How to Enable Secure Boot to Install Windows 11

Windows 11 has strict installation requirements. Microsoft demands that users enable Trusted Platform Module (TPM) and Secure Boot before they can install Windows 11.

What Is Secure Boot?

Secure Boot is a feature found in all modern computer motherboards. It prevents third-party software and code from being executed during the system boot.

With Secure Boot enabled, the system only allows Original Equipment Manufacturer (OEM) and Microsoft signed software to run.

How to Check Secure Boot State on Windows 10

Before moving forward, we have to check the current state of your computer’s Secure Boot. Follow these steps to find out if you have it enabled.

  1. Click on the Start button.Windows 10 Start Button
  2. Type in System Information in the search and click the top result.System Information
  3. Click on System Summary to the left of the new window.System Summary
  4. Look for Secure Boot State to the right at the bottom of the list of your PC’s specs.Secure Boot State

If Secure Boot State is On and BIOS Mode UEFI, you don’t need to change anything.

However, if Secure Boot State is Off and BIOS Mode is UEFI, you can follow the instructions in the next section to enable Secure Boot.

Enable Secure Boot on Windows 10 So You Can Upgrade to Windows 11

Enabling Secure Boot requires access to your motherboard settings.

Beware that any incorrect configuration can prevent your computer from booting. So do not change your motherboard settings unless strictly necessary.

The steps in this section assume you have a UEFI installation and UEFI BIOS mode enabled.

If you’re running on legacy BIOS mode, you may need to convert your drive from MBR to GPT. However, the conversion is unnecessary if you’re performing a clean install.

To enable Secure Boot on computers with UEFI on, follow these steps.

  1. Click on the Windows button.Windows Icon
  2. Click on the Setting icon.Settings
  3. Click on Update & Security.Update & Security
  4. Click on Recovery at the menu’s bottom.Recovery
  5. Click on Restart Now in the Advanced startup section.Restart Now
  6. Click on Troubleshoot after your computer restarts.Troubleshoot
  7. Click on Advanced options.Advanced options
  8. Click on UEFI Firmware Settings.UEFI Firmware Settings
  9. Restart to change UEFI firmware settings.
  10. Open the boot or security page of your BIOS. (This page changes based on manufacturer and bios version)
  11. Find the Secure Boot option and press enter.
  12. Select Enabled and press enter.Enable Secure Boot
  13. Exit the menu.
  14. Save your changes and reboot the computer.

How to Enable Secure Boot on Startup

If you’re having issues enabling Secure Boot through Windows recovery, you can directly turn it on during the system boot.

Follow these steps to access your motherboard’s BIOS and enable Secure Boot.

  1. Shut down your computer.
  2. Press the Power button to turn it back on.
  3. You should see the motherboard’s manufacturer splash screen.
  4. Look for the key you need to press to enter the BIOS.
  5. Keep pressing the BIOS key until you enter setup mode. (Some common keys to access the bios are Delete, Esc, F10, and F12)
  6. Open the boot or security page, depending on the manufacturer.
  7. Look for the Secure Boot and press enter.
  8. Select Enabled and press enter.
  9. Exit the menu.
  10. Save your changes and reboot the computer.

If you can’t identify the key to access your motherboard’s BIOS, check the manufacturer’s manual to find the setup key.

Converting MBR to GPT Partition

If you followed the previous steps and found out that the UEFI Firmware Settings were missing, your disk partition style is Master Boot Record (MBR) and needs to be converted to GUID Partition Table (GPT) to support UEFI.

Backup your data and follow these steps to convert your partition style.

  1. Click on the Windows button.Windows Icon
  2. Click on the Setting icon.Settings
  3. Click on Update & Security.Update & Security
  4. Click on Recovery at the menu’s bottom.Recovery
  5. Click on Restart Now in the Advanced startup section.Restart Now
  6. Click on Troubleshoot after your computer restarts.Troubleshoot
  7. Click on Advanced options.Advanced options
  8. Click on Command Prompt.Command Prompt
  9. Select an administrative account. (We’ll require administrator privileges to convert the partition)
  10. Type the mbr2gpt /validate command and press enter to validate the driver.
  11. The command will return a Validation completed successfully message if the disk is eligible.Validation completed successfully
  12. Type the mbr2gpr /convert command and press enter to begin the conversion process.
  13. Look for the Conversion completed successfully message to ensure proper conversion.Conversion completed successfully
  14. Type exit and press enter to close the window.
  15. Restart your computer to apply the changes.
Emerson Bossi

I'm a freelance content writer with over three years in the industry and a Computer Science bachelor's. I also worked for more than four years in the tech industry before becoming a writer!

Tech Guided is supported by readers. If you buy products from links on our site, we may earn a commission. This won't change how much you pay for the products and it doesn't influence our decision in which products we recommend. Learn more