To turn on Secure Boot you need to change a setting in your computer’s UEFI/BIOS firmware, and in many cases first make sure the system is using UEFI (not Legacy/CSM) and that Windows is installed on a GPT disk.

Quick scoop

  • Secure Boot is a firmware feature that only lets trusted, signed bootloaders and drivers run during startup, helping block rootkits and some cheats/malware.
  • It is usually enabled from the UEFI/BIOS “Boot”, “Security”, or “Authentication” tab, not from inside normal Windows settings.
  • Exact wording and key presses vary a bit by brand (ASUS, Dell, Lenovo, etc.), but the overall flow is very similar.

Step 1 – Check if Secure Boot is already on

  1. In Windows, press Win + R, type msinfo32, and press Enter.
  1. In “System Summary”, find:
    • “BIOS Mode” – should say UEFI if Secure Boot is possible.
 * “Secure Boot State” – shows On, Off, or Unsupported.

If it already says “On”, you’re done; Secure Boot is enabled.

Step 2 – Restart into UEFI firmware

Use Windows’ advanced startup so you don’t have to guess the key:

  1. Open Settings → System → Recovery (or Update & Security → Recovery on some builds).
  1. Under Advanced startup , click Restart now.
  1. On the blue menu, choose:
    • Troubleshoot → Advanced options → UEFI Firmware Settings → Restart.

Your PC will reboot directly into the UEFI/BIOS menu.

(If that path isn’t available, you can also spam keys like Del, F2, F10, or Esc at power‑on; many ASUS boards use Del or F2.)

Step 3 – Make sure you’re in UEFI mode

Secure Boot only works in UEFI mode; if “Legacy” or “CSM” boot is active, you may need to disable it.

  • Look for a Boot Mode or CSM/Legacy setting in the Boot tab:
    • Set Boot Mode to UEFI (or UEFI only).
* If there’s a **CSM (Compatibility Support Module)** option, set **Launch CSM** to **Disabled**.

Changing this on a system installed in Legacy/MBR mode can make Windows unbootable until the disk is converted to GPT, so back up important data before changing boot mode.

Step 4 – Turn on Secure Boot in UEFI

The exact path varies, but typical patterns look like this:

  • Generic / many boards
    • Go to the Boot or Security tab.
    • Find Secure Boot and change it from Disabled to Enabled.
* Save and exit (often **F10**).
  • ASUS example (official docs)
    • Switch to Advanced mode (F7) if needed.
* Open the **Security** screen, then select **Secure Boot**.

* Set **OS Type** to **Windows UEFI mode** and enable Secure Boot.

* Save and exit.

On some older Intel/UEFI systems you may also need to go into Key Management and choose Install Default Secure Boot Keys so the firmware actually has trusted keys to enforce.

Step 5 – Save and confirm it worked

  1. Use the “Save & Exit” option (or press F10) to save changes and reboot.
  1. Back in Windows, open msinfo32 again and confirm:
    • BIOS Mode: UEFI
    • Secure Boot State: On.

If a game or tool (like an EA title or Windows 11 health check) required Secure Boot, it should now pass that check.

If you can’t enable it

Common blockers users discuss in recent tutorials and forum threads:

  • Old hardware / Legacy-only BIOS : Some very old PCs simply don’t support UEFI Secure Boot at all.
  • Windows installed in Legacy + MBR : You might first need to convert the system disk from MBR to GPT (for example with mbr2gpt) and then switch the firmware from Legacy to UEFI before Secure Boot will enable cleanly.
  • Secure Boot “Enabled but not Active” : Often fixed by disabling CSM, setting OS type to Windows UEFI, and/or installing default Secure Boot keys in the firmware menu.

Information gathered from public forums or data available on the internet and portrayed here.