Windows 8 Disable UEFI Secure Boot

New Windows PCs come with UEFI firmware and Secure Boot enabled. Starting with Windows 8, Microsoft replaced BIOS with UEFI. Secure Boot prevents operating systems from booting unless they’re signed by a key loaded into UEFI — out of the box, only Microsoft-signed software can boot.

This security feature prevents rootkit malware and provides an additional layer of security. But it has a down side, if you want to dual boot Windows 8, Secure Boot will not allow it. Microsoft mandates that PC vendors allow users to disable Secure Boot, so you can disable Secure Boot or add your own custom key to get around this limitation.

How Secure Boot Works

PCs that come with Windows 8 and Windows 8.1 include UEFI firmware instead of the traditional BIOS. It is important to note that the secure boot is not a Windows 8 feature. It is in fact a protocol in the UEFI specification. By default, the machine’s UEFI firmware will only boot boot loaders signed by a key embedded in the UEFI firmware. This feature is known as “Secure Boot” or “Trusted Boot”.

On traditional PCs without this security feature, a rootkit could install itself and become the boot loader. The computer’s BIOS would then load the rootkit at boot time, which would boot and load Windows, hiding itself from the operating system and embedding itself at a deep level.

Secure Boot blocks this — the computer will only boot trusted software, so malicious boot loaders won’t be able to infect the system. On an Intel x86 and x64 PC, you have control over Secure Boot. You can choose to disable it or even add your own signing key.

How to Disable Secure Boot in UEFI

You can control Secure Boot from your UEFI Firmware Settings screen. To access this screen, you’ll need to access the boot options menu in Windows 8. To do this, open the Settings charm — press Windows Key + I to open it — click the Power button, then press and hold the Shift key as you click Restart.

Windows 8 Secure Boot

Your computer will restart into the advanced boot options screen. Select the Troubleshoot option.

Troubleshoot in Windows 8
In Troubleshoot menu, select Advanced options
Windows 8 UEFI Settings
Then select UEFI Settings. You may not see the UEFI Settings option on a few Windows 8 PCs, even if they come with UEFI — consult your manufacturer’s documentation for information on getting to its UEFI settings screen in this case.

UEFI Firmware Settings

You’ll be taken to the UEFI Settings screen, where you can choose to disable Secure Boot or add your own key.

Disable secure boot in UEFI

By this time you must have been booted in to UEFI utility. You can change various settings here but all we want to do right now is to disable secure boot option to allow dual booting. Move to Boot tab, there you’ll find Secure Boot option which is set to enabled. Use the arrow key to go to Secure Boot option and then press enter to select it. Use + or – to change its value. Confirm it when prompted. Press F10 to save the changes and exit the UEFI settings.

Disable UEFI Secure Boot in Windows 8

If you are using an Acer laptop, you might see that option to disable secure boot has been greyed out. Using arrow keys, move to Security tab. Look for Set Supervisor Password. This is mandatory in order to disable secure boot or else secure boot option will always be greyed out. Once you have set the supervisor password, move to Boot tab now. This time you’ll see that you can actually access the Secure Boot option and change its value. Press enter and change its value to Disabled.

Boot From Removable Media

You can boot from removable media by accessing the boot options menu in the same way — hold Shift while you click the Restart option. Insert your boot device of choice, select Use a device, and select the device you want to boot from.

Next you’ll be booted in to Windows normally. Now you should be able to dual boot Windows 8 with other OS. I hope this tutorial helps you to disable secure boot in Windows 8 and Windows 8.1.