1

To test a bootable USB flash drive, I disabled Secure Boot on my Lenovo Yoga 14.

When I want to restore my BIOS setting back, I found every time I did it and restarted the PC, the setting with disabled Secure Boot came back, and my PC couldn’t boot from my hard drive into my Windows 10 system. I can still boot from my USB flash drive and CD. I tried to repair my system, but with no luck.

Is this what Secure Boot is supposed to do, punishing the user who disabled it? I would appreciate any helpful answer. Thanks a million!

Improve this question
2
  • Secure Boot isn't required for any version of Windows except Windows RT which you don't have
    – Ramhound
    Commented May 5, 2017 at 2:32
  • What are you trying to achieve by disabling Secure Boot?
    – Ramhound
    Commented May 5, 2017 at 2:42

3 Answers 3

Reset to default
0

Secure Boot is UEFI. Basically, when Windows 10 is installed using UEFI, it enables all the security features to better-protect your hard drive from being hacked or tampered with.

If you disable UEFI in the BIOS Windows won’t boot by design. Re-enabling it should let you boot right back into Windows. It is possible to re-install the "BIOS" bootloader for Windows, but that is a much more complicated process.

Improve this answer
2
  • Thanks. I checked all the BIOS setting, there is only one place to set boot to UEFI only, Legacy only, or both. Even I set UEFI only and save & restart, the BIOS setting will change back to Legacy only again. It looks like, disabled Secure Boot is protecting some BIOS setting from being changed.
    – microbit
    Commented May 5, 2017 at 2:25
  • 1
    Secure Boot is UEFI - This is absolutely false Secure Boot is NOT UEFI it's simply a feature of UEFI. You can disable Secure Boot on ALL Windows 8, Windows 8.1, and Windows 10 OEM machines. Being able to disable Secure Boot is required for an OEM to sell the device
    – Ramhound
    Commented May 5, 2017 at 2:41
0

I finally gave up and reinstalled Windows 10. When I tried to install the new system at the first time, it prompted "windows cannot be installed on this disk. The selected disk is of the GPT partition style." It turned out that my old system was installed under UFEI format. Because I tried to install a new system under Legacy mode, this error appeared. I had to use Diskpart to clean the whole hard drive again, then I successfully installed the new Windows 10 system. After I installed the new system and update BIOS, my BIOS restored to the normal state: changed setting never restored to old status any more. It is true when I enable UEFI only, the PC cannot boot into system until I disable it. I think that's because the system was installed under Legacy mode.

Improve this answer
0

As Ramhound noted in a comment, Secure Boot is not required to boot Windows. (Microsoft does require that computers are certified by them as Windows-compatible and that ship with Windows pre-installed ship with Secure Boot enabled, but that's a contractual requirement, not a technical one. You can disable Secure Boot and the system should boot just fine.)

Chances are you not only disabled Secure Boot, but also enabled the Compatibility Support Module (CSM), which caused the computer to boot in BIOS/CSM/legacy mode. EFI/UEFI-mode and BIOS/CSM/legacy-mode booting require different boot loaders and (for Windows) partition tables, so if you switch the computer's boot mode, Windows will stop booting. If I'm right, it was this change in boot mode, not disabling Secure Boot per se, that caused your problem. The description of your subsequent problems in your answer further supports my hypothesis; the complaint by the Windows installer that the disk was in GPT format indicates a BIOS-mode boot of the installation medium.

A better solution for your problem would have been to figure out how to boot with Secure Boot disabled but with the CSM also disabled, or at least to learn to control the boot mode (EFI/UEFI vs. BIOS/CSM/legacy). Unfortunately, details of how to do this vary greatly from one computer to another. Some computers provide clear and (seemingly) mutually exclusive boot modes; but on others, enabling the CSM provides merely the option of booting in BIOS mode. In some cases, what seems like a set of mutually-exclusive options is not so mutually exclusive; the computer might boot in EFI mode even if you set a "BIOS-only" option, or vice-versa. This can be extremely frustrating and confusing, particularly if you don't understand the difference between EFI-mode and BIOS-mode booting. See this page of mine for more on this subject.

As to your solution, if it works to your satisfaction, then fine; but be aware that a BIOS-mode boot may be a little slower than an EFI-mode boot. Also, enabling the CSM complicates the boot path, so if you decide to dual-boot in the future, it's imperative that you understand boot modes enough to ensure that you install your next OS in BIOS mode. (Mixed BIOS-mode/EFI-mode installations are possible, but are generally difficult to manage.)

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .