Home » Guide

Secure Boot: how to disable protection or configure it correctly in UEFI

Quite often on modern laptops, when you try to boot from a flash drive or installation disk, you can see the Security boot fail error. It appears due to the enabled Secure Boot option, which is designed to protect the laptop from running unlicensed software on it, as well as some types of viruses.

But the most common reason for the Security boot fail error to appear is the lack of UEFI support on the boot device from which you are trying to boot (flash drive, disk).

Read about how to create a UEFI-enabled flash drive here.

In this article we will tell you what you need to do to get rid of the Security boot fail error on Acer laptops.

What is Secure Boot and when might you need to disable it?

Secure Boot is one of the innovations introduced with the introduction of UEFI. This in turn is a BIOS receiver. He is, accordingly, responsible for preparing and loading the OS. BIOS can be considered a very simple utility with a primitive design that is flashed into the motherboard. UEFI performs the same functions, but it is already a very beautiful and advanced program. For example, with persistence, using UEFI you can even view the contents of connected drives, which would be considered an incredible innovation for BIOS.

Read also:  How to open Root rights on Android in 1 step without a computer

The creators of UEFI were not guided by aesthetic motives alone. One of the important design goals was to detect and limit the impact of malware. It was assumed that the technology would prevent it from loading along with the operating system (OS), as well as execution at the OS kernel level after it was launched. The honor of fulfilling this important mission fell to the Secure Boot protocol. The technical implementation was as follows: a cryptographic scheme with open and closed signatures (electronic digital signatures, EDS) was used. In general, the goals were achieved, but in practice this required certain and correct actions not only on the part of users, but also on the part of computer equipment manufacturers. Describing the entire process will take a lot of time, so let’s focus on the key features:

  • software components (drivers, OS loaders) have special digital signatures, they are also in the motherboard firmware, but the characteristics of these digital signatures are different;
  • when using computer resources, components must prove using a digital signature that they are not viruses;
  • The key security factor is the private key, which ideally should be unique for each PC.

Difficulties with the technology began at the implementation stage, when Microsoft announced that using the protocol it would limit the installation of other operating systems on computers with pre-installed Windows. Such plans were then abandoned under pressure from the public, but the aftertaste remained. Today, the main difficulty is that motherboard manufacturers use the same private keys for all their products or for individual lines. In any case, good intentions led to a dead end.

In the vast majority of cases, disabling Secure Boot is worth solving two problems:

  1. If the OS does not install or load.
  2. If it is impossible to boot from a bootable USB flash drive.

Secure Boot itself does not load the system in any way, since it works at a lower software level. Disabling the protocol will definitely not improve system responsiveness or increase processor speed.

What is it and why

Secure Boot in Windows 10 is a requirement for Windows 11. It is a security feature that is built into most modern hardware and UEFI firmware. Its functions include providing a safe environment for running Windows and preventing the penetration of malware.

The use of Secure Boot allows you to protect the system from malicious code, as well as to limit the list of OS. Most modern systems have this option. However, Secure Boot State is not supported for Windows 11 only on older devices. If necessary, it can be turned on.

Do not confuse Secure Boot with another option - Safe Mode. The question of how to start Windows 11 in safe mode may arise if you need to diagnose the system. It is used to fix various errors in the operating system. In this case, a minimum number of elements are loaded into the OS.

How to disable Secure Boot protection in BIOS?

Note that some users mistakenly think that the Secure Boot protocol is disabled in the BIOS. This rather primitive firmware does not, did not, and cannot have SecureBut support. This security protocol works exclusively on UEFI and must be disabled there. The nature of this error is quite simple. Over the years, users have become accustomed to the fact that everything that appears on the screen before loading the OS is the BIOS. In reality, the days of this software add-on are fading and it is already obsolete in any respect.

Bottom line

As you can see, the principle of disabling Secure Boot protection on different models is almost the same, with the exception of only some nuances related to the location of the menu and additional add-ons. Even if this review does not include the model of your PC or laptop, use the basic algorithm to deactivate the protective boot option. Namely: entering the UEFI shell → disabling Secure Boot (+ on some computers, enabling compatibility with other OSes) → saving the created shell configuration → rebooting the system.

Successful and quick computer setup! Be extremely careful when changing the value of options in the UEFI console.

Disabling Secure Boot on motherboards

The desktop motherboard market is quite conservative and the clear leaders are 2 companies: Asus and Gigabyte. They supply more than half of all equipment, so it is most rational to consider methods for deactivating Secure Boot in the context of these manufacturers. In any case, the third and fourth places have long been occupied by MSI and ASRock - the first four are entirely made up of Taiwanese companies. Bottom line: there will still be no fundamental differences in the disabling instructions and most users will find below exactly what they are looking for.

Note that you can switch directly to UEFI in some cases directly from Windows (from version 8 and later). To do this, try the following:

  • On the desktop on the right, call up the sliding panel.
  • Then follow the path: “Settings” => “Changing settings...” => “Update and...” => “Recovery”;
  • In the window that appears, find the option to reboot the system and set this line to “UEFI Settings” or “UEFI Firmware Settings”;
  • Then click on “Reboot” and UEFI should start automatically.

How to disable Secure Boot on Gigabyte motherboard?

After logging into UEFI (by pressing F12 before starting the OS), proceed as follows:

Read also:  How to activate Windows 10 by phone: instructions, procedure. Windows 10 activation key
  • go to the “BIOS Features” tab;
  • set the “Windows 8 Features” criterion to “Other OS”;
  • for the “Boot Mode Selection” criterion - “Legacy only” or “UEFI and Legacy” (there is not much difference between them);
  • for the criterion “Other PCI Device ROM Priority” – “Legacy OpROM”.

After all, you need to record the changes, that is, press F10 => “OK”.

Asus motherboards and laptops

Let us immediately note that most often on motherboards of this particular manufacturer an error appears when loading the OS: Invalid signature detected. Check Secure Boot Policy in Setup. In most cases, to fix the problem you should turn off Secure Boot, and to do this you need to:

  • go to UEFI - press F2, Delete or the Fn+F2 key combination before loading the OS;
  • on the home screen, press F7 (Advanced Mode), and then go to the “Boot” menu => “Secure Boot Menu”;
  • specify the value “Enabled” in the “Secure Boot State” line, and “Other OS” in the “OS Type” line;
  • go back one level to the “Boot” menu => “Compatibility Support Module (CSM)”;
  • set the “Launch CSM” line to “Enabled”, and the “Boot Device Control” line to “UEFI and Legacy …” or “Legacy OpROM …”, and the “Boot From Storage Devices” line to “Both Legacy opROM first” , or “Legacy opROM first”;
  • after that, click on F10 and save all changes, and then check the correctness of the settings made.

Specifically for Asus laptops, the algorithm will be as follows:

  • go to UEFI;
  • go to the “Security” tab;
  • find the line “Secure Boot Control”, specify the value “Disabled” in it;
  • go to the “Boot” tab;
  • Find the line “Fast Boot”, set it to “Disabled”, and in the line “Launch CSM” to “Enabled”.

How to open UEFI/BIOS settings

To deactivate Security Boot, you first need to open the UEFI or BIOS boot shell. This procedure can also be performed in different ways:

Method No. 1: using “hot keys”

Restart the OS. Press "Del". If logging into the shell failed, then another hotkey is used to enter boot settings mode. This could be “F2” or the combination “FN+F2” (on a laptop).

Note. The BIOS button may be indicated on the monitor during system startup.

Method No. 2: standard OS option

(option for 8/8.1) 1. Activate the sliding panel (on the right side of the screen).

2. Go to: Settings → Change settings... → Update and... → Recovery.

3. In additional add-ons, set the restart mode to “Settings via UEFI”.

4. Activate the "Reboot" command.

How to find out if Secure Boot is activated on Windows?

This protocol is easy to activate and deactivate, and there are several proven approaches to understand the current status:

  1. Using system information. Launch the “Run” utility. To do this, you need to hold down the Win+R key combination, enter msinfo32 in the line that appears and press Enter. A new window will appear. Make sure that the “System Information” line is selected in its left panel. In the right pane, look for the line “Secure Boot Status”, which has only 2 values ​​“Enable” and “Disable”.
  2. Using PowerShell. In the Run utility, run the powershell command. A new window will open, into which copy the following: Confirm-SecureBootUEFI. If the response to this request is “True”, then the option is active, and if “False”, then it is deactivated. If a notification of a different nature appears, it means the motherboard does not support the Secure Boot function.
  3. Empirically. Create a bootable USB flash drive with Windows and try to boot from it after restarting your computer. If everything turns out successfully, then the option is disabled; in other circumstances, a corresponding message will be displayed indicating that it is impossible to download for security reasons.

Frequent problems and solutions

In most cases, entering safe mode is not difficult. If one method does not work, you can use the next one, etc. If you cannot enter Safe Mode, you may need to delete the faceit file, which often causes the error.

In the case of Secure Boot, everything is more complicated, because this option is either supported by the equipment or not. In the first case, you need to enable it, and in the second, you need to bypass the check or install newer hardware.

Read also:  Where is startup in Windows 7, how to disable and add items

Now you know what special mode for Windows 11 and secure boot are for, how to enable it, and what functions it performs. In the comments, tell us if you have ever encountered such a problem, what is needed for this, and what options are available.

Dell

(Screenshots from Dell Inspiron 15 3000 Series laptop)

On Dell laptops, disabling Secure Boot is probably one of the simplest - just one go to Bios and no need for administrator passwords, etc.

After entering the BIOS, open the “Boot” section and set the following parameters:

  • Boot List Option - Legacy (with this we enable support for older OSs, i.e. compatibility);
  • Security Boot - disabled (disable secure boot).

Actually, you can then edit the download queue. Most install the new Windows OS from bootable USB flash drives - so below is a screenshot of which line needs to be moved to the very top so that you can boot from a flash drive (USB Storage Device).

After entering the settings, press the F10 - this will save the entered settings, and then the Esc - thanks to it you will exit the BIOS and reboot the laptop. Actually, this completes disabling secure boot on a Dell laptop!

Asus

Some models of Asus laptops (especially new ones) sometimes confuse novice users. In fact, how can you disable secure boot in them?

1. First, go to the BIOS and open the “Security“ section. At the very bottom there will be an item “Secure Boot Control” - it needs to be switched to disabled, i.e. switch off.

Next, press the F10 - the settings will be saved and the laptop will reboot.

2. After rebooting, enter the BIOS again and then in the “Boot” section do the following:

  • Fast Boot - switch to Disabled mode (i.e. disable fast boot. The tab is not available everywhere! If you don’t have it, then just skip this recommendation);
  • Launch CSM - switch to Enabled mode (i.e. enable support and compatibility with “old” OS and software);
  • Then press F10 - save the settings and reboot the laptop.

3. After the reboot, enter the BIOS and open the “Boot” section - in the “Boot Option” item you can select bootable media that is connected to the USB port (for example). Screenshot below.

Then save the BIOS settings and reboot the laptop (F10 button).

How to boot from a flash drive on Acer Aspire 3?

To boot from a flash drive, you must first specifically enable the boot menu via F12 in the Main section, highlighting the F12 Boot Menu line, press the Enter key and select Enabled, confirm by pressing Enter again.

Interesting materials:

What happens to jeans if you boil them? What happens to your body if you roller skate? What happens to the body if you lie down all the time? What would happen if the Earth did not revolve around the Sun? How do cats feel when they are picked up by the scruff of the neck? What does an octopus do when it is attacked? What to do if your iPhone takes a very long time to charge? What to do if your iPhone says Touch ID is faulty? What to do if IQOS does not turn on? What to do if Achatina gave birth?

Troubleshooting

Sometimes the Secure Boot settings may not be correct.

In this case, even after installing the system, in the corner of the desktop you can see an error message like “Professional SecureBoot is not configured correctly Build 9600.”

The reason for the appearance of this information is not at all that the operating system turned out to be unlicensed or was incorrectly activated, but only about a decrease in the security of the computer and the need for the following actions:

  • Determining in one of three known ways whether Secure Boot is currently working;
  • Checking the security policy type;
  • If the mode is disabled, to eliminate the message about security problems, you should enable it (when installing the system, you can again choose to disable SB), restart the computer, enter the BIOS and enable Secure Boot.

Fig.5. Enabling SB in the UEFI settings of the AsRock motherboard to solve the problem.

Read also:  How to use Bluetooth on Android devices

If the applied method did not help resolve the problem, you should try resetting the UEFI settings to factory settings.

For this purpose, there is a Factory Default item in the BIOS. If the computer does not support this mode, it will most likely not be possible to resolve the issue.

The only possible option is to install updates from Microsoft such as KB288320, which is part of the GA Rollup A package.

You can download it from the manufacturer’s official website, be sure to take into account the bit capacity of your system – x86 or 64.

Rating
( 2 ratings, average 4.5 out of 5 )
Did you like the article? Share with friends:
You may also be interested
Secure boot where is it located, how to disable it (10 ways)
6 options for disabling Secure Boot on different systems and laptop models
system configuration
What is Windows Boot Manager - how it works and how to disable it
How to properly disable screen lock in Windows 7
How to enable microphone via Control Panel
How to properly set up a microphone and how to connect it on Windows 10
How to properly set up a fitness bracelet xiaomi mi band 5
How to properly set up the Weather app on iPhone
How to customize Windows 10 after installation
How to properly and completely configure Windows 10 after installation, 13 steps
How to properly adjust or remove automatic brightness on iPhone
How to connect and properly configure Apple Watch - pairing with 3 types of devices
How to set the equalizer correctly for better sound in your car, PC and phone
How to install Yandex Browser and configure it correctly on your computer
For any suggestions regarding the site: [email protected]
Для любых предложений по сайту: [email protected]