1

Despite all the hate surrounding Secure Boot, I frankly think it's a good idea, if it can be turned off by the user (which it can be on non-ARM systems). My laptop didn't have Windows 8 installed, but it is relatively new and has UEFI firmware. I haven't seen any options for Secure Boot in the UEFI settings, but at the time the computer was purchased, Microsoft had already provided OEMs with Secure Boot specifications, and the OEM is encouraging me to upgrade to Windows 8.

Is there any way for me to turn on Secure Boot myself? Do I need to configure something in Windows in order for UEFI to attempt it, or is there a UEFI setting that I'm either not seeing or is unavailable? Will Secure Boot be possible with an eventual firmware upgrade, or is it embededded at a hardware level that can't be added after the fact?

I'm not sure it's relevant, since I'm looking for a canonical answer that applies to all computers, but in case it helps you find an answer, I'm using a Lenovo Thinkpad x230. I'll update with the UEFI revision number the next time I reboot.

Glorfindel
  • 4,158
nhinkle
  • 37,661

1 Answers1

2

Secure Boot is a Firmware-level feature.

It has nothing directly to do with Windows 8, but Microsoft is encouraging / forcing OEMs to support it on Windows 8 systems.

If your BIOS supports Secure Boot, you can enable it whether you have Windows 8 or not. (although you probably won't want to enable it unless you have a signed OS).

If your BIOS does not support it, you cannot use it, even if you do install Windows 8. (although you can hope that your manufacturer will add support for in in a firmware update)

Part of a Secure Boot-capable BIOS is a list of cryptographic (public) keys; the BIOS will only run an OS which has been signed by one of these keys.
Presumably, most BIOSes would ship with a Microsoft key in this list.
Hopefully, they will also allow the user to edit this list.

angrifel
  • 103
SLaks
  • 8,024