SOLVED! “The Value Is Protected By Secure Boot Policy And Cannot Be Modified Or Deleted”

Nowadays, by taking advantage of Command Prompt, Windows users could apply a lot of changes to their computers. However, it’s worth pointing out that not everything could be changed via Command Prompt at whim. You keep getting “The value is protected by Secure Boot policy and cannot be modified or deleted” as you use Command Prompt to change things? In that case, this article is for you.

What Is Going On

Regarding “The value is protected by Secure Boot policy and cannot be modified or deleted”, there is a good chance that Secure Boot is enabled. As the name suggests, Secure Boot protects the operating system from malicious programs during the bootup process. Usually, if Secure Boot is on, it’s going to prevent attempts to change certain values on Windows computers. On the bright side, it’s possible to overcome Secure Boot in times of need.

“The Value Is Protected by Secure Boot Policy and Cannot Be Modified or Deleted”: Advice

All in all, if you plan to change things such as Data Execution Prevention (DEP), you have to disable Secure Boot. Once Secure Boot is out of the picture, you could make changes at your leisure.  

  • Step 1: Turn off your computer, wait for a moment and turn it back. As your computer starts up, enter BIOS settings. To do so, you must press the BIOS key (ESC, F2, F12, …).
  • Step 2: Locate Secure Boot setting and change its value to disabled. Depending on your device, look for Secure Boot in the Security tab, Authentication tab, or the Boot tab.
  • Step 3: Save your changes and exit BIOS.

Note: In a number of cases, you might see that Secure Boot is greyed out. That is the result of the BIOS supervisor account not being secured. You can create a supervisor account by going through the steps down below:

  • Step 1: Enter BIOS settings.
  • Step 2: Choose Security tab, select Set Supervisor Password and hit Enter.
  • Step 3: Fill in and confirm your Password on the popup dialogue box.
  • Step 4: Save changes and exit the setup. That should activate Secure Boot and allow you to enable/disable Secure Boot using BIOS.

FAQs

Is It Safe To Disable Secure Boot?

It’s safe to disable Secure Boot as long as you exercise caution while installing software afterward. For good measure, stick to software from trusted sources. 

How Does Secure Boot Work?

In use, Secure Boot verifies the digital signature of all codes trying to run on the device. Only codes that have a valid signature from a trusted source will be allowed to run. Thus, even if an attacker tries to install malware on your device, it will not be able to run if Secure Boot is enabled.

What Is UEFI And Is It Important?

UEFI (Unified Extensible Firmware Interface) is a specification that defines a software interface between an operating system and platform firmware. UEFI is intended to replace the Basic Input/Output System (BIOS) firmware interface and offers several advantages including superior security, fast startup, support for large drives, …

May I Use Secure USB Boot Media To Boot UEFI?

It’s possible to use secure USB boot media to boot a UEFI system. To do so, you must set up a security policy in the UEFI firmware that allows booting from USB devices signed with a certain key. The process will ensure that only authorized USB devices can be used to boot the system and help keep malware out.

What Must Be Done To Disable Secure Boot Without Entering UEFI?

If you want to disable Secure Boot without entering UEFI, you’ll need to use tools like BootIce, EasyUEFI, …  Once you’ve downloaded and installed one of the tools, you’ll need to open it and locate the option to disable Secure Boot. That option is usually located in the Boot settings menu. Uncheck the checkbox next to “Enable Secure Boot” and you’ll be all set.

Can I Use Secure Boot if My Computer Does Run On Windows 10?

You can still use Secure Boot even if your computer did not come with Windows 10 as long as your computer has UEFI/EFI. 

Does Secure Boot Affect Performance?

Some users report a noticeable difference in performance after enabling Secure Boot while others do not. It is likely that the impact of Secure Boot on performance will vary depending on individual computers. If you are concerned about the performance of your computer, feel free to disable Secure Boot to see the difference for yourself.

What Is The Difference Between Secure Boot And TPM?

Secure Boot is a security feature that helps ensure that your computer boots using only software trusted by the manufacturer. TPM is a security chip that stores cryptographic keys and can be used to verify the integrity of boot components.

Does Secure Boot Require TPM?

No. Secure Boot does not require a TPM but TPM can be used as an additional layer of security. If you have TPM, you can enable Secure Boot and use TPM to store the digital signatures of the software you want to run. 

How Do I Check The Secure Boot Status on Windows 10?

  • Step 1:  Press the Windows key + R to open the Run dialog box.
  • Step 2: Type “msinfo32″ into the Run dialog box and press Enter.
  • Step 3:  In the System Information window, expand the Security section.

The status of Secure Boot will be listed under the “Secure Boot” heading. If Secure Boot is enabled, it will say, “Secure Boot is enabled.” If Secure Boot is disabled, it will say, “Secure Boot is disabled.”

Tips And Tricks

  • Use a strong password for bootloader so only authorized users can access it.
  • Encrypt your boot partition. That will prevent others from being able to read your boot data if they gain access to your computer.
  • Use a Secure Bootloader. Quite a few bootloaders exist but not all are equal so choose one with good security reputation.
  • Keep your computer updated. Security patches and new features can help to improve the security of your boot process.

 

Leave a Comment