How to Disable or Enable Secure Boot on Your Computer via ASUS UEFI BIOS Utility

Secure Boot is often enabled by default on ASUS motherboards with UEFI BIOS. I have Windows 10 on my new PC right now and wanted to have a dual-boot setup. For that, I needed to disable the secure boot on the machine.

This guide is created to reflect the process that I followed to disable the ‘Secure Boot’ on the UEFI BIOS on Asus X99-Deluxe motherboard.

Prerequisite for Windows UEFI Mode: GPT Partition Style

Installing Windows on UEFI-based systems requires that your hard drive partition style has to support UEFI mode or at least be in a legacy BIOS-compatibility mode. You might run into an error as below, which indicates that your PC is booted in UEFI mode, but your hard drive does not support it.

“Windows cannot be installed to this disk. The selected disk is not of the GPT partition style”

The GPT partition style on your hard drive is required for the UEFI mode. Another advantage of GPT partition style is that you can set up drives of size greater than 4 GB, and have as many partitions on it as you need.

The easiest way to apply the GPT partition style to your hard drive is to do it over the command prompt using the installation disk or let a Windows based tool to handle it for you.

Convert Your Hard Drive to GPT Partition Style Using the Command Prompt

1. Plug in the Windows setup disk or USB and boot your PC in UEFI mode.
2. Once in Windows setup, press shift + F10 to open a command prompt window.
3. Open the disk partition tool with diskpart.
4. List and identify the disk to format with list disk.
5. Select the drive to format and convert to GPT.
   select disk <disk number here>
   clean
   convert gpt
   exit
6. Close the command prompt and continue.

Convert Your Hard Drive to GPT Partition Style Using a Windows Partition Manager Tool

You can do the conversion to GPT without needing to go to the command prompt by using a Windows partition manager tool from EaseUS. It had been mentioned by few of our readers before, and another one emailed me recently mentioning how useful it was for him while setting up a dual boot system. He also mentioned that the support team from EaseUS was very helpful with any questions he had, and highly recommended the tool.

EaseUS partition master can help you convert the hard drive to GPT. In addition it can help you create, merge, remove, delete or wipe partitions. It can also help you with data recovery in case of deleted or lost partitions. It has an effective free version as well and the pro version offers more advanced features like – converting to GPT partition style without data loss! It is not too expensive and can be a valuable addition to your toolkit.

Trial: Partition Master Pro (1 PC) | Server (1 Server) | Unlimited (Unlimited PCs / Servers)

Buy: Partition Master Pro | Partition Master Server | Partition Master Unlimited

Step-by-Step: Take Backup of Existing Keys and Disable Secure Boot

1. Plug in a USB drive.
2. Restart your computer and enter into the BIOS by pressing the DEL key (In case you need to use any other key, keep an eye out for instructions on the first screen.) This should load up the UEFI BIOS interface.
3. Go into the Advanced Mode (F7 or any other key as specified).

1. Go into ‘Secure Boot’ option under the Boot section.
2. Ensure the proper OS Type is selected, and go into Key Management.
3. Select ‘Save Secure Boot Keys’ and press enter.
4. Select the USB drive when asked to ‘Select a File System’.
5. Four key files named PK, KEK, DB and DBX are saved to the USB.
6. Delete Platform Key (PK) to disable secure boot. (Note: Do not delete other keys)
7. Save and restart to apply settings (usually F10) and boot with ‘secure boot’ disabled.

Step-by-Step: Restore Keys and Enable Secure Boot

1. Follow steps 1 to 5 from the previous section. Use the USB drive that has the backed up keys
2. Go to ‘Load Default PK’ and press enter. You have two options to set the new key.
3. ‘Yes’ loads the default keys. Once done, save the configuration and restart to have secure boot enabled.
4. ‘No’ lets you load the backed up keys.
   1. Select the USB drive that has the backup files.
   2. Select the right file to restore (In this case – PK)
   3. Confirm that it is a ‘UEFI Secure Variable’ type.
   4. Confirm that you want to update the PK file.
   5. Save and restart. ‘Secure Boot’ should be enabled now.

Conclusion

That’s it. It is quite straightforward once you know the steps. If you had to take some different steps to disable secure boot on your system, do share with our readers in the comments below.

Update (Nov 24, 2016): Details about the GPT Partition Style as a prerequisite.