US Trends

how to turn on secure boot in bios

To turn on Secure Boot in BIOS, you need to (1) boot into your PC’s firmware/BIOS setup, (2) make sure it’s using UEFI mode, (3) disable CSM/Legacy boot if present, and then (4) set the Secure Boot option to Enabled and save changes. The exact names of menus differ by manufacturer, but the overall steps are very similar.

Note: Changing boot mode or partitions can affect whether your system boots; avoid changing things like disk format (MBR/GPT) unless you know what you’re doing or follow a detailed vendor guide.

1. Quick checklist before you start

  • Your system should support UEFI (most PCs from around 2012 onward do).
  • Windows should normally be installed in UEFI mode with a GPT disk; otherwise Secure Boot may be unavailable or cause boot issues.
  • If you only need Secure Boot for a game or Windows 11 compatibility, back up important files first in case you need to revert changes.

2. Step 1 – Check Secure Boot status in Windows

This helps you confirm whether you really need to change the BIOS.

  • Press Windows key + R , type msinfo32, and press Enter.
  • In System Information , select System Summary and look for:
    • BIOS Mode → should say UEFI for Secure Boot to work.
* **Secure Boot State** → shows **On** , **Off** , or **Unsupported**.
  • If Secure Boot State already shows On , you are done; no BIOS change needed.

3. Step 2 – Enter BIOS/UEFI setup

Common ways to enter firmware setup:

  • From a powered-off PC, turn it on and repeatedly tap F2 , Del , Esc , or sometimes F10/F12 , depending on the brand.
  • On Windows 10/11 you can also do:
    • Start → SettingsSystemRecovery → under Advanced startup click Restart now.
* Choose **Troubleshoot → Advanced options → UEFI Firmware Settings → Restart** to land in BIOS.

Your PC may briefly show what key to press under the manufacturer logo (e.g., “Press F2 for Setup”).

4. Step 3 – Make sure UEFI (not Legacy) is enabled

Secure Boot only works in UEFI mode.

  • In BIOS, look for a Boot , Boot Options , or Boot Sequence menu.
  • Find an option like Boot Mode , Boot List Option , or similar:
    • If it shows Legacy , change it to UEFI.
  • On some boards there’s a CSM (Compatibility Support Module) option:
    • Set CSM to Disabled ; this is often required before Secure Boot becomes available.
  • Save and exit (often F10 → Yes) if the firmware forces a reboot after changing boot mode.

If your Windows installation was originally done in Legacy/MBR mode, switching to UEFI alone may cause a boot error; in that case, follow a dedicated MBR→GPT and UEFI migration guide before switching modes.

5. Step 4 – Enable Secure Boot in BIOS

Once UEFI and (if necessary) CSM settings are correct, the Secure Boot setting should be accessible. Typical path (names vary by brand):

  • Go back into BIOS if you rebooted.
  • Look under one of these menus:
    • Boot / Boot Options / Secure Boot
    • Security
    • Authentication
  • Find Secure Boot or Secure Boot State and set it to Enabled.
  • Some systems require you to:
    • Set Secure Boot Mode to Standard or Default , or
    • Load Default Secure Boot Keys / “Restore Factory Keys” before you can enable it.
  • Choose Save & Exit (commonly F10 → Yes) to reboot with Secure Boot turned on.

6. Step 5 – Confirm it worked

Back in Windows:

  • Open System Information again (msinfo32).
  • Confirm that:
    • BIOS Mode = UEFI
    • Secure Boot State = On.

If a game launcher (like some EA titles or Riot’s Vanguard) or the Windows 11 PC Health Check previously complained about Secure Boot, re-run their checks to verify the status.

7. Common issues and tips

  • Secure Boot option is greyed out / unchangeable
    • May require disabling CSM first, setting a BIOS admin password, or resetting Secure Boot keys to factory defaults depending on the vendor.
  • “Secure Boot Enabled but not active” in Windows
    • Often caused by CSM or Legacy options still partially active; ensure pure UEFI mode and no legacy option ROMs are enabled.
  • Old hardware
    • Some older boards simply do not support Secure Boot; in that case the Secure Boot State may show “Unsupported” in System Information.

8. Why Secure Boot matters today

  • Helps ensure only trusted, signed bootloaders and OS components run at startup, blocking certain rootkits and boot-level malware.
  • Required or strongly recommended for:
    • Windows 11’s security baseline on supported hardware.
* Some anti-cheat systems and online games that demand Secure Boot plus TPM (for example, certain EA games and Riot’s Vanguard over the last few years).

TL;DR:
Enter BIOS, switch firmware to UEFI and disable any CSM/Legacy settings, then find the Secure Boot option under Boot/Security/Authentication, set it to Enabled , save, reboot, and confirm in msinfo32 that Secure Boot State is On.

Information gathered from public forums or data available on the internet and portrayed here.