I had UEFI Secure Boot enabled laptop with Windows 8 installed in, the problem is that I restored another OS(linux) and now I cannot enter in BIOS Setup.
Is there a way to disable UEFI Secure Boot without entering in BIOS settings?
biossecure-bootuefi
I had UEFI Secure Boot enabled laptop with Windows 8 installed in, the problem is that I restored another OS(linux) and now I cannot enter in BIOS Setup.
Is there a way to disable UEFI Secure Boot without entering in BIOS settings?
Best Answer
By design, Secure Boot cannot be disabled from within an OS; you must enter your firmware's setup utility in order to disable it. With most computers, you can enter the firmware setup utility by hitting a function key, or sometimes Del, early in the boot process. Some computers don't enable the keyboard, though, or don't provide this option at all. If you've got such a system, you could try unplugging the hard disk from the motherboard and booting without a disk; that might kick the system into the firmware setup utility.
IIRC, the
HashTool.efi
program that comes withPreLoader.efi
provides an option to reboot into the firmware's setup utility. This option doesn't work on all computers, though. If yours is one on which this feature works, you could get in by preparing a USB flash drive as follows:PreLoader.efi
andHashTool.efi
.gdisk
or by setting its "boot flag" inparted
or GParted.PreLoader.efi
to the USB flash drive asEFI/BOOT/bootx64.efi
and copyHashTool.efi
asEFI/BOOT/HashTool.efi
.Another option would be to prepare a USB flash drive or the like with a Secure Boot-enabled boot loader (PreLoader or shim). This would enable you to boot to Linux and install the Secure Boot-enabled boot loader on your hard disk. If you use PreLoader, you can begin as just described, but you'll also need to copy a regular Linux boot loader to the USB drive as
EFI/BOOT/loader.efi
. When you boot, HashTool will then let you register that program as valid, and thereafter it will work. You'll still have to configure the boot loader to boot off your regular hard disk, though. For more information or if you want to use shim rather than PreLoader, see my Web page on the topic for details.Update: Recent versions of rEFInd, and I believe also gummiboot, provide an option to reboot into the firmware setup utility. To be useful, you'll need to install these programs to launch from
PreLoader.efi
orshim.efi
. My rEFInd Secure Boot documentation covers this process in detail for rEFInd.