To secure boot on a PC, the general process involves enabling Secure Boot in the BIOS/UEFI settings, ensuring the system uses UEFI mode with a GUID Partition Table (GPT), and having the proper Secure Boot keys installed. Here is an outline of the steps:
- Enter BIOS/UEFI Setup:
- Restart the PC.
- Press a specific key during startup to enter BIOS/UEFI settings (commonly F2, Del, or Esc).
- Confirm or switch the system firmware to UEFI mode:
- Locate the Boot tab or section.
- Disable Compatibility Support Module (CSM) or Legacy Boot if present.
- Set Boot Mode to UEFI.
- Enable Secure Boot:
- Find the Secure Boot option in BIOS/UEFI, typically under Boot or Security.
- Set Secure Boot to Enabled.
- Ensure the OS Type is set to Windows UEFI Mode or similar.
- Install default Secure Boot keys if prompted:
- In some BIOS menus, you may need to reset or install default Secure Boot keys via Key Management.
- Save changes and exit BIOS:
- Usually by pressing F10 or choosing "Save and Exit".
- The device will restart with Secure Boot enabled.
- Verify Secure Boot status in Windows:
- Open "System Information" and check the "Secure Boot State" to confirm it is On.
Note: If the disk partition style is MBR, convert it to GPT using Windows utilities (e.g., MBR2GPT tool) before enabling Secure Boot, as Secure Boot requires UEFI with GPT. This process is supported on modern PCs running Windows 8 and later, and the exact BIOS menus can vary by manufacturer and model. Back up important data before changing boot settings. Enabling Secure Boot enhances PC security by only allowing trusted, digitally signed software during startup, protecting against rootkits and bootkits.
If detailed or brand-specific instructions are needed, those can be provided as well.
