How to Configure Surface 3 UEFI/BIOS Settings

In this article, we will walk you through how to enter the Surface 3 UEFI/BIOS settings and how to manage devices, boot order, security and more.

How to Configure Surface 3 UEFI/BIOS Settings

Every Surface 3 and Surface Pro models don’t use BIOS (Basic Input/Output System) like you expected on older PCs. It’s replaced by a firmware interface called the Unified Extensible Firmware Interface (UEFI). This new firmware interface allows your Surface boot faster and provides a better security.

In this article, we will walk you through how to get to the Surface 3 UEFI settings. You will see also how to configure the UEFI settings to check device identity information, improve the device security, and more.

1 How to access Surface 3 UEFI settings?

You can enter Surface 3 UEFI setup screen only while your Surface is starting up. Here is how you do that:

  1. Shut down your Surface.
  2. Press and hold the Volume Up button on your Surface, then press and release the Power button.
  3. When you see the Surface logo screen appear, release the Volume Up button. The UEFI settings menu will appear in a few seconds.
    How to Enter Surface 3 UEFI Settings

After you have made any changes to the UEFI settings, you can save or delete those changes by:

Save Configuration and Restart Your Surface

  • In UEFI settings menu, choose Exit Setup, and you will see the following screen:
    Surface 3 UEFI - Exit
  • Now you have 2 options:
    • Yes – Save your changes and restart your Surface.
    • No – turn back to the UEFI settings.

Restart Your Surface without Saving Your Configuration

  • In UEFI settings menu, press the ESC key as the picture below or press ESC key if you have Surface Type Cover connected.
    Surface 3 UEFI - Exit without Saving
  • Now you have 2 options:
    • Yes – Delete your changes and restart your Surface.
    • No – turn back to the UEFI settings.

2 What is Trusted Platform Module (TPM)?

The Trusted Platform Module (TPM) is a technology that provides a major advancement over BIOS in hardware-based security features. It is a specialized chip that stores RSA encryption keys specific to each Surface device for hardware authentication.

The TPM technology is a requirement of BitLocker disk encryption. The TPM helps you to encrypt/decrypt entire disk without required your complex long passphrases. It means that the encryption key and decryption key are stored within the TPM chip. So your encrypted disks can’t be accessed on other devices.

3 What is Secure Boot Control?

The Secure Boot is a technology which blocks the loading of uncertified bootloaders and drives. It helps to prevent your Surface being loaded with unauthorized operating systems and malicious software applications.

If you desire to install other operating systems like Ubuntu, or other Linux distributions, you may need to disable this feature in the UEFI settings above.

4 How to Check Your Surface 3 Device Information via UEFI settings?

Through UEFI settings, you can find out more information about your device identities such as System UUID, Serial Number, and Asset Tag. To check that information:

  • Enter Surface UEFI settings as the instructions above.
  • In UEFI settings menu, choose Device Information and you will see the following information:Surface 3 UEFI - PC Information

5 How to Change System Boot Order on Surface 3?

To change the alternate system boot order on your Surface 3:

  • Enter Surface UEFI settings as the instructions above.
  • In UEFI settings menu, you will see Configure Alternate System Boot Order as below:Surface 3 UEFI - Boot Configuration
  • Select the option and choose one of the following options:
    • SSD only
    • Network -> USB -> SSD

6 How to Manage Device Security on Surface 3 UEFI Settings?

Surface 3 allows you to disable some of your surface device components and features to meet your specific Security requirements. You can enable or disable those security options by:

  • Enter Surface UEFI settings as the instructions above.
  • In UEFI settings menu, choose Advanced Device Security and you will see the following options:
    Surface 3 UEFI - Advanced Device Security
  • In my Surface 3 with UEFI Version 2.17.1246, there are following advanced security options:
    • Side USB – enable/disable the ability to boot from a USB device. However, the side USB port remains enabled in Windows.
    • Front Camera – enable/disable the front-facing camera.
    • Rear Camera – enable/disable main rear camera.
    • On Board Audio – enable/disable internal audio or speakers.
    • SD Port – enable/disable microSD port.
    • WiFi – enable/disable Wi-Fi. It will also disable the Bluetooth if you disable the WiFi option.
    • Bluetooth – enable/disable the internal Bluetooth.

7 How to Protect UEFI settings with a password on Surface 3?

You can prevent others from changing your UEFI settings by setting an Administrator Password in UEFI settings. To do that:

  • Enter Surface UEFI settings as the instructions above.
  • In UEFI settings menu, choose Administrator Pass and you will see the following requirements:
    Surface 3 UEFI - Administrator Pass
  • You will need to enter a password in the box with your keyboard or the on-screen keyboard with following criteria:
    • Minimum Length: 4 characters
    • Maximum Length: 20 characters
    • Alphanumeric values only

Note If you enter the administrator password incorrectly three times, you’ll be locked out of the UEFI. Restart your Surface to enter the password again.

Important If you set a password for the UEFI, record it in a safe place. If you forget the password, you won’t be able to access the UEFI settings. You can only reset the administrator password from within the UEFI.

Other Surface’s UEFI Settings

We have also covered this topic for other Surface PCs as well, to learn more about other Surface’s UEFI settings check the link below:

Related Topics