How to Turn On Secure Boot State in Windows 11: A Step-by-Step Guide

Is your Secure Boot state turned off in Windows 11, preventing you from fully meeting system security requirements or blocking updates like Windows 11 feature upgrades? Don’t worry — you’re not alone.

Secure Boot is an essential BIOS/UEFI feature that helps protect your PC from malware and ensures your system only boots using trusted software. But many users find it confusing to enable — especially since it’s controlled through the UEFI firmware settings, not the Windows interface.

In this detailed, beginner-friendly guide, we’ll explain what Secure Boot is, why it matters, and walk you through how to turn on Secure Boot state in Windows 11 step-by-step — even if your PC says Secure Boot is “unsupported” or “disabled.”

---

🧭 Quick Summary

✅ Time required: 5–10 minutes
✅ Difficulty: Easy to Moderate
✅ Tools needed: Administrator access

---

What Is Secure Boot in Windows 11?

Secure Boot is a security standard developed by Microsoft and PC manufacturers to ensure that your computer only boots software that’s digitally signed and trusted by the manufacturer.

When Secure Boot is enabled, it:

• Prevents rootkits, bootkits, and malicious firmware from loading.

• Verifies the authenticity of the operating system at startup.

• Ensures system integrity for Windows 11’s secure platform.

💡 In short: Secure Boot is like a digital gatekeeper that ensures only safe, verified code runs before Windows starts.

---

Why Secure Boot Is Important in Windows 11

Microsoft made Secure Boot a requirement for Windows 11 installation and updates. It’s one of the key components of hardware-based security that keeps modern PCs safe.

🔹 Key Benefits:

1. Enhanced security – Blocks unauthorized bootloaders or malicious code.

2. Required for BitLocker – Helps encrypt and protect your system drive.

3. Supports TPM 2.0 security features.

4. Prevents kernel-level malware from compromising your OS.

5. Essential for Windows 11 installation and future updates.

Without Secure Boot, your system may be at risk and might not pass Windows 11 compatibility checks.

---

Step 1: Check Your Secure Boot Status in Windows 11

Before enabling Secure Boot, let’s verify its current state.

🔹 Method 1: Using System Information

1. Press Windows + R to open the Run dialog.

2. Type:

   msinfo32


   and press Enter.

3. In the System Information window, look for:

   • Secure Boot State:

     • On → Secure Boot is enabled.

     • Off → Secure Boot is disabled.

     • Unsupported → Your motherboard or firmware doesn’t support it.

   • BIOS Mode:

     • UEFI → Required for Secure Boot.

     • Legacy → You need to switch to UEFI.

✅ If your BIOS mode says Legacy, you must change it before enabling Secure Boot.

---

Step 2: Access UEFI Firmware (BIOS) Settings

You need to access the UEFI interface to enable Secure Boot.

🔹 Method 1: Using Settings

1. Press Windows + I to open Settings.

2. Go to System > Recovery.

3. Under Advanced startup, click Restart now.

4. On the blue screen, choose:
   Troubleshoot → Advanced options → UEFI Firmware Settings → Restart.

Your computer will reboot directly into the BIOS/UEFI menu.

🔹 Method 2: Using a Hotkey

Alternatively, restart your PC and press one of the following keys (depending on manufacturer):

💡 Tip: Watch the bottom of your boot screen — it often says “Press [key] to enter setup.”

---

Step 3: Switch from Legacy BIOS to UEFI Mode (If Needed)

If your system uses Legacy BIOS, you’ll need to switch to UEFI mode, since Secure Boot only works in UEFI.

🔹 Check Current Boot Mode:

In System Information, check:

If it says “Legacy,” you must convert your disk to GPT format before enabling UEFI.

---

🔹 Convert Legacy to UEFI (Safely)

You can switch to UEFI without reinstalling Windows using a built-in command.

1. Open Command Prompt as Administrator.

2. Type:

   mbr2gpt /convert /allowfullos


3. Press Enter and wait for the conversion to complete.

4. Restart your PC and enter BIOS again.

5. Change Boot Mode to UEFI.

✅ Now your system supports Secure Boot.

---

Step 4: Enable Secure Boot in BIOS/UEFI

Once you’re in UEFI mode, it’s time to enable Secure Boot.

🔹 General Steps:

1. In BIOS, find the Boot, Security, or Authentication tab.

2. Locate Secure Boot or Secure Boot Control.

3. Set it to Enabled.

4. Save changes (usually F10) and exit BIOS.

💡 Note: Some PCs may require you to clear keys or set Platform Key (PK) first. Choose Install default keys if prompted.

---

🔹 Example (Asus Motherboard)

• Go to Boot > Secure Boot.

• Set OS Type → Windows UEFI Mode.

• Enable Secure Boot.

🔹 Example (HP BIOS)

• Go to Security > Secure Boot Configuration.

• Check Enable Secure Boot.

• Save changes and reboot.

✅ Your PC will restart and Secure Boot will be active.

---

Step 5: Save Changes and Reboot

After enabling Secure Boot:

1. Press F10 to save and exit BIOS.

2. Confirm by selecting Yes.

3. Wait for your PC to restart into Windows 11.

If Windows fails to boot, re-enter BIOS and verify:

• Boot Mode = UEFI

• Secure Boot = Enabled

If you switched from Legacy BIOS recently, your system might perform an additional reboot to adapt.

---

Step 6: Verify Secure Boot Is Enabled

Once back in Windows 11, let’s confirm it’s active.

🔹 Method 1: Using System Information

1. Press Windows + R, type:

   msinfo32


2. Check Secure Boot State: On.

🔹 Method 2: Using Windows Security

1. Open Settings > Privacy & Security > Windows Security.

2. Select Device Security.

3. Under Security processor details, look for Secure Boot: On.

✅ If both say “On,” your Secure Boot is working perfectly.

---

Step 7: Troubleshooting Secure Boot Issues

If Secure Boot won’t turn on or shows “unsupported,” try these fixes.

🔹 1. Check Boot Mode

Secure Boot only works in UEFI, not Legacy. Convert your system to UEFI using the mbr2gpt tool.

🔹 2. Reset BIOS to Defaults

Corrupt firmware settings can block Secure Boot.

• Enter BIOS → select Load Setup Defaults or Restore Defaults.

• Reboot and try enabling Secure Boot again.

🔹 3. Clear Secure Boot Keys

If Secure Boot is greyed out:

• In BIOS, go to Secure Boot > Key Management.

• Select Clear Secure Boot Keys or Install Default Keys.

Then, enable Secure Boot and save.

🔹 4. Update BIOS Firmware

Visit your motherboard or laptop manufacturer’s website and update to the latest BIOS/UEFI version.
Newer versions often fix Secure Boot issues.

🔹 5. Disable CSM (Compatibility Support Module)

If your BIOS has CSM (Legacy Boot) enabled, Secure Boot won’t activate.
Go to Boot Options → disable CSM Support → save and reboot.

---

Step 8: Confirm Windows 11 Recognizes Secure Boot for Updates

To check that Windows 11 fully recognizes Secure Boot:

1. Open Settings > System > About > Device specifications.

2. Click System info > Security processor details.

3. Ensure Secure Boot says Enabled.

You can also verify by running:

and checking that both TPM and Secure Boot are active — confirming your system meets all Windows 11 hardware security requirements.

---

Bonus: Secure Boot and TPM 2.0 — How They Work Together

Secure Boot and TPM 2.0 are two pillars of Windows 11’s hardware security.

When both are enabled:

• Your PC has full Windows 11 device protection.

• You can safely enable BitLocker, Windows Hello, and Core Isolation.

• You’re fully compliant with Microsoft’s hardware-based security requirements.

---

Step 9: How to Disable Secure Boot (Optional)

In rare cases, you might need to disable Secure Boot temporarily (e.g., to boot Linux or unsigned drivers).

🔹 To Disable:

1. Enter BIOS → locate Secure Boot.

2. Change status to Disabled.

3. Save and reboot.

⚠️ Warning: Disabling Secure Boot can reduce your system’s protection. Re-enable it when done.

---

Common Questions and Fixes

🔹 “Secure Boot Unsupported” Message

• Check your motherboard manufacturer’s documentation — older boards may not support Secure Boot.

• Ensure your system is booting in UEFI mode.

• Update BIOS firmware.

🔹 “Secure Boot Can’t Be Enabled While CSM Is Active”

• Disable Compatibility Support Module (CSM) under Boot options.

🔹 “Operating System Loader Signature Not Found”

• Select Install Default Keys in BIOS.

• Reboot into Windows normally.

---

💡 Pro Tips

• Keep your BIOS password-protected to prevent unauthorized changes.

• Always update firmware before making Secure Boot changes.

• If dual-booting Linux, use distros like Ubuntu or Fedora that support Secure Boot.

• Back up your data before converting from Legacy to UEFI.

---

🧰 Key Takeaways

✅ Once Secure Boot is on, your Windows 11 system becomes more secure, update-ready, and compliant with Microsoft’s hardware requirements.

---

💬 Conclusion: Make Your PC Secure and Windows 11 Ready

Turning on Secure Boot in Windows 11 might sound technical, but as you’ve seen — it’s just a matter of checking your BIOS mode, switching to UEFI, and enabling one setting.

By following this guide, you can:

• Protect your system from threats.

• Pass Windows 11’s security checks.

• Unlock full compatibility for new updates and features.

So go ahead — reboot into BIOS, enable Secure Boot, and enjoy a safer, more future-proof Windows experience.

---

🔍 FAQs About Turning On Secure Boot in Windows 11

1. Why is Secure Boot required for Windows 11?

It ensures only trusted firmware and operating systems load during startup, improving security.

2. What if my PC doesn’t support Secure Boot?

Your motherboard might be too old. You can still use Windows 11 unofficially, but security features will be limited.

3. Can I enable Secure Boot without reinstalling Windows?

Yes. Convert your system from Legacy to UEFI using the mbr2gpt command, then enable Secure Boot in BIOS.

4. Will enabling Secure Boot delete my data?

No — it only changes the boot process, not your personal files.

5. Is Secure Boot compatible with Linux?

Yes, modern distros like Ubuntu and Fedora support Secure Boot with signed bootloaders.

---

✅ Final Takeaway:
Enabling Secure Boot in Windows 11 is one of the simplest ways to improve your PC’s protection and compliance.
Check your BIOS mode, switch to UEFI, and enable Secure Boot — your device will thank you with stronger, safer performance.