To enable UEFI Secure Boot, follow these general steps:
- Access UEFI/BIOS Settings:
- Restart the computer.
- During startup, press the BIOS entry key (commonly Delete, F2, F10, F12, or Escape) repeatedly as the manufacturer logo appears, or
- Through Windows: Go to Settings > System > Recovery > Advanced startup > Restart now. Then select Troubleshoot > Advanced options > UEFI Firmware Settings > Restart.
- Configure BIOS Settings:
- In BIOS, navigate to the Boot, Security, or Authentication tab.
- Disable Compatibility Support Module (CSM) or Legacy Boot if enabled, to ensure UEFI mode.
- Locate the Secure Boot option and set it to Enabled.
- For some systems, ensure the OS Type is set to Windows UEFI mode.
- If necessary, install default Secure Boot keys (can be found in Key Management section).
- Save and Exit:
- Save changes (often with F10) and exit BIOS.
- The computer will restart with Secure Boot enabled.
- Verify Secure Boot is enabled by checking System Information in Windows (search "system information" and look for "Secure Boot State" should show "On").
Note: If your OS is installed with legacy BIOS or MBR partition style, you may need to convert the disk to GPT and/or reinstall the OS for Secure Boot to work. These steps may vary slightly depending on the PC or motherboard manufacturer. Checking manufacturer-specific guidance is recommended if difficulty arises. This guidance reflects current best practices for enabling Secure Boot on modern PCs with UEFI firmware and Windows OS.
