How To Enable Secure Boot In Windows 11: A Step-by-Step Guide

Home » How-To

Edgar Nicov

How-To

5 min. read

Published on October 25, 2025

Fix Windows errors with Fortect:
Fortect can repair common computer errors by scanning your entire system for damaged or missing OS files and replacing them with the original, working versions. Optimize your PC in 3 simple steps:

Download and Install Fortect on your PC
Use the PC Scan feature to look up any Windows issues (including drivers)
Right-click on Repair, and fix it within a few minutes.

Besides that, it helps you clean up junk files, fix stability problems, and get rid of annoying programs and malware traces.

Secure Boot is a crucial security feature in Windows 11 that helps protect your computer from malware and unauthorized software during the startup process. By ensuring that only trusted software is loaded when your system boots, Secure Boot significantly reduces the risk of rootkits and other boot-level attacks. This guide will walk you through the steps to enable Secure Boot, ensuring your Windows 11 system is as secure as possible.

Enabling Secure Boot can seem daunting, but it’s a straightforward process when you follow the correct steps. This article provides a detailed, easy-to-understand guide to help you enable Secure Boot in Windows 11. We’ll cover checking your current Secure Boot status, accessing your UEFI/BIOS settings, and enabling the feature.

How Do I Enable Secure Boot on Windows 11?

Checking Secure Boot Status

Before enabling Secure Boot, it’s a good idea to check if it’s already enabled.

Press the Windows key + R to open the Run dialog box.
Type msinfo32 and press Enter to open System Information.
In the System Information window, look for “Secure Boot State.” If it says “Enabled,” you’re all set. If it says “Disabled” or “Unsupported,” continue to the next steps.

Accessing UEFI/BIOS Settings

To enable Secure Boot, you need to access your computer’s UEFI/BIOS settings. The method for accessing these settings varies depending on your computer manufacturer.

Restart your computer.
As your computer restarts, look for a message indicating which key to press to enter setup. Common keys include F2, Delete, F12, or Esc. If you’re unsure, consult your motherboard or computer manufacturer’s documentation.
Press the appropriate key repeatedly until the UEFI/BIOS setup utility appears.

Enabling Secure Boot in UEFI/BIOS

Once you’re in the UEFI/BIOS settings, navigate to the Secure Boot options.

Use the arrow keys to navigate to the “Boot,” “Security,” or “Authentication” section. The exact wording varies depending on your UEFI/BIOS version.
Look for “Secure Boot” or a similar option.
If Secure Boot is disabled, change the setting to “Enabled.”
If the Secure Boot option is grayed out or unavailable, check if “CSM” (Compatibility Support Module) is enabled. CSM allows older operating systems to boot, but it needs to be disabled to enable Secure Boot. Look for a CSM setting (usually in the “Boot” section) and disable it.
After disabling CSM, you may need to set the boot mode to “UEFI.” This option is typically found in the “Boot” section as well.
Save your changes and exit the UEFI/BIOS setup utility. The key to save and exit is usually indicated on the screen (e.g., F10).
Your computer will restart.

Verifying Secure Boot is Enabled

After restarting, verify that Secure Boot is now enabled.

Press the Windows key + R to open the Run dialog box.
Type msinfo32 and press Enter to open System Information.
In the System Information window, check the “Secure Boot State.” It should now say “Enabled.”

Troubleshooting

If you encounter issues enabling Secure Boot, consider these troubleshooting steps:

Check for UEFI Support: Ensure your motherboard supports UEFI. Older motherboards may not support Secure Boot.
Update UEFI/BIOS: Make sure you have the latest UEFI/BIOS version installed. Visit your motherboard manufacturer’s website to download and install any available updates.
Reset UEFI/BIOS to Defaults: If you’ve made other changes to your UEFI/BIOS settings, try resetting them to the default configuration.
Consult Manufacturer Documentation: Refer to your motherboard or computer manufacturer’s documentation for specific instructions on enabling Secure Boot.

Tips

Before making any changes to your UEFI/BIOS settings, it’s a good idea to take pictures of your current settings so you can easily revert them if needed.
Be cautious when disabling CSM, as it may prevent older operating systems from booting.
If you’re dual-booting with an older operating system, enabling Secure Boot may cause compatibility issues.

Enhanced System Security

Enabling Secure Boot in Windows 11 significantly enhances your system’s security by preventing unauthorized software from loading during startup. By following the steps outlined in this guide, you can ensure that your computer is protected from boot-level attacks.

FAQ

How do I know if Secure Boot is enabled?

You can check in System Information (msinfo32) under “Secure Boot State.”

What is CSM and why do I need to disable it?

CSM (Compatibility Support Module) allows older operating systems to boot, but it needs to be disabled to enable Secure Boot.

Will enabling Secure Boot affect my other programs?

In most cases, no. However, if you’re using older or unsigned drivers, they may not work with Secure Boot enabled.

What if I can’t find the Secure Boot option in my BIOS?

Ensure your motherboard supports UEFI and that you have the latest BIOS version installed.

Can I enable Secure Boot if I have dual boot?

It depends on the other operating system. Older OSes might not be compatible with Secure Boot.

Comparison of Boot Modes

Feature	Legacy BIOS (CSM Enabled)	UEFI (CSM Disabled, Secure Boot Possible)
Boot Method	BIOS	UEFI
Security	Lower	Higher
OS Compatibility	Older OSes	Modern OSes
Boot Speed	Slower	Faster

By comparing the different boot modes, you can better understand the advantages of using UEFI with Secure Boot enabled, especially regarding security and boot speed.