Blog

Measured Boot is a security feature in Windows 11 designed to ensure that your system boots securely by measuring each component during startup. Sometimes, users may encounter errors where Measured Boot is not working as expected. This can lead to security warnings or features not functioning properly.

Fixing this issue involves checking system settings, firmware configurations, and Windows security policies. Understanding why the error occurs helps in applying the right solution.

This guide provides simple, step-by-step instructions to resolve the Measured Boot not working error on Windows 11. Each step is explained clearly to help even beginners follow along without confusion.

By following these steps, you can restore the proper functioning of Measured Boot and improve your system’s security.

Quick Note: Before You Begin

• Ensure your Windows 11 system is fully updated via Windows Update.
• Check that your PC supports TPM 2.0 (Trusted Platform Module), which is necessary for Measured Boot.
• Make sure your device firmware (BIOS/UEFI) is up-to-date.
• Have administrative access on your computer to change system settings.

Step 1: Verify TPM 2.0 Is Enabled

Measured Boot relies on TPM 2.0 to securely store measurements of the boot process. If TPM is disabled, Measured Boot will not function properly.

1. Press Windows + R to open the Run dialog box.
2. Type tpm.msc and press Enter. This opens the TPM Management console.
3. Look for the Status section. It should say “The TPM is ready for use.”
4. If TPM is not found or disabled, restart your PC and enter BIOS/UEFI settings (usually by pressing Del, F2, or Esc during boot).
5. Find the TPM settings, often under Security or Advanced, and enable TPM 2.0.
6. Save changes and exit BIOS/UEFI.

Why this matters: TPM is a hardware component critical for Measured Boot to securely validate your system’s startup process.

Step 2: Enable Secure Boot in BIOS/UEFI

Secure Boot works alongside Measured Boot to prevent unauthorized software from loading during startup. Disabling Secure Boot can cause Measured Boot errors.

1. Restart your PC and enter BIOS/UEFI settings.
2. Navigate to the Boot or Security tab.
3. Locate the Secure Boot option and set it to Enabled.
4. Save the changes and exit BIOS/UEFI.

Why this matters: Secure Boot ensures only trusted software runs at startup, which complements Measured Boot’s security checks.

Step 3: Check Windows Security Settings

Windows 11 includes settings that control how Measured Boot operates. Ensuring these are correctly configured is important.

1. Open the Windows Security app by searching it in the Start menu.
2. Go to Device Security and click on Core isolation details.
3. Make sure Memory integrity is turned on. This feature helps prevent attacks on system memory.
4. Return to Device Security and check if Security processor details shows TPM 2.0 is active and functioning.

Why this matters: Proper Windows security settings are needed for Measured Boot to monitor and validate system integrity.

Step 4: Run System File Checker (SFC) and DISM

Corrupted system files can cause Measured Boot errors. Running built-in repair tools helps fix these issues.

1. Press Windows + X and select Windows Terminal (Admin) to open an elevated command prompt.
2. Type the following command and press Enter to scan for corrupted files:

sfc /scannow

3. Wait for the scan to complete. If issues are found, it will attempt repairs automatically.
4. Next, run the Deployment Image Servicing and Management tool by typing:

Dism /Online /Cleanup-Image /RestoreHealth

5. Wait until the process finishes, then restart your PC.

Why this matters: System files related to security services may be damaged, causing Measured Boot to malfunction.

Step 5: Update or Reinstall Windows Security Components

If the problem persists, Windows Security components might be corrupted or outdated.

1. Open Settings by pressing Windows + I.
2. Navigate to Apps > Installed apps and locate Windows Security.
3. Click on it and select Advanced options.
4. Click Repair first. If that doesn’t work, try Reset.
5. Alternatively, you can reinstall Windows Security via PowerShell:

Get-AppxPackage Microsoft.SecHealthUI -AllUsers | Reset-AppxPackage

Why this matters: Repairing or reinstalling ensures Windows Security functions properly to support Measured Boot.

Alternative Method: Use Group Policy Editor to Enable Measured Boot

For advanced users, enabling Measured Boot via Group Policy can help if it is disabled.

1. Press Windows + R, type gpedit.msc, and press Enter.
2. Navigate to:
   Computer Configuration > Administrative Templates > System > Device Guard
3. Find and double-click Turn on Virtualization Based Security.
4. Set it to Enabled, and under options, ensure Measured Boot is checked.
5. Click Apply and OK, then restart your PC.

Note: Group Policy Editor is only available in Windows 11 Pro, Enterprise, and Education editions.

FAQs

What is Measured Boot, and why is it important?

Measured Boot is a security feature that records the integrity of each component during startup, helping detect tampering or unauthorized changes in the boot process.

Can I use Measured Boot without TPM?

No, TPM 2.0 is a required hardware component for Measured Boot to function correctly.

Why do I see a Measured Boot error after a Windows update?

Sometimes updates change system settings or firmware compatibility, requiring you to re-enable TPM or Secure Boot in BIOS.

Is it safe to disable Measured Boot?

Disabling Measured Boot reduces system security and is not recommended unless you have a specific reason and understand the risks.

What if my BIOS does not show TPM or Secure Boot options?

Older or unsupported hardware may lack these features. Check your manufacturer’s website for firmware updates or hardware compatibility.

When Nothing Works

If you have tried all the above steps and the Measured Boot error still persists, consider the following options:

• Contact your PC manufacturer’s support for firmware or hardware-related issues.
• Use the official Microsoft support site for advanced troubleshooting.
• Consider performing a system reset or clean Windows 11 installation as a last resort, after backing up your data.

Conclusion

Measured Boot is an important security feature in Windows 11 that relies on TPM and Secure Boot to protect your system’s startup process. Fixing Measured Boot not working errors typically involves enabling TPM and Secure Boot in BIOS, checking Windows Security settings, and repairing system files.

By following the step-by-step instructions outlined in this guide, you can effectively resolve common issues and restore your system’s security features. Remember to keep your system updated and regularly check BIOS and Windows security settings to maintain a secure environment.