How can I disable Secure Boot, without entering in BIOS Setup?



I had UEFI Secure Boot enabled laptop with Windows 8 installed in, the problem is that I restored another OS(linux) and now I cannot enter in BIOS Setup.

Is there a way to disable UEFI Secure Boot without entering in BIOS settings?

Eduard Florinescu

Posted 2013-08-12T14:56:46.300

Reputation: 2 116

UEFI is the replacement for BIOS. You can't 'disable' UEFI, nor can you 'switch' between UEFI and BIOS. – spuder – 2013-08-12T15:08:25.850

@spuder Edited the question. – Eduard Florinescu – 2013-08-12T15:13:48.090



By design, Secure Boot cannot be disabled from within an OS; you must enter your firmware's setup utility in order to disable it. With most computers, you can enter the firmware setup utility by hitting a function key, or sometimes Del, early in the boot process. Some computers don't enable the keyboard, though, or don't provide this option at all. If you've got such a system, you could try unplugging the hard disk from the motherboard and booting without a disk; that might kick the system into the firmware setup utility.

IIRC, the HashTool.efi program that comes with PreLoader.efi provides an option to reboot into the firmware's setup utility. This option doesn't work on all computers, though. If yours is one on which this feature works, you could get in by preparing a USB flash drive as follows:

  1. Download PreLoader.efi and HashTool.efi.
  2. Prepare a USB flash drive with a FAT filesystem. You may need to partition it with GPT and mark the partition as an ESP by giving it a type code of EF00 in gdisk or by setting its "boot flag" in parted or GParted.
  3. Copy and rename PreLoader.efi to the USB flash drive as EFI/BOOT/bootx64.efi and copy HashTool.efi as EFI/BOOT/HashTool.efi.
  4. Move the USB flash drive to your currently-unbootable computer and try to boot from it. With any luck, HashTool will come up and give you an option to reboot into the firmware setup utility.

Another option would be to prepare a USB flash drive or the like with a Secure Boot-enabled boot loader (PreLoader or shim). This would enable you to boot to Linux and install the Secure Boot-enabled boot loader on your hard disk. If you use PreLoader, you can begin as just described, but you'll also need to copy a regular Linux boot loader to the USB drive as EFI/BOOT/loader.efi. When you boot, HashTool will then let you register that program as valid, and thereafter it will work. You'll still have to configure the boot loader to boot off your regular hard disk, though. For more information or if you want to use shim rather than PreLoader, see my Web page on the topic for details.

Update: Recent versions of rEFInd, and I believe also gummiboot, provide an option to reboot into the firmware setup utility. To be useful, you'll need to install these programs to launch from PreLoader.efi or shim.efi. My rEFInd Secure Boot documentation covers this process in detail for rEFInd.

Rod Smith

Posted 2013-08-12T14:56:46.300

Reputation: 18 427


Is there a way to disable UEFI Secure Boot without entering in BIOS settings?

Secure Boot is an option enabled by default on UEFI OEM systems. Its actually required, to be turned on by default with the option to disable it, to be get a Windows 8 supported sticker from Microsoft.

So even if you remove the CMOS battery the default option would be to enable Secure Boot


Posted 2013-08-12T14:56:46.300

Reputation: 28 517

Disabling Secure Boot will not require re-installing Linux, assuming that Linux was properly installed to begin with. (If the OP's Linux was restored from another computer, it might not work on the new one, but it probably will.) I switch Secure Boot on and off all the time on one of my test systems. – Rod Smith – 2013-08-12T16:12:30.203

1The restored system will be identical whether or not Secure Boot was active when it was restored. Thus, restoring the system a second time after disabling Secure Boot won't change its bootability vs. simply disabling Secure Boot. – Rod Smith – 2013-08-12T16:38:43.337