How Do I Boot From a USB Thumb Drive?

It’s harder than it used to be, all in the name of security.

This is a common problem.

Your computer’s BIOS needs to be instructed to check for a bootable USB device before it tries to load whatever is on the hard drive. Right now, your computer is configured to either ignore USB devices, or check the hard disk first, at boot time.

The problem is that newer machines don’t have a BIOS; they have something called UEFI. And UEFI makes things more complex.

Booting from a thumb drive

Look for an option to press a key to select the boot device as your machine reboots. Failing that, look in your UEFI settings for the “boot order”, and make sure that USB is checked for a bootable device before the internal hard disk. Note that it’s possible for these options to be disabled in the name of security.

Old school options

Many machines still support what I’d refer to as the “old school” options of rebooting, and pressing a specific key early in the boot process to make something happen.

For example, on at least one of my machines rebooting and then early in the boot process:

• Pressing the Del key will cause the machine to enter UEFI setup.
• Pressing the F12 key will present a list of bootable devices attached to my system, and allow me to choose which one to boot from.

That second option, if present, is ideal. If I want to boot from something other than my hard drive, all I need do is press F12 while the machine reboots, and choose the alternative I want to use.

Unfortunately, these options may not be present, either because your machine’s UEFI doesn’t support them, or because they’ve been turned off for security.

UEFI and Secure Boot

UEFI, an acronym for Unified Extensible Firmware Interface, is a new type of BIOS that includes several enhancements. You’ll often see it referred to as “UEFI BIOS”, or even incorrectly as “BIOS”, because that’s what we’ve become used to.

One of those enhancements is something called “secure boot”.

Secure boot matters because there’s a glaring security hole that’s been present in almost every PC since day one. It’s very simple and very powerful.

• If you have physical access to a machine,
• and you can reboot that machine,
• and you can boot that machine from a USB device,
• then you can gain complete access to that machine.

Secure Boot, when enabled, prevents this. It prevents changes in the boot order and can restrict booting to only “official” boot images.

Windows versions 8 and later take advantage of UEFI and Secure Boot. That means that if your system has UEFI and Secure Boot turned on, in order to boot from something other than the hard disk, you may need to turn Secure Boot off first.

Turning Secure Boot Off 

Right-click on the Start menu and hold the Shift key down while clicking on Restart.

This will reboot into a “Choose an option” screen:

Click on Troubleshoot (not shown) and then on Advanced options.

I can’t tell you what comes next, because it’s different from machine to machine.

You may be able to modify the settings we care about by clicking on Startup Settings, if it’s present as shown in the image above.

If present, UEFI Firmware Settings may do the trick. Click on that to go to the UEFI interface for your computer. The option to disable Secure Boot should be in that interface. You may need to check your computer’s documentation for its specific location.

Changing the boot order

Like BIOS before it, UEFI controls the boot order: which devices the computer tries to boot from and in what order.

Look for the settings to ensure the USB interface (or any CD/DVD drive) is checked before the hard disk. When set in the order, the system will boot from your recovery drive before booting from the internal hard drive.

Unfortunately some poorly designed systems may see the presence of any USB device, bootable or not, as something to try to boot from, and stall at this point. If that happens the only recourse is to disconnect that USB device, or restore the boot order to check the hard disk first.