What is "Secure Boot" in Windows?

9

1

This morning I was trying to upgrade Windows 7 to Windows 8 and ran into a problem:

Your firmware doesn't support Secure Boot.

What is Secure Boot, and what can I do in this situation if my firmware doesn't support it?

Anvesh Vejandla

Posted 2012-10-26T15:37:08.407

Reputation: 177

1Why is it tagged linux?! – Anirudh Ramanathan – 2012-10-26T15:37:57.230

isn't that the fix Windows put in to allow other operating systems like Linux to duel boot with Windows 8? – None – 2012-10-26T15:38:52.353

@Cthulhu & Adel Qodmani It was tagged linux because. I have read in an article, regarding linux and secure boot, that made me confused. – None – 2012-10-26T15:40:36.767

1@AnveshVejandla You should only use tags that are relevant to your actual question, not based on random tangential connections in your mind. – millimoose – 2012-10-26T15:49:28.603

@MarkJohnson I bought laptop. Manufacturer: Dell. Model inspiron-N5040 – Anvesh Vejandla – 2012-10-26T16:08:40.853

Answers

8

What is “Secure Boot” in Windows?

I think (some or all of) the following are true

  • UEFI replaces traditional BIOS as the PC firmware that starts the boot process.
  • UEFI has a feature called "Secure Boot"
  • You can disable EUFI secure-boot on some computers but not all.
  • Windows 8 for ARM (Windows RT) will not install on hardware that does not support UEFI or which allows Secure Boot to be disabled.
  • Windows 8 for x86 can be installed on non-UEFI hardware.
  • UEFI with secure boot enabled only boots the operating system (OS) loaders that are signed using a key certified by a certifying authority (CA) known to the UEFI
  • PC builders include Microsoft as a CA in UEFI but not Linux distributors
  • Some PC builders allow you to add your own keys/CAs to UEFI
  • One or two Linux vendors have decided to pay Microsoft to sign their Linux distributions
  • Some Linux distributors publish workarounds (how to disable UEFI's secure boot? or how to make UEFI recognise the distributors signature on Linux?)

Some people suspect that, at the very least, Microsoft are happy to use security as a justification to force on hardware makers a change that as a major side effect makes it hard or impossible to install a non-Microsoft operating system on that hardware.

P.S. I am pretty uncertain about many of the above points and welcome corrections, directly or in comments.

RedGrittyBrick

Posted 2012-10-26T15:37:08.407

Reputation: 70 632

1OEMs are required to allowed Secured Boot to be disabled except in the case of Windows RT where the user isn't able to load any other operating system anyways. – Ramhound – 2012-10-26T16:35:08.060

2I removed the bit about Windows 8 requiring UEFI hardware. That's not true. I have installed Windows 8 on several older computers that do not have UEFI. – William Jackson – 2012-10-26T16:40:11.737

Asked: 2012-10-26T15:37:08.407

Viewed: 13 838 times

Active: 2013-02-15T06:29:34.170