Solved Turn On Secure Boot


winjer

Member
Local time
9:18 AM
Posts
28
OS
Windows 11
I Upgraded to Win 11 when it was first available. I turned on TPM 2.0 to install it. Everything has been working OK. I just realized that "secure boot" was never turned on after installing Win 11.
Should it be on? If I do turn it on, would I still be able to do a clean install of Win 11 if I need to sometime in the future? Or would I have to turn it off again?
Thanks

XPS 8930
SSD, 2 HDD, GTX 1070, Windows 10 64-bit, i7-8700K, 16GB DDR4 at 2666MHz
 

My Computer

System One

  • OS
    Windows 11
Secure Boot needs to be enabled in the BIOS. In order to enable that, you'd also need to disable CSM.

BTW what tells you Secure Boot isn't enabled?
 

My Computers

System One System Two

  • OS
    Windows 11 Pro 23H2 (Build 22631.4112)
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom built
    CPU
    Intel i9-9900K
    Motherboard
    Gigabyte Aorus Z390 Xtreme
    Memory
    32G (4x8) DDR4 Corsair RGB Dominator Platinum (3600Mhz)
    Graphics Card(s)
    Radeon (XFX MERC 310) RX 7900XT
    Sound Card
    Onboard (ESS Sabre HiFi using Realtek drivers)
    Monitor(s) Displays
    27-inch Eizo Color Edge - CG2700X
    Screen Resolution
    3840 x 2160
    Hard Drives
    5 Samsung SSD drives: 2X 970 NVME (512 & 1TB), 3X EVO SATA (2X 2TB, 1X 1TB)
    PSU
    EVGA Super Nova I000 G2 (1000 watt)
    Case
    Cooler Master H500M
    Cooling
    Corsair H115i Elite Capellix XT
    Keyboard
    Logitech Craft
    Mouse
    Logitech MX Master 3
    Internet Speed
    500mb Download. 11mb Upload
    Browser
    Microsoft Edge Chromium
    Antivirus
    Windows Security
    Other Info
    System used for gaming, photography, music, school.
  • Operating System
    Win 11 Pro 23H2 (build 22631.4112)
    Computer type
    Laptop
    Manufacturer/Model
    Lenovo ThinkPad X1 Carbon (Gen 12)
    CPU
    Intel Core Ultra 7 165U vPro® Processor
    Motherboard
    Vendor
    Memory
    32 GB LPDDR5X-6400MHz (Soldered)
    Graphics card(s)
    Intel Graphics
    Sound Card
    Onboard
    Monitor(s) Displays
    14" 2.8K OLED, Anti Reflection, Touch, HDR 500, 400 nits, 120Hz
    Screen Resolution
    2880 x 1800
    Hard Drives
    1 TB SSD M.2 2280 PCIe Gen4 Performance TLC Opal
    PSU
    Vendor
    Case
    Lenovo
    Cooling
    Vapor Chamber Cooling
    Mouse
    Touchpad: Haptic Touchpad
    Keyboard
    Backlit, Black with Fingerprint Reader and WWAN
    Internet Speed
    100MB
    Browser
    Edge Chromium
    Antivirus
    Windows Security
    Other Info
    202. Build Your Own laptop.
    vPro Certified Model: vPro Enterprise
It is recommended that you do have SecureBoot enabled. It can help protect against some of the rootkit and bootkit infections

MSINFO32 will tell you if it's enabled
Windows Security | Device Security will tell you if it's enabled
PowerShell
Confirm-SecureBootUEFI



How to enable or disable Secure Boot
 

My Computer

System One

  • OS
    Windows 10
    Computer type
    PC/Desktop
    Manufacturer/Model
    MSI Custom build
    CPU
    Intel i9-9900K
    Motherboard
    MSI MPG Z390 Gaming Edge AC
    Memory
    64GB
    Graphics Card(s)
    EVGA GeForce GTX 1070 TI
    Internet Speed
    1 Gbps
    Browser
    Firefox
    Antivirus
    Malwarebytes
If it runs fine without it could be ok but just to be safe you should probably turn it on. And plus it's good for protecting the system if a rootkit ever infected the boot loader.

Edit: Now that I think of it how exactly did you upgrade? Was it through an in place upgrade? If so where did you see secure boot was turned off? Supposedly from what I understand it should have blocked the upgrade until it's turned on.
 

My Computer

System One

  • OS
    Windows 11 Pro
    Computer type
    Laptop
    Manufacturer/Model
    MSI GF63 Thin 9SC
    CPU
    Intel Core i5 @ 2.40GHz Coffee Lake 14nm Technology
    Memory
    32 GB DDR4 Kingston HyperX Impact
    Screen Resolution
    1920 x 1080
    Hard Drives
    Samsung 860 EVO 2 TB SATA M.2 Solid State Drive
    Crucial MX500 TB Solid State Drive
    Mouse
    Redragon M652-BA Wireless Gaming Mouse
    Browser
    Mozilla Firefox
    Antivirus
    Kaspersky Total Security
I used the MS media tool and did a clean install. When I activated TPM 2.0 (before installing Win 11) I noticed the secure boot was off, then I kind of forgot about it until recently.
I checked the BIOS and saw it was off. I thought I couldn't install Win 11 with it off, but I did.
Did I do something wrong? Or am going to have problems updating Windows with secure boot on?
 

My Computer

System One

  • OS
    Windows 11
Run the system information application from the start menu. Does it say UEFI under BIOS Mode? If yes, then you have no issues just turning on secure boot in BIOS settings.

capture2.jpg
 

My Computers

System One System Two

  • OS
    Windows 11
    Computer type
    PC/Desktop
    Manufacturer/Model
    Homebuilt
    CPU
    AMD Ryzen 7 3800XT
    Motherboard
    ASUS ROG Crosshair VII Hero (WiFi)
    Memory
    32GB
    Graphics Card(s)
    EVGA GeForce GTX 1080 Ti
  • Operating System
    Windows 11 Education
    Computer type
    Laptop
    Manufacturer/Model
    Dell Inspiron 7773
    CPU
    Intel i7-8550U
    Memory
    32GB
    Graphics card(s)
    Nvidia Geforce MX150
    Sound Card
    Realtek
    Monitor(s) Displays
    17"
    Screen Resolution
    1920 x 1080
    Hard Drives
    Toshiba 512GB NVMe SSD
    SK Hynix 512GB SATA SSD
    Internet Speed
    Fast!
After I upgraded my new computer to Windows 11, I found that Secure Boot was turned off. For the security and peace of mind I turned it on and have no regrets.
 

My Computers

System One System Two

  • OS
    Windows 11 Canary Channel
    Computer type
    PC/Desktop
    Manufacturer/Model
    PowerSpec B746
    CPU
    Intel Core i7-10700K
    Motherboard
    ASRock Z490 Phantom Gaming 4/ax
    Memory
    16GB (8GB PC4-19200 DDR4 SDRAM x2)
    Graphics Card(s)
    NVIDIA GeForce GTX 1050 TI
    Sound Card
    Realtek Audio
    Monitor(s) Displays
    Samsung SAM0A87 Samsung SAM0D32
    Screen Resolution
    1920 x 1080
    Hard Drives
    NVMe WDC WDS100T2B0C-00PXH0 1TB
    Samsung SSD 860 EVO 1TB
    PSU
    750 Watts (62.5A)
    Case
    PowerSpec/Lian Li ATX 205
    Keyboard
    Logitech K270
    Mouse
    Logitech M185
    Browser
    Microsoft Edge and Firefox
    Antivirus
    ESET Internet Security
  • Operating System
    Windows 11 Canary Channel
    Computer type
    PC/Desktop
    Manufacturer/Model
    PowerSpec G156
    CPU
    Intel Core i5-8400 CPU @ 2.80GHz
    Motherboard
    AsusTeK Prime B360M-S
    Memory
    16 MB DDR 4-2666
    Monitor(s) Displays
    23" Speptre HDMI 75Hz
    Screen Resolution
    1920x1080
    Hard Drives
    Samsung 970 EVO 500GB NVMe
    Mouse
    Logitek M185
    Keyboard
    Logitek K270
    Browser
    Firefox, Edge and Edge Canary
    Antivirus
    Windows Defender
Yes. BIOS Mode shows "UEFI" with system information. So I'm ok then? Does this interfere with installing new apps or doing a Windows Update?
Thanks.
 

My Computer

System One

  • OS
    Windows 11
I used the MS media tool and did a clean install. When I activated TPM 2.0 (before installing Win 11) I noticed the secure boot was off, then I kind of forgot about it until recently.
I checked the BIOS and saw it was off. I thought I couldn't install Win 11 with it off, but I did.
Did I do something wrong? Or am going to have problems updating Windows with secure boot on?
I don't think you did anything wrong. As far as with updating I'm really not sure at all but if I were to take a guess, most likely won't cause issues but with feature updates l don't know if it would be worth trying out though most likely the worst that could happen is it would probably simply refuse to install those. It's probably a good idea to still enabled it though.

I know, I've edited this response a lot. I'm just bad at wording and typing things some times. 😅
 
Last edited:

My Computer

System One

  • OS
    Windows 11 Pro
    Computer type
    Laptop
    Manufacturer/Model
    MSI GF63 Thin 9SC
    CPU
    Intel Core i5 @ 2.40GHz Coffee Lake 14nm Technology
    Memory
    32 GB DDR4 Kingston HyperX Impact
    Screen Resolution
    1920 x 1080
    Hard Drives
    Samsung 860 EVO 2 TB SATA M.2 Solid State Drive
    Crucial MX500 TB Solid State Drive
    Mouse
    Redragon M652-BA Wireless Gaming Mouse
    Browser
    Mozilla Firefox
    Antivirus
    Kaspersky Total Security
Yes. BIOS Mode shows "UEFI" with system information. So I'm ok then? Does this interfere with installing new apps or doing a Windows Update?
Thanks.
No. You'll be fine (y)
 

My Computers

System One System Two

  • OS
    Windows 11 Pro 23H2 (Build 22631.4112)
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom built
    CPU
    Intel i9-9900K
    Motherboard
    Gigabyte Aorus Z390 Xtreme
    Memory
    32G (4x8) DDR4 Corsair RGB Dominator Platinum (3600Mhz)
    Graphics Card(s)
    Radeon (XFX MERC 310) RX 7900XT
    Sound Card
    Onboard (ESS Sabre HiFi using Realtek drivers)
    Monitor(s) Displays
    27-inch Eizo Color Edge - CG2700X
    Screen Resolution
    3840 x 2160
    Hard Drives
    5 Samsung SSD drives: 2X 970 NVME (512 & 1TB), 3X EVO SATA (2X 2TB, 1X 1TB)
    PSU
    EVGA Super Nova I000 G2 (1000 watt)
    Case
    Cooler Master H500M
    Cooling
    Corsair H115i Elite Capellix XT
    Keyboard
    Logitech Craft
    Mouse
    Logitech MX Master 3
    Internet Speed
    500mb Download. 11mb Upload
    Browser
    Microsoft Edge Chromium
    Antivirus
    Windows Security
    Other Info
    System used for gaming, photography, music, school.
  • Operating System
    Win 11 Pro 23H2 (build 22631.4112)
    Computer type
    Laptop
    Manufacturer/Model
    Lenovo ThinkPad X1 Carbon (Gen 12)
    CPU
    Intel Core Ultra 7 165U vPro® Processor
    Motherboard
    Vendor
    Memory
    32 GB LPDDR5X-6400MHz (Soldered)
    Graphics card(s)
    Intel Graphics
    Sound Card
    Onboard
    Monitor(s) Displays
    14" 2.8K OLED, Anti Reflection, Touch, HDR 500, 400 nits, 120Hz
    Screen Resolution
    2880 x 1800
    Hard Drives
    1 TB SSD M.2 2280 PCIe Gen4 Performance TLC Opal
    PSU
    Vendor
    Case
    Lenovo
    Cooling
    Vapor Chamber Cooling
    Mouse
    Touchpad: Haptic Touchpad
    Keyboard
    Backlit, Black with Fingerprint Reader and WWAN
    Internet Speed
    100MB
    Browser
    Edge Chromium
    Antivirus
    Windows Security
    Other Info
    202. Build Your Own laptop.
    vPro Certified Model: vPro Enterprise
UEFI boot is good and more secure but is not the same as Secure Boot
After Windows is installed, the device boots automatically using the same mode it was installed with.

Please run the System Information tool again and it will show you if Secure Boot is enabled or not.

1643941487516.png
 

My Computer

System One

  • OS
    Windows 10
    Computer type
    PC/Desktop
    Manufacturer/Model
    MSI Custom build
    CPU
    Intel i9-9900K
    Motherboard
    MSI MPG Z390 Gaming Edge AC
    Memory
    64GB
    Graphics Card(s)
    EVGA GeForce GTX 1070 TI
    Internet Speed
    1 Gbps
    Browser
    Firefox
    Antivirus
    Malwarebytes
Back
Top Bottom