Secure Boot is a security feature in modern UEFI firmware that blocks the operating system from booting unless it has been signed by Microsoft, the hardware manufacturer or your own keys. It is on by default on most laptops. But sometimes you want to disable Secure Boot for many reasons, e.g., to install Linux alongside Windows, to boot from a USB recovery drive, to run older versions of Windows or to use bootloaders that Microsoft did not sign.
Real talk. Disabling Secure Boot is a legitimate need for dual-booters and tech enthusiasts. But it does reduce security. Trust me on this, you should know what you are trading before flipping the switch.
This easy guide will help you disable Secure Boot by walking you through entering BIOS, finding the right menu (it varies wildly by manufacturer), the actual toggle and helping you re-enable it later if you need to. Also covers what to expect after.
What Secure Boot Does and Why
Here is the deal. Before Secure Boot existed, malware called bootkits could infect the boot process before Windows even started. They were nearly impossible to remove because they ran below the OS.
Secure Boot stops this by only allowing signed code during the boot phase. Each piece of bootloader and OS kernel needs a cryptographic signature that matches a key stored in your motherboard. If something is unsigned or has a tampered signature, it will not boot.
Good security. Bad if you want to run things Microsoft did not sign. Linux distributions and recovery tools sometimes fall in that category.
When You Need to Disable Secure Boot
Real cases:
- Installing Linux. Many distros support Secure Boot now (Ubuntu, Fedora) but some smaller ones or live USBs do not.
- Dual-boot setups. Switching OS at boot sometimes requires Secure Boot off.
- Booting recovery USBs. Some Windows recovery tools and third-party rescue disks are unsigned.
- Running custom firmware. Some open-source projects ship unsigned bootloaders.
- Old hardware drivers. Rare but some legacy drivers fail with Secure Boot enabled.
If you do not have one of these specific needs, leave Secure Boot enabled. It is genuinely useful protection.
Method 1: Enter BIOS or UEFI Setup
The key to enter BIOS varies by manufacturer. Press the right key immediately after powering on.
- Dell: F2 or F12
- HP: F10 or Esc then F10
- Lenovo: F1, F2 or Enter then F1
- ASUS: F2 or Delete
- Acer: F2 or Delete
- MSI: Delete
- Microsoft Surface: Hold Volume Up while pressing Power
- Custom PC: Usually Delete or F2
Or use Windows: Settings > System > Recovery > Advanced startup > Restart now > Troubleshoot > Advanced options > UEFI Firmware Settings > Restart.
Method 2: Find the Secure Boot Option
In BIOS, look for Secure Boot setting. Common menu paths:
- Boot tab > Secure Boot
- Security tab > Secure Boot Configuration
- Advanced > Boot Options > Secure Boot
- Authentication > Secure Boot
The exact path depends on your motherboard and BIOS version. Look around the Boot and Security sections.
Method 3: Disable Secure Boot
- Highlight Secure Boot.
- Press Enter.
- Change from Enabled to Disabled.
- If asked for confirmation, confirm.
- Press F10 or use Save and Exit.
- System reboots.
Done. Secure Boot is off. Your PC will now boot anything regardless of signature.
Issues You Might Hit
Common roadblocks:
- Secure Boot option is greyed out. You need to disable User Mode and switch to Setup Mode. Or set a Supervisor Password first.
- Cannot find Secure Boot. Some BIOS hide it. Check Advanced Mode or Show Advanced Settings.
- OEM-locked BIOS. Some prebuilt PCs disable Secure Boot toggle entirely. Talk to manufacturer.
- Windows will not boot after disabling. Re-enable Secure Boot or change Boot Mode from UEFI to Legacy/CSM and back.
If your BIOS does not let you disable it, the manufacturer locked it. Rare on consumer hardware but happens on enterprise managed devices.
After Disabling Secure Boot
What changes:
- You can boot unsigned operating systems.
- USB recovery drives that were blocked now boot.
- Linux installations no longer need the shim signed bootloader.
- Some games using anti-cheat that requires Secure Boot (Valorant Vanguard on Windows 11) will refuse to launch.
- Windows 11 still works fine without Secure Boot, despite Microsoft requirements during install (different from runtime).
Heads up. Valorant, Vanguard and a few other anti-cheats specifically check Secure Boot. If you play those games, do not disable.
How to Re-Enable Secure Boot
Reverse process:
- Boot to BIOS using the same key.
- Find Secure Boot setting again.
- Change Disabled to Enabled.
- Save and exit.
Important. If you installed Linux or any unsigned bootloader, re-enabling Secure Boot may prevent that from booting. You will get a Secure Boot Violation message. Either remove the unsigned bootloader first or keep Secure Boot off.
My Honest Opinion
For everyday users, leave Secure Boot on. The protection is real and the downsides are zero.
If you need to dual-boot Linux, modern Ubuntu and Fedora work fine with Secure Boot enabled. Try those first before disabling. Only disable Secure Boot if absolutely needed.
Final Thoughts
Disabling Secure Boot needs BIOS access. The key to enter BIOS varies (F2, F10, Delete, etc.). Find Secure Boot under Boot or Security. Set to Disabled. Save and exit. Re-enable later if needed.
For dual-boot setups also check our complete dual boot guide for the partition steps.
Also, if you follow our steps and still face difficulties disabling Secure Boot, seek help from your PC manufacturer or leave a comment in the comment section of our blog.