How to Enable Secure Boot on a Windows 10 PC

With the announcement of Windows 11, Microsoft introduced a new set of minimum requirements your PC must meet to be able to get the update. Though many of the requirements are pretty usual and will exclude only a handful of computers, one requirement out of the lot has left people scratching their heads which is – ‘Secure Boot’.

Many users are not aware of the ‘Secure Boot’ functionality on their computer despite it being always available to them. If you are also looking for a way to check if your computer supports ‘Secure Boot’ or if you are looking for a way to enable it, give this article a thorough read.

What is Secure Boot?

To understand Secure Boot, you will first need to understand two key components, BIOS (Basic Input/Output System) and UEFI (Unified Extensible Firmware Interface). These both are the firmware or you can say a software installed by the processor manufacturers to help you load operating systems on your computer along with a plethora of other functionalities.

UEFI is more modern than the BIOS system, as the former has been around since the 1980s, no doubt there was a scope of improvement there. USPs of UEFI includes support for larger hard drives (as BIOS cannot boot OS from hard disk above 2.1 TB), faster boot times, the convenience of a GUI, mouse cursor support (With BIOS you could only navigate using a keyboard in the firmware level menu), and of course, better security which includes the Secure Boot mechanism.

Now, the job of Secure Boot is to make sure that only verified operating systems and software can load to help the computer boot, and deny access if in case any malware or any unverified software tries to load itself before the computer even starts.

To achieve the said functionality verified software/operating systems that need to launch at the time of boot are signed with public/private keys for the UEFI firmware. At the time of boot, Secure Boot checks those keys with UEFI and allows access to them if they have been ‘whitelisted’ by UEFI. Windows 10 ships with such a certificate for UEFI, which serves as the key to allow it at the time of boot up.

Since now you understand the basics of Secure Boot, let’s learn how to check if it has been enabled on your machine.

How to Check if Secure Boot is Enabled in Windows 10

You can check the status of Secure Boot very quickly on your Windows 10 computer.

To do so, first press Windows+R on your keyboard to bring up ‘Run Command’ on your screen. Then, type msinfo32 in the text area present on the ‘Run Command’ pane, and click on the ‘OK’ button.

After clicking ‘OK’ button, a ‘System Information’ window will open on your system.

From the right side section of the window, locate the ‘BIOS Mode’ field, if it says ‘UEFI’ proceed to the next step. If it says ‘Legacy’, the Secure Boot state is not supported on your computer.

After confirming your BIOS Mode, move further down the list and locate the ‘Secure Boot State’ option. If the Secure Boot option is in the ‘Off’ state, you will need to enable it from your UEFI firmware settings.

How to Enable Secure Boot from BIOS Settings

Note: Hotkeys listed in this section to access the BIOS Menu are for Dell systems. Various manufacturers have different hotkeys to access and navigate the menu, please refer to your PC’s manual or check the manufacturer’s website to know keys specific to your machine.

To reach BIOS settings, shut down your system and turn it back on. Then, as soon as you see the Boot logo on your screen press the F12 key on your keyboard. You might see an indicator on your screen as the machine is preparing to enter the BIOS Menu.

Next, choose the ‘BIOS Setup’ option from the screen by either navigating from the arrow keys of your keyboard or by using hotkeys if displayed on your screen.

After that, click on the ‘Secure Boot’ option if your BIOS supports mouse cursor, otherwise navigate to it using arrow keys and press Enter on your keyboard.

Then, go to the ‘Secure Boot Enable’ option using mouse or arrow keys on the keyboard of your machine.

On the ‘Secure Boot Enable’ screen, press the down arrow key to highlight ‘Enabled’ option and then hit the Spacebar key to select it. You can also use the mouse cursor to select the ‘Enabled’ option.

Finally, after selecting the ‘Enabled’ option, click on the ‘Apply’ button using either your mouse or arrow keys to navigate to the button and then pressing the Enter key to confirm the changes.