When it comes to keeping your PC safe, Secure Boot is one of the most important security features baked into Windows 11. If you’ve ever tried installing Windows 11 on an older machine, you’ve probably come across the dreaded error: “This PC can’t run Windows 11.” Nine times out of ten, that’s because Secure Boot (or TPM) isn’t enabled.
But what exactly is Secure Boot, and how do you turn it on? Don’t worry—I’ll walk you through everything step by step.
What Is Secure Boot in Windows 11?
Secure Boot is a security standard developed by Microsoft and PC manufacturers that ensures your computer boots only using trusted software.
Think of it as a security guard at the entrance of your PC. It checks every driver, bootloader, and firmware component before allowing Windows to start. If something suspicious tries to sneak in—like malware or an unauthorized bootloader—Secure Boot blocks it.
Why Do You Need Secure Boot Enabled?
Here’s why turning on Secure Boot is important:
- Required for Windows 11 installation
- Protects against rootkits and malware attacks
- Prevents unauthorized operating systems from loading
- Ensures system integrity during startup
How to Check If Secure Boot Is Enabled in Windows 11
Before diving into BIOS settings, let’s check whether Secure Boot is already on:
- Press Windows + R to open the Run dialog.
- Type msinfo32 and hit Enter.
- In the System Information window, look for Secure Boot State.
- If it says On → You’re good to go.
- If it says Off → You’ll need to enable it.
- If it says Unsupported → Your PC doesn’t support Secure Boot.
Things to Do Before Turning On Secure Boot
Enabling Secure Boot isn’t complicated, but a few precautions help avoid issues:
- Back up important data (just in case).
- Check if your system uses UEFI (not Legacy BIOS). Secure Boot only works with UEFI.
- Update BIOS/UEFI firmware if it’s outdated.
- Make sure your drive is GPT partitioned—Secure Boot doesn’t work with MBR.
How to Turn Secure Boot On in Windows 11
Here’s the step-by-step process:
Step 1: Enter BIOS/UEFI
- Restart your PC.
- As it’s booting, press the BIOS key (usually F2, F10, F12, Del, or Esc—depends on your manufacturer).
- You’ll now be inside the BIOS/UEFI settings.
Step 2: Find Secure Boot Option
- Navigate to the Boot, Security, or Authentication tab.
- Look for Secure Boot.
(Tip: On some systems, it may be under “Advanced Settings.”)
Step 3: Enable Secure Boot
- Change the Secure Boot setting to Enabled.
- If you see options like Standard or Custom, choose Standard (safer for most users).
Step 4: Save and Exit
- Press the key for Save & Exit (often F10).
- Your PC will restart with Secure Boot enabled.
Troubleshooting: Can’t Enable Secure Boot?
Sometimes Secure Boot won’t turn on right away. Here are common issues:
- PC is in Legacy BIOS mode → Switch to UEFI mode.
- Drive uses MBR partition → Convert it to GPT using tools like MBR2GPT.
- Option is greyed out → Disable “Compatibility Support Module (CSM)” first.
How to Verify Secure Boot Is Working
After enabling, double-check it:
- Press Windows + R, type msinfo32, and hit Enter.
- Look for Secure Boot State.
- It should now say On.
When Should You Keep Secure Boot Off?
While it’s best to keep it on, there are rare cases where you might turn it off:
- Installing older operating systems like Windows 7.
- Running Linux distributions without Secure Boot support.
- Using certain hardware drivers that aren’t digitally signed.
But for Windows 11 users, it’s almost always best to leave Secure Boot enabled.
Conclusion
Turning on Secure Boot in Windows 11 is one of the simplest yet most powerful steps you can take to keep your PC safe. It ensures only trusted software runs during startup, protects against malware, and is even a requirement for installing Windows 11.
If you haven’t enabled it yet, grab a few minutes, restart your PC, hop into BIOS, and switch it on. It’s like locking your front door—you’ll feel more secure knowing it’s there.
FAQs
1. Can I install Windows 11 without Secure Boot?
Technically, yes, but Microsoft doesn’t recommend it and you may face compatibility issues.
2. What happens if I turn off Secure Boot after enabling it?
Your PC will still run, but it becomes more vulnerable to malware and rootkits.
3. Will enabling Secure Boot erase my data?
No, enabling it won’t delete files. But always back up important data before changing BIOS settings.
4. Why is Secure Boot option greyed out in BIOS?
That usually means your system is in Legacy BIOS mode. Switch to UEFI to enable it.
5. Does Secure Boot slow down my PC?
Not at all. It runs during startup and doesn’t affect performance once Windows is running.