"Secure boot is not enabled" typically means that the Secure Boot feature in the PC's UEFI firmware (BIOS) is turned off, which can cause security features or certain software (like games or device encryption) to not work properly. Here are key points and steps to enable or troubleshoot Secure Boot:
- Secure Boot is a security feature that ensures only trusted software loads during startup to protect against malware.
- To check if Secure Boot is enabled, open the System Information on Windows and look for "Secure Boot State." If it says "Off," Secure Boot is not enabled.
- The PC's BIOS/UEFI needs to be set to UEFI mode, not Legacy/CSM mode, since Secure Boot requires UEFI.
- To enable Secure Boot:
- Restart the PC and enter BIOS/UEFI settings (usually by pressing DEL, F2, or similar key during boot).
- Locate the Secure Boot setting (possibly under Security or Boot menus).
- Enable Secure Boot and, if available, set Secure Boot Mode to "Custom" or "Standard," and Secure Boot Preset to "Maximum Security" if the motherboard requires it (notably for some MSI motherboards).
4. Disable CSM (Compatibility Support Module) if enabled, as it can prevent Secure Boot from working.
5. Save and exit BIOS.
- Ensure the system drive is using GPT partition style, not MBR, as Secure Boot requires GPT.
- Ensure TPM 2.0 is enabled as it is often a requirement alongside Secure Boot.
- After making these changes, check the System Information again to confirm Secure Boot is now enabled.
- If Secure Boot remains off despite enabling in BIOS, verify BIOS firmware is up to date and check for any third-party software conflicts.
In short, enabling Secure Boot requires setting your BIOS to UEFI mode, enabling Secure Boot options, disabling legacy modes like CSM, and ensuring system drive and TPM settings are compatible. After this, Windows should report Secure Boot as enabled. This resolves errors and security issues related to Secure Boot not being enabled on the PC.
