Product SiteDocumentation Site

2.3. Enabling Microsoft Secure Boot

Systems which do not ship with Microsoft Windows 8 typically do not enable UEFI Secure Boot (or its Microsoft variant). However, many of these systems still contain the Microsoft keys in the firmware, and enabling Microsoft Secure Boot is relatively straightforward.
For example, on a Lenovo desktop system, you need to enter the firmware as described in Section 2.1, “Entering the UEFI firmware”. Then press the key until you reach the Exit tab, as shown in Figure 2.5, “UEFI firmware Exit tab”.
                                     Lenovo BIOS Setup Utility
    Main  Devices  Advanced  Power  Security  Startup  Exit
┌────────────────────────────────────────────────────────┬───────────────────────────────┐
│                                                        │          Help Message         │
│  Save Changes and Exit                                 │───────────────────────────────│
│  Discard Changes and Exit                              │Some settings below are        │
│                                                        │changed accordingly. Select    │
│  Load Optimal Defaults                                 │"Enabled" to meet Microsoft(R) │
│  OS Optimized Defaults                [Disabled]       │Windows 8 (R) Certification    │
│                                                        │Requirement.                   │
│                                                        │Affected settings are CSM      │
│                                                        │Support, Boot mode, Boot       │
│                                                        │Priority, Secure Boot, Secure  │
│                                                        │RollBack Prevention.           │
│                                                        │                               │
│                                                        │                               │
│                                                        │                               │
│                                                        │                               │
│                                                        │                               │
│                                                        │                               │
│                                                        │                               │
│                                                        │                               │
│                                                        │                               │
│                                                        │                               │
│                                                        │                               │
│                                                        │                               │
└────────────────────────────────────────────────────────┴───────────────────────────────┘
 F1     Help     ↑↓     Select Item     +/-     Change Values       F9     Setup Defaults
 ESC    Exit     ←→     Select Menu     Enter   Select►Sub-Menu     F10    Save and Exit
Figure 2.5. UEFI firmware Exit tab

Press to select the OS Optimized Defaults entry. Press Enter to change the settings. A confirmation dialog will appear, and need to choose Yes. (See Figure 2.6, “UEFI firmware confirmation for OS Optimized Defaults”).
                                     Lenovo BIOS Setup Utility
    Main  Devices  Advanced  Power  Security  Startup  Exit
┌────────────────────────────────────────────────────────┬───────────────────────────────┐
│                                                        │          Help Message         │
│  Save Changes and Exit                                 │───────────────────────────────│
│  Discard Changes and Exit                              │Some settings below are        │
│                                                        │changed accordingly. Select    │
│  Load Optimal Defaults                                 │"Enabled" to meet Microsoft(R) │
│  OS Optimized Defaults   ┌───────────────────────────────────────────┐Certification    │
│                          │                 Attention!                │                 │
│                          ├───────────────────────────────────────────┤ngs are CSM      │
│                          │  If OS Optimized Defaults is changed to   │mode, Boot       │
│                          │  Enable, some settings including Secure   │re Boot, Secure  │
│                          │  Boot,CSM,IPV4 and IPV6 will be changed.  │ntion.           │
│                          │      Do you really want to continue?      │                 │
│                          │  Select Yes to continue to Enable the OS  │                 │
│                          │            Optimized Defaults.            │                 │
│                          │ Select No  to discontinue the operation.  │                 │
│                          │                                           │                 │
│                          │                                           │                 │
│                          │            [Yes]          [No]            │                 │
│                          └───────────────────────────────────────────┘                 │
│                                                        │                               │
│                                                        │                               │
│                                                        │                               │
│                                                        │                               │
└────────────────────────────────────────────────────────┴───────────────────────────────┘
 F1     Help     ↑↓     Select Item     +/-     Change Values       F9     Setup Defaults
 ESC    Exit     ←→     Select Menu     Enter   Select►Sub-Menu     F10    Save and Exit
Figure 2.6. UEFI firmware confirmation for OS Optimized Defaults

Afterwards, check that OS Optimized Defaults has changed to Enabled. Press several times until you reach the Security tab (Figure 2.3, “UEFI firmware Security tab”), press to select Secure Boot, hit Enter, and check that Secure Boot is enabled, as in Figure 2.4, “UEFI firmware Secure Boot settings”.
Return to the Exit tab, choose Save Changes and Exit, and press Enter. Confirm saving the settings, and reboot. Microsoft Secure Boot is now enabled.