Secure Boot is a security feature that ensures your computer boots using only trusted software by verifying the digital signature of the bootloader. To use Secure Boot, it needs to be enabled in your computer's UEFI/BIOS settings. Here is a step-by-step guide to enable and use Secure Boot on most Windows PCs:
How to Check Secure Boot Status
- Open the Start menu search and type "System Information."
- Open the "System Information" app and look for "Secure Boot State" in the details. This will show if Secure Boot is on or off.
How to Enable Secure Boot
- Open Windows Settings.
- Go to "Update & Security" > "Recovery" and under "Advanced startup," click "Restart now."
- After reboot, select "Troubleshoot" > "Advanced options" > "UEFI Firmware Settings," then restart to enter BIOS/UEFI.
- In BIOS/UEFI:
- Navigate to the Boot tab.
- Disable CSM (Compatibility Support Module) if enabled, as Secure Boot requires UEFI mode.
- Find the Secure Boot option and set it to "Enabled" or "Windows UEFI mode."
- If available, install the default Secure Boot keys in the Key Management section.
- Save changes and exit BIOS (usually by pressing F10).
Verify Secure Boot Is Enabled
- After Windows boots up, reopen "System Information" and confirm the "Secure Boot State" is now "On."
Important Notes:
- Your PC must use UEFI mode rather than Legacy BIOS for Secure Boot to work.
- Disabling CSM and enabling Secure Boot may require reinstalling Windows if the OS was installed in Legacy mode.
- Steps can vary based on your motherboard and manufacturer, but this guide applies broadly to most Windows PCs.
This setup helps protect your system by allowing only signed, trusted software to run during startup, preventing some types of malware from compromising the boot process.
