How do I use the BIOS/UEFI?

Surface Pro and Surface Pro 2 use the latest firmware interface, called the Unified Extensible Firmware Interface (UEFI).

Applies to

Surface Pro 2, Surface Pro.


UEFI offers new features such as faster startup and improved security, and was designed to replace BIOS (basic input/output system).

Important

Under normal circumstances, there is no need for you to change UEFI settings. If you change these settings, you risk the security of your Surface. But, if you ever need access to Surface firmware features, here's basic info:


What firmware features can I use?

You can access the following firmware features on Surface Pro and Surface Pro 2:

  • Secure Boot Control. Secure Boot technology blocks the loading of uncertified bootloaders and drives.
  • Trusted Platform Module (TPM). TPM technology provides major advancement over BIOS in the area of hardware-based security features.

How do I get to the UEFI settings?

The UEFI settings can only be adjusted during system startup. To load the UEFI firmware settings menu:

Step 1: Shut down (power off) Surface.
Step 2: Press and hold the volume-up (+) rocker on the side of Surface.
Step 3: Press and release the power button on the top of Surface, then release the volume-up rocker. The UEFI menu will display within a few seconds.

UEFI menu options

The UEFI settings that you can modify are:

  • Trusted Platform Module (TPM)
    The currently configured state of TPM (Enabled or Disabled) is highlighted. To change the state, tap the other one, then confirm on exit.
  • Secure Boot Control
    The currently configured state of Secure Boot (Enabled or Disabled) is highlighted. To change the state, tap the other one, then confirm on exit.
  • Delete All Secure Boot keys

    To delete all of the installed Secure Boot keys (including the default ones that were installed with Windows), tap Yes, then confirm on exit.

    Note
    With the keys deleted, Windows displays a red screen during startup.
  • Install Default Secure Boot Keys
    To reinstall all of the Secure Boot keys that were originally installed with Windows (and only those), tap Yes, then confirm on exit.

Contact Us

Answer Desk
Answer Techs are available to help.
Talk to a live agent