The dreaded Secure Boot – is it OK to turn it OFF
Windows 10 saw UEFI and Secure Boot becoming a common thing. However we now have an option to turn off this feature for those who want to upgrade to Windows 11 but do not have the compatible hardware. For some advance users, secure boot may be a good security feature. But for the average user whose files are now in the cloud, does this help or becomes a problem. Here is a typical scenario.
Many time it happens that your laptop goes into sleep mode because you have not shut it down for the night and while you try to wake it up in the morning you will be prompted with the Recovery Key which needs to be retrieved from your linked Microsoft Account. Now thats a classical hassle especially for those who have just one device on them.
What is secure boot?
Microsoft defines secure boot as a security feature. It enforces digital signatures of drivers so that only trusted drivers are loaded along with the OS. Not just Windows OS but also different flavours of Linux have started supporting secure boot. It is part of the UEFI specifications that has replaced the old system of BIOS. Unified Extensible Firmware Interface or UEFI defines the set of rules for booting up the computer. With digital keys we can now stop any unauthorised program or malware to enter the computer at boot. This is definitely a big upgrade from the BIOS system which had become not just old but was insecure too.
But despite the bells and whistles, it does give out the odd false alarm. But there is one more aspect that needs to be understood.
Where is your data and how far will you go to protect it?
I am an amateur photographer who clicks photos in RAW format. After uploading them on Adobe Lightroom, I finish the required editing and then send the picture to Flickr and Shutterstock. Backups are uploaded to NAS. My laptop is just a tool for editing and not for storage. If my data is backed-up, is there anything to be worried about.
I do most of my work online. Being a website designer focussed on WordPress, I have almost no data stored on my local computer. Client data is kept on Google Drive and as soon as client work is done, the folder is deleted. I also use Canva Pro where each client has a folder for the present and past designs. Canva is design and cloud all rolled in one. With no data on my hard disk, do I even need secure boot.
For the many many scenarios similar to be above, they do not need secure boot. So here is how to disable it.
How to disable Secure Boot in Windows 11
Step 1 – Enter the BIOS. While the computer is booting click F1 or F2 to enter the BIOS. Some computers might have a combination of keys or you will need to click the Function (Fn) key.
Step 2 – Security Options. Go to the security tab and click on Default Secure Boot ON and set it as OFF or Disabled.
Step 3 – Secure Boot Variables. In the same security tab go to security variable and delete all secure boot variables.
Step 4 – Save and Exit. Then Re-start your computer.
A word of caution
Since there are so many computer manufacturers and equal number of models released every year, the hardware designers keep experimenting with their releases every time. This inconsistency is understandable but it comes at a cost.
In most cases if you have disabled Secure Boot, you can easily re-enable it using the same option in the BIOS. But in rare cases you might have to reset the BIOS. If you are unlucky, then you might even have to reset the computer to factory settings. So you need to be absolutely certain before disabling secure boot. Looking up for resources specific to your computer on internet is also a good idea to begin with.