Recently updated to Windows 8.1 (from Windows 8 OEM). Now it shows a notification on the bottom right corner of the desktop that says "Windows secure boot is not configured." Everything works fine otherwise, just that silly message is there on both monitors.
Naturally, I did some google searching and found that I have to enable secure boot in the bios to fix the issue.
When I enter the bios, I can see the option to enable secure boot, however that option is not select-able and will not allow me to enable it.
I have the Gigabyte H87N-Wifi mini-ITX motherboard. Haven't bothered to do a bios update as it is a fairly new Haswell board. Just built the PC less than a month ago.
I noticed there is a selection just above the secure boot option to enter an admin password and or a user password. Some solutions I read claimed you must enter one or both, but I don't know where to find these passwords, or am I supposed to create (a) new one(s)? Those details were never explained and I haven't been able to find a definitive answer.
Anyone else have this issue or knows how to fix this?
Just keep secure boot deactivated and try to make Windows quite. Secure boot is not a security feature in any way, it even makes security worse in the age of BIOS/UEFI/firmware malware and it makes the installation of other operating systems harder.
I'm not sure what you were trying to say there. I don't mind leaving the secure boot feature disabled, especially if it's better this way, but I don't get what you mean by "try to make windows quite". Did you mean "quit" or "quiet"?
Any thoughts on how to get rid of the desktop watermark/notification?
What keys will it load? Do you realize that you'll not be able to run any software not signed by those keys? Are you sure you want to do that? I posted a link before on this forum somewhere that the keys are published on the internet, and that any malicious hacker can use them to get onto a windows system.
Trust me, you're much better off disabling it if you're using Windows, the Secure Boot feature in Windows is like a giant public backdoor for malware.
If you're using linux, you can dump all the keys in the UEFI and load your own keys, and linux will create a special set a keys specific to your hardware that nobody else can know or have, that would be an addition to security, and unnecessary addition because malware can't do much on a linux system, but still technically a real addition. On Windows, it's suicide to enable secure boot.
I'm sure people have this disabled and have found a way to get rid of the notification/watermark on the desktop. That's all I need to know, if anyone knows how.
Users on Overclock.net are reporting (a couple say it did not work) that they fixed their issue with the watermark by resetting their bios/UEFI to "reset to factory defaults". If you are overclocked then you may have to reset your overclock thereafter.
I am also reading that Windows may put out a patch to fix this.
Until I see evidence that secure boot is harmful I am leaving secure boot enabled. The only reason to disable it in my mind is if you want to dual boot into Linux.
Also, if you have a discrete GPU make sure you have a vbios that supports UEFI.
Until I see evidence that secure boot is harmful I am leaving secure boot enabled
That's stupid. You should ask why you need it and if you can't answer it then don't use it.
Oh, and because you ask for evidence: Microsoft has keys to install whatever into your UEFI and everything on top of that (OS, Apps, mostly). They lost keys, they have security breaches and they give away keys all the time. It's just another possible attack vector that you can simple eliminate by disabling secure boot altogether.
And that's ignoring all the hassle you will have if you tinker with the system.
Google "fedora shim"' and you'll find all the articles you need on secure boot and the difference between windows and linux in the way it uses it. This was a big thing in december2012/january2013. By now, pretty much all linux distros use the fedora shim and linux unique hardware keys. In fact, I think I've posted about this on this forum, explaining the whole mechanism.
Oh and if you want to sign your malware with the Microsoft secure boot key, here it is:
On my Asus machines, it's called "disable fancy start" I believe, on my gigabyte boards, it's "disable logo screen", and on my servers, it's "disable splash". It comes with many names, you'll have to find something in that style. It must be in the BIOS settings somewhere.
I have no plans to overclock the CPU which is why I went with the i5-4570 and H87 chipset.
GPU is the Gigabyte Windforce HD 7950 3GB GDDR5.
When I first built the system, I actually didn't have to change much at all. It was all setup correctly on it's own. The only thing I did was enable XMP profiles for the ram (Kingston Hyper X Black 8GB (2 x 4GB) 1600). Even still, the ram speed was already showing correctly.
So I should have no issue resetting the bios/UEFI to default settings. Would just have to reset the XMP profiles again.
I'm not planning to dual boot with Linux any time soon, but I might do that later on when I start adding more storage drives.
If I reset the bios, I'm not going to have to re-install windows or anything like that, correct?
When I select "secure boot mode" there is no option for "custom". If my horrible short-term memory serves me correctly, I believe the only options were "setup" and "system", or something like that...
I thought the splash/logo screen is the screen you see when you first power on your system and before windows starts... Usually shows the logo for the motherboard manufacturer. No?
I have seen that option. Will try disabling it.
Thanks, everyone, for all the suggestions. Will report back later.
*I am still researching on what the other forum members say about secure boot having potential security concerns but this is how you enable it. If I see this as correct or a major concern I will report back.
**To the other users....Thanks for alerting me to this. Like I said I will do my research and see if this is an issue I should be concerned about.