09-03-2018 06:38 PM
I want to use UEFI *without* Secure Boot.
I've read the HP document "HP PCs - Secure Boot (Windows 10)"
It tells you how to disable Secure Boot to use Legacy BIOS. It does not tell you how to disable Secure Boot and still use UEFI. It implies that you have to use Legacy BIOS if you disable Secure Boot.
Just disabling "Secure Boot" in BIOS did not work. Rebooting goes back to Secure Boot on.
I want to use UEFI without Secure Boot. How do I do it?
I am aware of the security implications.
Solved! Go to Solution.
09-03-2018 09:11 PM - edited 09-03-2018 09:15 PM
Welcome to the forum.
I am not an HP employee.
Please tell the forum what you are trying to do.
The UEFI BIOS included with your PC is always on.
Disabling Secure Boot and enabling Legacy Boot does not disable the UEFI BIOS.
You are disabling embedded HP security keys when you disable Secure Boot and enable Legacy Boot. You can do this and then install new hardware or a different operating system.
Then you can create new keys based on the new hardware or new operating system. Now you can enable Secure Boot.
Your PC will boot with the new security keys and new hardware/OS.
09-07-2018 11:38 AM
Thank you for the help. It is appreciated. I apologize for taking so long to respond.
I took some time to understand UEFI better. It can be confusing. Reading some of your responses to others helped. I see why my post was not good.
I do have some questions still.
1) When you disable Secure Boot, is it only off for that next session, or does it stay off until you enable it again? I think it stays off but I want to confirm this.
2) You told someone not to modify UEFI settings unless you've previously disabled Secure Boot. Is that just for boot-related settings, or for changing any setting?
3) How do new keys get created after you add hardware? Does it happen automatically when you enable Secure Boot again, or do I have to take other actions? HP's Secure Boot page doesn't say.
Thank you so much for your time.
09-07-2018 01:51 PM
You're very welcome.
1. When you disable Secure Boot and enable Legacy Boot the BIOS retains this state until you: change the settings, reset CMOS, or update the BIOS to a newer version.
2. I am not sure what you are referring to. You can change other BIOS settings under Secure or Legacy mode.
3. You can create a new set of security keys. This will allow using Secure Boot when using new hardware or a different operating system.
This procedure is done using the BIOS Security Menu.
To do this you would remove the HP security keys. Save and exit the BIOS.
Enter the BIOS. Go to the Security Menu.
Then select create new security keys based on the current configuration.
Save and exit.
Now you can disable Legacy Boot, enable Secure Boot.
The system will now successfully boot using Secure Boot.