Blog

How to Fix Secure Boot Not Working on Windows 11: Step-by-Step Guide

Secure Boot is an important security feature in Windows 11 that helps protect your PC from unauthorized software and malware during startup. Sometimes, this feature might stop working, causing issues with system security or preventing certain software from running.

Fixing Secure Boot issues can seem complicated, but with the right steps, you can resolve the problem quickly and safely. This guide will walk you through each step in a clear and simple way.

Whether you are a beginner or have some experience, these instructions are designed to be easy to follow. By the end, you should understand why Secure Boot is important and how to get it working properly again.

Let’s get started with some quick checks before diving into the detailed troubleshooting steps.

Quick Note: Prerequisites and Initial Checks

  • Check your device compatibility: Secure Boot requires UEFI firmware, not legacy BIOS. Make sure your PC supports UEFI mode.
  • Windows 11 installation: Secure Boot is enabled by default on Windows 11-compatible devices, but it can be disabled manually.
  • Backup important data: Although these steps are safe, it’s always good to have a backup before making firmware or system changes.
  • Have access to BIOS/UEFI settings: You will need to restart your PC and enter the BIOS menu to enable or fix Secure Boot.

Step 1: Verify Secure Boot Status in Windows

Before making any changes, check if Secure Boot is currently enabled or disabled on your system.

To do this:

  1. Press Windows + R to open the Run dialog box.
  2. Type msinfo32 and press Enter. This opens the System Information window.
  3. Look for the entry called Secure Boot State in the System Summary section.
  4. If it shows On, Secure Boot is enabled; if it says Off or Unsupported, it means Secure Boot is disabled or your system does not support it.

This check helps you confirm if there is really an issue or if Secure Boot is already active.

Step 2: Enter BIOS/UEFI Settings to Enable Secure Boot

Secure Boot is controlled through your PC’s BIOS or UEFI firmware settings. To enable or fix it, you need to access these settings during startup.

Follow these instructions:

  1. Restart your PC.
  2. Immediately press the BIOS access key repeatedly as soon as your PC starts booting. Common keys are F2, Delete, Esc, or F10. Check your PC’s manual if unsure.
  3. Once inside the BIOS/UEFI menu, look for the Security, Boot, or Authentication tab.
  4. Find the option labeled Secure Boot or Secure Boot Control.
  5. If it’s disabled, change it to Enabled.
  6. Save your changes and exit the BIOS. Typically, this is done by pressing F10 or selecting “Save and Exit.”

Enabling Secure Boot here tells your PC to check the integrity of the boot loader and drivers before loading Windows, enhancing security.

Step 3: Switch to UEFI Mode If Using Legacy BIOS

Secure Boot only works with UEFI firmware. If your system is set to Legacy BIOS mode, Secure Boot won’t function.

To check and switch:

  1. Go back to the BIOS/UEFI settings.
  2. Find the Boot Mode or Boot List option.
  3. If set to Legacy or CSM (Compatibility Support Module), change it to UEFI.
  4. Save changes and restart the PC.

Important: Changing from Legacy to UEFI can cause Windows not to boot if it was installed under Legacy mode. You might need to reinstall Windows or convert your disk to GPT partition style for full compatibility.

Step 4: Clear Secure Boot Keys and Reset to Factory Defaults

Sometimes Secure Boot keys get corrupted or misconfigured, causing issues. Resetting these keys to factory defaults can help.

To do this:

  1. Enter the BIOS/UEFI setup again.
  2. Navigate to the Secure Boot settings.
  3. Look for an option like Reset Secure Boot Keys or Restore Factory Keys.
  4. Select this option and confirm.
  5. Save and exit BIOS.

This process restores the original Secure Boot keys provided by your system manufacturer, fixing any key-related problems.

Alternative Method: Use Windows PowerShell to Check Secure Boot

If you prefer using Windows tools, you can check Secure Boot status in PowerShell:

  1. Press Windows + X and select Windows Terminal (Admin) or PowerShell (Admin).
  2. Type the following command and press Enter:
Confirm-SecureBootUEFI

If it returns True, Secure Boot is enabled. If False, it’s disabled or not supported.

FAQs

Why is Secure Boot important?

Secure Boot helps prevent unauthorized software and malware from loading during system startup, protecting your PC’s integrity.

Can I enable Secure Boot after installing Windows?

Yes, but if Windows was installed in Legacy BIOS mode, you may need to convert your disk to GPT and reinstall Windows for Secure Boot to work properly.

What if Secure Boot option is missing in BIOS?

Your motherboard may not support Secure Boot, or a firmware update might be required. Check the manufacturer’s website for updates or compatibility info.

Does Secure Boot affect dual boot systems?

Yes, Secure Boot can prevent some non-Windows operating systems or unsigned bootloaders from loading. You may need to disable Secure Boot or enroll custom keys for compatibility.

How do I know if my PC uses UEFI or Legacy BIOS?

Open System Information (msinfo32) and check “BIOS Mode.” It will show “UEFI” or “Legacy.”

When Nothing Works

If you have tried all the above steps and Secure Boot still does not work, consider the following:

  • Check for BIOS/UEFI firmware updates from your PC or motherboard manufacturer. Updating firmware can fix bugs and add Secure Boot support.
  • Consult your PC manufacturer’s support website or forums for device-specific instructions.
  • Contact Microsoft Support or your PC vendor for professional assistance.
  • As a last resort, reinstall Windows 11 in UEFI mode with Secure Boot enabled from the start to ensure full compatibility.

Conclusion

Secure Boot is a vital security feature in Windows 11 that helps protect your system from malicious software during startup. If it’s not working, the issue is often related to BIOS/UEFI settings or system configuration.

By following the simple steps outlined here—from verifying Secure Boot status, enabling it in BIOS, switching to UEFI mode, and resetting Secure Boot keys—you can resolve most problems.

Remember to always check your system compatibility and back up important data before making changes. If you encounter more complex issues, seek help from official support channels.

With Secure Boot working correctly, your Windows 11 PC will be safer and more secure against unauthorized software threats.

Leave a Reply