To enable Secure Boot on your PC, follow these steps:
- Check if Secure Boot is already enabled:
- Search "System Information" and open it.
- Scroll and find "Secure Boot State."
- If it says "Off," you need to enable it.
- Prepare your system:
- Secure Boot requires your system to be in UEFI mode, not Legacy BIOS.
- Ensure your disk partition style is GPT (not MBR). If it is MBR, convert it to GPT using the tool
mbr2gptin an administrative command prompt. - TPM 2.0 should be enabled.
- Access UEFI settings:
- Open Settings.
- Go to Windows Update > Advanced options.
- Under Recovery, choose "Restart now" in Advanced startup.
- On restart, select Troubleshoot > Advanced options > UEFI Firmware Settings.
- Restart to enter BIOS/UEFI.
- In BIOS/UEFI:
- Press the needed key during boot (often Delete or F2) to enter BIOS setup.
- Navigate to the Boot tab.
- Disable "Launch CSM" to switch to full UEFI mode.
- Find the Secure Boot option.
- Set OS type to "Windows UEFI mode."
- Set Secure Boot mode to "Standard."
- If needed, install default Secure Boot keys in the Key Management section.
- Save changes and exit BIOS (usually with F10).
- Verify Secure Boot:
- After restart, open System Information again and confirm "Secure Boot State" shows as "On."
Note: The exact BIOS menu names and keys can differ by manufacturer and motherboard model, so consult your device's manual if these steps do not align perfectly. Enabling Secure Boot improves your PC's security by ensuring only trusted software runs during the startup process.
