Motherboard supporting UEFI + Secure Boot

patkim

Cyborg Agent
As I plan to build my new desktop (general home computing) at this point I have to start with my first requirement that it should have a mid-range motherboard AMD AM3+ or Intel 1150 or similar that supports UEFI + Secure Boot. Unfortunately info about secure boot support is poorly documented on vendor websites. Even it seems the mobo manuals conveniently overlook this part.

Are there any retail mobos that support UEFI + Secure Boot? Could someone provide some inputs or pointers.

Does ‘Windows 8.1 Ready’ status on a retail motherboard imply that it shall have UEFI + Secure Boot?

Thanks.
 

topgear

Super Moderator
Staff member
Read this page :
*www.all4os.com/windows/disable-asus-motherboards-uefi-secure-boot.html

It says how disable secure boot. So I'm assuming most of the recent asus motherboards comes with secure bios. Actually it may be just a built in feature with motherboards having latest UEFI version.

BTW, why do you need secure boot ? Looks like it can cause some serious compatibility issue if enabled.
 

DK_WD

WD Official
Hi [MENTION=4314]patkim[/MENTION],

For your information, new MOBOs come with UEFI firmware and Secure Boot enabled. Secure Boot prevents operating systems from booting unless they're signed by a key loaded into UEFI.

The UEFI function, plus secure boot depends on the manufacturers. Mostly the latest MOBO come with inbuilt UEFI firmware, but there is no guaranty, every retail MOBO have function to support by secure boot.

Does ‘Windows 8.1 Ready’ status on a retail motherboard imply that it shall have UEFI + Secure Boot?

That means, the MOBO is Windows 8.1 compatible; But you will need to purchase a new Windows License.
 
OP
patkim

patkim

Cyborg Agent
BTW, why do you need secure boot ?
Mainly 'Feel Good Factor' that mobo has newer UEFI firmware and feature like Secure Boot and is being put into use.

@DK_WD Yes I understand Windows 8.1 license needs to be separately purchased, what I was trying to find out is , since MS is pushing UEFI + Secure Boot in OEM Preconfigured Windows 8 laptop /desktops, would 'Windows 8.1 Ready' status for retail mobo imply it has UEFI + Secure boot. In other words could there also be a possibility that 'Windows 8.1 Ready' mobo has traditional BIOS rather than UEFI or UEFI but no Secure Boot?
I am generally exploring but limited info available on mobo vendor sites and difficult to conclude anything!
 
Last edited:

whitestar_999

Super Moderator
Staff member
i don't think any 1150 mobo now-a-days comes without secure boot.this feature was introduced with win 8 & now we have win 10.also this is neither required nor recommended unless you are a big fan of "let MS take care of everything without doing anything on your own" which also includes not considering any other os/non-MS booting methods.
 
OP
patkim

patkim

Cyborg Agent
...which also includes not considering any other os/non-MS booting methods.
Does this mean with Secure Boot enabled I won't be able to run custom signed binaries/ boot-loaders, on retail motherboards custom assembled PC?
 

whitestar_999

Super Moderator
Staff member
*bbs.archlinux.org/viewtopic.php?id=191056
This replies is a little off topic, but I fail to understand the real purpose of all of this. If you sign an Archlinux kernel and enable secure boot, you will still be able to kexec an unsigned kernel with it (or load evil modules). So you end up in a system that have the same security as a system without secure boot: an evil malware could choose to start whatever kernel it wants by kexec-ing it from the signed Archlinux kernel. Simple tricks such as recompiling the kernel without kexec won't really change anything since a custom evil module can still be loaded. Simply disabling secure boot is much easier than all of this for the same security.
Moreover I really have to think hard to find a situation where this secure boot really increase security.
if you still think secure boot is worth it then go ahead.
 
Top Bottom