1

Despite all the hate surrounding Secure Boot, I frankly think it's a good idea, if it can be turned off by the user (which it can be on non-ARM systems). My laptop didn't have Windows 8 installed, but it is relatively new and has UEFI firmware. I haven't seen any options for Secure Boot in the UEFI settings, but at the time the computer was purchased, Microsoft had already provided OEMs with Secure Boot specifications, and the OEM is encouraging me to upgrade to Windows 8.

Is there any way for me to turn on Secure Boot myself? Do I need to configure something in Windows in order for UEFI to attempt it, or is there a UEFI setting that I'm either not seeing or is unavailable? Will Secure Boot be possible with an eventual firmware upgrade, or is it embededded at a hardware level that can't be added after the fact?

I'm not sure it's relevant, since I'm looking for a canonical answer that applies to all computers, but in case it helps you find an answer, I'm using a Lenovo Thinkpad x230. I'll update with the UEFI revision number the next time I reboot.

Improve this question
1
  • nhinkle - Its very likely your ssytem does not support Secure Boot there isn't any way to enable it if thats the case.
    – Ramhound
    Commented Oct 28, 2012 at 2:32

1 Answer 1

Reset to default
2

Secure Boot is a Firmware-level feature.

It has nothing directly to do with Windows 8, but Microsoft is encouraging / forcing OEMs to support it on Windows 8 systems.

If your BIOS supports Secure Boot, you can enable it whether you have Windows 8 or not. (although you probably won't want to enable it unless you have a signed OS).

If your BIOS does not support it, you cannot use it, even if you do install Windows 8. (although you can hope that your manufacturer will add support for in in a firmware update)

Part of a Secure Boot-capable BIOS is a list of cryptographic (public) keys; the BIOS will only run an OS which has been signed by one of these keys.
Presumably, most BIOSes would ship with a Microsoft key in this list.
Hopefully, they will also allow the user to edit this list.

Improve this answer
4
  • 1
    I'd be wary of using the term "BIOS" since technically it's UEFI, not BIOS. Anyhow, this is good info, but I'm curious about some of the details. For example, if Secure Boot were available through the UEFI firmware, but not preconfigured for Windows 8, would it actually work without Windows 8's key somehow being loaded? Also, how can I add Secure Boot to my UEFI configuration if I don't have it yet, and is it possible to be added via a firmware update?
    – nhinkle
    Commented Oct 28, 2012 at 0:15
  • @nhinkle - You as a user cannot add support.
    – Ramhound
    Commented Oct 28, 2012 at 2:33
  • Regarding firmware updates, I too asked a related question here and would love to know the answer.
    – Karan
    Commented Oct 28, 2012 at 3:16
  • Update: it turns out that a firmware update from Lenovo has added Secure Boot support to my particular computer, so it does appear possible to add it after the fact. I haven't turned it on yet though, so we'll see what happens when I do.
    – nhinkle
    Commented Dec 30, 2012 at 7:42

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .