Secure Boot is a UEFI (Unified Extensible Firmware Interface) firmware security feature created by the UEFI Consortium that ensures your computer boots up securely and safely by preventing unauthorized software from taking over your system. It boots only those bootloaders that are signed in to the UEFI firmware.
A secure boot is sort of a security gate. It analyzes code before you execute it on your system. It permits code to run if it has a valid digital signature and prevents code from running if it is not recognized.
Also read: How to Install Arch Linux
While it’s a good upgrade from the legacy BIOS, UEFI secure boot can come in the way of installing Linux distros. In this article, let’s look at how we can disable secure boot to install Linux. Once installed, you can re-enable UEFI and your existing Linux install will be unaffected.
Accessing the UEFI boot menu
The secure boot protects your system from malware variants like rootkits and boot kits. It is not advised to turn it off, until it is required. In this case, you need to disable it if you want to dual-boot with Linux.
The first step involves accessing the UEFI menu. You can do it in 2 ways, i.e.
- by pressing a specific function key while your PC is booting, such as F1, F2, F12, or Esc.
- Using the Windows menu.
Steps to disable Secure Boot from the Windows menu
Step 1: Search for UEFI -> Go to Change advanced startup options.
Step 2: Now, click on Restart Now under the Advanced startup option.
Confirm that you want to restart your computer and let Windows automatically restart to advanced startup.
Step 3: After that select the Troubleshoot option on the next screen that appears.
Step 4: While other systems might prompt you to select advanced options, some will display the UEFI setting option. If you see the UEFI setting option, click on it. Alternatively, pick advanced.
It will notify you to restart in order to change any UEFI firmware settings. When you click the restart button, the BIOS/UEFI settings interface will appear.
Disabling secure boot in UEFI
Once you enter the UEFI utility, you’ll be able to change various settings here, including disabling secure boot. To disable secure boot, follow the following steps:
Step 1: Navigate to the Boot tab in the UEFI/BIOS configuration. The secure boot option can be found here and is currently enabled.
Step 2: Go to the Secure Boot option now, and then press Enter to choose it. Change its value with + or -, then choose Yes to confirm it.
Now that Secure Boot has been successfully disabled, you can finally explore the operating system of your choice by grabbing the closest previously bootable USB drive.
Given the prevalence of ransomware today, a secure boot is more important than ever. Secure boot adds an additional layer of system validation to UEFI systems, enhancing system security. It might need to be turned off if you’re trying to install the second operating system because otherwise, you won’t be able to modify your system.