Share via

Secure boot, and its interaction with Windows 11 security, other features

Anonymous
2024-09-24T02:41:46+00:00

Hi.

I have a Windows 11 Home laptop, an ASUS ROG Strix G18.

Im pretty experienced with PCs and their firmware, but I have had so many problems with UEFI over the years when used with alternate OSes (BSDs Linux, various bootable recovery tools you can install on a second HDD.) Because of this I have always told people who ask, they should disable Secure Boot and enable CSM/Legacy mode in their setup utility before attempting a dual boot. It's especially important if you want to install drivers that aren't included in the Linux kernel even with a secure boot capable Linux kernel.

Anyway, it's getting to the point where CSM/ LEGACY mode will probably be removed in a future BIOS update for mine, and many other laptop models, so it really isn't a good way to install things if you want them to still work in the future.

I know that to install Linux with out of kernel drivers, secure boot needs to be either turned off, or set to other OS in the setup utility in order to install a non secure boot compatible kernel (Other OS is basically turning it off anyway, system information will report it as such.)

But how would this interact with Windows 11? I know in Windows 10, it stopped automatic Windows updates (You just had to click install and do it manually, probably preferrable to some actually.) Also some software stopped working (Adobe creative suite, EA Games - FIFA, Valorant etc,) but I believe this could be fixed by switching secure boot back on.

I assume this is the same with Windows 11, but according to some - Switching secure boot on or off, locks you out of your computer if device encryption or bitlocker, are enabled, and the recovery key is required every time you start the computer. Apparently Even switching secure boot to the original setting does not fix this. Is this true?

Windows for home | Windows 11 | Performance and system failures

Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question.

0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2024-09-25T13:01:47+00:00

    Well - the questions are quite simple really.

    If you didn't gather, I'm asking if Windows 11 has more of a hair trigger to BIOS secure boot changes. Also, would I have to enter my recovery key every time I boot to Windows - if I have change the secure boot policy (on to off, or the other way around.) Or would I only have to do it once?

    I am looking for a safe way to switch secure boot to other OS, without getting locked out of my Win10 home OS. Or having to type in that insanely long recovery key every time I start Windows. I should emphasise I haven't made any modifications to the secure boot policy in my UEFI settings yet, but I might wish to in future for USB dual boot. Or to run tools and possibly back up files before a Windows reinstall if Windows becomes unbootable. I have no intention of ditching Windows, but Linux on a big USB 3.2 SSD can be useful.

    Win10 didn seem to mind secure boot policy changing. Maybe it knew the difference between a user changing settings in the setup utility and an actual malware attack. More people are being locked out of their data because of Windows encryption. But then again Bitlocker was only on Win10 Pro. Device encryption is on all editions, and lockdown is even being triggered by BIOS updates for some. It's a hair trigger.

    2 people found this answer helpful.
    0 comments
  2. Anonymous
    2024-09-25T09:26:18+00:00

    Hello, ThorsHammer_342

    Welcome to the Microsoft Community

    Thank you for your feedback. I have read the information you provided. You mentioned that you had some problems with Secure Boot and Bitlocker.

    I understand the trouble this problem has caused you, but unfortunately, this forum is for ordinary Microsoft users to help them solve some problems in the use of computers. I hope to solve your problem, but your problem is beyond the scope of the forum. I suggest that professional users like you can go to our Learn forum to submit your question. There are many users like you and other problem experts there, who will give more professional and effective help. You can click the link below to post your question.

    Windows - Microsoft Q&A(Only English)

    We hope that your problem can be properly solved in the right department. Thank you for your understanding.

    Best regards

    Brian - Microsoft Community Support Specialist

    0 comments