Do you have any issues when you want to install Ubuntu or other Linux distributions on your Microsoft Surface devices? By default, Microsoft has blocked all third party boot loaders from booting off your Surface devices.
To fix this, you will need to disable the secure boot on your Surface so you can install a different operating system or do a clean Windows installation. In this tutorial, we will walk you through how to disable and re-enable Secure Boot on Microsoft Surface Pro 7.
Table of contents
- What is Secure Boot?
- How to disable Secure Boot on Surface Pro 7
- How to re-enable Secure Boot on Surface Pro 7
1 What is Secure Boot?
Secure Boot is a new security feature that available only on PCs that has UEFI enabled to blocks the loading of uncertified bootloaders and drives. It helps to prevent your Surface from being loaded with unauthorized operating systems and malicious software applications. All Surface devices ship with Microsoft’s certificate stored in UEFI to verify boot loader integrity before launching it.
There are three options available in Microsoft Surface Pro 7 UEFI for the Secure Boot setting.
Secure Boot is configured by selecting a Secure Boot certificate keyset. There are three keysets to choose from on this PC.
- Microsoft only: Only boot software signed by Microsoft will execute on the PC.
- Microsoft & 3rd-party CA: Boot software which is signed by Microsoft or the Microsoft Corporation UEFI CA 2011 will execute on the PC. Choose this option for compatibility with 3rd-party UEFI software and drivers.
- None: No keyset is installed and Secure Boot is disabled. Any boot software will execute on the PC. This configuration is not recommeded and should only be used by advanced users.
2 How to disable Secure Boot on Surface Pro 7
To disable secure boot on Microsoft Surface Pro 7:
- Shut down your Surface Pro 7.
- Press and hold the Volume Up button on your Surface, then press and release the Power button.
- When you see the Surface logo screen appear, release the Volume Up button. The Surface UEFI screen will appear in a few seconds.
- Go to the Security page, under Secure Boot section click Change configuration.
You can notice that the current setting for Secure Boot is Enabled.
- On Change Secure Boot configuration dialog, change the option to None, and click OK to apply the option.
- Now the current setting of Secure Boot will be changed to Disabled.
- Now go to the Exit page, and click Restart now to save the settings and restart your Surface.
- After rebooting, if you see a red bar with an unlock icon in the middle, it means the Secure Boot is successfully disabled.
3 How to re-enable Secure Boot on Surface Pro 7
When you finish your OS installation, you should re-enable the Secure Boot option to protect your Surface from malware and to remove the red bar on your device’s boot screen when it startup. To do so:
- Follow all the steps above to go to the Security page.
- Make sure to select Microsoft only if your current OS is Windows 10, and click OK.
- Now go to the Exit page, and click Restart now to save the settings and restart your Surface.
For more information, check our article on how to configure Surface Pro 7 UEFI here.
More on Surface Pro 7 Tips & Tricks
Here are some related articles for Microsoft Surface Pro 7 tips & tricks you might want to read:
The 3 easy ways to adjust screen brightness on Surface Pro
Are you getting stuck to lower, increase, turn up, brighten, or change screen brightness on your Surface Pro? In this tutorial, we will show you the 3 easy ways to adjust screen brightness on your Surface Pro.
How to download and install the latest Surface Pro 7 drivers and firmware updates
You can now download the cumulative Surface Pro 7 drivers and firmware from Microsoft Download Center. Here's how you can download and install the updates.
How to download the official Surface Pro 7 recovery image
In this article, we will show you how to download Surface Pro 7's official Recovery Image, in case you want to create a USB recovery drive for resetting your device.
The 6 easy ways to take a screenshot on Surface Pro
In this tutorial, we will show you the 6 fast and easy ways to take a screenshot on Microsoft Surface Pro by using the hardware buttons, keyboard, Surface Pen, and built-in Windows 11/10 tools.
How to Download Microsoft Surface Drivers and Firmware
Here we have a list of all download links for each Surface tablet, laptop, PC, and accessories. It is really easy to download and install the latest drivers and firmware on Microsoft Surface devices.
COMMENTS
Let us know what you think!
We appreciate hearing your thoughts, questions, and ideas about “Here’s how to disable secure boot on Microsoft Surface Pro 7”.
Hello,
sorry for disturbing. I just read your post on how to deactivate secure boot and it’s very interesting.
I’m trying it on my surface Pro 7 but it won’t work.. 🙁
I have Windows 10 Home and am trying to install windows 10 Pro.
I correctly disabled the secure boot but the only thing it does is installing Windows 10 Home again and again.
Would you have any idea how this can be fixed so i can install Windows 10 Pro ?
Thanks a lot and regards
You might want to preface the instructions with a VERY important point: after toggling Secure Boot as you’ve described, the final reboot of your Surface will prompt you to enter your Bitlocker recovery key, and it’s not a key Microsoft Support can recover for you. You have to log in to your MS account to find the key, assuming it was backed up.
Btw, I appreciate your super helpful guide. Without it, you apparently can’t boot from a USB stick on the Surface to do things like running MemTest86. It was driving me mad until I found your guide to disable Secure Boot.