How to Enable Secure Boot for Windows 11

Important to keep your system safe

Disabling Secure Bootunlocks some advanced capabilities on Windows PCs. Only Secure Boot-disabled computers can install Linux, boot from non-trusted devices, and use certain aftermarket graphics cards. However, you must (re)enable Secure Boot to upgrade your PC to Windows 11.

You need not worry about enabling Secure Boot if you plan toclean install Windows 11 from a USB drive. But it’s something you must do toupgrade to Windows 11 without losing any data. This tutorial covers steps to verify your computer’s Secure Boot status. Additionally, we’ll show you how to enable Secure Boot for Windows 11 installation.

What Is Secure Boot in Windows?

Secure Boot is a security standard designed by a group of computer manufacturers. The security feature is written in your PC’s firmware to keep your device safe. The firmware or Basic Input/Output System (BIOS) is a hardware component that boots before the operating system. When you turn on your computer, Secure Boot checks for programs and malware not trusted by your device’s manufacturer.

For example, say your PC is infected with a bootkit targeting your computer’s bootloader (the software that starts Windows). Secure Boot detects and shuts down the bootkit, ensuring your computer boots with an authentic bootloader file.

For better security in Windows 11, Microsoft designed the operating system to work in computers that support Secure Boot. The Secure Boot requirement is for good reasons, but some computers don’t have the feature enabled by default. Luckily, enabling Secure Boot isn’t tricky.

Verify Windows 11 Eligibility Using “PC Health Check”

Before enabling Secure Boot, use the PC Health Check app to confirm that your computer can run Windows 11. The app diagnoses your PC’s hardware comprehensively and reports issues with Secure Boot and other system components.

Install the PC Health Check appand selectCheck nowin the “Introducing Windows 11” section.

The PC Health Check app and Windows 11 Set Up utility will display a “This PC must support Secure Boot” error if Secure Boot is disabled on your device. The following section has step-by-step instructions on verifying your computer’s Secure Boot status.

Trusted Platform Moduleversion 2.0 (TPM 2.0) is another security setting you must enable to run Windows 11. If the PC Health Check app displays other processor-related errors, your computer probably doesn’t satisfy the TPM system requirement.Enable TPM in your PC’s BIOS settingsand try installing Windows 11 again.

How to Check Secure Boot Status in Windows

Use the Microsoft System Information tool to verify your system’s Secure Boot status.

If you can’t find “Secure Boot State,” pressCtrl+F, typesecure bootin the search bar, and pressEnter.

If the value is “Off,” Secure Boot is disabled on your PC. Proceed to the next section to learn how to enable Secure Boot. Afterward, enable Secure Boot, and you should now be able to upgrade your PC to Windows 11.

Note:If your PC uses Legacy BIOS, you can always switch to UEFI (Unified Extensible Firmware Interface). The MBR2GPT (Master Boot Record to GUID Partition Table) tool lets you switch between Legacy BIOS and UEFI without reinstalling Windows. Refer to thistutorial on changing Windows 10 BIOS to UEFI modefor detailed instructions.

How to Enable Secure Boot in Windows

If your computer’s Secure Boot feature is disabled, here’s how to turn it back on.

Note:If you don’t find “UEFI Firmware Settings” on the page, your PC’s motherboard doesn’t have a TPM chip. That means your computer can’t run Windows 11.

Wait for your computer to boot the BIOS setup utility. The interface of the BIOS settings page will vary depending on the model or manufacturer of your computer’s motherboard.

If disabled, use the arrow keys on your keyboard to navigate toSecure Bootand pressEnter. SelectEnabledand pressEnteragain.

Wait for your computer to reboot and try upgrading to Windows 11 again. You should also use the System Information tool to confirm that your PC’s Secure Boot state is now on.

Can’t Enable Secure Boot? Try These Steps

If your computer doesn’t let you enable Secure Boot, reset the BIOS to default settings, and try again. Sometimes, you may need toreset your PC (without deleting files)to re-enable Secure Boot. Contact your PC manufacturer for support if these troubleshooting steps prove abortive.

Sodiq has written thousands of tutorials, guides, and explainers over the past 4 years to help people solve problems with Android, iOS, Mac, and Windows devices. He also enjoys reviewing consumer tech products (smartphones, smart home devices, accessories, etc.) and binge-watching comedy series in his spare time.Read Sodiq’s Full Bio

Your email address will not be published.Required fields are marked*

Comment*

Name*

Email*

Website

Welcome to Help Desk Geek- a blog full of tech tips from trusted tech experts. We have thousands of articles and guides to help you troubleshoot any issue. Our articles have been read over 150 million times since we launched in 2008.

HomeAbout UsEditorial StandardsContact UsTerms of Use

How to Enable Secure Boot for Windows 11#

What Is Secure Boot in Windows?#

Verify Windows 11 Eligibility Using “PC Health Check”#

How to Check Secure Boot Status in Windows#

How to Enable Secure Boot in Windows#

Can’t Enable Secure Boot? Try These Steps#

Leave a Reply#