Windows 8.1 UEFI Question

I have a new Dell desktop Inspiron3847, but I suppose this question is not unique to Dell. I think it is a Windows 8.1 question.

I am using backup software. In case of a failure of my system I need to boot to a flash drive. I thought I understood that Windows 8.1 will not boot to a flash drive automatically. If I understand correctly, if I want to boot to a flash drive I need to turn off UEFI Secure boot. If I understand correctly, Secure boot makes my machine less susceptible to invasion by outside entities, so, I suppose the best way is to have secure boot on all the time, except for those special times when I want to boot to a specific device, then, after the condition passes, turn secure boot back on again. Is this correct?



You might need to turn UEFI off, but I think Windows 8 knows what it is making and the drive is supposed to boot if the computer will not start. So the USB key made should be able to start the way the computer is (UEFI enabled) as Microsoft would have set the boot that way. I have not had need to try mine at this point.



You might need to turn UEFI off, but I think Windows 8 knows what it is making and the drive is supposed to boot if the computer will not start. So the USB key made should be able to start the way the computer is (UEFI enabled) as Microsoft would have set the boot that way. I have not had need to try mine at this point.



Thank you for responding.

I am using Paragon backup software and it has a tool that creates a boot disk (flash drive) in what I believe is a Win PE protocol. I created this flash drive and then booted my machine with Secure boot enabled and sure enough, it sees the flash drive.

Why is this? When the drive was created was it created in such a way that Windows recognizes it automatically? I have two other USB drives connected to my computer but when the (F12) boot screen appears with Secure boot on, it does not see them.



I think a non-Windows 8 flash drive would need UEFI disabled to boot.

I think only a Windows 8 recovery flash drive will boot with UEFI enabled. Otherwise Joe Public would not be able to recover.

What you are seeing is a function of Windows 8, not the Flash drive.



WinPE is based on Windows and should use it's signature, and that should be included in the secure-boot signature database. So such media should boot with secureboot on. If it doesn't, then disable secureboot.

Also several other OS's like some Linux distro's have been added to secureboot. So whenever you can boot, leave it on, if it doesn't boot turn it off.

Generally though secureboot doesn't really add much security. The OS can still be attacked. It is more an M$ "feature" that they forced on UEFI BIOS, which makes it harder to install other OS's. Particularly on Windows RT devices which use ARM based CPU's, you can't even disable secure-boot, so there you can't Replace Windows RT with another OS like Linux.



Paragon signed its products by Microsoft and the WinPE based drive it creates is detected as MS boot device. Usually you do not need secure boot to be enabled if some boot device with malware is not used on this PC.

Share this

Related Posts

There was an error in this gadget