Howto disable W4 Secure Boot Mode?

help1
help1 Member Posts: 5 New User

Hi

 

I try to disable the "Secure Boot Mode Disable" on a W4 but its blanked out(e.g nothing to select) also I have set the supervisor password but still the same.

 

I am trying to install an encryption SW called Drivecrypt (e.g DCPP) and this SW says Boot must be from the DCPP partition, If I go to the bios "boot" options you can not select this e.g you can select "Windows Boot manager" USB HDD" and so on.

 

I guess by disabling secure boot, dcpp partition would apear. Anyway how do you disable "Secure Boot Mode Disable" on a W4 ?

 

/BR

Also in under Security, the options "Secure boot mode","Erase all secure bootsettings" and so on are blanked out

Answers

  • After setting the supervisor password you will be able to select 'Erase all Secure BootSettings'.
    I suspect that this would disable secure boot however, I have no intention of trying this!

     

    I am not familiar with DCPP but I would think once the 'erase' is complete, your software installation will be able to 'do its thing' with your primary partition.

     

    Standard disclaimer here - you do this entirely at your own risk of course!

     

  • help1
    help1 Member Posts: 5 New User

    Thanks for the reply

     

    I have set the password and set "Secure boot" to enabled! (this gives me access to "Erase all boot settings"

    Did that but "nothings happens",

     

    I still have no option to select DCPP partition, still see same the bios "boot" options "Windows Boot manager" USB HDD" and so on.

     

    On a stationary PC(win7) and UEFI i do not have this problems, e.g DCPP just works(and they state its compatible with win8)

  • padgett
    padgett ACE Posts: 4,532 Pathfinder

    Is the DCPP partition set to "Active/Boot". You should be able to see it from DiskMgmt.msc

  • billsey
    billsey ACE Posts: 34,944 Trailblazer

    I assume you havce their latest version... Have you asked them about UEFI support specifically? 'Supports Windows 8' could easily be 'as long as it's not using UEFI for booting'.

    Click on "Like" if you find my answer useful or click on "Yes" if it answers your question.
  • padgett
    padgett ACE Posts: 4,532 Pathfinder

    a) UEFI is a BIOS replacement, is OS agnostic.

    b) UEFI only reports boot sectors with signatures that are in its library. At one point I was told that Acer only had two: Acer's and Microsoft's. Anything else would be ignored.

    c) "Legacy mode" is part of the spec. Few bother to comply. Even fewer could tell if they did.

     

    If motiviated I could just pull and disassemble the BIOS/UEFI code. All you need is the right software but frankly am more interested in rebuilding the seat in my car.

  • billsey
    billsey ACE Posts: 34,944 Trailblazer

    What I was assuming is the encryption software wants to encrypt the whole drive, replacing the existing boot loaders with a decryption loader and the boot loader encrypted. That would break UEFI pretty darn quickly... That's why I asked the question... If they're only supporting Windows 8 and 8.1 on older machines then there will be problem similar to what the original question asked.

    Click on "Like" if you find my answer useful or click on "Yes" if it answers your question.
  • padgett
    padgett ACE Posts: 4,532 Pathfinder

    Not necessarily and depends on the boot sequence but generally POST just checks for an active partition and loads the boot sector then checks for a recognised signature before proceeding. It may do this for any number of devices & present a choice It could perform some other checks but the intent in Clover Trail and Bay Trail is not to be secure but to make sure that only a OS capable of power management is loaded.

  • help1
    help1 Member Posts: 5 New User

    Do I understand b) correct in that, that Acer only support boot from "Acer" & "Microsoft" certified boot sectors e.g. if other sw like DCPP adds a boot partition it will always be ignored. In that case DCPP will never work, because it will not be started from?

     

    Support at Securestar (that makes DCPP) claims I need a keyboard to be able to select the DCPP boot partition, and since Tablet do not have physical keyboards I will never be able to select the DCPP partition. I do no really follow their explanation(sometimes their support can be "strange")? If this is true then DCPP will not work on any Tablet

     

    I also tried to install Truecrypt but the sw said its not compatible

     

    What I would like is to is to encrypt the whole disc

  • billsey
    billsey ACE Posts: 34,944 Trailblazer

    From what I understand you are correct, a custom boot partition will not work. Have you looked into BitLocker Drive Encryption? It doesn't require a custom boot block and comes free with Windows. Here is a page that explains it reasonably well...

    Click on "Like" if you find my answer useful or click on "Yes" if it answers your question.
  • help1
    help1 Member Posts: 5 New User

    Thanks Billsey

     

    Is it the UEFI together with win 8.1 thats the problem, I have UEFI on my PC(win7) but it looks like a "Normal" bios.

    Here DCPP just works, no selections of bootpartitions etc.

     

    So encryprion like DCPP&Truecrypt will "never" work on Tablets with 8.1?

     

    /BR

    Also when it comes to Encryption selection between NSA (=Bitlock) versus DCPP (=German encryption) I know what to select Smiley Tongue

     

This discussion has been closed.