Windows 10: UEFI with Secure Boot (UEFI version) ?
UEFI with Secure Boot (UEFI version) ?
I want to enable UEFI with Secure Boot and I do have an option to enable Secure Boot.
But how can I tell if I am running UEFI firmware version 2.3.1.c ?
Because to enable Secure Boot, machines must have UEFI firmware version 2.3.1.c
I went to System Information, but It does not tell me the exact UEFI version that I currently have.
Where do you find this version requirement, on the manufacturers support page?
Right click on Windows Start button and select Run, type msinfo32.exe and click Ok. In resulting display you will find BIOS version/date and SMBIOS version, which will display what your looking for. SMBIOS versions 2.3.x are old versions dating back to pre 2004, doubt you have a machine that old!
Please see my print screen, looks like I have UEFI 2.7.
So I should be OK then?
The info I got from here
Secure Boot Overview
Secure Boot requires a PC that meets the UEFI Specifications Version 2.3.1, Errata C or higher.
Secure Boot is supported for UEFI Class 2 and Class 3 PCs. For UEFI Class 2 PCs, when Secure Boot is enabled, the compatibility support module (CSM) must be disabled so that the PC can only boot authorized, UEFI-based operating systems.
If your UEFI did not support Secure Boot, then you would not have the option in the firmware to enable/disable it.
Your screenshot shows SMBIOS version 2.7 so you are good to go!
What if Secure Boot detects a rootkit or a bootkit or a malware in the firmware before Windows loads?
Will this mean my machine will be "BRICKED" and reinstall Windows?
Because of that's the case, if Secure Boot detects any malware in the firmware, then my machine will not boot at all. Then what???
How will I clean or remove a malware that modified the firmware?
Will I need to reinstall Windows in this case or even replace the motherboard?
Also, as some of you may know, Secure Boot can be bypassed by just resetting the UEFI Admin password and disable Secure Boot, but since I DO NOT travel with my laptop and only do computing from home, then will this be good enough?
UEFI bios infection is very rare and at present requires physical access to the machine in order to do so.
To prevent such infections, Trend Micro advises users to enable the UEFI SecureFlash option, to set up a BIOS/UEFI password and to update the firmware to its latest version so that it has the latest security patches. UEFI/BIOS updates are usually distributed by computer manufacturers through their support websites and some of them do fix issues identified by security researchers.
For more check the link below:
Hacking Team's malware uses a UEFI rootkit to survive operating system reinstalls | PCWorld
So I'm the guy who tried to move from Legacy to UEFI some days ago. I managed to move both Ubuntu and W10 to UEFI.
More info on both of the situations here:
Solved Can't boot into UEFI mode - Lenovo Z50-70 - Windows 10 Forums
So i had secure boot up and running on my windows 8.1 machine after a clean install, but now since microsoft upgraded me to windows 10 it seems as my secure boot is off again, but it's enabled in my bios is so weird, it's enabled in bios but off in...
I'm currently reinstalling entirely windows 10 x64 with uefi , hardware fast boot, and secureboot.
I'm a bit confused because win 10 installer set:
Recovery on partition 1
System on partition 2 (win re)
MSR (not formated) 3
Ok im about to upgrade to win 10 then do a clean install afterwards of win 10, but i wanted to assure i have everything correct before i start. I updated again my profile with Belarc to assure i have a completed list of my software, i notice this...
So, basically if we have a computer that doesn't have a UEFI BIOS with Secure Boot, then we can't upgrade to Windows 10? Am I right or wrong here?