot with a valid key that can be checked against a database of platform keys. If the right key is presented, the code can run. If the wrong key is presented, or no key at all, the code is blocked before it can (potentially) do any damage.

Should You Disable Secure Boot?

Secure Boot is an important tool in protecting your system. If you don’t know what you’re doing and leave it disabled, it’s possible that malware or malicious code could execute on your system before other protective measures can boot up, leaving you vulnerable. If in doubt, leave it enabled. That said, there are valid reasons you may want to disable it. At least temporarily. There are completely valid operating systems, like Linux Distributions, which do not have valid security keys for a variety of reasons. Even some that pass muster in all manner of checks can sometimes fall foul of Secure Boot. If you’re trying to install one of those operating systems, disabling Secure Boot may be your only valid option.