Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Problem Disabling Secure Boot

  • Please log in to reply
3 replies to this topic

#1 ranchhand_


  • Members
  • 1,772 posts
  • Gender:Male
  • Location:Midwest
  • Local time:10:35 PM

Posted 12 December 2017 - 05:26 PM

I am having a problem disabling Secure Boot. I want to connect two additional SATA drives (Windows 10 and XP) and use the F-key option on boot to choose which OS drive to boot in to. That would make a total of 3 drives, W10, W7 and XP.
In order to do this, I must disable Secure Boot in the UEFI.
Asrock has this remedial setup in the BIOS where the Keys in the Boot tab/Secure Boot must be deleted. They have an option to save the keys first to a flash drive so they can be reinstalled if I ever want to enable Secure Boot again. Thereby hangs the problem.
When I enter the “Save Secure Boot Keys” screen and click on it (with my flash drive inserted) a small screen pops up with the USB flash drive, and two other drives listed. I don’t even know what those other two are, I have only one SSD drive with my OS (Win7).
 All I can get is a popup message, “Error While Writing To File”, and then a small, gray “dbx”  lettering below that. I assume the “dbx” is a hint as to what the problem is?? I have no idea what “dbx” is.

I have tried:
> different USB ports, both USB2 and USB3.
> format the USB flash drive to exFAT. Then the BIOS did not even register the drive, only the two others.
> Physically disconnecting my main SSD drive leaving only the USB flash drive connected.
> Disabling my wireless network card.
> Wiped my USB drive of all files just to make sure that something was not interfering somehow.
> The Asrock manual is totally useless. They have no explanation of the BIOS screens at all or any of the features.
> Two emails over a 3 week period to their non-existent help desk remain unanswered.
> I tried the Asus chat help, and the “tech” said I would have to contact Asrock help. I informed him that Asus owns Asrock, and the BIOS screen said “ASUS”, and in the users’ reviews on the Newegg web site Asus responded to several complaints from users giving the Asus URL for further help. Nope. Wouldn’t help me.

Motherboard: Asus 970 Pro Gaming/Aura

BIOS: 0901 x64   11/7/2016
Computer is home build, runs fast and clean, no glitches, crashes, BSODs or any problems at all.
Flash drive is a PNY 128gig USB3. The drive is operating perfectly, I use this as my “toolbox” when I go to someone’s home who is having a computer problem. I use it several times a week.

First, if push comes to shove I really don’t care if this machine has Secure Boot or not. I can live just fine without it. More of a pain than a protection, IMHO. But….being conservative, I like to have options.
Second, I keep a current image backup of my SSD, so if something goes south I can always re-image.
Third, I notice in the Key screen that my USB3 drive is listed as USB2. Could that be a problem?

Thanks for any suggestions!

Attached File  IMG_1779.JPG   115.48KB   1 downloads

Edited by ranchhand_, 12 December 2017 - 08:26 PM.

Help Requests: If there is no reply after 3 days I remove the thread from my answer list. For further help PM me.

BC AdBot (Login to Remove)


#2 JohnC_21


  • Members
  • 24,819 posts
  • Gender:Male
  • Local time:11:35 PM

Posted 12 December 2017 - 06:02 PM

Does your SSD have two partitions? In Disk Management you would see a 100MB System Reserved Partition and the main partition. I believe Part 1 and Part 2 are your SSD partitions. I would try a smaller USB flash drive formatted Fat32.  Where is shows USB 2 in the image, was the flash drive in the USB 2 port?


I'm not sure how you got Windows 7 to boot with the SecureBoot enabled as Windows 7 does not have the required signed certificate.


Secure Boot is designed to stop this. Windows 8 and 10 PCs ship with Microsoft’s certificate stored in UEFI. UEFI will check the boot loader before launching it and ensure it’s signed by Microsoft. If a rootkit or another piece of malware does replace your boot loader or tamper with it, UEFI won’t allow it to boot. This prevents malware from hijacking your boot process and concealing itself from your operating system.




The link you provided for the motherboard is for an ASUS, not ASRock. The manuals that I could find for the ASROCK did not show secureboot. Do you have a link to the manual?


Edit: From what I gather ASrock was spun off from ASUS in 2002 and then purchased by Pegatron in 2010.


If you use Rufus to create a bootable flash drive of FreeDos or a linux distro like Mint and you can boot it then SecureBoot is not enabled on the motherboard.


Edit Edit: I forgot to mention one thing. If you have the 100MB System Reserved Partition on the SSD formatted NTFS and not an EFI system partition formatted FAT32 you have an MBR disk which cannot boot from an UEFI enabled computer. If that is the case then you are using Legacy or CSM Boot. SecureBoot can only be active when UEFI is enabled. In this case you would need a GPT disk with a EFI system partition.  

Edited by JohnC_21, 12 December 2017 - 06:26 PM.

#3 DavisMcCarn


  • Members
  • 978 posts
  • Gender:Male
  • Local time:11:35 PM

Posted 13 December 2017 - 10:02 AM

From page 2-31 of your users manual:
OS Type
[Windows UEFI Mode]
[Other OS]
All you should need to do is to change that option to Other OS and the USB Support to Full Initialization (page 2-28. You may also need to change the Launch CSM option too for the XP drive, in particular to appear in the boot list; but, you might not.
I, BTW, have disabled secure boot on hundreds of PC's and have never once needed to backup the keys.
Computer dinosaur, servicing PC's since 1976

#4 ranchhand_

  • Topic Starter

  • Members
  • 1,772 posts
  • Gender:Male
  • Location:Midwest
  • Local time:10:35 PM

Posted 14 December 2017 - 07:47 PM

Sorry for the late reply; life did an avalanche on me, I wasn't just ignoring you guys.

John, I owe you an apology. Man, I must have had a senior moment when I addressed this problem. I had several motherboard manuals on the shelf, and being in a hurry I pulled my wife's mainboard manual and never noticed it. Until you clued me in that something didn't seem right, I didn't even notice if you can believe that. I was so engrossed in the problem that I didn't pay any attention to name on the board until you joggled my memory. Dumb. I corrected the links that I posted.

BTW...I didn't know Asrock was now owned by Pegatron. That definitely puts them on my "do not buy" list, thanks for mentioning it.


Davis, you are 100% spot on. What confused me is that I initially (before I posted here) went in and set the Boot/Secure Boot to "other" from "UEFI". Strangely, there is no notice stating that Secure Boot was now disabled. In fact, the only notification that popped up was that the P key was disabled, but it stated that Secure Boot was still enabled! So I just set it back and exited out. In fact, I just now went back into the BIOS and it still states that SB is "enabled". Go figure.


At this point, all is well. I have my W7 and W10 drives running fine, and next week I will install Mint on a 3rd drive.

Thanks again, guys, and sorry for any inconvenience!

Help Requests: If there is no reply after 3 days I remove the thread from my answer list. For further help PM me.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users