Secure Boot is a feature in UEFI BIOS that only allows verified operating systems to boot. The goal is preventing bootkit malware from loading before Windows starts. The catch is that Secure Boot can prevent legitimate uses like installing Linux, using older bootable USB tools and dual-booting some operating systems. Disabling Secure Boot lets you do those tasks but reduces security.
Here is how to disable Secure Boot in BIOS across the main PC brands.
Access BIOS or UEFI Settings
You need to enter BIOS to change Secure Boot. The method to access BIOS varies by PC. Restart your computer. Press the BIOS key during boot. Common keys are Delete, F2, F10, F12 or Esc. The exact key shows briefly on the boot screen.
If you missed the moment, restart and try again. Or use Windows to boot directly into BIOS. Hold Shift while clicking Restart. Choose Troubleshoot > Advanced Options > UEFI Firmware Settings > Restart. This boots directly to BIOS without needing to time the key press.
Find Secure Boot Settings
In BIOS, the Secure Boot setting is usually under Security or Boot section. Navigate using arrow keys to Security or similar tab. Find Secure Boot Control or Secure Boot Enable.
Change from Enabled to Disabled. Save and exit BIOS (usually F10 to save and exit). Confirm. The PC restarts with Secure Boot off. Windows still boots normally because Microsoft signs Windows for both Secure Boot and non-Secure Boot modes.
Brand-Specific BIOS Paths
Different brands have slightly different BIOS layouts. Here are the typical paths for major brands.
- Dell: Press F12 during boot for boot menu, F2 for BIOS. Secure Boot is under Boot Configuration.
- HP: Press F10 or F9 for BIOS. Secure Boot is under Boot Options or Security.
- Lenovo: Press F1, F2 or Enter for boot menu then F1. Secure Boot is under Security > Secure Boot.
- ASUS: Press Delete or F2 for BIOS. Secure Boot is under Boot > Secure Boot.
- MSI: Press Delete for BIOS. Secure Boot is under Settings > Security > Trusted Computing.
- Acer: Press F2 for BIOS. Secure Boot is under Boot or Security.
- Microsoft Surface: Hold Volume Up while pressing Power. Secure Boot is under Security.
Set BIOS Password If Needed
Some BIOS systems require an admin password before changing Secure Boot settings. If your PC asks for a password and you do not know it, the BIOS may have been password-protected. Common defaults include admin, password or no password at all (just press Enter). Manufacturer-specific defaults sometimes apply.
For locked BIOS without known password, contact PC manufacturer or remove the CMOS battery temporarily to reset BIOS to defaults. The battery removal trick should only be done by users comfortable opening PC cases.
Why You Might Need to Disable
Common reasons to disable Secure Boot include installing a Linux distribution that does not have Microsoft-signed boot files, dual-booting Windows with an unsigned bootloader, using older bootable USB tools for system recovery or imaging, booting from unsupported media for forensics or password recovery, and installing Windows on older hardware that has BIOS conflicts with Secure Boot.
Security Implications
Disabling Secure Boot reduces system security against specific threats. Bootkit malware that infects before Windows boots can persist after Windows installs. Most users never encounter bootkit attacks but the protection layer is real for users in higher-risk environments. After you finish whatever task required disabling Secure Boot, consider re-enabling it for ongoing protection.
For most home users, Secure Boot off does not change daily security much because the main threats come through email and browser, not bootkits. Server administrators and corporate environments should keep Secure Boot enabled when possible.
Re-Enable Secure Boot After
When the task that needed Secure Boot off is complete, re-enable it. Same BIOS path as before. Change Secure Boot back to Enabled. Save and exit. Reboot. The PC checks signed boot files again. Linux installations need a signed bootloader (most modern distros have one) to work with Secure Boot on. Verify everything still boots before assuming the change worked.
Final Thoughts
To disable Secure Boot, enter BIOS by pressing F2 or Delete during boot. Find Secure Boot under Security or Boot section. Change to Disabled. Save and exit. The PC restarts with Secure Boot off. Most modern Linux installations and bootable USB tools work after this change. Re-enable Secure Boot after the task is done for ongoing security protection.
If you disabled Secure Boot for a specific use case, share what you needed it for in the comments.