I created a bootable USB using WinToUSB software (Win10 home / MBR for BIOS and UEFI). When I try to boot from the USB on another computer, I typically go to the Windows menu, select “Restart” while holding down the SHIFT key, and then choose the boot device (Samsung partition 1).
However, if the secure boot option is turned on in the computer’s BIOS, it will automatically boot from the internal hard drive instead. Is there something I am doing incorrectly?
What is Secure Boot?
Secure Boot is a security feature in modern computer systems that ensures that only trusted operating systems and bootloaders can be loaded during the boot process. It is designed to protect the system from malicious software that may attempt to load during the boot process. Secure Boot is enabled by default on most modern computers.
What is WinToUSB?
WinToUSB is a free software that allows you to create a bootable USB drive from a Windows installation ISO file. The software supports both MBR and GPT partition schemes and can be used to create a bootable USB drive for BIOS and UEFI systems.
Creating a Secure-Boot-Proof WinToUSB Boot Partition
To create a Secure-Boot-Proof WinToUSB Boot Partition, follow these steps:
Step 1: Disable Secure Boot
The first step is to disable the Secure Boot feature in the computer’s BIOS. The process of disabling Secure Boot varies depending on the computer’s manufacturer and model. In most cases, you can access the BIOS by pressing a key during startup (such as F2 or Del). Once in the BIOS, look for the Secure Boot option and disable it.
Step 2: Create a WinToUSB Bootable USB Drive
Next, you need to create a WinToUSB bootable USB drive. Download and install the WinToUSB software on your computer. Insert a USB drive into your computer and launch the WinToUSB software. Select the Windows installation ISO file and the USB drive you want to use. Choose the MBR partition scheme and select “Legacy” for the boot mode. Click “Next” and follow the on-screen instructions to create the bootable USB drive.
Step 3: Enable Secure Boot
After creating the WinToUSB bootable USB drive, you can now enable the Secure Boot feature in the computer’s BIOS. Again, the process of enabling Secure Boot varies depending on the computer’s manufacturer and model. In most cases, you can access the BIOS by pressing a key during startup (such as F2 or Del). Once in the BIOS, look for the Secure Boot option and enable it.
Step 4: Add WinToUSB Boot Partition to Secure Boot List
Finally, you need to add the WinToUSB boot partition to the Secure Boot list in the computer’s BIOS. This step ensures that the computer will boot from the WinToUSB boot partition instead of the internal hard drive.
To add the WinToUSB boot partition to the Secure Boot list, follow these steps:
1. Access the computer’s BIOS by pressing a key during startup (such as F2 or Del).
2. Look for the Secure Boot option and enable it.
3. Look for the “Secure Boot Options” or “Secure Boot Configuration” option and select it.
4. Look for the “Add Boot Option” or “Add Secure Boot Option” option and select it.
5. Enter a name for the boot option (such as “WinToUSB Boot Partition”).
6. Browse to the location of the WinToUSB boot partition and select it.
7. Save the changes and exit the BIOS.
Creating a Secure-Boot-Proof WinToUSB Boot Partition is essential if you want to ensure that your bootable USB drive will work on computers with Secure Boot enabled. By following the steps outlined in this post, you can create a bootable USB drive that is compatible with both BIOS and UEFI systems and is Secure Boot enabled.
To create a secure-boot-proof bootable USB using WinToUSB, you will need to disable secure boot in the host BIOS. Secure boot is a security feature that is designed to prevent unauthorized or malicious software from running during the boot process. If secure boot is enabled, the system will only boot from trusted boot devices, which typically includes the internal hard drive.
To disable secure boot, you will need to enter the BIOS or UEFI settings on the host computer. The exact steps to do this will depend on the specific make and model of the host computer, but it usually involves pressing a key (such as Del, F2, or Esc) during boot to enter the BIOS/UEFI settings. Once you are in the BIOS/UEFI settings, look for a setting called “Secure Boot” or “UEFI Secure Boot” and disable it.
After disabling secure boot, you should be able to boot from your USB stick using the steps you described. Keep in mind that disabling secure boot may make your system more vulnerable to malware, so you should only do this if you trust the boot device and understand the potential risks.
It’s important to note that booting from a USB stick can be a useful tool for a variety of purposes, such as installing an operating system, troubleshooting issues, or performing maintenance tasks. However, it’s important to be mindful of the security implications of booting from an external device, particularly if you are using a bootable USB on a different computer.
Disabling secure boot can allow you to boot from a USB stick that was created using WinToUSB, but it also opens up your system to the potential risk of booting malicious software. As such, you should only disable secure boot if you trust the boot device and understand the potential risks. Additionally, it’s always a good idea to keep your system up to date with the latest security patches and to be cautious about what you download and run on your system.
Although it is possible to boot from a USB drive even if Secure Boot is enabled, there are some strict conditions that must be met. These include using a FAT32 partition on the USB drive, attempting to boot from the USB in UEFI mode (which is always the case when Secure Boot is enabled), and having a bootloader on the USB that is trusted by Secure Boot.
Trusted bootloaders are used by Windows 8 and newer versions, as well as some newer Linux distributions. However, it is unclear which bootloader WinToUSB uses, as no information is available on it. Based on your experience, it seems that the bootloader used by WinToUSB is not trusted by Secure Boot when it is activated.