How to enable secure boot

Content on WhatAnswers is provided "as is" for informational purposes. While we strive for accuracy, we make no guarantees. Content is AI-assisted and should not be used as professional advice.

Last updated: April 4, 2026

Quick Answer: Secure Boot is a security standard developed by members of the PC industry to help make sure that a device boots using only software that the device manufacturer trusts. To enable it, you typically need to access your computer's UEFI/BIOS settings, usually by pressing a specific key during startup, and then locate the Secure Boot option within the security or boot menus to enable it.

Key Facts

Secure Boot is part of the UEFI (Unified Extensible Firmware Interface) standard, replacing the traditional BIOS.
It helps protect against rootkits and other malware that can load before your operating system.
Secure Boot requires a compatible UEFI firmware and a 64-bit version of Windows 8 or later.
Enabling Secure Boot often involves changing the firmware's boot mode from 'Legacy' or 'CSM' to 'UEFI'.
The specific key to access BIOS/UEFI varies by manufacturer (e.g., F2, Del, F10, Esc).

What is Secure Boot?

Secure Boot is a crucial security feature designed to protect your computer from malicious software that attempts to load before your operating system starts. It's part of the Unified Extensible Firmware Interface (UEFI) standard, which has largely replaced the older BIOS (Basic Input/Output System) on modern computers. Think of it as a digital bouncer for your computer's startup process. When your computer powers on, Secure Boot checks the digital signature of each piece of boot software, including the operating system loader and device drivers. If the signature is valid and trusted by the system's firmware, the software is allowed to load. If it's not recognized or has been tampered with, Secure Boot will prevent it from running, thereby stopping potential threats like rootkits or bootkits from compromising your system before it even fully boots up.

Why is Secure Boot Important?

The primary benefit of Secure Boot is enhanced security. Malware, particularly sophisticated types like rootkits and bootkits, can infect your system at a very low level, making them incredibly difficult to detect and remove. These types of malware load themselves into memory before the operating system, giving them deep control over your system and the ability to hide from antivirus software. By verifying the integrity and authenticity of boot components, Secure Boot acts as a first line of defense, ensuring that only legitimate and trusted software is executed during the boot sequence. This significantly reduces the risk of your system being compromised by malware before your operating system's security measures even kick in.

Requirements for Secure Boot

For Secure Boot to function, several conditions must be met:

UEFI Firmware: Your computer's motherboard must have UEFI firmware that supports Secure Boot. Most computers manufactured after 2012 come with UEFI, but it's essential to confirm.
Operating System Support: You need a 64-bit operating system that is designed to work with Secure Boot. Microsoft's Windows 8 and all subsequent versions (Windows 8.1, Windows 10, Windows 11) support Secure Boot. Older versions of Windows and most 32-bit operating systems do not support it.
Compatible Drivers: Any hardware drivers loaded during the boot process must also be signed with appropriate certificates recognized by Secure Boot.

How to Enable Secure Boot

Enabling Secure Boot involves accessing your computer's firmware settings (UEFI/BIOS). The exact steps can vary slightly depending on your computer's manufacturer and model, but the general process is as follows:

Access UEFI/BIOS Settings: Restart your computer. As it begins to boot up (before the Windows logo appears), you'll need to press a specific key repeatedly. Common keys include F2, Del, F10, F12, or Esc. Your computer's boot screen or manual will usually indicate which key to press.
Locate Secure Boot Settings: Once in the UEFI/BIOS interface, navigate through the menus. Look for sections labeled 'Security', 'Boot', 'Authentication', or 'System Configuration'. The Secure Boot option is typically found within one of these menus.
Enable Secure Boot: Find the 'Secure Boot' option and change its setting from 'Disabled' to 'Enabled'.
Configure Boot Mode (if necessary): In some cases, Secure Boot might only be available when your system is set to 'UEFI' boot mode, not 'Legacy' or 'CSM' (Compatibility Support Module). If you encounter issues or can't find the Secure Boot option, check the boot mode settings and ensure it's set to UEFI. You might need to disable 'CSM' or 'Legacy Boot' first.
Save and Exit: After making the changes, navigate to the 'Exit' menu and select 'Save Changes and Exit' or a similar option. Your computer will then restart with Secure Boot enabled.

Troubleshooting Common Issues

If you encounter problems after enabling Secure Boot:

Operating System Won't Boot: This can happen if your OS or its bootloader isn't compatible or if the firmware keys are missing or corrupted. You might need to disable Secure Boot, reinstall your OS, or update your firmware.
Cannot Find Secure Boot Option: Ensure your system is in UEFI mode. Some older systems might not support Secure Boot at all. Check your manufacturer's documentation.
Driver Issues: If certain hardware doesn't work after enabling Secure Boot, it might be due to unsigned drivers. You may need to update the drivers to signed versions or consider disabling Secure Boot if updates are unavailable.

Always consult your computer manufacturer's documentation for specific instructions related to your model. Enabling Secure Boot is a valuable step in protecting your computer, but it's essential to ensure your system meets the requirements and to proceed carefully through the firmware settings.