Last Updated on December 26, 2022 by Mathew Diekhake
Windows XP and Windows 7 were phenomenal operating systems for their time, and I know some people who still prefer to use them, or at least still dream of the more updated versions having features taken from them. But one thing that many people don’t realize about those older versions is that they weren’t running with the Secure Boot feature, first introduced in Windows 8, and as such, they were a lot more prone to viruses and malware.
Secure Boot is still a relatively new feature and has made its way onto Windows 10 because of its past success of stopping viruses and malware on the Windows 8 platform. Few people have positive things to say about Windows 8, but the security experts out there will tell you that it was actually groundbreaking thanks to this one feature. Viruses have been around for a long time now, and if you used to get them on your machine reasonably often and just don’t anymore, it’s not necessarily because you are now a further advanced PC user. What’s far more likely is that you’re benefiting from the added technology that Microsoft has installed on Windows to help make your computing days more secure than ever.
Starting from Windows 8.1, you couldn’t even get the operating system installed unless you had UEFI 2.2 compliant motherboard because that very motherboard allows for a platform key, which is a private key that’s connected to the motherboard and tells it only to allow the loading of drivers and loaders that are signed with this private key. The private key is something that malware and viruses that haunt your days past can’t be signed on, and that’s how the modern-day Windows operating system stops them before they get the chance to get on your system. And so long as Windows can stop the malware and viruses from loading at boot, it means it’s preventing these harmful programs from running before your antivirus could. Once your antivirus officially starts up when the operating system loads, it’ll block them from getting on your computer, and that’s why Secure Boot is such a great feature. Maybe viruses and malware will work out a way to get ahead of the game again in the future, but for now, it seems as though the good guys have trumped them. You’ll get to reap the rewards of this wonderful technology so long as you keep Secure Boot running.
Now with that being said, there will be times when the occasional person wants to disable Secure Boot, most notably if there are any graphics cards, additional hardware or operating systems that need to be installed. There’s no way for Secure Boot to tell if what you want to add to the computer is trusted or not without the manufacturer updating the list of trusted hardware and software first, so it doesn’t allow a lot of these types of things to be installed by default. Instead, it puts most the responsibility on your shoulders, and you can disable Secure Boot when you want to install something that you know is coming from a trusted source. There will be occasions, however, that your manufacturer has added trusted software and hardware to the list and Windows can update to accept them—and that’s a good thing because you’ll need to have Secure Boot disabled for as long as your modification remains installed on the computer. For that, you can check further details from Windows Update in the Settings application or by looking up your manufacturer website.
Note: You can always change the Secure Boot settings to turn it on or off through the firmware BIOS menus; however, the exact way to go about may differ from manufacturer to manufacturer. The below guide is a general one that should work for most computers, but if it doesn’t work for yours, then you should get in contact with your manufacturer and ask them for the precise required steps for their machines. Likewise, if you can get access to the BIOS menu but are unable to locate any settings for it, then you should also get in contact with your manufacturer.
How to Disable Secure Boot on Windows 10
Warning: Secure Boot isn’t just something you can always turn on and off and expect your computer to remain in the same state. At times upon re-enabling Secure Boot, it’s possible you might need to restore the computer to its factory state. You should always make sure you’ve backed up your operating system before going ahead.
The BIOS menu is intended for advanced users only. In here are some settings that can prevent your computer from starting correctly if you were t change the wrong ones. Always make sure you know what settings need changing before you enter and don’t alter any others before you leave.
1. Start by turning off the computer and then opening the BIOS menu. Most computers will bring up the BIOS by pressing one of the “F” keys during the booting sequence, such as F1, F2, F4, etc., or by pressing the Esc key. You can also get to the BIOS menu by booting up the Windows 10 operating system and then head to the Start > Power > Restart and holding the Shift key when you click on that “Restart” button. Doing so brings you to the troubleshooting menu where you can then select Troubleshoot > Advanced Options: UEFI Firmware Settings.
2. Once inside UEFI Firmware Settings, locate the Secure Boot setting and change it over to “Disabled.” You’ll find this option for disabling it from the Security, Boot, or Authentication tabs.
3. Save the changes you’ve made before you exit and then wait for the computer to reboot the operating system again automatically.
4. You are now ready to go about installing the new operating system, hardware or graphics card that wouldn’t install before when you had the Secure Boot enabled. Sometimes there are other requirements, such as Compatibility Support Module (CSM) that need to be enabled from the BIOS settings as well before the installation will work. There are also some things you may need to take care of before you can use CSM. For more information on that, you can read this Windows Setup: Installing using the MBR or GPT partition style article from the Microsoft website.
How to Re-enable Secure Boot on Windows 10
The Secure Boot feature can’t re-enable from the BIOS unless you uninstall anything that wasn’t compatible with it to begin with.
1. Start by turning off the computer and then opening the BIOS menu. Most computers will bring up the BIOS by pressing one of the “F” keys during the booting sequence, such as F1, F2, F4, etc., or by pressing the Esc key. You can also get to the BIOS menu by logging into your Microsoft account on Windows 10 and heading to Start > Settings > Update and Security > Recovery > Advanced Startup > Restart now. After the computer reboots, you then would need to navigate to the Troubleshoot > Advanced Options: UEFI Firmware Settings.
2. Once inside UEFI Firmware Settings, locate the Secure Boot setting and change it over to “Enabled.” You’ll find this option for disabling it from the Security, Boot, or Authentication tabs. (Some computers require you to select “Custom” and then load the Secure Boot keys that are built into the computer.) If you can’t get the BIOS to allow for the Secure Boot to re-enable then reset the BIOS back to its factory settings and try again.
3. Save the changes you’ve made before you exit and then wait for the computer to reboot the operating system again automatically. If the PC doesn’t reboot correctly, then go back into the BIOS by rebooting the PC and holding down one of the F keys or the Esc key and then change the setting back over to “Disabled.” You’ll then at least be able to use the computer again and try to work out the issue with your manufacturer. There will be times when some people need to refresh the Windows 10 operating system back to its original state before the enabling of the Secure Boot can happen. If it doesn’t work with a refresh from the Settings application, then try the full factory reset instead.
All computers that run on Windows 10 now come with Secure Boot automatically enabled by default; it’s a platform feature that’s part of UEFI, which is a more modern version of the old system BIOS. The idea behind it is to help you stay safe, but unfortunately, it also means that making modifications can also prove to be a hassle if your manufacturer hasn’t officially added whatever you’re adding to the exclusion list. If you really want to make the changes to your PC that require you to disable Secure Boot, then you have no choice but to keep it disabled until you’re ready to remove that modification from the PC—something you should think about before going ahead with the changes you plan on making. At the end of the day, not having Secure Boot enabled isn’t the end of the world; if you survived just fine back in the days of Windows 7 and Windows XP then you might not notice a difference, but technically you are more susceptible to virus attacks without it running on your computer.
You might also be interested in:
- Microsoft Removes Homegroups from Windows 10 in Coming Redstone 4 Update
- Windows Hello Can Be ByPassed with Photos in Older Versions of Windows 10
- How to Connect Windows 10 PC to WiFi Network Without Entering Password
- How to Run Windows Memory Diagnostics Tool in Windows 10
You can subscribe to our RSS, follow us on Twitter or like our Facebook page to keep on consuming more tech.