Secure Boot is a prerequisite for installing Windows 11 on your computer: without Secure Boot it is not possible to run the latest version of the Microsoft operating system, unless you profound changes during system installation.The side effect is that on PCs with Secure Boot enabled, some interesting and clean operating systems such as Kali Linux.
In the following guide we will show you how Secure Boot works, how it is activated and deactivatedboth if we wanted to install Windows 11 and if we wanted to install Windows 10 or any Linux distribution without having to undergo Secure Boot.
READ ALSO -> What is the use of Secure Boot and TPM on a PC, Verification and Activation
1) A che serve Secure Boot
Secure Boot (in Italian it is called Protected Boot) protects the PC startup process so that if a malware corrupted the Windows boot loader and replaced it, the virus could be loaded without the system and the antivirus being able to notice it, remaining active in a completely invisible and undetectable way by the system.
On older PCs with traditional BIOS, when the computer starts, the boot loader of the system that is found is normally loaded, which can be the Windows one or the GRUB boot loader, which is used by most Linux distributions. Secure Boot it is an internal function of Windows that prevents tampering with the computer’s boot sector.
Secure Boot technically works as a set of certificatesamong which there is certainly the Microsoft certificate, stored inside the UEFI firmware (which is loaded from the motherboard when the computer is turned on), which checks the boot loader to ensure that it is signed by Microsoft or other authorized developers.
If a rootkit or other malware replaces the boot loader or tampers with it, UEFI will not allow the computer to boot to prevent the malware from hijacking the boot process and hiding from the operating system. For this reason, Microsoft has made Secure Boot as one of the requirements to install Windows 11.
On the other side, many popular Linux distributionsthose maintained by organized companies like Ubuntu and Fedora, are permitted by Secure Boot to run on modern computers, while others are excluded and are seen as malware. In this case, to dual boot a version of Linux without being blocked by UEFI secure boot, you need to disable Secure Boot.
2) Check the Secure Boot status
To check that Secure Boot is active on your PC Let’s press the keys together WIN+R and type the command msinfo32. On the screen that appears, on the right side, check the line Secure boot status and see if it is disabled or enabled.
If your PC is old enough and doesn’t support UEFIthen you will find that Secure Boot is not supported and this also means that we are almost certainly running Windows 10 or previous versions of Windows (the only ones that can work without active Secure Boot).
For further information we can read the guide above how to find full specs for your windows 10 and 11 pc.
3) How to enable or disable Secure Boot
To enable or disable Secure Boot for your computer, you need to open UEFI settings and find the option. First of all it’s important Switch from BIOS to UEFI and convert disk to GPTotherwise you cannot activate Secure Boot.
After carrying out this operation, turn off the computer, turn it back on and press the key to access the BIOS/UEFI during the boot process.
The option Secure booto Secure Boot if UEFI is in English, it is usually found under the tab Protection (Security) or the card Start (Boot). To disable Secure BootSecure Boot should be set to Disabled about are LegacyWhile to activate it let’s make sure it’s set to Enabled.
In the case of activation, it may be necessary to renew what the Bios calls Platform Key (PK) and you have to look, again in the BIOS, for the option that renews them using the standard or test ones.
You can also access enable Secure Boot in Windows 10 using the recovery console when the computer starts.
When your computer restarts, you will find the UEFI settings under the menu Troubleshooting > Advanced Options. From the UEFI Settings it is possible disable CSM (which would be support for MBR partitions) e enable Secure Boot.
We remind you that running Windows 11 and disabling Secure Boot will cause the system to stop working: it is therefore better to leave it active with the latest operating system released by Microsoft. If instead we wanted to deactivate Secure Boot we prepare one Windows 10 USB stick and we proceed to remove Windows 11, so that we can use the computer even with Secure Startup deactivated.
Conclusions
Given the level of security achieved by Microsoft with the latest version of its operating system It doesn’t make much sense to disable Secure Bootbeing an important requirement to run Windows 11.
If your computer doesn’t support Secure Boot you might as well still use Windows 10 or one of the many Linux distributions compatible with older computers.
To learn more we can read our guides on how to switch from windows 7 to windows 11 come on How to fix “No operating system” error on Windows 10 and 11.