To get Secure Boot, the process generally involves checking and configuring your PC's firmware (BIOS/UEFI) settings and ensuring your disk partition scheme is compatible. Secure Boot can only be enabled if your system is using UEFI mode with a GUID Partition Table (GPT). Here are the steps:
- Check Disk Partition Style :
- Open your disk properties in Windows and check if your disk is using GPT, not MBR. If MBR, convert it to GPT using a tool like
mbr2gptfrom an elevated command prompt.
- Open your disk properties in Windows and check if your disk is using GPT, not MBR. If MBR, convert it to GPT using a tool like
- Enter BIOS/UEFI Firmware Settings :
- Restart your PC and enter BIOS/UEFI setup, typically by pressing a key like Delete, F2, or similar during boot.
- Set BIOS Mode to UEFI :
- Ensure your firmware is set to boot in UEFI mode, not Legacy/CSM mode.
- Enable Secure Boot :
- Within the BIOS/UEFI settings, find the Secure Boot option (commonly under Boot or Security tab).
- Change Secure Boot state from Disabled to Enabled.
- Set OS type to "Windows UEFI mode" if needed.
- Save changes and exit BIOS.
- Verify Secure Boot Status :
- After booting into Windows, open System Information (
msinfo32) and check the "Secure Boot State" to confirm it is "On".
- After booting into Windows, open System Information (
Note: The exact steps and BIOS layouts vary by manufacturer, so consult the specific documentation or support site for your PC or motherboard model. This process enhances security by ensuring only trusted, signed software can run during the boot process, protecting against certain malware and unauthorized software. If Secure Boot cannot be enabled, it may be due to incompatible hardware or firmware limitations. Backing up critical data before modifying partition schemes or BIOS settings is recommended.
