The Truth about Windows 10, UEFI, and Secure Boot


Here we go again with Tech sites scare-mongering and spreading misinformation. This time it’s all about Windows 10, UEFI, and Secure Boot. Some tech sites have been suggesting that Windows 10 will not work on UEFI systems unless Secure Boot is enabled, which is a complete misinterpretation of the facts. Based on what little information is available, here’s what’s really happening – and even this is not yet set in concrete:

Windows 8 and UEFI Secure Boot

UEFI Secure Boot-

It has nothing to do with the operating system (Windows 10) per se and is all about the “genuine” logo licensing terms. To explain that further: Microsoft offers all manufacturers the opportunity to apply a “Designed for Windows [version]” sticker to their products. In order to obtain those rights, manufacturers have to agree to a set of conditions, as outlayed by Microsoft under its logo licensing terms.

Do you recall a similar furor regarding Secure Boot when Windows 8 was due for release? When Microsoft announced that UEFI Secure Boot would be a mandatory feature under its logo licensing terms there was a massive outcry from disgruntled users because of the potential for preventing dual booting or even installing a different operating system.

However, following the public outcry, Microsoft amended the terms for its “Designed for Windows 8” logo to include a solution to the potential problem: Microsoft also mandated that every system MUST include a user-accessible switch to turn Secure Boot off. Peace reigned again.

Windows 10 and UEFI Secure Boot

Windows 10_and_UEFI

Now, on to Windows 10, and this is where the confusion comes in: Microsoft has intimated that, under the Windows 10 logo licensing terms, it will no longer insist on the inclusion of an option to turn Secure Boot off, leaving it purely optional – as in up to the manufacturers whether they want to include the option or not.

That’s it, that’s what all the fuss is about. Let’s take a look at the implications logically:


  • Due to the competitive nature of the market, I believe it’s pretty safe to assume that many manufacturers would choose to include an “off switch” for UEFI Secure Boot even if they are no longer forced to do so.
  • Even in the event that certain manufactures choose not to include the option to turn Secure Boot off, only new mobos and systems built and distributed by those particular manufactures under the “Designed for Windows 10” logo would be affected – and, even then, Windows 10 will still work fine.
  • Existing (pre-Windows 10) UEFI systems all include the option to turn Secure Boot off. So, those who utilize the upgrade path to existing hardware would not be affected at all.

In a nutshell, Windows 10 will still work fine on both BIOS and UEFI systems, and regardless of whether Secure Boot is enabled or not. Plus, of course, this is all supposing Microsoft does go ahead and drop its mandate forcing manufactures to include an option to disable Secure Boot, we probably won’t know for sure, either way, until RTM (Release To Manufacturing).

I really don’t see an issue here, a mountain out of a mole hill.

Dual Booting Windows 10 & Linux

windows 10_linux_dual boot

Could a permanently enabled Secure Boot mean the end of Linux on a Windows PC? No. UEFI is a global standard that Microsoft has no ownership over. Therefore, if Linux distributions include compatibility for UEFI, they’ll be able to run without a problem in a “secure boot” environment. <source>

The rise of mandatory, locked Secure Boot could create a problem for smaller Linux distributions or custom Linux systems—but the Linux Foundation Secure Boot System is a generic loader signed by Microsoft that should allow any Linux system to boot on PCs with Secure Boot enabled. <source>

The latest versions of popular Linux distributions, including Ubuntu, Mint and Fedora, already install just fine on a Windows PC that has Secure Boot enabled, and this trend can only widen. After all, developers will always have the incentive to make their product as compatible with as many machines as possible.


I guess there is always the possibility that Microsoft may eventually stop signing these Linux loaders thus preventing them from functioning in Secure Boot mode, however, I believe that’s a highly unlikely scenario. I’m a half-glass-full kind of person. 🙂

Seriously, after the Windows 8 debacle followed by the Windows 8 to 8.1 upgrade shambles, Microsoft really needs Windows 10 to succeed and I can’t see the company making any decisions that would likely impede that success and/or damage its sagging reputation even further.

Final Word

The jury is still out on just how much value Secure Boot actually adds from a security point of view, but that’s another story for another time. To quote security expert Bruce Schneier… “I think this [secure Boot] is just another piece of security theater that will inconvenience many and benefit no one.”

 

Posted in:
About the Author

Jim Hillier

Jim is the resident freeware aficionado at DCT. A computer veteran with 30+ years experience who first started writing about computers and tech back in the days when freeware was actually free. His first computer was a TRS-80 in the 1980s, he progressed through the Commodore series of computers before moving to PCs in the 1990s. Now retired (aka an old geezer), Jim retains his passion for all things tech and still enjoys building and repairing computers for a select clientele... as well as writing for DCT, of course.

There are 11 comments

Your email address will not be published. Required fields are marked *