Since the first generation of Microsoft Surface Pro and Surface 3, Microsoft has implemented custom BIOS firmware on those devices to support required hardware features and securities.
With Surface Pro 4, Microsoft has created its own UEFI firmware for newer devices. This new firmware is called Surface UEFI, which is currently used on newer devices, including Surface Go, Surface Book, and Surface Studio.
This article will teach you how to get to the Surface Book UEFI settings. You will also learn how to configure the UEFI settings to improve the device security, check your device information, and more.
Table of Contents
Accessing Surface Book UEFI settings?
You can only enter the Surface Book UEFI setup screen while your device is starting. Here is how you do that:
- Shut down your Surface Book.
- Press and hold the Volume Up button on your Surface, then press and release the Power button.
- When you see the Surface logo screen appear, release the Volume Up button. The Surface UEFI screen will appear in a few seconds.
After you have made any changes to the UEFI settings, you can restart your Surface by:
- In the Surface UEFI menu, choose Exit, and click on Restart Now
Checking Surface Book device information via UEFI Settings
When you access UEFI settings, the PC information page is the first page you will see. This page details your device’s Model, System UUID (Universally Unique Identifier), Serial Number, and Asset Tag. The page also displays all the necessary versions of essential system components for troubleshooting.
See also: How to manage asset tag on Surface Book.
Configuring device boot order
To change the alternate system boot order on your Surface Book:
- Enter Surface UEFI settings as per the instructions above.
- In the Surface UEFI menu, go to the Boot Configuration page as below:
On the “Configure boot device order” page, you can:
- Rearrange the boot order by dragging and dropping any available boot option.
- Enable or disable any boot option by using the checkbox
- Remove the available boot option permanently by using the trash button.
Managing device components
Surface Book allows you to turn on or off specific components and features of your device to meet your particular security requirements.
- Access Surface UEFI settings as per the instructions above.
- In the Surface UEFI menu, go to Devices, and you will see the following options:
- In my Surface Book with System UEFI version 231.1662.769, you can choose to turn on or off the following device’s components or ports:
- Docking USB Port
- Front Camera
- Rear Camera
- IR Camera
- On-board Audio
- Wi-Fi & Bluetooth
- Bluetooth
Protecting UEFI settings with a password
You can prevent others from changing your UEFI settings by setting an Administrator Password in UEFI settings. To do that:
- Enter Surface UEFI settings as per the instructions above.
- Go to the Security section below:
- To set the UEFI password, click on the Add or Change button, and you will see the following requirements:
- You will need to enter a password in the box with your keyboard or the on-screen keyboard with the following criteria:
- Minimum Length: 6 characters
- Maximum Length: 128 characters
- It may contain a combination of letters, numbers, and special characters.
- If you have set the password before and want to remove it, leave the password box blank.
What is Secure Boot Control?
The Secure Boot is a technology that blocks the loading of uncertified bootloaders and drives. It helps to prevent your Surface from being loaded with unauthorized operating systems and malicious software applications.
If you desire to install other operating systems like Ubuntu or other Linux distributions, you may need to turn off this feature in the UEFI settings above.
What is a Trusted Platform Module (TPM)?
The Trusted Platform Module (TPM) technology significantly advances BIOS in hardware-based security features. It is a specialized chip that stores RSA encryption keys specific to each Surface device for hardware authentication.
The TPM technology is a requirement of BitLocker disk encryption. The TPM helps you encrypt/decrypt the entire disk without requiring complex long passphrases. It means the encryption and decryption keys are stored within the TPM chip. So, your encrypted disks can’t be accessed on other devices.
Other Surface UEFI Settings
We have also covered this topic for other Surface PCs as well. To learn more about other Surface UEFI settings, check the link below:
COMMENTS
Let us know what you think!
We appreciate hearing your thoughts, questions, and ideas about “How to Configure Surface Book UEFI/BIOS Settings”.
Unable to deploy Surface Book because we are unable to boot via LAN to our PXE Network. What is the fix?
Boot into Surface EUFI then enable PXE Network for boot configuration
If you want to disable the TPM security chip, Disable BitLocker before you Disable TPM.
After TPM is disabled, you can re-Enable BitLocker drive encryption.