[SOLVED] Disable Secure Boot on Asus Zenbook UX32A

Similar Messages

• I can't disable secure boot.

  This is actually rediculous and i've seen so many people become infuriated over this same issue that SHOULDN'T be an issue at all. I've been trying for FOUR hours to install ubuntu and get rid of shi**y windows 8.1. That's right FOUR hours. Not only have I had to redo the USB write to make it bootable multiple times i've had to sit through countless slow reboots because 8.1 is just a piece of malware that i've had to deal with for about a year due to the fact that I have no choice in what operating system I use on my laptop. Oh, and before someone says try burning it to a CD heres something funny, My Toshiba Satellite C55T-B5109 came with a fake optical drive so.... I've changed boot order i've switched to CSM boot, I only have two boot options and when I switched it booted a black screen with white text talking about how I need to insert a usb or cd(sorry i cant) and try again which I did, so i just switched back to the original boot option. I've already disabled fast boot and I updated my BIOS to v1.4 (the latest version) but that of course didnt do anything because toshiba is probably getting paid to make it almost (if not) impossible to use anything but the virus that is windows 8.1. Nobody speak a word if you dont know how to directly solve the problem. I don't want to see "Thats happening to me too! plz help" or "that sucks" be constructive or dont bother. The only solution or "you should try" should directly correlate to secure boot. Not the load order. The boot options. This needs to be solved immediately because the fact that the choice of a different OS should be available to everyone its my computer. I bought it.

  That would be great but when I try CSM Boot it just says insert a valid USB or something of that nature. To which I keep unplugging and re-plugging the USB but it still doesnt get detected as a bootable drive. So I practically HAVE to use UEFI boot and no matter what I do it kicks windows back into my face. I can try selecting the boot from USB option but that doesn't work. I but USB at the top of my load order and my HDD at the bottom, but that doesn't work. I also opened BIOS at startup and clicked the USB but all it does is kick me into windows once again. I disabled fast boot, I finally forced secure boot off, but I still can't install Ubuntu. I've re-written the USB multiple times and I would try to burn it to a CD but I don't have an optical drive. I opened msconfig and had a look at the boot tab but it only lists the C: drive with windows 8 as the default OS. I've looked up everything and I have tried it. It seriously should not be this hard to install the OS of your choice because Windows decides that you have to use their OS. I must be doing something wrong so please tell me i'm out of ideas.

• Disabled Secure BOOT option in G580 Bios options

  How do I disable this setting in the Bios?  Do I have to turn in off in Windows 8 first?  
  I have the option but I can not arrow to it and turn it off or on.  Only way to disable it is by brute force and turn off UEFI boot option and set it as Legacy.
  I am obviously missing something.
  Solved!
  Go to Solution.

  You don't have to disable it ........... Just when you are shutting down the device Press (SHIFT + SHUTDOWN from the power menu) .........
  This will do it 

• Disable secure boot on TAB S8

  Hey!
  How can I disable on my S8-50F?
  In /sys/fimware/efi/vars/SecureBoot[...]/raw_var it says its 0, but i can't boot custom kernel.
  Anyone knows?
  Thx,
  balika011

  This is wifi only.

• [SOLVED] Unable to boot in UEFI System

  For several days I have been trying to get Arch to boot on my desktop by following the Beginners' guide and refering to other Arch wiki articles as well as Arch Forum posts for any problems that I had. I have tried a few bootloaders such as GRUB, gummiboot, and rEFInd and they all give the same result when I attempt to boot - a blinking cursor with no menu and then it returns me to the BIOS;. My UEFI motherboard is the ASUS VI Hero. I have disabled secure boot and both fast boots. I use a live USB with UEFI that is able to boot on my system and was created with dd.
  Below are the outputs of some commands that might be useful.
  root@archiso ~ # lsblk
  NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
  sda 8:0 0 223.6G 0 disk
  ├─sda1 8:1 0 512M 0 part
  ├─sda2 8:2 0 4G 0 part
  └─sda3 8:3 0 219.1G 0 part
  sdb 8:16 0 931.5G 0 disk
  ├─sdb1 8:17 0 487.3M 0 part
  └─sdb2 8:18 0 931G 0 part
  sdc 8:32 0 232.9G 0 disk
  ├─sdc1 8:33 0 100M 0 part
  └─sdc2 8:34 0 232.8G 0 part
  sdd 8:48 1 3.8G 0 disk
  ├─sdd1 8:49 1 595M 0 part /run/archiso/bootmnt
  └─sdd2 8:50 1 31M 0 part
  loop0 7:0 0 256.8M 1 loop /run/archiso/sfs/airootfs
  loop1 7:1 0 32G 1 loop
  └─arch_airootfs 254:0 0 32G 0 dm /
  loop2 7:2 0 256M 0 loop
  └─arch_airootfs 254:0 0 32G 0 dm /
  Windows 7 is on sdc and Arch is on sda (sdb is an extra storage device for Windows). Both sdc and sda are SDDs.
  root@archiso ~ # parted /dev/sda print
  Model: ATA SanDisk SDSSDHII (scsi)
  Disk /dev/sda: 240GB
  Sector size (logical/physical): 512B/512B
  Partition Table: gpt
  Disk Flags:
  Number Start End Size File system Name Flags
  1 1049kB 538MB 537MB fat32 boot, esp
  2 538MB 4833MB 4295MB linux-swap(v1)
  3 4833MB 240GB 235GB ext4
  root@archiso ~ # cat /mnt/etc/fstab
  # UUID=0dff590b-24f1-47a2-870e-3f4d2c5bcb6a
  /dev/sda3 / ext4 rw,relatime,data=ordered,discard 0 1
  # UUID=FA3A-728C
  /dev/sda1 /boot vfat rw,relatime,fmask=0022,dmask=0022,codepage=437,iocharset=iso8859-1,shortname=mixed,errors=remount-ro 0 2
  # UUID=524e2980-d1e6-4948-88f9-c193682d5a9e
  /dev/sda2 none swap defaults 0 0
  # efibootmgr
  BootCurrent: 0003
  Timeout: 1 seconds
  BootOrder: 0000,0001,0002,0003
  Boot0000* grub
  Boot0001* Hard Drive
  Boot0002* ubuntu
  Boot0003* UEFI: General USB Flash Disk
  Boot0008 Hard Drive
  Ignore ubuntu, that was on my HDD from before but has been removed. The grub option usually disappears after reboot unless I run efibootmgr -O after I install the bootloader. Using efibootmgr -v option, the output is a bit hard to read.
  # efibootmgr -v
  BootCurrent: 0003
  Timeout: 1 seconds
  BootOrder: 0000,0001,0002,0003
  Boot0000* grub HD(1,800,100000,f9c04628-178b-4c94-9b92-62c04f2a5151)File(\EFI\grub\grubx64.efi)
  Boot0001* Hard Drive BIOS(2,0,00)..GO..NO........u.W.D.C. .W.D.1.0.E.Z.E.X.-.0.8.M.2.N.A.0....................A.................................>..Gd-.;.A..MQ..L. . . . .W. .-.D.M.W.3.C.1.F.6.4.5.0.4.6........BO..NO........u.S.a.m.s.u.n.g. .S.S.D. .8.4.0. .E.V.O. .2.5.0.G.B....................A.................................>..Gd-.;.A..MQ..L.1.S.B.D.S.N.F.A.7.1.3.0.7.5. .L. . . . ........BO..NO........o.S.a.n.D.i.s.k. .S.D.S.S.D.H.I.I.2.4.0.G....................A...........................>..Gd-.;.A..MQ..L.4.1.3.4.3.7.0.4.7.0.2.0. . . . . . . . ........BO..NO........u.G.e.n.e.r.a.l. .U.S.B. .F.l.a.s.h. .D.i.s.k....................A.............................B..Gd-.;.A..MQ..L.G.e.n.e.r.a.l. .U.S.B. .F.l.a.s.h. .D.i.s.k........BO
  Boot0002* ubuntu HD(1,800,f3a9e,3eaa3162-6352-4ad8-a725-89c738f2b3ad)File(\EFI\Ubuntu\grubx64.efi)
  Boot0003* UEFI: General USB Flash Disk ACPI(a0341d0,0)PCI(1d,0)USB(1,0)USB(1,0)HD(1,fc,f800,612a5c68)..BO
  Boot0008 Hard Drive BIOS(2,0,00)..GO..NO........o.S.a.n.D.i.s.k. .S.D.S.S.D.H.I.I.2.4.0.G....................A...........................>..Gd-.;.A..MQ..L.4.1.3.4.3.7.0.4.7.0.2.0. . . . . . . . ........BO..NO........u.W.D.C. .W.D.1.0.E.Z.E.X.-.0.8.M.2.N.A.0....................A.................................>..Gd-.;.A..MQ..L. . . . .W. .-.D.M.W.3.C.1.F.6.4.5.0.4.6........BO..NO........u.S.a.m.s.u.n.g. .S.S.D. .8.4.0. .E.V.O. .2.5.0.G.B....................A.................................>..Gd-.;.A..MQ..L.1.S.B.D.S.N.F.A.7.1.3.0.7.5. .L. . . . ........BO..NO........o.G.e.n.e.r.a.l. .U.S.B. .F.l.a.s.h. .D.i.s.k....................A.......................B..Gd-.;.A..MQ..L.G.e.n.e.r.a.l. .U.S.B. .F.l.a.s.h. .D.i.s.k........BO
  I mount /dev/sda3 to /mnt and /dev/sda1 to /mnt/boot before I arch-chroot and when I tried grub, I installed with:
  # grub-install --target=x86_64-efi --efi-directory=/boot--bootloader-id=grub --recheck
  No errors are reported. I then make a config file for grub with:
  # grub-mkconfig -o /boot/grub/grub.cfg
  Last edited by DetotatedWam (2015-04-01 22:12:06)

  Boot\ Secure Boot menu >
  Secure Boot state: Disabled
  Platform Key (PK) state: Unloaded
  OS Type: Windows UEFI mode
  I have tried setting "OS Type" to "Other OS" before but that doesn't change anything. I just tried it again and the BIOS freezes upon "Save Changes & Reset".
  Boot\ Secure Boot menu\ Key Management >
  PK Management: Unloaded
  KEK Management: Unloaded
  DB Management: Unloaded
  DBX Management: Unloaded
  The other day, I deleted all of them and backed them up on a USB in order to disable secure boot.
  Note: After looking at this menu again I am noticing options to append from file for KEK, DB, and DBX that might help.
  Append KEK from File
  Allows you to load the additional
  KEK from a storage device for an
  additional db and dbx loaded
  management.
  [Yes]
  Load the default KEK
  [No]
  Load from a USB storage device
  Append db from File
  Allows you to load the additional db
  variable from a storage device so
  that more custom signed UEFI
  executble files can be loaded.
  *UEFI executabled files include UEFI
  boot loaders, drivers and
  applications.
  [Yes]
  Load the default db
  [No]
  Load from a USB storage device
  Append dbx from File
  Allows you to load the additional
  dbx variable from a storage device
  so that more custom signed UEFI
  executble files cannot be loaded.
  *UEFI executabled files include UEFI
  boot loaders, drivers and
  applications.
  [Yes]
  Load the default dbx
  [No]
  Load from a USB storage device
  Boot\ CSM (Compatibility Support Module)
  Launch CSM: Enabled
  Boot Device Control: UEFI and Legacy OPROM
  Boot from Network Devices: Legacy OPROM first
  Boot from Storage Devices: Both, UEFI first
  Boot from PCI-E/PCI Expansion Devices: Legacy OPROM first
  As a side note: After a reboot, I noticed the Arch boot option disappeared again.
  Head_on_a_Stick wrote:Have you managed to boot any other distributions that are not compatible with Secure Boot?
  I have been able to boot Windows 7 and ubuntu but I beleive both are compatible with Secure Boot so, no.
  Head_on_a_Stick wrote:The Arch live ISO has the EFI applications PreLoader.efi & HashTool.efi included so that will boot up with Secure Boot enabled.
  I will try this and post the results.
  Edit: Now my BIOS Freezes everytime I try to save & exit.
  Last edited by DetotatedWam (2015-04-01 19:59:18)

• Secure boot?

  Hello,
  I have a question regarding the secure boot option in the BIOS.  I have a Satellite C855D with Windows 8.1.  I was trying to boot to a USB thumb drive that has a bootable Ultimate Boot CD on it.  I changed the boot mode from UEFI to CSM but cannot find where to disable "secure boot."  I have done it before but it's like it isn't there now. 
  I reformatted my drive about two months ago and it may be a coincidence but I don't think I've seen the option since then.

  "Secure Boot" isn't needed to install Windows 8.
  "Secure Boot" is merely a feature of newer UEFI BIOSes that allow the system to maintain control of the installation of certain rogue software. It locks down the system and only hands over execution to "white listed" program and operating systems.
  Please send KUDOs
  Frank
  {------------ Please click the "White Kudos" Thumbs Up to say THANKS for helping.
  Please click the "Accept As Solution" on my post, if my assistance has solved your issue. ------------V
  This is a user supported forum. I am a volunteer and I don't work for HP.
  HP 15t-j100 (on loan from HP)
  HP 13 Split x2 (on loan from HP)
  HP Slate8 Pro (on loan from HP)
  HP a1632x - Windows 7, 4GB RAM, AMD Radeon HD 6450
  HP p6130y - Windows 7, 8GB RAM, AMD Radeon HD 6450
  HP p6320y - Windows 7, 8GB RAM, NVIDIA GT 240
  HP p7-1026 - Windows 7, 6GB RAM, AMD Radeon HD 6450
  HP p6787c - Windows 7, 8GB RAM, NVIDIA GT 240

• Turn off secure boot on my HP envy phoenix 180-145qe

  I
  This question was solved.
  View Solution.

  If I may ask, for what specific reason do you want to do that?
  Did you mean to type HP Envy Phoenix 810 instead of 180?
   Enter the BIOS
  Once you have pressed F10 to accept the change, click on the File tab then click on Save CHanges and Exit.  You have disabled secure boot.
  ****Please click on Accept As Solution if a suggestion solves your problem. It helps others facing the same problem to find a solution easily****
  2015 Microsoft MVP - Windows Experience Consumer

• MSI GT-60 No Secure Boot in BIOS

  Hey all I am in a bit of a pickle.
  I have an MSI GT-60 that came with windows 8. I don't like windows 8 so I decided to put windows 7 on it. When I did the laptop blue screens and restarts every 2 minutes due to the video card (it wont blue screen if I disable it) I dug up a little and found out this is the most likely problem
  https://forum-en.msi.com/index.php?topic=165501.0
  Among others it would seem the main problem is the BIOS needs to be flash to the new version. My laptop is still under warranty so I contacted support and after many lengthy conversations they finally gave me instructions on how to upgrade the factory windows 8 bios to the new windows 8 bios which will hopefully solve this problem. They specifically said DO NOT flash to a windows 7 BIOS.
  The main step required to update the BIOS is to disable secure boot. My BIOS's security screen is completely blank except to create a password. I scrolled through the entire BIOS and there is NO secure boot option. Has this happened to anyone before and or know how to update the BIOS ?
  Any help would be greatly appreciated.

  Quote from: Chad_GT60 on 23-January-14, 01:54:53
  Hey all I am in a bit of a pickle.
  I have an MSI GT-60 that came with windows 8. I don't like windows 8 so I decided to put windows 7 on it. When I did the laptop blue screens and restarts every 2 minutes due to the video card (it wont blue screen if I disable it) I dug up a little and found out this is the most likely problem
  https://forum-en.msi.com/index.php?topic=165501.0
  Among others it would seem the main problem is the BIOS needs to be flash to the new version. My laptop is still under warranty so I contacted support and after many lengthy conversations they finally gave me instructions on how to upgrade the factory windows 8 bios to the new windows 8 bios which will hopefully solve this problem. They specifically said DO NOT flash to a windows 7 BIOS.
  The main step required to update the BIOS is to disable secure boot. My BIOS's security screen is completely blank except to create a password. I scrolled through the entire BIOS and there is NO secure boot option. Has this happened to anyone before and or know how to update the BIOS ?
  Any help would be greatly appreciated.
  It happened to me before on my windows 8 msi ge40. I downgraded to windows 7 & flash the bios intended for windows 7, i.e. I replaced the pre-flashed windows 8 bios that comes with the notebook when i bought it with Windows 7 bios i downloaded from the MSI GE40 product download page.
  & when i decided to revert back to windows 8, i noticed that the secure boot option was no longer there in the bios. I tried to boot my system from the windows 8 recovery media (USB flash drive) i prepared but the system could not boot from it. I was trying also to revert back to windows 8 bios but the system could not boot from the usb flash drive.
  I contacted MSI and asked for their help. They sent me the below link but it simply did not work.
  http://www.msi.com/files/pdf/How_to_make_a_bootable_flash_disk_and_to_flash_BIOS_f.pdf
  So what I did was i went again to BIOS download page of my notebook. There are 2 ways in there to update the bios. And between the 2, this one works for me
  http://www.msi.com/files/pdf/Flash_BIOS_by_UEFI_BIOS_Setup_Utility_en.pdf
  I was then able to revert back to windows 8 bios & of course, secure boot option returns. In fact, i have updated my notebook bios to the latest one intended for windows 8.1
  Hope this helps.

• How to re-enable secure boot ?

  Hi All,
  On my X1 Carbon, I had to move from Win 8.1 pro to 8.1 Ent. I did a fresh install from scratch to only install what I need.
  During my setup, I had to disable Secure boot, to boot on a USB Key, install 8.1 Enterprise. Now that everything is working, I would like to re-enable the secure boot option.
  If I don't it directly in the BIOS, the laptop doesn't book any more.
  ANy idea how to do it ? Do I have to import key from my 8.1 Ent to the Bios or something like this ?
  Thank you
  Christopher
  Solved!
  Go to Solution.

  If you want to install Windows 8.1 in UEFI mode, and thus be able to Secure Boot it, you must set your machine to Secure Boot off, while installing, and in the Startup section of the BIOS, set UEFI/Legacy Boot to UEFI only.
  NB, for a USB device to be able to install a UEFI version, it must be formatted to Fat32. I have no clue why this is required, but it is. I have installed Vista / 7 / 8 in EFI/UEFI mode from a basic Fat32 drive for many years if required.
  I have seen this go wrong on a couple of machines, mainly because the HD is initialized as a MBR drive, and the generic MS Windows 8.1 ISO will not give you an option to initialize it as a GPT or a MBR drive, which the Recovery Media from Lenovo for Windows 8 actually does.
  You can then either use a Windows bootable media to enter Repair/Recovery mode, and formatting your HD through the DISKPART utility or what is simpler, boot up a liveCD image of gParted and clear your drive completely by initializing the drive as GPT, exit the utility and then installing Windows 8.1, which will, due to the UEFI only selection in the Startup procedure, boot up your Windows 8.1 installation in UEFI mode and once finished, you will be able to turn Secure Boot back on.
  Hope this helps!
  Cheers!
  ThinkPad W540 (20BG) - i7-4800MQ/24GB // ThinkPad T440s (20AQ) - i7-4600U/12GB
  ThinkPad T440p (20AW) - i7-4800MQ/16GB // ThinkPad Helix (3698-6EU) - i5-3337U/4GB
  ThinkPad W520 (4282-W4Q) - i7-2720QM/32GB // ThinkPad T400 (2767-W1C) - P9500/8GB
  ThinkPad T61 (7665-CTO) - T7700/4GB // ThinkPad T60p (8741-C2G) - T7400/4GB

• T450s downgrade Win 8.1 Pro to Win 7 Pro Secure Boot Process?

  Hi all, New owner of a T450S with 8.1 Pro. I have a Windows 7 Pro OEM disc (no serial number) that I can put on a USB thumb drive. Prior to owning a secure boot machine I would just format the hard and install Win 7. With secure boot and the downgrade I'm not sure how this works. 1. Is the serial number that I have backwards compatable? Can I just format, install and use the 8.1 Pro serial number on my Lenovo? 2. I believe I will have to disable secure boot but I'm not sure. Any help or link to a tutorial would be appreciated. ThanksChrissy  

  @ the OP,
  The article ColonelOneill linked says "You’ll need to activate by phone. Call up the phone number displayed in the activation window and explain that you’re exercising your Windows 8 Pro downgrade rights. Have your Windows 8 Pro key ready; you’ll need it to prove your PC has downgrade rights."
  Here's a link to Microsoft's description of how to activate a downgrade:  Understanding downgrade rights
  Z.

• Windows 8.1 Ent eval enabled Secure Boot I think

  I want to get my laptop back to its original format.
  Currently dual booting Windows7/8.1
  During the installation of Windows 8.1 Enterprise evaluation it paused to say it was going to enable secure boot.  I did'nt think much of it I thought I could change it back from the bios.  Did it flash my firmware?  I checked the system status
  with msinfo32.exe; was legacy mode and with powershell; secure boot not supported.  I don't have any options to disable secure boot in the bios nor from within Windows -"I know how to disable it in windows 8.1".  I can't boot a foreign
  operating system, but I can boot a Microsoft OS which sounds like secure boot to me.  I want to get it back to running Windows 7 dual booting with Linux.  I use both at work and need both.  I made the mistake by loading the Eval on my primary
  laptop.  I read I need to revert back to Windows 7 completely, formating and re-installing the OS.  Will this clear my secure boot simulation issue?  I have not changed the partitions or removed any O/S's.   What's the best way
  to proceed?

  Hi,
  I want to explain that, Secure Boot is indepent with system, you can disable it in UEFI interface.
  To disable Secure Boot, you can follow the steps below:
  1.Before disabling Secure Boot, consider whether it is necessary. From time to time, your manufacturer may update the list of trusted hardware, drivers, and operating systems for your PC. To check for updates, go to Windows Update, or check your manufacturer's
  website.
  2.Open the PC BIOS menu. You can often access this menu by pressing a key during the bootup sequence, such as F1, F2, F12, or Esc.
  Or, from Windows, hold the Shift key while selecting Restart. Go to Troubleshoot > Advanced Options: UEFI Firmware Settings.
  3.Find the Secure Boot setting, and if possible, set it to Disabled. This option is usually in either the Security tab, the Boot tab, or the Authentication tab.
  4.Save changes and exit. The PC reboots.
  I found an aticle that teach how to install dual-boot Windows 7 and Ubuntu 12.04 on a PC with UEFI hardware:
  http://www.linuxbsdos.com/2012/10/11/dual-boot-windows-7-and-ubuntu-12-04-on-a-pc-with-uefi-hardware/
  Hope this helps.
  Roger Lu
  TechNet Community Support

• Dual booting S540 and linux with Secure Boot?

  At some point I intend to install archlinux with dual boot on my Thinkpad S540 which currently runs Windows 8.1.
  All the current advice about dual boot on UEFI machines seems to indicate that the way to go is to disable Secure Boot (and Fastboot) for Windows, and then do the linux install choosing a linux bootloader to allow booting either O/S. I believe I know the steps needed to do that.
  Does anyone have any experience with dual booting Windows 8.1 and ArchLinux on the S540?  I would like to retain Secure Boot for Windows, and in the ideal world have Secure Boot running for ArchLinux also. However Secure Boot is fraught with problems for Linux. There are a few distributions such as Ubuntu which will in principle support Secure Boot but I only use ArchLinux and want to install that particular flavour of linux on my machine. It is of course possible to keep switching Secure Boot on and off in the BIOS before booting either of the two installed operating systems but it would be neater and cleaner to have it all with Secure Boot on, or all with it off.
  This is all very new stuff so there may well be a lot of problems, but it is worth exploring. I use rEFInd as my bootloader on another UEFI desktop computer to boot ArchLinux so I am familiar with that bootloader, but dual boot is another thing, and Secure Boot with the fast moving developments in that area is something that until now very few people have tinkered with.
  Any replies and guidance/suggestions appreciated.

  I'm guessing /boot can run from ntfs, however probably not as efficiently as if it were running on ext3/4. Mine runs on Ext4.
  To add confusion, you only create one Extended partition, all partitions you create within the Extended partition are called Logical partitions. You should be able to create enough Logical partitions for your needs.
  Primary/Extended partitions are normally sda1-4 and Logical partitions will usually start from sda5 on modern Sata HDD systems.
  For /boot I would create a small 100mb Ext4 Logical partition. This partition cannot be inside LVM nor encrypted when using Grub1.  I'm not familiar with Grub2.

• How to Enable Secure Boot on UEFI Systems?

  SymptomsWhen attempting to enable Secure Boot, the system does not allow you to select the option to enable or disable Secure Boot.  This is due to the way Acer's UEFI implementation requires a Supervisor Password be set in order to access this option.
  UEFI is a newer technology that replaces the older standard BIOS.
  DiagnosisCreating a Supervisor Password in UEFI will allow you to access the Secure Boot options. It is important that you remember this password as it will be required to make any changes in the UEFI interface.
  SolutionCreate a Supervisor Password to gain access to the Secure Boot option. 
  Refer to our FAQ for all the steps on how to access Secure Boot on Desktops, Notebooks, and Tablets:
  Enable or Disable Secure Boot in Windows 8

  Das macht man 2-3 mal und dann ist nix mehr mit Bios. Dann kommt Passwort ist falsch und das war's dann. Hab ich schon auf verschiedenen Lappis gehabt. Sprich TOSHIBA... und Aspire E1-571g. Beim Toshi den Baustein ausgelötet neuen gekauft, beschrieben und wieder eingelötet. Kostet schlappe 150,-€. Mal schauen was beim Acer rauskommt.Vielleicht gibt es ja noch einen Jumper um das UEFI BIOS zurückzusetzen

• Upcoming issues for secure boot and arch installs

  I came across this rather worrying article indicating that when Microsoft starts approving hardware for Window 10 machines they may not allow secure boot to be turned off, and thereby make it very difficult for users to install arch on such a machine unless it can be booted using secure boot:
  http://arstechnica.com/information-tech … a-reality/
  I suppose at some point there will need to be a method of getting the appropriate certificates for arch to allow booting on machines using secure boot.

  mcloaked wrote:
  mychris wrote:
  I've heard the systemd guys are working on integrating secure boot with systemd and gummiboot. So you might be able to sign everything yourself and secureboot your GNU/Linux/Systemd machine.
  But currently I don't know anything about it and don't care about it. Like trilby said, if I'm not able to use a specific hardware I will not use it.
  Sure I won't buy hardware that I can't install Arch on - but what is a potential problem is if OEMs are forced into only selling locked hardware if they wish to sell it with Windows on it in the future - that would give MS a monopoly position - and for laptops it is not so easy to find hardware that is free of MS apart from a limited range of laptops that have Ubuntu installed when supplied (and of course IOS and chromeos based machines). For desktops it is not too difficult to buy components or barebones systems that you can customise and install whatever you like on - but laptops don't generally fall into that option range.  I do have to keep Windows for some tasks that it is close to impossible to do without Windows (like satnav updates for example) though it principle a VM could be used with Windows on it. It is a shame that for this kind of task there isn't a linux alternative that avoids Windows altogether! It would be nice to find barebones laptops that you can install any OS of choice on with none on the machine at the time of purchase.
  I know this argument was discussed at length before Secure Boot appeared in the machines that are on the market now - and at the time I thought that the basic principle of not having one O/S manufacturer monopolising the market and excluding other O/Ses had been established and expected to continue along this path - but the news item indicates that a significant departure from that policy may now take place over the next year or two. Giving users the option to disable Secure Boot has no impact on the security of the Windows O/S on a particular machine unless the user actively disables it but that should remain the user's choice. The only reason to lock down the BIOS in this way is to attempt to close off competition to Windows. In a true free market there should be hardware that is not so locked - or at least have as much choice of hardware that is not incumbent on control from MS. There are worries that the BIOS is vulnerable to firmware hacking but that could in principle happen even if the Secure Boot option is designed to have no user control to turn it off.  Maybe devices that will re-flash the BIOS with one that does allow Secure Boot will be developed - I seem to remember that some machines are "operated on" during delivery to customers in that kind of way to install firmware components that are not in place at manufacture - so that kind of technology already exists.
  It will no doubt be interesting to see how this plays out over the next couple of years.
  Edit:  I guess if it comes to the crunch that people will start to play with the information such as at https://wiki.archlinux.org/index.php/Un … ecure_Boot
  I've tried using VB as a PXE client for Arch, and VB keeps blowing up.  It's better if you just run it straight.

• MJG's signed Shim for UEFI Secure Boot now available

  There have been a number of posts about EFI and Secure Boot recently, so I thought some people might be interested in this:
  http://mjg59.dreamwidth.org/20303.html
  That's Matthew Garrett's announcement of a signed binary version of his Shim boot loader. Basically, this program will boot on a computer with Secure Boot active in its default mode (with Microsoft's keys in the firmware) and then launch another boot loader (called grubx64.efi, although it could be something other than GRUB in that filename) that you sign with your keys. The end result is something that's more secure than disabling Secure Boot entirely and easier than installing your own Secure Boot keys. I haven't yet tried this version of the binary, so I can't provide help beyond pointing you to MJG's own blog, but I thought some people might want to know about it.
  FWIW, although you could sign and launch my rEFInd boot manager with this version of Shim, the current version (0.4.7) won't be very useful when signed in this way, since it doesn't yet "talk" to Shim. I'm working on changing that, so that rEFInd will launch binaries signed in a way that Shim supports.

  kristof wrote:A signed bootloader is nice, but unless the Arch developers start distributing a version of the kernel that's also signed with a MOK, secure boot isn't being fully utilized.
  Largely true, but:
  Secure Boot is here, and seems likely to stay. Given this fact, all Linux distributions (including Arch) need a way to cope with it. There are basically two choices: Provide instructions on how to deal with it (difficult because of system-to-system differences) or provide signed binaries (a boot loader at a minimum, or preferably a boot loader and kernel).
  It's possible to "provide" a signed binary by generating the key locally and signing it locally. This could be done by scripts in the installation process, for example. Of course, that still leaves a need to get the installer booted on a Secure Boot system, but that could be handled with the Linux Foundation's pre-bootloader.
  To be truly effective, Secure Boot really requires support all the way up the software chain. Signing a kernel does no good if the kernel can load unsigned modules, for instance. Fedora's taking steps to provide such security, but Ubuntu seems to be going with a more relaxed approach. In truth, Linux isn't as bothered by malware as is Linux, so it's unclear that going with a Fedora-esque approach is really helpful; but OTOH, it's conceivable that malware authors will start using Linux as a vector to install boot-time malware if Windows becomes sufficiently locked down, so maybe some paranoia is in order.
  At the moment and as a practical matter, technical Linux users (including most Arch users) will find it quicker and easier to disable Secure Boot than to use shim. As shim and various support tools (signing utilities, boot managers, etc.) mature, though, this may not be the case. It may also be desirable or even necessary to leave Secure Boot enabled, in which case adopting shim now may make sense. Likewise if you want to learn about it now so that you can use it in the future.