Secure Boot is a security feature that prevents loading of malicious code during the Windows pre-boot interval. It prevents any unsigned UEFI drivers and bootloaders that can load malicious code and infect your machine and steal your personal, confidential information. This feature is available in every computer with the UEFI support, and can be enabled/ disabled from the CMOS Settings.
How Does Secure Boot Work?
We all have heard about the BIOS. It was commonly used in computers until the 2000s when the modern UEFI technology replaced it. Secure Boot is available on modern computers that use Unified Extensible Firmware Interface (UEFI).
Each modern Windows operating system version is signed with pairs of public/ private encryption keys that establish trust relationship between your computer and the operating system. Each time you start your computer, the UEFI system validates the keys against the signed keys that are whitelisted by the certifying authority (in this case, Microsoft). If the key matches, the boot loader will be permitted to load the operating system. Otherwise, your operating system may not load at all.
Benefits
- Prevents malicious and illicit software from attacking to take control of your computer’s boot process and load itself at the startup
- Protects your data from ransomware, a type of malware that encrypts and holds the victim’s confidential information at ransom.
- Validates the origin and authenticity of the software before loading
- On certain machines, organizations can remove the manufacturer-integrated keys and insert their own for their own internal safety and privacy concerns. For example, software like Shim act as dedicated first-stage bootloaders
The idea behind Secure Boot is not to prevent non-Microsoft based operating systems from booting and creating a monopoly for Microsoft’s OS. Rather, Microsoft acts as the Certificate Authority (CA) for the Secure Boot system and non-Microsoft operating systems can obtain certifications by fulfilling the minimum requirements that have to meet for certification and submit their source code for auditing. Upon reviewing the source code for safety and privacy, a certificate may be issued or denied.
Disadvantages
Each technology has its pros and cons. Just like any other technology, Secure Boot has its disadvantages. For example, Secure Boot might prevent dual-booting a computer. You may not be able to boot a particular operating system from the boot loader. Secure Boot has also received criticism from certain sections of the Linux community. In order to make your PC dual-boot or install certain, non-popular distributions of the Linux operating system, you might need to first disable the Secure Boot feature.
Solution 1: Convert your MBR Disk to GPT
If you’re unable to activate Secure Boot, you might want to convert your MBR disk to GPT.
Important: It is highly recommended that you backup your important data on to an external drive (such as an external hard disk). MBR to GPT conversion can cause extreme data loss.
- Close any open programs that may be running.
- Click on Start.
- Select Settings.
- Click on Update & Security.
- Click on Recovery tab > Restart Now (under Advanced Startup).
- Your computer will shutdown and restart itself.
- Click on the Troubleshoot icon.
- Select Command Prompt.
- Type the following commands one by one:
- diskpart
- list disk
- Command Prompt will list the available disks connected to your PC. In the following command, insert your disk number:
- select disk <type your disk number here>
- Finally, type the following:
- clean
- Convert gpt
Solution 2: Reduce Transfer Data Size, Transfer Data to an External HDD & Re-partition your Hard Disk
The second solution is to repartition your hard disk. But not everyone can transfer all of their data to an external hard disk. Due to the immense nature and size of the data on your hard disk, your external hard disk may be insufficient to store all the files. Thankfully, you can overcome this issue by deleting all the duplicate versions of your documents, images, music, videos stored onto your hard disk. The best thing? This process is completely automatic. After freeing-up tens of GBs of storage space, the transfer process will become smoother and faster.
Step 1: Get Rid of Duplicate File Versions to Reduce Storage & Transfer Size
- Download Clone Files Checker. Install and run it.
- Click on the Add button and add all the partitions of your hard disk.
- Click on Start Search.
- Once the duplicate scan is finished, choose the Quick Fix option.
- To keep only newer files in each group, select the Newest option.
- In the subsequent page, choose an action. Select Delete permanently to destroy all duplicate file versions and reclaim your storage.
Note: You can also review your files individually instead of automatically deleting. Just select the Review & Fix option instead of Quick Fix in the Step # 4 above.
Steps 2: Transfer all the Data to External Hard Disk
Once you’re done, copy all the data from your hard disk to an External Hard Disk or on to the Cloud. This might take some time depending on the size of your data.
Step 3: Re-partition your Hard Disk
Warning: Formatting and/ or re-partitioning your hard disk will destroy all the files from your hard disk.
For Dell Laptops:
- Insert the Windows 10 installation DVD ROM, or connect your Windows 10 installation USB drive to your PC.
- Restart your computer.
- Press F2 or Delete key repeatedly until it opens the CMOS Setup.
- Use the keyboard arrow keys to select the Boot Sequence tab on the left.
- Select the UEFI option and then click on Apply.
- Go to Advanced Boot Options and enable the Enable legacy option ROMs.
- Click on Apply again.
- Now, go to the Secure Boot > Secure Boot Enable.
- Check the option Secure Boot Enable.
- Click on Apply.
- Click on Exit and your computer will restart.
- When you’re prompted to press a key, follow it.
- Wait for a while until the Setup is loaded.
- Click on Install now.
- Read the license agreement and accept it, if you agree.
- Click on Next.
- Select Custom: Install Windows only (Advanced).
- Select a partition (drive) from your hard disk. Click on Delete.
- Confirm the action.
- Repeat the same step for other drives on your hard disk.
- Use the New icon and specify a size for your new partition(s).
- Follow the on-screen instructions.