Secure boot as the name suggests is booting from the operating system in a more secure way. Secure Boot is possible only if your PC hardware comes with UEFI firmware (software that communicates between hardware and operating system). Before we learn to use the UEFI functionality, let’s know how the legacy BIOS and UEFI firmware works when a system boots.
When a PC or a laptop boots, power on self-test (POST) takes place which checks all the necessary hardware of the system. After that, the BIOS checks the list of all the available bootable devices like hard disk, CD drive, removable USB drive, etc. According to the boot order that a user has set, BIOS boots the boot loader of the operating system. It is a windows boot loader in the case of windows OS and a GRUB boot loader if the operating system is Linux.
In today’s time when there is a surge in malware and spyware attacks, any malware can inflict or even replace the boot loader easily. The legacy BIOS will only look for the bootloader and upon finding it boots the operating system without noticing or detecting the hidden malware. This can cause a tremendous security loophole in your PC software.
Now if your hardware has UEFI firmware and you are going to install Windows 8 or later, on starting the system, the UEFI will check the digital signature of Microsoft in the bootloader of the bootable device. If it detects any rootkit or other malware, the UEFI will not boot and move on to the next bootable device in the boot order. This is called a secure boot thus protecting your system from potential security threats.
Procedure to Disable UEFI or Secure Boot
In case you want to load Linux on a windows 10 or windows 8 PC, the secure boot or UEFI boot if enabled, will not allow it to load since it will allow only Microsoft signatures to load. So you need to disable UEFI boot. Most of the Modern day PCs come with both UEFI and legacy boot options so you can disable it and select the legacy boot instead.
1 Go to BIOS mode by pressing Del, F2, or F10 keys on the keyboard and if you are not able to do so, you can follow this method to change UEFI firmware settings.
2 Once the BIOS settings open, navigate to the startup tab and under the boot option, select Legacy Only from the options available as shown below.
You may need to disable UEFI firmware for loading Linux software on windows 8 or 10 PC but in case you are using the windows operating system, I recommend you to use only UEFI firmware for fast and secure boot. Have you checked the firmware type on your PC or laptop? Tell us which firmware are you using on your system.