Applies to

Surface Pro, Surface Pro 2, Surface Pro 3, Surface 3, Windows 8.1.


How do I use the BIOS/UEFI?

Surface Pro models and Surface 3 use the latest firmware interface, called the Unified Extensible Firmware Interface (UEFI).


UEFI offers new features including faster startup and improved security and replaces BIOS (basic input/output system).

Important
Under normal circumstances, there’s no need for you to change UEFI settings. If you change these settings, you risk the security of your Surface. But, if you ever need access to Surface firmware features, here's the basic info:

What firmware features can I use?

You can access the following firmware features on any Surface Pro model or Surface 3:

  • Secure Boot Control. Secure Boot technology blocks the loading of uncertified bootloaders and drives.

  • Trusted Platform Module (TPM). TPM technology provides a major advancement over BIOS in the area of hardware-based security features.

How do I get to the UEFI settings?

The UEFI settings can only be adjusted during system startup. To load the UEFI firmware settings menu:

Step 1: Shut down (power off) Surface.
Step 2: Press and hold the volume-up button on your Surface, and at the same time, press and release the power button on your Surface.
Step 3: When you see the Surface logo, release the volume-up button.
The UEFI menu will display within a few seconds.

UEFI menu options

Which UEFI settings you can modify depends on which Surface model you have.

Surface Pro or Surface Pro 2

  • Trusted Platform Module (TPM)
    The currently configured state of TPM (Enabled or Disabled) is highlighted. To change the state, tap the other one, then confirm on exit.

  • Secure Boot Control
    The currently configured state of Secure Boot (Enabled or Disabled) is highlighted. To change the state, tap the other one, then confirm on exit.

  • Delete All Secure Boot keys
    To delete all of the installed Secure Boot keys (including the default ones that were installed with Windows), tap Yes, then confirm on exit.

    Note
    When Secure Boot keys are deleted, Windows displays a red screen during startup.
  • Install Default Secure Boot Keys
    To reinstall all of the Secure Boot keys that were originally installed with Windows (and only those), tap Yes, then confirm on exit.

Surface Pro 3

  • Trusted Platform Module (TPM)
    The currently configured state of TPM (Enabled or Disabled) is highlighted. To change the state, tap the other one, then confirm on exit.

  • Secure Boot Control
    Tap Secure Boot Control to enable or disable this feature. While Secure Boot Control is enabled, you have the following additional options:

    • If Secure Boot keys are installed, you can delete them by tapping Delete All Secure Boot Keys.
    • If Secure Boot keys aren't installed, you can tap Install All Factory Default Keys and then tap either Windows & 3rd-party UEFI CA (Default) or Windows only.

  • Configure Alternate System Boot Order
    To select the order in which your Surface boots, tap Configure Alternate System Boot Order, and select one of the following options:

    • SSD only
    • Network -> USB -> SSD
    • USB -> Network -> SSD
    • USB -> SSD
    • Network -> SSD

  • Advanced Device Security
    This allows you to disable ports and features you don’t want anyone to use. For example, you can disable the microSD reader to ensure that no one can use a microSD card to copy data. It will be as though the reader doesn’t exist, which means that if you disable the microSD reader, you won’t be able to use microSD cards.

    The current setting appears in bold. Tap Advanced Device Security, and tap the option you want:

    • Network Boot
    • Side USB
    • Note

      Disables the ability to boot from a USB device. The USB port remains enabled in Windows.

    • Docking Port
    • Front Camera
    • Rear Camera
    • OnBoard Audio
    • microSD
    • WiFi

      (Disabling Wi-Fi disables the Bluetooth® option.)

    • Bluetooth

  • Device Information
    This allows you to view the system UUID and the serial number.

  • Administrator Password
    Administrators can create a password to prevent others from changing the UEFI settings.
    This is typically used in organisations that need to protect sensitive information.
  • Exit Setup

    • Save and exit. To save your changes and exit, tap or click Exit Setup, and tap or click Yes.
    • Exit without saving. To exit without saving your changes when you’re using a Surface Typing Cover, press Esc, and select Yes. If you aren’t using a Cover, press the power button.

Surface 3

  • Trusted Platform Module (TPM)
    The currently configured state of TPM (Enabled or Disabled) is highlighted. To change the state, tap the other one, then confirm on exit.
  • Secure Boot Control
    Tap Secure Boot Control to enable or disable this feature. While Secure Boot Control is enabled, you have the following additional options:
    • If Secure Boot keys are installed, you can delete them by tapping Delete All Secure Boot Keys.
  • Device Information
    This allows you to view the system UUID and the serial number.
  • Configure Alternate System Boot Order
    To select the order in which your Surface boots, tap Configure Alternate System Boot Order, and select one of the following options:
    • Network > USB > SSD
    • SSD Only
  • Administrator Password

    Administrators can create a password to prevent others from changing the UEFI settings.
    This is typically used in organisations that need to protect sensitive information.

  • Exit Setup
    • Save and exit. To save your changes and exit, tap or click Exit Setup, and tap or click Yes.
    • Exit without saving. To exit without saving your changes when you’re using a Surface Typing Cover, press Esc, and select Yes.
Important
If you set a password for the UEFI, record it in a safe place. If you forget the password you won’t be able to access the UEFI settings. The only way to reset this password is from withing UEFI.

Note
If you enter the UEFI administrator password incorrectly, you’ll be locked out after three tries. Restart Surface to get another three tries.

Contact Us

Answer Desk
Answer Techs are available to help.
Talk to a live agent