How to configure Surface Go UEFI/BIOS settings

By Evan Forrest (SurfaceTip)

Since the first generation of Microsoft Surface Pro (2013) and Surface 3, Microsoft has implemented custom BIOS firmware on those devices to support required hardware features and securities.

Starting with Surface Pro 4, Microsoft has created its own UEFI firmware for use with newer devices. This new firmware is called Surface UEFI which is currently used on newer devices including Surface Go, Surface Book, and Surface Studio.

Compared to other Surface models, Surface Go has a slightly new design interface including a different on-screen keyboard. In this article, we will walk you through how to access and configure the Surface Go UEFI settings.

Table of contents

How to access Surface Go UEFI settings?
How to check your Surface Go device Information via UEFI settings?
How to Change System Boot Order on Surface Go?
How to Manage Device Components on Surface Go UEFI Settings?
How to change your Surface Go Date and Time via Surface UEFI?
How to Protect UEFI settings with a password on Surface Go?
What is the Trusted Platform Module (TPM)?
What is Secure Boot Control?
Other Surface’s UEFI Settings

1 How to access Surface Go UEFI settings?

You can enter the Surface Go UEFI setup screen only while your Surface is starting up. Here is how you do that:

Shut down your Surface.
Press and hold the Volume Up button on your Surface, then press and release the Power button.
When you see the Surface logo screen appear, release the Volume Up button. The UEFI settings menu will appear in a few seconds.

After you have made any changes to the UEFI settings, you can save or delete those changes by:

Save changes and restart your Surface

By default, every change you made will automatically be saved. When you restart your Surface, all settings will take effect. To do so.

In the UEFI settings menu, select Exit.
Click Restart Now.
It will save all the settings you have changed and restart your Surface.

Restart your Surface without saving your changes

You also have the option to discard all changes as well by using your Surface Type Cover or external keyboard. To do so.

On the keyboard press the ESC key.
Now you have 2 options:
- Yes – Delete your changes and restart your Surface.
- No – turn back to the UEFI settings.

2 How to check your Surface Go device Information via UEFI settings?

The first displayed page when you enter UEFI settings is the PC information page. On the page, you can find out more information about your device identities such as Model, System UUID (Universally Unique Identifier), Serial Number, and Asset Tag. Moreover, it also displays all important system other components version that you might need for troubleshooting.

Enter Surface UEFI settings as per the instructions above.
In the UEFI settings menu, select PC Information and you will see the following information:

3 How to Change System Boot Order on Surface Go?

To change the alternate system boot order on your Surface Go:

Enter Surface UEFI settings as per the instructions above.
In the Surface UEFI menu, go to the Boot Configuration page as below:

On the “Configure boot device order” page, you can:

Rearrange the boot order by clicking the up/down arrow button on any boot option available on the list.

4 How to Manage Device Components on Surface Go UEFI Settings?

Surface Go allows you to disable some of your surface device components and features to meet your specific security requirements. You can enable or disable those components by:

Enter Surface UEFI settings as per the instructions above.
In the UEFI settings menu, select Security and you will see the following options:
On our Surface Go with System UEFI version 1.0.0.3, there are the following device options:
- Docking USB Port – enable/disable the ability to use USB ports on the connected dock.
- Front Camera – enable/disable the front-facing camera.
- Rear Camera – enable/disable the main rear camera.
- IR Camera – enable/disable the Infrared camera used for Windows Hello feature.
- On-board Audio – enable/disable internal audio or speakers.
- SDcard – enable/disable microSD slot.
- Wi-Fi & Bluetooth– enable/disable both Wi-Fi and Bluetooth.
- Bluetooth – enable/disable the internal Bluetooth only.
- Type Cover port – enable/disable the Surface Go type cover.

5 How to change your Surface Go Date and Time via Surface UEFI?

The new Surface UEFI now allows you to set your Surface Go’s date and time right on the UEFI settings page. To check or set a date and time for your Surface Go:

Enter Surface UEFI settings as per the instructions above.
In the Surface UEFI menu, go to the Date and Time page as below:
To set a new time, click Set Time.
To set a new date, click Set Date.
Press Enter to apply changes.

6 How to Protect UEFI settings with a password on Surface Go?

You can prevent others from changing your UEFI settings by setting an Administrator Password in UEFI settings. To do that:

Enter Surface UEFI settings as per the instructions above.
In the UEFI settings menu, select Security.
Under the UEFI password, click the [Clean] button to create a UEFI password.
You will need to enter a password in the box with your keyboard or the on-screen keyboard with the following criteria:
- Minimum Length: 6 characters
- Maximum Length: 128 characters
- May contain a combination of letters, numbers, and special characters.
In case you have already set the password before and want to remove it, simply leave the password box blank.

Note If you enter the administrator password incorrectly three times, you’ll be locked out of the UEFI. Restart your Surface to enter the password again.

Important If you set a password for the UEFI, record it in a safe place. If you forget the password, you won’t be able to access the UEFI settings. You can only reset the administrator password from within the UEFI.

7 What is the Trusted Platform Module (TPM)?

The Trusted Platform Module (TPM) is a technology that provides a major advancement over BIOS in hardware-based security features. It is a specialized chip that stores RSA encryption keys specific to each Surface device for hardware authentication.

The TPM technology is a requirement of BitLocker disk encryption. The TPM helps you to encrypt/decrypt the entire disk without requiring your complex long passphrases. It means that the encryption key and decryption key are stored within the TPM chip. So your encrypted disks can’t be accessed on other devices.

8 What is Secure Boot Control?

The Secure Boot is a technology that blocks the loading of uncertified bootloaders and drives. It helps to prevent your Surface from being loaded with unauthorized operating systems and malicious software applications.

If you desire to install other operating systems like Ubuntu, or other Linux distributions, you may need to disable this feature in the UEFI settings above.

Other Surface’s UEFI Settings

We have also covered this topic for other Surface PCs as well, to learn more about other Surface’s UEFI settings check the link below:

More Surface Go Resources

Make sure to check out our tips and tricks for Microsoft Surface Go here:

Ultimate Tips and Tricks for Mastering Microsoft Surface Go

COMMENTS

Let us know what you think!

We appreciate hearing your thoughts, questions, and ideas about “How to configure Surface Go UEFI/BIOS settings”.

Gary Bigdaddy says:

September 21, 2019 at 11:00 am

Hi my name is Gary Carlson I do a lot of scaping one of the apartment complex I found a Microsoft surface the hard drive was enscripted and was asking for bitlocker password long story short I formated the hard drive every thing went great but now when I turn it on it goes to bios password screen i made a USB bootup disk and it don’t work even with valume key what can I do

Zula Stanley says:

December 16, 2021 at 11:55 pm

I had a free update on my Surface go 2. From windows 10 to 11. After installing the pc started randomly doing odd things on it’s on. So I tried resetting to factory conditions & it’s stuck at 64% with the screen flashing. No option for a keyboard or anything else. Why can I do?