What is Secure Boot and How to Set It Up

What is Secure Boot

Secure Boot is a sub rule of the UEFI BIOS, which serves to verify that the operating system or driver loaded on the motherboard is trusted using a pre-set public key password. This means that only systems and software that have been signed by the private key corresponding to the public key will be able to pass the verification and boot properly, while programs that do not pass the verification will not be able to load.

Microsoft requires all manufacturers (i.e. OEMs) that pre-install Windows 8 and above to open Secure Boot with its public key file built in, and once this feature is turned off (set it to "Disabled"), it will result in no access to the system. Windows 7 and some Linux versions can only be installed and booted by turning off Secure Boot.

Secure Boot was originally designed to prevent malware intrusion. In fact, it seems to be able to do just that, when the computer boot is modified by a virus, it will give an alert and refuse to boot, to avoid possible further damage. Therefore, it is believed that Microsoft's original intention of designing Secure Boot may have been to ensure system security, but it seems to have turned out to be a means for PC manufacturers to protect their market monopoly and hinder competition. It also seems to have the purpose of preventing computers with Windows operating systems from being retrofitted with Linux.

How to turn Secure Boot on or off

1. Press the manufacturer's key (F1, F2, Del key, etc., see your computer's user manual for details) to enter the BIOS at the boot screen, and generally you can find "Secure Boot" in "Security" or "Boot" tab.

2.  Switch "Secure Boot" option to "Enabled" to turn it on, or "Disabled" to turn it off.

3. When the settings are complete, press F10 to confirm the BIOS configuration is saved.

Note: Sometimes even if Secure Boot is enabled, it cannot be used properly, because Secure Boot is a security feature in UEFI, and most motherboards are compatible with both BIOS, i.e. Legacy BIOS and UEFI BIOS. you need to switch to UEFI mode or turn off CSM dual mode auto compatibility to use it properly. Secure Boot function.

What to do if Secure Boot is grayed out in BIOS

Sometimes the Secure Boot option is shown in gray and cannot be changed, you can try to solve it by the following methods.

Method 1:

1. Press the specific button to enter BIOS settings.

2. Find "OS Optimized Defaults" and switch it to "Disabled" or "Other OS".

3. If it still shows gray, then "Load Default Settings" to restore it to default state.

Method 2:

1. Some brands of computers may need to set BIOS password before you can modify BIOS options. Again, enter BIOS settings at boot time first. 2.

2. In "Security" tab, select "Set Supervisor Password" and press Enter to set the password.

After that, see if you can set up Secure Boot.

Please note that the location and name of the options in BIOS may vary from motherboard to motherboard, so please find the corresponding options according to your situation.