为了确保 Windows 11/10 免受恶意软件(Malware)的侵害,Microsoft启用了对在 UEFI 之上运行的安全启动的支持。(Secure Boot)安全启动确保当您的 PC 启动时,它仅使用制造商信任的固件。但是,很多时候由于某些硬件配置错误,您需要在Windows 11/10安全启动(Secure Boot)。
如果您想知道UEFI是什么,那么它扩展为统一可扩展固件接口,是流行的(Unified Extensible Firmware Interface)BIOS的下一代。它是安全的,可以保存更多数据,比BIOS快得多,并且几乎就像一个运行在 PC 固件之上的微型操作系统,它可以做的比BIOS更多。最好的部分,它可以由OEM通过Windows Update进行更新。
由于UEFI,Windows 10提供了安全启动(Secure Boot)、Windows Defender Device Guard、Windows Defender Credential Guard和Windows Defender Exploit Guard等安全功能。 以下(Below)是您获得的功能列表:
- 更快的启动和恢复时间。
- 它可以轻松支持大型硬盘驱动器(超过 2 TB)和超过四个分区的驱动器。
- 支持多播部署,允许 PC 制造商广播可以被多台 PC 接收的 PC 图像,而不会使网络或图像服务器不堪重负。
- 支持UEFI固件驱动程序、应用程序和选项ROM(ROMs)。
在Windows 11/10中禁用安全启动(Secure Boot)
就在你跳到禁用安全启动(Secure Boot)之前,因为你可以,让我们看看你的电脑是否有安全启动(Secure Boot)。
打开Windows Defender 安全中心(Windows Defender Security Center),然后单击设备安全(Device Security)。
在下一个屏幕中,如果您看到提到了安全启动(Boot),那么您的 PC 有它,否则它没有。如果它可用,您将知道它是否真的为您的 PC 开启。我们建议您打开它。
如果您想在您的 PC 上进行安全启动(Secure Boot),您需要从支持它的OEM处购买一台新 PC。(OEM)
假设您有 Secure Boot并且它已打开,让我们弄清楚如何禁用它。
请(Make)务必完整阅读我们的指南,尤其是这条警告信息。
禁用安全启动时发出警告(Secure Boot)
禁用安全启动(Secure Boot)并安装其他软件和硬件后,如果不将 PC 恢复到出厂状态,可能很难重新激活安全启动。(Secure Boot)此外,更改BIOS 设置时要小心。BIOS菜单专为高级用户设计,可以更改可能会阻止您的 PC 正常启动的设置。请务必严格按照制造商的说明进行操作。
- 转到Settings > Windows Update,然后检查您是否有任何要下载和安装的内容。OEM(OEMs)会为您的 PC 发送和更新受信任的硬件、驱动程序和操作系统的列表。
- 完成后,您需要进入 PC 的BIOS。
- 转到Settings > Update和Security > Recovery>高级启动选项(Advanced Startup options)。
- 然后单击立即重新启动(Restart Now),它将重新启动您的 PC,并为您提供所有这些高级选项。
- 选择Troubleshoot > Advanced Options。
- 此屏幕提供更多选项,包括系统还原(System Restore)、启动(Startup)修复、返回到以前的版本、命令提示符(Command Prompt)、系统映像恢复(System Image Recovery)和UEFI 固件设置(UEFI Firmware Settings)。
- 选择 UEFI 固件设置,它将进入BIOS。
- 每个OEM都有自己的方式来实施这些选项。安全启动(Secure Boot)通常在Security / Boot / Authentication Tab下可用。
- 将其设置为禁用。
- 保存(Save)更改并退出。PC 将重新启动。
在此之后,您可以更换您认为给您带来麻烦的显卡或任何其他硬件。确保(Make)再次执行相同的步骤,这一次启用Secure Boot。
无法重新启用安全启动
如上所述,如果在禁用安全启动(Secure Boot)并安装其他软件和硬件之后,您可能无法在不将 PC 恢复到出厂设置的情况下重新启用安全启动。(Secure Boot)但是,您可以尝试上述方法,看看是否适合您。
希望这可以帮助。
How to disable Secure Boot in Windows 11/10
To make sure that Windows 11/10 remains sаfe from Malware, Microsoft enabled suрport for Secure Boot which works on top of UEFI. Secure Boot makes sure that when your PC boots up, it only uses firmware that is trusted by the manufacturer. However, many a time because of some hardware misconfiguration, you will need to disable Secure Boot in Windows 11/10.
If you are wondering what is UEFI, then it expands to Unified Extensible Firmware Interface and is the next generation of the popular BIOS. It’s secure, can hold more data, is much faster than BIOS, and is almost like a tiny operating system that runs on top of the PC’s firmware, and it can do a lot more than a BIOS. The best part, it can be updated by the OEM over Windows Update.
It’s because of UEFI, Windows 10 offers security features like Secure Boot, Windows Defender Device Guard, Windows Defender Credential Guard, and Windows Defender Exploit Guard. Below is a list of features you get:
- Faster boot and resume times.
- It easily supports large hard drives (more than 2 terabytes) and drives with more than four partitions.
- Support for multicast deployment, which allows PC manufacturers to broadcast a PC image that can be received by multiple PCs without overwhelming the network or image server.
- Support for UEFI firmware drivers, applications, and option ROMs.
Disable Secure Boot in Windows 11/10
Just before you jump to disable Secure Boot, because you can, let’s find out if your PC has Secure Boot.
Open Windows Defender Security Center, and click on Device Security.
In the next screen if you see Secure Boot mentioned, then your PC has it, else it doesn’t. If it’s available, you will know if it actually turned on for your PC. We recommend you turn it on.
If you want to have Secure Boot on your PC, you will need to buy a new PC from the OEM which supports it.
Assuming, you have Secure Boot, and it’s turned on, let’s figure out how to disable it.
Make sure to read our guide completely, especially this warning message.
Warning if you are disabling Secure Boot
After disabling Secure Boot and installing other software and hardware, it may be difficult to re-activate Secure Boot without restoring your PC to the factory state. Also, be careful when changing BIOS settings. The BIOS menu is designed for advanced users, and it’s possible to change a setting that could prevent your PC from starting correctly. Be sure to follow the manufacturer’s instructions exactly.
- Go to Settings > Windows Update, and check if you have anything to download, and install. OEMs send and update the list of trusted hardware, drivers, and operating systems for your PC.
- Once done, you need to go to the BIOS of your PC.
- Go to Settings > Update & Security > Recovery > Advanced Startup options.
- Then you click on Restart Now, it will reboot your PC, and offer you all these advanced options.
- Select Troubleshoot > Advanced Options.
- This screen offers further options which include System Restore, Startup repair, Go back to the previous version, Command Prompt, System Image Recovery, and UEFI Firmware Settings.
- Select UEFI Firmware Settings, and it will take to the BIOS.
- Every OEM has its own way of implementing the options. Secure Boot is usually available under Security / Boot / Authentication Tab.
- Set it to Disabled.
- Save changes and exit. The PC will reboot.
After this, you can change your graphics card or any other hardware which you believe is giving you trouble. Make sure to follow the same steps again, and this time enables the Secure Boot.
Cannot re-enable Secure Boot
As mentioned above, if after disabling Secure Boot and installing other software and hardware, you might not be able to re-enable Secure Boot without restoring your PC to the factory settings. You can however try the above-mentioned method and see if that works for you.
Hope this helps.
