Home
How to enable Secure Boot for Windows 11
Windows 11

How to enable Secure Boot for Windows 11

November 24, 2023
Windows 11 comes with Secure Boot enabled by default, but if for some reason your PC has it turned off, here’s how to enable it.

Close-up view of a Surface Laptop Go 3 with the Windows 11 logo overlaid on top

Secure Boot is a technology that ensures only trusted software starts with your Windows PC. It’s important for keeping your PC safe, and it’s required for upgrading to Windows 11. It’s also enabled by default on new laptops and PCs running Windows. However, if you happen to have a PC with Secure Boot disabled for whatever reason, you can re-enable it. This can allow you to install Windows 11 if you haven’t already, but it’s also an important feature for security.

To enable Secure Boot, you’ll need to go to your computer’s BIOS, which looks slightly different on every PC. However, most of the general steps are similar. Let’s take a look.

How to enable Secure Boot in Windows 11 using the BIOS settings

  1. From within Windows 11, open the Start menu.
  2. While holding down Shift on your keyboard, click the Power button and then Restart.
    Screenshot of Windows 11 Start menu with the Restart option highlighted
  3. When your computer restarts, click Troubleshoot.
  4. Choose Advanced options.
  5. Click UEFI Firmware settings and then Restart.
  6. (Optional) On some PCs, you may need to choose BIOS Setup or something similar.
  7. Look for a Boot or Security tab to find the Secure Boot option.
  8. Select Secure Boot and set it to Enabled or On, if it’s not already.

The steps needed to get here will vary a little bit once you get to the BIOS because every BIOS is slightly different. But the steps inside Windows are all the same, and even the BIOS settings are fairly similar overall. If you want to disable Secure Boot, you can simply follow the steps above but set the option to Disabled or Off instead.

How to check if Secure Boot is enabled

If you want to make sure Secure Boot is enabled, thankfully, you don’t have to go into the BIOS for that. Simply follow these steps:

  1. Open the Start menu and type msinfo32 (or System information).
  2. Open the first option.
  3. Check that the Secure Boot State field is set to On.

Why you should have Secure Boot enabled

Secure Boot is an important security feature in modern computers, and it was developed by the UEFI Consortium, which includes many of the biggest PC technology companies in the world. Secure Boot ensures that only trusted and verified code can run when your computer starts up, meaning no other software can be injected into the boot process, potentially compromising your PC’s security. Using digital signatures, Secure Boot can ensure that any software that starts on boot is authentic, from a trusted source, and not corrupted. This helps prevent more sophisticated attacks that could inject malicious code into the boot process.

Disabling Secure Boot can be useful if you want to dual-boot Windows 11 with some Linux distributions, but some of the most popular ones actually support it, so keeping it enabled is generally better. If you’re interested in other security features, maybe check out how to use Smart App Control on Windows 11.