Fast Boot, instead of UEFI Secure Boot

There may be some situations where Secure Boot is not useful, and Fast Boot is an alternative, which is fast but NOT SECURE. Here’s a quick summary by Nikolaj Schleg (aka CodeRush) of what is needed to disable Secure Boot and enable Fast Boot with use on Windows systems:

The best way to decrease boot time is to switch to UEFI boot, disable CSM, enable FastBoot and disable SecureBoot, because it takes some time to check a signature of your bootloader, and it will be checked on every boot.
If you remove all SecureBoot keys, the SecureBoot will switch into so called “Setup Mode”, where you can add your own keys without having a private parts of older ones (that are only available to Microsoft and ASUS, in your case). AMI-based UEFIs have a “standard” keys in default map, so don’t worry about losing the keys – you can easily restore them from Security->SecureBoot Settings setup page.
What you need to do:
1. Disable CSM.
2. Enable FastBoot.
3. Enable (better protection from bootkits, a bit slower boot time) or disable (a bit faster boot time, the same security level you have now with CSM) SecureBoot.
4. Don’t touch the keys, they are fine by default.
5. Reinstall Windows in UEFI mode.

 

Full post:
http://www.win-raid.com/t1495f13-UEFI-clearing-secure-boot-keys.html

There’s another guide for Windows 8.x here:
http://answers.microsoft.com/en-us/windows/forum/windows_8-performance/windows-8-can-not-stop-fast-boot/239e56e7-649d-4110-af4c-6fe9c3340530?auth=1

More on disabling Secure Boot keys:
https://firmwaresecurity.com/2015/12/20/nikolajs-uefi-secureboot-tutorial/

More on disabling Secure Boot:
https://technet.microsoft.com/en-us/library/dn481258.aspx

And for a bit of contrasting — yet still informative — advice, here’s how to disable Fast Boot:
http://support.fixmestick.com/hc/en-us/articles/200578596-Disabling-Fast-Boot-on-Windows-8-8-1-and-10

Some more on Fast Boot and Windows:
https://blogs.msdn.microsoft.com/b8/2011/09/08/delivering-fast-boot-times-in-windows-8/
https://msdn.microsoft.com/en-us/library/ms858380.aspx
https://blogs.msdn.microsoft.com/b8/2012/05/22/designing-for-pcs-that-boot-faster-than-ever-before/
https://msdn.microsoft.com/en-us/library/windows/hardware/jj835779%28v=vs.85%29.aspx

Car hackers take note at the use of Fast Boot (instead of Secure Boot) in Windows Automotive stack, in above MSDN docs. Yikes.

 

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s