What is Secure Boot and when should you disable it?
Short answer: Secure Boot is a UEFI firmware feature that verifies only digitally signed software loads at startup — blocking bootkit malware. Disable it only when you need to install an older Linux distribution or run unsigned boot code. For most users, Secure Boot should remain enabled. Modern Ubuntu, Fedora, and Linux Mint installations work with Secure Boot on. Never disable Secure Boot just because an internet guide says to — check whether your specific use case actually requires it first.
How to disable Secure Boot — step by step
Step 1: Check current Secure Boot status
Before entering BIOS, verify the current state. Press Windows + R, type msinfo32, press Enter. In System Information, look for Secure Boot State — it shows On or Off. Also check BIOS Mode — it must say UEFI, not Legacy. Secure Boot only exists in UEFI mode. If it says Legacy, your system is already running in a mode that does not have Secure Boot.
Step 2: Enter BIOS setup
Restart the laptop and press the BIOS key for your brand immediately after the power button: F10 for HP, F2 for Dell, F1 or F2 for Lenovo, F2 or Delete for Asus and Acer. Alternatively, from Windows 11, go to Settings → System → Recovery → Advanced startup → Restart now → Troubleshoot → Advanced options → UEFI Firmware Settings. This guarantees entry regardless of Fast Boot.
Step 3: Locate and disable Secure Boot
In BIOS, navigate to the Security, Boot, or Authentication tab — the location varies by brand. On HP: Security → Secure Boot Configuration. On Dell: Boot → Secure Boot. On Lenovo: Security → Secure Boot. On Asus and Acer: Boot → Secure Boot. Change the setting from Enabled to Disabled. If the option is greyed out on HP or Dell, you must first set a BIOS Supervisor Password in the Security tab — the setting becomes editable once a password is set. Press F10 to save and exit.
Step 4: The India angle — dual-boot for engineering and development work
Disabling Secure Boot for Linux dual-boot is extremely common in India's engineering colleges, software development firms, and IT offices — many legacy tools and curricula run on Ubuntu or CentOS. The important follow-up step most users skip: re-enable Secure Boot after installation if the Linux distribution supports it. Ubuntu 20.04+, Fedora 33+, and Linux Mint 20+ all ship with SHIM (a Microsoft-signed bootloader that bridges Linux and Secure Boot) — once installed, you can re-enable Secure Boot and the dual-boot will continue working. Read our guide on enabling virtualization in BIOS if you plan to run Linux inside a VM instead of dual-booting — virtualization does not require disabling Secure Boot. If you hit boot issues after toggling Secure Boot, our BIOS repair service can restore proper settings and recover a broken boot configuration.
When to call a laptop repair service
When DIY ends
Seek professional help if: the laptop shows a Secure Boot violation error after changes and Windows will not boot, BIOS shows a red lock icon on every startup, or the BIOS menu is locked and you do not have the supervisor password.
Typical cost in India
BIOS supervisor password removal or Secure Boot configuration recovery: ₹500–₹1,500. Windows boot repair after a Secure Boot configuration change: ₹800–₹1,500. Doorstep diagnosis: ₹149, No Fix No Fee.
A note from the LRW Engineer Team
The most common Secure Boot mistake we see is customers disabling it, installing a Linux distribution, then re-enabling Secure Boot without checking whether the distro supports it — causing the dual-boot menu to vanish. Always verify SHIM support in your specific distro version before re-enabling. Ubuntu's documentation covers this clearly at ubuntu.com/core/docs/uc20/secure-boot.