How to Disable UEFI Secure Boot in Dual Boot Any System

Have you ever tried installing a second operating system with Windows? Depending on the OS, you might find the UEFI Secure Boot feature.

If Secure Boot doesn't recognize the code you're trying to install, it will stop you. Safe Boot is useful for preventing malicious code from running on your system. But that also stops you from booting some legitimate operating systems, such as Kali Linux, Android x86, or TAILS.

But there is another way. This short guide will show you how to disable UEFI Secure Boot to allow you to dual boot the operating system you like.

What is UEFI Safe Boot?

Let's take a moment to consider exactly how Secure Boot keeps your system safe.

Safe Boot is a feature of the Unified Extensible Firmware Interface (UEFI). UEFI itself is a replacement for the BIOS interface found on many devices. UEFI is a more sophisticated firmware interface with more customization and technical options.

 How to Disable UEFI Secure Boot in Dual Boot Any System

Safe Boot is a kind of security gate. This analyzes the code before you run it on your system. If the code has a valid digital signature, Secure Boot allows it to pass through the gate. If the code has an unknown digital signature, Secure Boot blocks it from running, and the system will require a restart.

Sometimes, code that you know is safe, and that comes from a reliable source, may not have a digital signature in the Secure Boot database.

For example, you can download many Linux distributions directly from the developer's site, even verify distribution checksums to check for interruptions. But even with that confirmation, Safe Boot will still reject some operating systems and other types of code (such as drivers and hardware).

How to Disable Safe Boot

Now, I do not recommend to disable Safe Boot lightly. This really keeps you safe (see the Boot Safe vs. NotPetya Ransomware video below, for example), especially from some of the more malicious variants of malware such as rootkits and bootkits (others think it's a security measure to stop Windows piracy). That said, sometimes blocking.

Please note that turning Secure Boot back on may require a BIOS reset. This does not cause your system to lose any data. It does, however, remove any custom BIOS settings. Moreover, there are some examples where users are permanently no longer able to turn on Secure Boot, so please bear that in mind.

Okay, here’s what you do:

  • Turn off your computer. Then, turn it back on and press the BIOS entry button during the boot process. This varies between hardware types, but generally F1, F2, F12, Esc, or Del; Windows users can hold Shift while selecting Restart to enter the Advanced Boot Menu. Then choose Troubleshoot> Advanced Options: UEFI Firmware Settings.
  • Find the Safe Boot option. If possible, set it to Disabled. Usually found on the Security tab, the Boot tab, or the Authentication tab.
  • Save and exit. Your system will reboot.
You have successfully disabled Secure Boot. Feel free you grab your nearest previously unbootable USB drive and finally explore the operating system.

How to Re-Enable Secure Boot

Of course, you might want to turn Secure Boot back on. After all, it does help protect against malware and other unauthorized code. If you directly install an unsigned operating system, you’ll need to remove all traces before attempting to turn Secure Boot back on. Otherwise, the process will fail.

  1.     Uninstall any unsigned operating systems or hardware installed when Secure Boot was disabled.
  2.     Turn your computer off. Then, turn it back on and press the BIOS entry key during the boot process, as above.
  3.     Find the Secure Boot option and set it to Enabled.
  4.     If Secure Boot doesn’t enable, try to Reset your BIOS to factory settings. Once you restore factory settings, attempt to enable Secure Boot again.
  5.     Save and Exit. Your system will reboot.
  6.     In the event the system fails to boot, disable Secure Boot again.


Troubleshooting Secure Boot Enable Failure

There are a few small fixes we can try to get your system booting with Secure Boot enabled.

  • Make sure to turn UEFI settings on in the BIOS menu; this also means making sure Legacy Boot Mode and equivalents are off.
  • Check your drive partition type. UEFI requires GPT partition style, rather than the MBR used by Legacy BIOS setups. To do this, type Computer Management in your Windows Start menu search bar and select the best match. Select Disk Management from the menu. Now, find your primary drive, right-click, and select Properties. Now, select the Volume. Your partition style is listed here. (If you need to switch from MBR to GPT there is only one option to change the partition style: back up your data and wipe the drive.)
  • Some firmware managers have the option to Restore Factory Keys, usually found in the same tab as the other Secure Boot options. If you have this option, restore the Secure Boot factory keys. Then Save and Exit, and reboot.
 How to Disable UEFI Secure Boot in Dual Boot Any System
Trusted Boot

Trusted Boot takes place where Safe Boot stops, but actually only applies to Windows 10 digital signatures. After UEFI Secure Boot passes the bat, Trusted Boot verifies every other aspect of Windows, including drivers, startup files, and more.

Just like Safe Boot, if Trusted Boot finds a damaged or dangerous component, it refuses to load. However, unlike Safe Boot, Trusted Boot can sometimes fix problems automatically, depending on the severity. The image below explains a little more about where Safe Boot and Trusted Boot fit together in the Windows boot process.

 How to Disable UEFI Secure Boot in Dual Boot Any System

Should You Turn Off Secure Boot?

Disabling Safe Boot is rather risky. Depending on who you ask, you have the potential to jeopardize the security of your system.

Safe Boot is arguably more useful than before at this time. Bootloader attacks ransomware very real. Rootkits and other malicious malware variants also come out in the wild. Secure Boot gives the UEFI system an additional level of system validation to give you peace of mind.

Delivered by FeedBurner