locked
Secure Boot and BitLocker on Win10 RRS feed

  • Question

  • BitLocker and Secure Boot questions

    Secure Boot

    1. I had been hesitant enabling Secure Boot because I am just afraid it might cause issues and slow down my laptop's boot time. Secondly, if I reinstall Windows 10 using my bootable USB flash drive, will I have to disable Secure Boot temporarily before installing Windows 10 from the flash drive?

    I also have BitLocker enabled with Used Space Only encrypted. Will I also have to disable BitLocker before I enable Secure Boot?

    BitLocker and future releases of Windows 10

    1. When MS releases major upgrades such as the 1511 and 1607 releases, does BitLocker have to be Suspended or Disabled before upgrading to a new major release of Windows 10 or it is not required to do so?

    Anyways, whenever I do these major upgrade installs, I always tend to perform a Clean Installation rather using the In-Place upgrades.

    Please help - Thanks!
    Thursday, December 15, 2016 6:42 AM

All replies

  • For the secure boot, it won't have much impact on performance while it is great defense against rootkits and bootkits and other sophisticated threats. You don't need to disable SecureBoot during installing Windows because will check the Windows CA and verify it and it is in trusted list.

    Normally, there is no need to disable Bitlocker and you may just perform in-place upgrade. However, if there is any special requirement to do it, you will get message . But in normal case, you don't need to disable Bitlocker.

    Thursday, December 15, 2016 6:16 PM
  • My question is basically, that do I need to disable BitLocker before I enable Secure Boot?

    Or enable Secure Boot before I enable BitLocker?

    Please explain.

    • Edited by Andrew.S.B Thursday, December 15, 2016 7:27 PM
    Thursday, December 15, 2016 7:26 PM
  • When you change secure boot settings on an already encrypted system, you will see that bitlocker might switch to recovery mode, requiring you to enter the recovery key before you can continue booting. So as with all bios changes, it is recommended to suspend (not disable) bitlocker before you do it.

    As for OS upgrades, BL is suspended automatically in all versions of win8 or win10.

    By the way, that latter behavior has caused a major outcry in the security scene as you can see here: http://blog.win-fu.com/2016/11/every-windows-10-in-place-upgrade-is.html 

    Sunday, December 18, 2016 2:11 PM