How To Windows

How to Enable Secure Boot in Windows 11

By Raj Bepari 2 min read
Recommended: Download Windows Speedup Tool to quickly fix PC issues.

Secure Boot is a security feature that helps protect your PC from malware and unauthorized software during startup. It ensures that only trusted, digitally signed software is allowed to load when your system boots. Windows 11 requires Secure Boot to be supported and enabled on most systems, which is why many users look for ways to turn it on.

If Secure Boot is disabled, Windows 11 may still run, but certain features such as enhanced security protections, Windows updates, and some anti-cheat or virtualization features may not work correctly. The steps below explain how to check Secure Boot status and enable it safely.

How to Enable Secure Boot in Windows 11

Follow the steps below carefully. Secure Boot settings are changed from BIOS/UEFI, so proceed slowly and do not change unrelated options.

1. Check Whether Secure Boot Is Already Enabled

Before making changes, confirm the current Secure Boot status.

  1. Press Windows + R
  2. Type msinfo32 and press Enter
  3. In System Information, look for Secure Boot State
  4. Check the value:
    • On means Secure Boot is already enabled
    • Off means Secure Boot is disabled
    • Unsupported means your system does not support it

If Secure Boot is already ON, no further action is needed.

2. Confirm Your PC Uses UEFI and Not Legacy BIOS

Secure Boot works only with UEFI firmware.

  1. In System Information, find BIOS Mode
  2. Confirm it shows UEFI

If BIOS Mode shows Legacy, Secure Boot cannot be enabled until the disk layout is converted.

3. Convert MBR Disk to GPT (Only If BIOS Mode Is Legacy)

Legacy BIOS systems usually use MBR partition style.

  1. Back up important data
  2. Right-click Start and open Windows Terminal (Admin)
  3. Run the following command:
mbr2gpt /validate
  1. If validation succeeds, run:
mbr2gpt /convert
  1. Restart your PC

This converts the system disk to GPT without data loss in most cases.

4. Enter BIOS/UEFI Settings

Secure Boot is enabled from BIOS/UEFI.

  1. Restart your PC
  2. During startup, press F2, Del, Esc, F10, or F12 (key varies by manufacturer)
  3. Enter BIOS/UEFI Setup

If Windows boots too fast, use Settings > System > Recovery > Advanced startup to access firmware settings.

5. Disable Legacy Boot or CSM

Legacy boot modes prevent Secure Boot from enabling.

  1. In BIOS/UEFI, locate Boot, Advanced, or Startup settings
  2. Find CSM (Compatibility Support Module) or Legacy Boot
  3. Set it to Disabled
  4. Set Boot Mode to UEFI

Save changes if required before enabling Secure Boot.

6. Enable Secure Boot

Now you can turn on Secure Boot.

  1. In BIOS/UEFI, find Secure Boot
  2. Set Secure Boot to Enabled
  3. If prompted, select Windows UEFI Mode
  4. Choose Install default Secure Boot keys if available

These keys allow Windows to boot securely.

7. Save Changes and Restart

Apply the BIOS changes correctly.

  1. Press F10 or choose Save & Exit
  2. Confirm changes
  3. Let the system restart normally

Windows 11 should now boot with Secure Boot enabled.

8. Verify Secure Boot Is Enabled in Windows 11

Confirm the change was successful.

  1. Press Windows + R
  2. Type msinfo32 and press Enter
  3. Check Secure Boot State
  4. It should now show On

This confirms Secure Boot is active.

Final Thoughts

Enabling Secure Boot in Windows 11 improves system security by preventing unauthorized boot-level software from running. In most cases, the process involves switching to UEFI mode, disabling Legacy/CSM, and enabling Secure Boot in BIOS.

Always back up important data before modifying disk or firmware settings. Once enabled, Secure Boot works silently in the background and does not affect daily Windows usage.

Raj Bepari

I’m a digital content creator passionate about everything tech.