Windows 11 enable Secure BootSource: Windows Central

In addition to a Trusted Platform Module (TPM), your computer also needs to have Secure Boot enabled to upgrade to Windows 11.

Secure Boot is a security feature built-in on most devices with modern hardware and UEFI firmware that provides a secure environment to start Windows and prevent malware from hijacking the system during the boot process. In other words, Secure Boot allows the computer to boot only with trusted software from the Original Equipment Manufacturer (OEM).

The benefit of this feature is a more secure experience, which is one of the reasons Microsoft is making it a requirement to install Windows 11. However, there's a caveat: Enabling this option prevents you from running other operating systems, such as Linux.

In this Windows 11 guide, we will walk you through the steps to check and enable Secure Boot to upgrade a Windows 10 device.

How to check Secure Boot state on Windows 10

To check whether Secure Boot is enabled, use these steps:

  1. Open Start.
  2. Search for System Information and click the top result to open the app.
  3. Click on System Summary on the left pane.
  4. Check the "Secure Boot State" information. If it reads On, it's enabled. If it reads Off, it's disabled or not available.

    Check Secure Boot on Windows 10 Source: Windows Central

  5. Check the "BIOS Mode" information. If it is reads UEFI, you can enable Secure Boot. If it is reads Legacy (BIOS), you can enable the feature, but it will require additional steps.

Once you complete the steps, if the feature is disabled and BIOS Mode is UEFI, you can use the steps outlined below to enable a more secure experience running Windows 11.

If the "Secure Boot State" is set to Off and "BIOS Mode" to Legacy, then back up your computer, use these instructions to convert the installation from MBR to GPT, and then continue with the steps below to enable Secure Boot.

How to enable Secure Boot on Windows 10

To enable the Secure Boot on a computer with UEFI, use these steps:

Warning: Changing the incorrect firmware settings can prevent your device from starting correctly. You should access the motherboard settings only when you have a good reason. It's assumed that you know what you're doing. Also, the steps below assumes the device is already running on UEFI. If the computer is still in the legacy BIOS, you will first need to convert the drive using MBR to GPT. Otherwise, Windows won't start. If you are trying to do a clean install of the new version, you don't need the converstion, but you must go through the converstion when trying to do an in-place upgrade. The process to convert the drive partition should not affect the installation, but it's always recommended to create a backup before proceeding.

  1. Open Settings.
  2. Click on Update & Security.
  3. Click on Recovery.
  4. Under the "Advanced startup" section, click the Restart now button.

    Windows 10 Recovery Settings Advanced StartupSource: Windows Central

  5. Click on Troubleshoot.

    Advanced Startup Troubleshoot optionSource: Windows Central

  6. Click on Advanced options.

    Windows 10 Advanced Options Source: Windows Central

  7. Click the UEFI Firmware settings option.

    Windows 10 UEFI firmware settings option Source: Windows Central

    Quick tip: If you have a legacy BIOS, the option will not be available.

  8. Click the Restart button.

    Windows 10 reboot to enter BIOS/UEFISource: Windows Central

  9. Open the boot or security settings page.

    Quick note: The UEFI settings are usually different per manufacturer and even per computer model. As a result, you may need to check your manufacturer support website for more specific details to find the corresponding settings.

  10. Select the Secure Boot option and press Enter.
  11. Select the Enabled option and press Enter. Enable Secure Boot
  12. Exit the UEFI settings.
  13. Confirm the changes to restart the computer.

After you complete the steps, the security feature will enable, and the device should now comply with the Windows 11 requirements.

How to enable Secure Boot during startup

Alternatively, you can also enable Secure Boot by booting into the UEFI firmware during startup instead of using the Settings app.

To access the device firmware during the boot process, use these steps:

  1. Press the Power button.
  2. See the screen splash to identify the key you must press to enter the firmware (if applicable).
  3. Press the required key repeatedly until you enter the setup mode. Typically, you need to press the Esc, Delete, or one of the Function keys (F1, F2, F10, etc.).
  4. Open the boot or security settings page (as needed).
  5. Select the Secure Boot option and press Enter.
  6. Select the Enabled option and press Enter.

    Enable Secure BootSource: Windows Central

  7. Exit the UEFI settings.
  8. Confirm the changes to restart the computer.

Once you complete the steps, Secure Boot will enable you to support the installation of Windows 11.

If you cannot access the firmware using the keyboard, you may need to check your manufacturer documentation to determine the key you need to press during boot. Here are some brands and their respective keys to access the device firmware:

  • Dell: F2 or F12.
  • HP: Esc or F10.
  • Acer: F2 or Delete.
  • ASUS: F2 or Delete.
  • Lenovo: F1 or F2.
  • MSI: Delete.
  • Toshiba: F2.
  • Samsung: F2.
  • Surface: Press and hold the volume up button.

It's important to note that doing the development process, Microsoft is not fully enforcing all the system requirements. However, this may change when the final version is released.

More Windows resources

For more helpful articles, coverage, and answers to common questions about Windows 10 and Windows 11, visit the following resources: