To set up Secure Boot, the general process involves entering the BIOS or UEFI firmware settings of your computer and enabling Secure Boot from there. Here is a step-by-step guide for a typical Windows PC:
Check Secure Boot Status
- Open "System Information" by searching for it in the Start menu.
- Look for "Secure Boot State" to see if it is "On" or "Off."
Access BIOS/UEFI Settings
- Open "Settings" > "Windows Update" > "Advanced options."
- Under "Recovery," click "Restart now" in the "Advanced startup" section.
- After reboot, choose "Troubleshoot" > "Advanced options" > "UEFI Firmware Settings" and restart to enter the BIOS.
Enable Secure Boot in BIOS
- In BIOS, go to the "Boot" tab.
- Find "CSM" (Compatibility Support Module) and set "Launch CSM" to "Disabled" to switch into UEFI mode (this might require backing up data and reinstalling Windows if changing from legacy mode).
- Locate the "Secure Boot" option.
- Set "Secure Boot" to "Enabled" and ensure the OS type is set to "Windows UEFI mode."
- Save changes (usually by pressing F10) and exit BIOS.
Verify Secure Boot
- Once back in Windows, open "System Information" again and confirm that "Secure Boot State" is now "On."
Note: Ensure that your system disk uses the GUID Partition Table (GPT) and your firmware is set to UEFI mode. Converting an MBR disk to GPT might be necessary before enabling Secure Boot. Manufacturer-specific instructions might vary slightly. This process secures the boot process by allowing only signed and trusted software to boot, enhancing system security.
