US Trends

how to check if secure boot is enabled windows 11

To check if Secure Boot is enabled in Windows 11, the fastest way is to use the built‑in System Information tool and look at the Secure Boot State value; if it says On , Secure Boot is enabled, if it says Off , it’s disabled, and Unsupported means your hardware or install mode doesn’t support it.

What Secure Boot Does

  • Secure Boot is a UEFI firmware feature that only allows trusted, signed bootloaders and drivers to run during startup, helping block rootkits and low‑level malware before Windows loads.
  • Modern PCs designed for Windows 10/11 usually ship with Secure Boot support and often have it turned on by default for better security and to meet Windows 11 requirements.

Method 1: System Information (msinfo32)

This is the most straightforward way and works on any Windows 11 edition.

  1. Press Windows + R to open the Run dialog.
  1. Type msinfo32 and press Enter to open System Information.
  1. In the left pane, make sure System Summary is selected.
  1. On the right, find Secure Boot State. It will show one of these values:
 * **On** → Secure Boot is enabled and actively protecting your system.

 * **Off** → Your PC supports Secure Boot, but it’s currently disabled in firmware.

 * **Unsupported** → Secure Boot is not available, or Windows was installed in Legacy/CSM BIOS mode instead of UEFI.
  1. While you’re there, check BIOS Mode just above: if it says UEFI , the system can use Secure Boot; if it says Legacy , you would need to convert to UEFI before enabling it.

Quick check: Secure Boot State = On + BIOS Mode = UEFI means your Windows 11 PC is using Secure Boot as intended.

Method 2: Windows Security app

Some systems show Secure Boot status inside Windows Security.

  1. Open Start and search for Windows Security , then open it.
  1. Go to Device security.
  1. Look for a section related to Secure boot.
    • If you see a label like “Secure boot is on”, Secure Boot is enabled.
 * If it says “Secure boot is off” or the section is missing, it may be disabled or unsupported on your device.

This view is a friendlier way to confirm the same status you see in System Information.

Method 3: PowerShell command (advanced check)

For a more technical confirmation, there is a dedicated Secure Boot cmdlet.

  1. Right‑click Start and choose Windows Terminal (Admin) or PowerShell (Admin).
  1. In the PowerShell window, run:
    Confirm-SecureBootUEFI
  1. Interpret the result:
 * **True** → Secure Boot is supported and currently enabled.
 * **False** → Secure Boot is supported but currently disabled.
 * An error stating Secure Boot is not supported → your firmware/boot mode doesn’t support it, or Windows is in Legacy BIOS mode.

This method reads the Secure Boot status directly from UEFI, which is why it’s reliable even if GUI indicators are confusing.

Method 4: Check directly in UEFI/BIOS

If Windows isn’t booting, or you want to double‑check, you can look in firmware setup.

  1. Restart your PC and repeatedly press the key to enter setup (often F2 , Del , Esc , or F10 , depending on your manufacturer).
  1. In the UEFI menus, look under Boot , Security , or Authentication for a setting called Secure Boot.
  1. The setting will normally show Enabled/Disabled or similar; if it shows Enabled , Secure Boot is turned on at firmware level.

On many Windows 11‑ready machines, Secure Boot has an “Standard/Custom” or “Default” mode; Standard/Default still means it’s enabled with the default key set.

Secure Boot, Windows 11, and forum chatter

  • Windows 11’s published minimum requirements include a Secure Boot‑capable system (UEFI + Secure Boot support), which is why many upgrade check tools complain when it’s off or unsupported.
  • Recent guides for admins stress confirming Secure Boot status (with msinfo32 or PowerShell) before rolling out OS upgrades or sensitive apps, especially in 2025–2026 security baselines.
  • On tech forums, common threads discuss cases where System Information shows “Off” even after enabling Secure Boot in BIOS , often caused by CSM/Legacy options still being active or drives using MBR instead of GPT; converting to GPT and disabling CSM usually resolves that mismatch.

Quick HTML table of methods

[5][3] [3][5] [5][3] [1] [1] [1] [3][1] [1][3] [3][1] [5][3] [5][3] [3][5]
Method Where to go What to look at What “On/True” means
System Information (msinfo32) Run → msinfo32 → System SummarySecure Boot State valueSecure Boot is enabled in UEFI and active for Windows 11
Windows Security Windows Security → Device securitySecure boot status text (on/off or missing)“On” means firmware and Windows are using Secure Boot
PowerShell cmdlet PowerShell (Admin) → Confirm- SecureBootUEFICmdlet return value (True/False or error)True means Secure Boot is enabled and supported
UEFI/BIOS firmware Firmware setup at boot (F2/Del/etc.)Secure Boot option under Boot/Security“Enabled/On/Standard/Default” means Secure Boot is turned on in firmware
**TL;DR:** For most people, the simplest check is: press **Windows + R** , run `msinfo32`, and see if **Secure Boot State** says **On** or **Off** ; that line alone tells you whether Secure Boot is enabled on your Windows 11 PC.

Information gathered from public forums or data available on the internet and portrayed here.