Windows 10 / UEFI "Secure Boot" gurus, need help please

*I am trying to recover files for a friend from a Dell Inspiron15 5000 Series laptop. Windows 10 is installed and won’t boot.

Normally this would not be a problem. I would simply boot Linux from a USB pen drive and copy the files to an external USB hard drive. Once the files were safely copied to external media, I’d try fixing the O/S, or, as a last resort, re-installing from the factory partition.

If I had trouble accessing the disk, I would query the disk’s microcontroller with smartctl to find out if there’s a disk error causing the problem.

If so, I would boot SeaGate’s SeaTools software, which on past occasions has successfully recovered seemingly unusable hard disks (by forcing the disk’s microcontroller to re-map bad sectors). In the past, I’ve used this technique successfully to make a hard disk usable long enough to recover files.

However…

This machine has “UEFI secure boot” enabled in the BIOS. I’ve never dealt with this before.

When I press F2 on power-up to get into the BIOS, there is an option to “Change BOOT mode” to “Legacy Boot Mode, Secure Boot Off”… but when I select that I get an ominous warning that it might make the disk unreadable.

Having never dealt with UEFI Secure Boot before, I want to proceed very cautiously since it’s not my machine.

So my question is, are there any gurus out there who have personal experience with turning UEF off so you can boot removable media? Is it safe to do? Are there any precautions I should be aware of? I don’t trust Microsoft.

In my experience, nothing bad happens when you disable secure boot.

I have a Dell Inspiron i7559, which is likely fairly similar to your computer, and I have configured it to use secure boot with custom keys to dual boot Windows 10 and Linux. In the process, I have disabled and enabled secure boot multiple times without any problems.

On the other hand, the option in your computer’s BIOS appears to not only disable secure boot, but also enable legacy boot mode. This will make the computer try to boot using a MBR, like computers did before UEFI existed. If you enable legacy boot, nothing should happen to the data on the disk, but you won’t be able to boot an EFI executable, and therefore it would be impossible for Windows to boot without being reinstalled in BIOS mode. I have never used this option, so I can’t say much more than this.

The safest solution would probably be to create a USB Linux installation that uses a Microsoft signed shim bootloader to boot without disabling secure boot, but this is a fairly complex process.

Barring that, if you could find a way to disable secure boot without enabling legacy boot mode, that should be safe and would allow you to boot Linux off a USB drive.

A third option is to both disable secure boot and enable legacy boot, which should allow you to boot off a USB drive. If you have to reinstall Windows, make sure you disable legacy boot beforehand, so that it does not install in MBR/BIOS mode. You may have to reconfigure the boot options if you enable and then disable legacy boot without reinstalling Windows. Again, I have never done this, so I’m not sure exactly what would happen.

Lastly, I will mention that UEFI implementations, especially older ones, are notoriously buggy, so there is the possibility of an unexpected problem.

Why not physically pull the drive and connect it to another system?

What “other system” did you have in mind?

Another computer with a drive of its own to boot from, and perhaps a USB drive dock, or you could go to internal SATA maybe if it’s a desktop PC.

Are you implying that “another computer” legacy-booted to a pre-GUID O/S would be able to access the files on a GUID-partitioned hard disk externally connected via a USB drive dock?

Disabling Secure Boot should have no real consequences.

Now, switching to legacy boot would likely render the disk unable to boot, but it should still be accessible from another booted OS. I don’t have first hand experience here though.

A pre-GUID OS wouldn’t likely be able to access the files, but a modern OS using MBR should still be able to access the partitions, even if booting in legacy mode.

I do know that most modern Linux Live Distros/Installers can boot UEFI, as long as SecureBoot is off. I haven’t tried this with anything except Arch Linux when I installed it 2 months ago to my first ever UEFI laptop (ThinkPad W540). So a new or recent USB Drive “installation” of something like Ubuntu or Knoppix should be able to work fine in UEFI Boot, as long as SecureBoot is off.

Give me a few hours and I can try this with a couple Live Distros, namely Knoppix.

Permanently? i.e. even after I switch back to secure boot? That would not be OK.

I don’t want to boot the hard disk. I just want to recover the files from it, and possibly repair it. Then switch back to secure boot.

,but it should still be accessible from another booted OS.

I know from long personal experience that if the hard disk is MBR-partitioned, my legacy-boot tools (on USB and CD) will access the hard disk. My question is whether they can access a GUID-partitioned hard disk.

a modern OS using MBR should still be able to access the partitions, even if booting in legacy mode.

What’s your source for this? Because I haven’t been able to find an authoritative source. The question is: would an OS designed to read MBR-partitioned disks be able to access and read files on a GUID-partitioned disk.

I do know that most modern Linux Live Distros/Installers can boot UEFI

One of the live CDs I anticipate needing to use is “SeaTools for DOS” which I’m sure predates GUID-partitioned disks. This tool runs SMART and can force re-allocation of bad sectors by writing zeroes to a bad sector. I have recovered completely unusable disks on more than one occasion using this feature… long enough to recover irreplaceable files. I think this tool should work, because it works below the level of the file system (or even the partitioning, I think).

Give me a few hours and I can try this with a couple Live Distros, namely Knoppix.

I’d be interested in your results.

*Getting back to this thread to wrap it up.

F12 to boot menu, changed “UEFI Secure Boot On” to “Legacy Secure Boot OFF”

Cycled power, F12, select USB boot, boot Clonezilla USB with smartmon tools. Grabbed SMART data from hard disk. 3440 uncorrectable sectors pending. So it’s a disk hardware problem.

Cycled power again, F12, select USB boot, boot Linux USB, was able to mount the Win10 NTFS partition, dragged and dropped the pictures, documents, desktop, downloads, etc folders to external USB drive. All but 21 of 5000 files successfully copied.

Changed “Legacy Secure Boot OFF” back to “UEFI Secure Boot On”.

Case closed.

One more thing I forgot to mention.

In the course of tackling this issue, I learned about some Linux tools I was previously unaware of.

GNU ddrescue

TestDisk/Photorec

Foremost

ddrescue is like dd on steroids. search for it and check it out. it’s a “smart” version of dd. it will try to make the best possible image of a disk that has hardware errors.

TestDisk can be used to explore the image created by ddrescue, and possibly even repair partitions and filesysystem inside the image

Photorec recovers files from the image.

Foremost I haven’t read about too much yet, but it’s “a forensic data recovery program for Linux used to recover files using their headers, footers, and data structures through a process known as file carving”. “Although written for law enforcement use, it is freely available and can be used as a general data recovery tool”.

Anybody out there in CD-land ever used any of these tools? Please share your experiences.

Our coach’s son-in-law fixed my laptop with TestDisk after I formatted the hard drive. Only a soft format, but it was capable of recovering the whole thing, even keeping the boot table perfectly intact (GRUB and multiple OSes installed). I ALWAYS keep a copy on my flash drive.

Photorec I’ve used mostly for SD cards that have gone FUBAR (basically file managers don’t even know what they’re looking at). It works perhaps too well (it grabs EVERYTHING it can find, only discriminating by file extension). Only downside to Photorec is that files aren’t necessarily named or sorted, so you’ll do manual sorting yourself.