Secure Boot is a UEFI feature that blocks unsigned bootloaders from running. It's on by default on most newer PCs. Disabling it lets you boot Linux from a USB, install older operating systems, or use bootloaders Microsoft hasn't signed.
The path varies slightly by motherboard but the steps are similar. Here's how to do it for major brands.
Enter UEFI/BIOS
Restart your computer. As it boots, mash the key that enters BIOS. Common keys:
- F2 – Dell, Asus, Acer, most modern PCs
- F10 – HP, some Lenovo
- F12 – Some Toshiba, Acer
- Delete – MSI, some Gigabyte, custom-built
- Esc – some HP, Sony
Press repeatedly during the boot logo. If you miss the window, restart and try again. Some PCs show the key briefly on the boot screen.
Find Secure Boot in the menu
Once in BIOS/UEFI, look for a Boot or Security tab. The exact location of Secure Boot varies:
- Dell – usually under Boot Sequence or Secure Boot tab
- HP – Advanced > Boot Options > Secure Boot Configuration
- Lenovo – Security > Secure Boot
- ASUS – Boot > Secure Boot > OS Type change to Other OS
- MSI – Settings > Advanced > Windows OS Configuration
Use arrow keys to navigate. Mouse usually works in newer UEFI interfaces too.
Toggle Secure Boot off
Find the Secure Boot option. Press Enter on it. Change from Enabled to Disabled. Some BIOSes require you to set OS Mode Selection to Other OS first before Secure Boot becomes editable.
Save changes and exit. Usually F10 saves and exits. Confirm yes when prompted. The PC restarts with Secure Boot disabled.
Set an admin password first if needed
Some BIOSes won't let you change Secure Boot without an admin password set. If the Secure Boot option is grayed out, look for Set Supervisor Password or Set Admin Password first.
Set a password (remember it, you'll need it for future BIOS changes). Now Secure Boot becomes editable. Toggle it off. Save and exit.
What changes after disabling
With Secure Boot off:
- You can boot from USB drives with unsigned operating systems (Ubuntu, Mint, custom Linux)
- Older bootable utilities work again (Hiren's Boot CD, etc.)
- Windows 11 still installs and runs fine, just without one layer of security
- Some games with intrusive anti-cheat may complain (Valorant, for example, requires Secure Boot enabled)
Re-enable Secure Boot when you're done with whatever you needed disabled state for. The added security is worth it for daily use.
Disable Secure Boot from Windows Settings (Windows 11)
You can also reach UEFI directly from Windows without timing the boot key. Open Settings > System > Recovery. Click Restart now next to Advanced startup.
PC restarts to a blue screen. Pick Troubleshoot > Advanced options > UEFI Firmware Settings. Click Restart. PC boots straight into UEFI without the timing race.
Re-enable Secure Boot later
Same path. Enter BIOS. Find Secure Boot. Change from Disabled back to Enabled. Save and exit. Done.
If Windows 11 won't boot after you re-enabled Secure Boot, it might be because you installed it in BIOS mode rather than UEFI. In that case you'll need to convert the install or reinstall in UEFI mode.
Check Secure Boot status from Windows
To check current state without rebooting – press Windows + R, type msinfo32, hit Enter. The System Information window opens. Look at Secure Boot State near the top.
It shows On, Off, or Unsupported. Quick way to confirm without entering BIOS.
What model PC are you using? Tell me and I'll mention the exact BIOS path for disabling Secure Boot.