How to Enable Secure Boot on Your PC

Secure Boot is an important security feature built into modern computers that helps protect your system from malware, rootkits, and unauthorized operating systems during startup. If you are installing Windows 11, upgrading your system, or improving your PC’s security, enabling Secure Boot is often required. Many users, however, feel intimidated by BIOS/UEFI settings and are unsure how to turn Secure Boot on safely. This guide explains what Secure Boot is, why it matters, and how to enable it step by step.

What Is Secure Boot?

Secure Boot is a security standard developed by members of the PC industry to ensure that your computer boots only with software that is trusted by the manufacturer. When Secure Boot is enabled, the system checks the digital signature of the bootloader, firmware, and drivers during startup. If anything has been tampered with or is not trusted, the system will refuse to boot.

This feature is especially important for preventing:

Boot-level malware

Rootkits

Unauthorized operating systems

Firmware-based attacks

Windows 11, in particular, requires Secure Boot to be enabled, which is why many users need to configure it manually.

Before You Enable Secure Boot: Important Preparation

Before changing any BIOS or UEFI settings, you should take a few precautions:

• Back Up Your Data – Changes to boot settings can sometimes cause boot issues if something goes wrong.
• Check Your Boot Mode – Secure Boot only works with UEFI mode, not Legacy BIOS.
• Verify Disk Format – Your system drive must use GPT (GUID Partition Table), not MBR.

To check your disk format in Windows:

• Press Windows + R
• Type msinfo32 and press Enter
• Look for BIOS Mode and Secure Boot State

If BIOS Mode shows Legacy, you must switch to UEFI first.

How to Enter BIOS/UEFI Settings

The first step to enabling Secure Boot is accessing your BIOS or UEFI firmware:

• Shut down your PC completely.

Turn it on and immediately press one of these keys repeatedly:

Delete

F2

F10

Esc

The exact key depends on your motherboard or laptop brand.

Alternatively, from Windows:

Go to Settings → System → Recovery

Click Restart now under Advanced startup

Choose Troubleshoot → Advanced Options → UEFI Firmware Settings → Restart

Step-by-Step: How to Enable Secure Boot

Once you enter BIOS or UEFI, follow these general steps. The layout may differ slightly depending on your motherboard brand.

Step 1: Switch Boot Mode to UEFI

Navigate to Boot, Advanced, or Startup tab

Find Boot Mode

Set it to UEFI

Disable Legacy Mode or CSM (Compatibility Support Module)

Note: Secure Boot will not appear unless UEFI mode is enabled.

Step 2: Locate Secure Boot Option

Go to Security, Boot, or Authentication tab

Find Secure Boot

Change it from Disabled to Enabled

Step 3: Set Secure Boot Mode

Some systems require selecting a mode:

Choose Standard

Or choose Windows UEFI Mode

Avoid “Custom” unless you know how to manage cryptographic keys manually.

Step 4: Install Default Secure Boot Keys (If Required)

Some BIOS versions will ask you to install default keys:

Look for Install Default Secure Boot Keys

Select Yes

These keys allow Windows and trusted firmware to boot properly.

Step 5: Save and Exit

Press F10 or select Save & Exit

Confirm changes

Let the system reboot

If everything is compatible, Windows will start normally with Secure Boot enabled.

How to Confirm Secure Boot Is Enabled

After booting into Windows:

Press Windows + R

Type msinfo32

Press Enter

Look for:

Secure Boot State: On

BIOS Mode: UEFI

If both are correct, Secure Boot is successfully enabled.

Common Problems and Solutions

1. Secure Boot Option Is Missing

This usually means:

Your system is in Legacy mode

You must first switch to UEFI

2. Windows Fails to Boot After Enabling Secure Boot

This can happen if:

The disk uses MBR instead of GPT

You installed Windows using Legacy mode

You may need to:

Convert MBR to GPT using mbr2gpt

Or reinstall Windows in UEFI mode

3. Secure Boot Is Greyed Out

This often means:

CSM is still enabled

Secure Boot keys are not installed

Disable CSM and load default keys.

Should You Always Enable Secure Boot?

For most users, yes. Secure Boot provides an extra layer of protection with no downside for everyday use. You might consider disabling it only if:

You are installing Linux without Secure Boot support

You are using unsigned drivers for testing

You are dual-booting older systems

For gaming, office work, and Windows 11 use, Secure Boot is fully safe and recommended.

Enabling Secure Boot is one of the smartest steps you can take to protect your computer from low-level malware and unauthorized boot activity. While accessing BIOS and changing boot settings may seem intimidating, the process is straightforward when done carefully. By ensuring your system runs in UEFI mode, enabling Secure Boot, and installing default security keys, you significantly improve your PC’s overall security.

Whether you’re upgrading to Windows 11 or just strengthening your system against modern threats, Secure Boot is a feature worth turning on.