• ×
    Information
    Windows update impacting certain printer icons and names. Microsoft is working on a solution.
    Click here to learn more
    Information
    Need Windows 11 help?
    Check documents on compatibility, FAQs, upgrade information and available fixes.
    Windows 11 Support Center.
  • post a message
  • ×
    Information
    Windows update impacting certain printer icons and names. Microsoft is working on a solution.
    Click here to learn more
    Information
    Need Windows 11 help?
    Check documents on compatibility, FAQs, upgrade information and available fixes.
    Windows 11 Support Center.
  • post a message
Guidelines
Any failures related to Hotkey UWP service? Click here for tips.
HP Recommended
HP Slimline 290-p0056 desktop
Microsoft Windows 10 (64-bit)

I want to use UEFI *without* Secure Boot.

 

I've read the HP document "HP PCs - Secure Boot (Windows 10)"

 

It tells you how to disable Secure Boot to use Legacy BIOS.  It does not tell you how to disable Secure Boot and still use UEFI. It implies that you have to use Legacy BIOS if you disable Secure Boot.

 

Just disabling "Secure Boot" in BIOS did not work. Rebooting goes back to Secure Boot on.

 

I want to use UEFI without Secure Boot. How do I do it?

 

I am aware of the security implications.

 

Thank you.

1 ACCEPTED SOLUTION

Accepted Solutions
HP Recommended

Greetings,

Welcome to the forum.

I am not an HP employee.

 

Please tell the forum what you are trying to do.

 

The UEFI BIOS included with your PC is always on.

 

Disabling Secure Boot and enabling Legacy Boot does not disable the UEFI BIOS.

 

You are disabling embedded HP security keys when you disable Secure Boot and enable Legacy Boot. You can do this and then install new hardware or a different operating system.

 

Then you can create new keys based on the new hardware or new operating system. Now you can enable Secure Boot. 

 

Your PC will boot with the new security keys  and new hardware/OS.

 

Regards

 

View solution in original post

5 REPLIES 5
HP Recommended

Greetings,

Welcome to the forum.

I am not an HP employee.

 

Please tell the forum what you are trying to do.

 

The UEFI BIOS included with your PC is always on.

 

Disabling Secure Boot and enabling Legacy Boot does not disable the UEFI BIOS.

 

You are disabling embedded HP security keys when you disable Secure Boot and enable Legacy Boot. You can do this and then install new hardware or a different operating system.

 

Then you can create new keys based on the new hardware or new operating system. Now you can enable Secure Boot. 

 

Your PC will boot with the new security keys  and new hardware/OS.

 

Regards

 

HP Recommended

Thank you for the help. It is appreciated. I apologize for taking so long to respond.

 

I took some time to understand UEFI better. It can be confusing. Reading some of your responses to others helped. I see why my post was not good.

 

I do have some questions still.

 

1) When you disable Secure Boot, is it only off for that next session, or does it stay off until you enable it again? I think it stays off but I want to confirm this.

 

2) You told someone not to modify UEFI settings unless you've previously disabled Secure Boot. Is that just for boot-related settings, or for changing any setting?

 

3) How do new keys get created after you add hardware? Does it happen automatically when you enable Secure Boot again, or do I have to take other actions? HP's Secure Boot page doesn't say.

 

Thank you so much for your time.

 

HP Recommended

Hi sonicwind,

 

You're very welcome.

 

1. When you disable Secure Boot and enable Legacy Boot the BIOS retains this state until you: change the settings,  reset CMOS, or update the BIOS to a newer version.

 

2. I am not sure what you are referring to. You can change other BIOS settings under Secure or Legacy mode.

 

3. You can create a new set of security keys. This will allow using Secure Boot when using new hardware or a different operating system.

 

This procedure is done using the BIOS Security Menu.

 

To do this you would remove the HP security keys. Save and exit the BIOS.

 

Enter the BIOS. Go to the Security Menu.

 

Then select create new security keys based on the current configuration.

 

Save and exit.

 

Now you can disable Legacy Boot, enable Secure Boot.

 

The system will now successfully boot using Secure Boot.

 

Regards

HP Recommended

Thank you again Grzwacz.  I admire the effort you have put into helping people here.

HP Recommended

Hi sonicwind,

 

You're very welcome.

 

It has been a pleasure working with you.

 

Regards

† The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the <a href="https://www8.hp.com/us/en/terms-of-use.html" class="udrlinesmall">Terms of Use</a> and <a href="/t5/custom/page/page-id/hp.rulespage" class="udrlinesmall"> Rules of Participation</a>.