askvity

How to Enable Secure Boot?

Published in Secure Boot 4 mins read

Enabling Secure Boot typically involves accessing your computer's UEFI (Unified Extensible Firmware Interface) settings, often called the BIOS. The exact steps vary depending on your motherboard manufacturer. Here's a general guide:

Accessing UEFI (BIOS) Settings

  1. Determine the Key: Identify the key you need to press to enter the UEFI/BIOS settings. This is usually displayed briefly during startup and is often Del, F2, F12, F10, Esc, or a similar key. Consult your motherboard manual if you're unsure.

  2. Restart Your Computer: Fully restart your computer, not just a quick restart.

  3. Press the Key: As soon as your computer starts, repeatedly press the identified key until the UEFI/BIOS setup utility appears. You need to press the key before Windows starts to load.

Enabling Secure Boot within UEFI/BIOS

Once in the UEFI/BIOS settings:

  1. Navigate to the Boot Tab (or Security Tab): Use the arrow keys to navigate to the "Boot," "Security," "Authentication," or similar tab. The location of Secure Boot settings varies.

  2. Find Secure Boot Options: Look for options related to "Secure Boot," "Secure Boot Enable," or similar wording.

  3. Enable Secure Boot:

    • Change the "Secure Boot" option from "Disabled" to "Enabled."
    • You might need to set the "Boot Mode" or "Boot Option Filter" to "UEFI" or "UEFI only." If it's set to "Legacy" or "CSM" (Compatibility Support Module), Secure Boot won't be available. Disabling CSM is often necessary but can prevent booting older operating systems.
    • If "Secure Boot" is grayed out, look for a "CSM Support" or "Legacy Boot" option and disable it. Remember that disabling CSM may make it impossible to boot older operating systems that are not UEFI-compatible.

  4. Configure Secure Boot Keys (If Necessary): In some cases, you might need to configure or enroll Secure Boot keys. There might be an option like "Key Management" or "Enroll Factory Defaults". Select this option if available. This step helps to ensure only trusted software can boot.

  5. Save and Exit: After enabling Secure Boot, navigate to the "Exit" tab and select "Save Changes and Exit." Your computer will restart.

Verifying Secure Boot is Enabled

After restarting, you can confirm Secure Boot is enabled within Windows:

  1. Open System Information: Press the "Windows + R" keys to open the Run dialog box.

  2. Type msinfo32 and Press Enter: This will open the System Information window.

  3. Check Secure Boot State: In the System Summary, look for the "Secure Boot State" entry. If it says "On," Secure Boot is enabled. If it says "Off," or "Unsupported," something went wrong, and you should revisit the UEFI settings.

Important Considerations:

  • Operating System Compatibility: Secure Boot is designed to work with modern operating systems like Windows 8, Windows 10, and Windows 11. Older operating systems may not be compatible and may prevent your computer from booting.
  • CSM/Legacy Boot: As mentioned earlier, disabling CSM is often required to enable Secure Boot. Make sure your operating system is installed in UEFI mode before disabling CSM, or your computer might not boot after saving the changes.
  • BitLocker Recovery: If you are using BitLocker drive encryption, enabling Secure Boot may trigger a BitLocker recovery key prompt. Make sure you have access to your BitLocker recovery key before enabling Secure Boot.
  • Manufacturer Variations: The exact steps and options in the UEFI/BIOS settings can vary significantly depending on the motherboard manufacturer (e.g., ASUS, Gigabyte, MSI, ASRock) and model. Refer to your motherboard manual for specific instructions.

Related Articles