QUESTIONS regarding SECURE BOOT


Lou

Lou

Well-known member
Member
Local time
4:22 PM
Posts
134
Location
East Coast
OS
WIN11 HOME Version 24H2
I've an older DELL XPS 8940 pc whch has UEFI for Bios Mode and TPM 2.0 but Secure Boot is off.
I've been reading the posts regarding the secure boot certificates and such and have a general understanding of what secure boot does...
Here's the questions-
Do I need to enable the secure boot (discounting the security benefits)...
Will this be a requirement to receive future updates, and such, from MS...
Please no laughing---I'm looking for informed opinions as I know enough to get into trouble
FWIW-I do a monthly IMAGE on my rig
 

My Computer

System One

  • OS
    WIN11 HOME Version 24H2
    Computer type
    PC/Desktop
    Manufacturer/Model
    DELL XPS 8940
    CPU
    11th Gen Intel(R) Core(TM) i7-11700 @ 2.50GHz 2.50 GH
    Motherboard
    Dell OE
    Memory
    32GB
    Graphics Card(s)
    NVIDIA GeForce GTX 1650 SUPER
    Sound Card
    Realtek Audio (on board)
    Monitor(s) Displays
    (2) DELL 2007FP
    Screen Resolution
    1600 X 1200
    Hard Drives
    C: (OS and APPS) 512GB SSD
    D: (data) 1TB SATA
    PSU
    360W
    Case
    DELL OE
    Cooling
    Noctua NF-A9 PWM 92mm case fan and NH-D9L CPU Cooler with 92mm fan
    Keyboard
    Dell
    Mouse
    Logitech M705
    Internet Speed
    1Gb DWN 1Gb UP
    Browser
    FIREFOX- once in a great while will use EDGE
    Antivirus
    MS
    Other Info
    The case fan and CPU cooler were after purchase upgrades...the i7 cpu runs hot and the OE solution can best be described as marginal when CPU intensive apps are used.
    ALSO added VRM and SSD passive heatsinks.
The last BIOS update for DELL XPS 8940 was May 2025. Assuming you have it, you should be supported for the Secure Boot update process.

If your Windows was installed as a GPT filesystem, then you can switch the UEFI from CSM (BIOS mode) to pure UEFI mode. Then enable Secure Boot.

Secure Boot is a protection mechanism to prevent low-level rootkits. Right now it's optional. But eventually more and more features will demand Secure Boot, so you might as well allow Windows to update itself in order to get ready. After it's updated, you have the option to disable Secure Boot.

For now Secure Boot is not mandatory to run Windows, but if you expect to keep this PC around for 2027 or later, then things might change.
 

My Computer

System One

  • OS
    Windows 7
Secure Boot.webp
 

My Computers

System One System Two

  • OS
    Win 11 Home ♦♦♦26200.8655 ♦♦♦♦♦♦♦25H2
    Computer type
    PC/Desktop
    Manufacturer/Model
    Built by Ghot® [May 2020]
    CPU
    AMD Ryzen 7 3700X
    Motherboard
    Asus Pro WS X570-ACE (BIOS 5302)
    Memory
    G.Skill (F4-3200C14D-16GTZKW)
    Graphics Card(s)
    EVGA RTX 2070 (08G-P4-2171-KR)
    Sound Card
    Realtek ALC1220P / ALC S1220A
    Monitor(s) Displays
    Dell U3011 30"
    Screen Resolution
    2560 x 1600
    Hard Drives
    2x Samsung 860 EVO 500GB,
    WD 4TB Black FZBX - SATA III,
    WD 8TB Black FZBX - SATA III,
    DRW-24B1ST CD/DVD Burner
    PSU
    PC Power & Cooling 750W Quad EPS12V
    Case
    Cooler Master ATCS 840 Tower
    Cooling
    CM Hyper 212 EVO (push/pull)
    Keyboard
    Ducky DK9008 Shine II Blue LED
    Mouse
    Logitech Optical M-100
    Internet Speed
    300/300
    Browser
    Firefox (latest)
    Antivirus
    Bitdefender Total Security
    Other Info
    Speakers: Klipsch Pro Media 2.1
  • Operating System
    Windows XP Pro 32bit w/SP3
    Computer type
    PC/Desktop
    Manufacturer/Model
    Built by Ghot® (not in use)
    CPU
    AMD Athlon 64 X2 5000+ (OC'd @ 3.2Ghz)
    Motherboard
    ASUS M2N32-SLI Deluxe Wireless Edition
    Memory
    TWIN2X2048-6400C4DHX (2 x 1GB, DDR2 800)
    Graphics card(s)
    EVGA 256-P2-N758-TR GeForce 8600GT SSC
    Sound Card
    Onboard
    Monitor(s) Displays
    ViewSonic G90FB Black 19" Professional (CRT)
    Screen Resolution
    up to 2048 x 1536
    Hard Drives
    WD 36GB 10,000rpm Raptor SATA
    Seagate 80GB 7200rpm SATA
    Lite-On LTR-52246S CD/RW
    Lite-On LH-18A1P CD/DVD Burner
    PSU
    PC Power & Cooling Silencer 750 Quad EPS12V
    Case
    Generic Beige case, 80mm fans
    Cooling
    ZALMAN 9500A 92mm CPU Cooler
    Keyboard
    Logitech Classic Keybooard 200
    Mouse
    Logitech Optical M-BT96a
    Internet Speed
    300/300
    Browser
    Firefox 3.x ??
    Antivirus
    Symantec (Norton)
    Other Info
    Still assembled, still runs. Haven't turned it on for 15 years?
THANKS for the input troops...Good stuff!!!!
My BIOS version and date are 2.27.1 04/03/25
BIOS MODE is listed as UEFI
When I go to the BIOS I can select SECURE BOOT as ENABLE....
Can I simply enable the secure boot or do I need to review the certificate issue...
 

My Computer

System One

  • OS
    WIN11 HOME Version 24H2
    Computer type
    PC/Desktop
    Manufacturer/Model
    DELL XPS 8940
    CPU
    11th Gen Intel(R) Core(TM) i7-11700 @ 2.50GHz 2.50 GH
    Motherboard
    Dell OE
    Memory
    32GB
    Graphics Card(s)
    NVIDIA GeForce GTX 1650 SUPER
    Sound Card
    Realtek Audio (on board)
    Monitor(s) Displays
    (2) DELL 2007FP
    Screen Resolution
    1600 X 1200
    Hard Drives
    C: (OS and APPS) 512GB SSD
    D: (data) 1TB SATA
    PSU
    360W
    Case
    DELL OE
    Cooling
    Noctua NF-A9 PWM 92mm case fan and NH-D9L CPU Cooler with 92mm fan
    Keyboard
    Dell
    Mouse
    Logitech M705
    Internet Speed
    1Gb DWN 1Gb UP
    Browser
    FIREFOX- once in a great while will use EDGE
    Antivirus
    MS
    Other Info
    The case fan and CPU cooler were after purchase upgrades...the i7 cpu runs hot and the OE solution can best be described as marginal when CPU intensive apps are used.
    ALSO added VRM and SSD passive heatsinks.
If you enable Secure Boot, then Window can run the update process to install CA 2023 (which is the minimum requirement). You don't have to follow through with the revocation of CA 2011, until later.

Run these commands as Admin:
Code: 
reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Secureboot /v AvailableUpdates /t REG_DWORD /d 0x5944 /f
powershell Start-ScheduledTask -TaskName "\Microsoft\Windows\PI\Secure-Boot-Update"

This instructs Windows to perform all of the add functions, but doesn't request for revocation. You may have to restart the system once or twice, and check in the Windows Security Center, under the Devices tab for your current Secure Boot status.
 

My Computer

System One

  • OS
    Windows 7
Thank-you for your time and expertise...I'll give this a shot in the morning.....
 

My Computer

System One

  • OS
    WIN11 HOME Version 24H2
    Computer type
    PC/Desktop
    Manufacturer/Model
    DELL XPS 8940
    CPU
    11th Gen Intel(R) Core(TM) i7-11700 @ 2.50GHz 2.50 GH
    Motherboard
    Dell OE
    Memory
    32GB
    Graphics Card(s)
    NVIDIA GeForce GTX 1650 SUPER
    Sound Card
    Realtek Audio (on board)
    Monitor(s) Displays
    (2) DELL 2007FP
    Screen Resolution
    1600 X 1200
    Hard Drives
    C: (OS and APPS) 512GB SSD
    D: (data) 1TB SATA
    PSU
    360W
    Case
    DELL OE
    Cooling
    Noctua NF-A9 PWM 92mm case fan and NH-D9L CPU Cooler with 92mm fan
    Keyboard
    Dell
    Mouse
    Logitech M705
    Internet Speed
    1Gb DWN 1Gb UP
    Browser
    FIREFOX- once in a great while will use EDGE
    Antivirus
    MS
    Other Info
    The case fan and CPU cooler were after purchase upgrades...the i7 cpu runs hot and the OE solution can best be described as marginal when CPU intensive apps are used.
    ALSO added VRM and SSD passive heatsinks.
I've another question-
I'm using a USB drive as a Macrium Rescue Device--I'm assuming I'll need to make a new one if I have secure boot enabled...
 

My Computer

System One

  • OS
    WIN11 HOME Version 24H2
    Computer type
    PC/Desktop
    Manufacturer/Model
    DELL XPS 8940
    CPU
    11th Gen Intel(R) Core(TM) i7-11700 @ 2.50GHz 2.50 GH
    Motherboard
    Dell OE
    Memory
    32GB
    Graphics Card(s)
    NVIDIA GeForce GTX 1650 SUPER
    Sound Card
    Realtek Audio (on board)
    Monitor(s) Displays
    (2) DELL 2007FP
    Screen Resolution
    1600 X 1200
    Hard Drives
    C: (OS and APPS) 512GB SSD
    D: (data) 1TB SATA
    PSU
    360W
    Case
    DELL OE
    Cooling
    Noctua NF-A9 PWM 92mm case fan and NH-D9L CPU Cooler with 92mm fan
    Keyboard
    Dell
    Mouse
    Logitech M705
    Internet Speed
    1Gb DWN 1Gb UP
    Browser
    FIREFOX- once in a great while will use EDGE
    Antivirus
    MS
    Other Info
    The case fan and CPU cooler were after purchase upgrades...the i7 cpu runs hot and the OE solution can best be described as marginal when CPU intensive apps are used.
    ALSO added VRM and SSD passive heatsinks.
Yes. But what version of Macrium? Older versions like 8.0 or 8.1 will only copy the CA 2011 boot files, an not use the CA 2023 versions.
 

My Computer

System One

  • OS
    Windows 7
Macrium Reflect v8.0.7783
 

My Computer

System One

  • OS
    WIN11 HOME Version 24H2
    Computer type
    PC/Desktop
    Manufacturer/Model
    DELL XPS 8940
    CPU
    11th Gen Intel(R) Core(TM) i7-11700 @ 2.50GHz 2.50 GH
    Motherboard
    Dell OE
    Memory
    32GB
    Graphics Card(s)
    NVIDIA GeForce GTX 1650 SUPER
    Sound Card
    Realtek Audio (on board)
    Monitor(s) Displays
    (2) DELL 2007FP
    Screen Resolution
    1600 X 1200
    Hard Drives
    C: (OS and APPS) 512GB SSD
    D: (data) 1TB SATA
    PSU
    360W
    Case
    DELL OE
    Cooling
    Noctua NF-A9 PWM 92mm case fan and NH-D9L CPU Cooler with 92mm fan
    Keyboard
    Dell
    Mouse
    Logitech M705
    Internet Speed
    1Gb DWN 1Gb UP
    Browser
    FIREFOX- once in a great while will use EDGE
    Antivirus
    MS
    Other Info
    The case fan and CPU cooler were after purchase upgrades...the i7 cpu runs hot and the OE solution can best be described as marginal when CPU intensive apps are used.
    ALSO added VRM and SSD passive heatsinks.
freeware version
 

My Computer

System One

  • OS
    WIN11 HOME Version 24H2
    Computer type
    PC/Desktop
    Manufacturer/Model
    DELL XPS 8940
    CPU
    11th Gen Intel(R) Core(TM) i7-11700 @ 2.50GHz 2.50 GH
    Motherboard
    Dell OE
    Memory
    32GB
    Graphics Card(s)
    NVIDIA GeForce GTX 1650 SUPER
    Sound Card
    Realtek Audio (on board)
    Monitor(s) Displays
    (2) DELL 2007FP
    Screen Resolution
    1600 X 1200
    Hard Drives
    C: (OS and APPS) 512GB SSD
    D: (data) 1TB SATA
    PSU
    360W
    Case
    DELL OE
    Cooling
    Noctua NF-A9 PWM 92mm case fan and NH-D9L CPU Cooler with 92mm fan
    Keyboard
    Dell
    Mouse
    Logitech M705
    Internet Speed
    1Gb DWN 1Gb UP
    Browser
    FIREFOX- once in a great while will use EDGE
    Antivirus
    MS
    Other Info
    The case fan and CPU cooler were after purchase upgrades...the i7 cpu runs hot and the OE solution can best be described as marginal when CPU intensive apps are used.
    ALSO added VRM and SSD passive heatsinks.
Sounds like I'll need to purchase Macrium....
 

My Computer

System One

  • OS
    WIN11 HOME Version 24H2
    Computer type
    PC/Desktop
    Manufacturer/Model
    DELL XPS 8940
    CPU
    11th Gen Intel(R) Core(TM) i7-11700 @ 2.50GHz 2.50 GH
    Motherboard
    Dell OE
    Memory
    32GB
    Graphics Card(s)
    NVIDIA GeForce GTX 1650 SUPER
    Sound Card
    Realtek Audio (on board)
    Monitor(s) Displays
    (2) DELL 2007FP
    Screen Resolution
    1600 X 1200
    Hard Drives
    C: (OS and APPS) 512GB SSD
    D: (data) 1TB SATA
    PSU
    360W
    Case
    DELL OE
    Cooling
    Noctua NF-A9 PWM 92mm case fan and NH-D9L CPU Cooler with 92mm fan
    Keyboard
    Dell
    Mouse
    Logitech M705
    Internet Speed
    1Gb DWN 1Gb UP
    Browser
    FIREFOX- once in a great while will use EDGE
    Antivirus
    MS
    Other Info
    The case fan and CPU cooler were after purchase upgrades...the i7 cpu runs hot and the OE solution can best be described as marginal when CPU intensive apps are used.
    ALSO added VRM and SSD passive heatsinks.
Lou said:
Sounds like I'll need to purchase Macrium....
Click to expand...
this forum post may hold the answer and help with macrium

Macrium Secure boot

I updated my system for the June thing that MS id suppose to do now my macrium usb rescue disk won't boot. Is it safe to disable secure boot in bios without screwing up everything and turning it back on when needed. I can not find how to update the rescue disk
www.elevenforum.com www.elevenforum.com

best of luck Steve ..
 

My Computers

System One System Two

  • OS
    Debian 13 KDE .. Windows 11 Home
    Computer type
    PC/Desktop
    Manufacturer/Model
    HP 24" AiO
    CPU
    Ryzen 7 5825u
    Motherboard
    HP
    Memory
    64GB DDR4 3200
    Graphics Card(s)
    Ryzen 7 5825u
    Sound Card
    RealTek
    Monitor(s) Displays
    24" HP AiO
    Screen Resolution
    1920 x 1080 @60 Hz
    Hard Drives
    1TB WD Blue SN580 M2 SSD Partitioned.
    2x 1TB USB HDD External Backup/Storage.
    PSU
    90W external power brick
    Case
    24" All in One
    Cooling
    Default Air Cooling
    Keyboard
    HP WiFi UK extended
    Mouse
    HP WiFi 3 Button
    Internet Speed
    1GB full fibre
    Browser
    Edge & Firefox
    Antivirus
    AVG Internet Security/Windows Defender
    Other Info
    Mainly Open Source Software
  • Operating System
    Ubuntu 22.04.5 LTS
    Computer type
    Laptop
    Manufacturer/Model
    Dell 13" Latitude 2017
    CPU
    i5 7200u
    Motherboard
    Dell
    Memory
    16GB DDR4
    Graphics card(s)
    Intel
    Sound Card
    Intel
    Monitor(s) Displays
    13" Dell Laptop
    Hard Drives
    250GB Crucial 2.5" SSD
    Mouse
    Generic WiFi 3 button
    Internet Speed
    WiFi only
    Browser
    Firefox
    Antivirus
    ClamAV TK
    Other Info
    Mainly Open Source Software
Thanks for the input Steve-
FWIW-
I'll be doing the following-
Temporarily disable secure boot in order to boot from Macrium rescue usb.

Per Macrium "In the event that a disaster has occurred meaning that a rescue media restore is needed, we recommend temporarily disabling Secure Boot to enable the system to boot the rescue media and then performing a restore."
reference: Managing the Boot Media Signing Certificate for Macrium Reflect Rescue Media--from the Macrium site

I'll test this out once I finish enabling the secure boot as detailed above
THANKS AGIAN everyone----good group here!
 

My Computer

System One

  • OS
    WIN11 HOME Version 24H2
    Computer type
    PC/Desktop
    Manufacturer/Model
    DELL XPS 8940
    CPU
    11th Gen Intel(R) Core(TM) i7-11700 @ 2.50GHz 2.50 GH
    Motherboard
    Dell OE
    Memory
    32GB
    Graphics Card(s)
    NVIDIA GeForce GTX 1650 SUPER
    Sound Card
    Realtek Audio (on board)
    Monitor(s) Displays
    (2) DELL 2007FP
    Screen Resolution
    1600 X 1200
    Hard Drives
    C: (OS and APPS) 512GB SSD
    D: (data) 1TB SATA
    PSU
    360W
    Case
    DELL OE
    Cooling
    Noctua NF-A9 PWM 92mm case fan and NH-D9L CPU Cooler with 92mm fan
    Keyboard
    Dell
    Mouse
    Logitech M705
    Internet Speed
    1Gb DWN 1Gb UP
    Browser
    FIREFOX- once in a great while will use EDGE
    Antivirus
    MS
    Other Info
    The case fan and CPU cooler were after purchase upgrades...the i7 cpu runs hot and the OE solution can best be described as marginal when CPU intensive apps are used.
    ALSO added VRM and SSD passive heatsinks.
You must log in or register to reply here.

Similar threads

Solved Successful manual update of Secure Boot on Dell XPS8930 with older BIOS that will never update.
Replies
8
Views
264
lonelyb0y
L
Secure boot update via Windows update
Replies
3
Views
2K
hader
hader
OEM's and their Secure Boot Keys (2023) BIOS Update Policy
2 3
Replies
45
Views
6K
Akeo
Akeo
  • Article Article
Refreshing the root of trust: industry collaboration on Secure Boot certificate updates
Replies
6
Views
2K
garioch7
garioch7
Hi, i have a few questions regarding windows 10 and 11?
Replies
5
Views
3K
ShamrockRig
S

Latest Support Threads

Latest Tutorials

Back
Top Bottom