To enable Secure Boot in an MSI BIOS, the following key points are important:
- Secure Boot works only in UEFI mode, so the BIOS needs to be set to UEFI (not Legacy/CSM). Ensure the boot drive is formatted as GPT, not MBR, since UEFI boot requires GPT.
- In MSI BIOS, go to Advanced Mode (usually by pressing F7), then navigate to the Security tab or menu.
- Under Security, find the Trusted Computing or TPM settings to ensure TPM 2.0 is enabled.
- Then go to Boot settings and set the Boot Mode or Windows OS Configuration to UEFI.
- After rebooting, return to the BIOS Secure Boot section and enable Secure Boot.
- If switching from Legacy/CSM to UEFI, a BIOS reboot is required before Secure Boot can be enabled.
- Update BIOS if running an older version that supports mixed Legacy+UEFI modes, as newer BIOS versions default to UEFI.
- If BIOS Secure Boot won't enable and says it requires "User Mode" or platforms keys registered, check TPM ownership and keys in Windows or BIOS and clear/re-enroll keys as needed.
Typical keys to enter MSI BIOS are DEL, F2, or ESC during boot. Enabling Secure Boot often requires BIOS familiarity and careful adherence to these steps to avoid data loss or boot errors. This aligns with recent BIOS videos and user guides for MSI motherboards and Windows 11 requirements.