To install Windows 11, a device must have “Secure Boot” activated in addition to a Trusted Platform Module (TPM). Secure Boot is a security feature present on most current hardware with UEFI firmware that provides a secure environment for booting Windows and prevents malware from hijacking the system during the boot process. Here are some related guides: How to extend System Drive Partition on Windows, to create a disk volume see: How to create volumes via the Command Prompt in Windows.
To put it another way, Secure Boot allows the computer to boot only with software from the Original Equipment Manufacturer (OEM). This feature provides a more secure experience, which is one of the reasons Microsoft has made it a must for installing Windows 11.
The main downside is that activating this functionality prevents other operating systems, such as Linux, from running. Here are other related guides: How to Convert a System Drive from MBR to GPT Partition on Windows 10, How to upgrade Windows 10 with an unsupported CPU and TPM 1.0 to Windows 11.
In this guide, we will show you how to check for and enable Secure Boot while upgrading a Windows 10 PC to Windows 11.
How to Determine the Secure Boot Status in Windows 10
Follow these procedures to check the Secure Boot status in Windows 10: Launch the Start menu and search for System Information and start the app by clicking the first result.
In the left pane, select System Summary. Check the “Secure Boot State”: On – signifies that the feature is turned on. Off implies that the functionality is not available or is not supported.
Check the “BIOS Mode” information: UEFI – signifies the ability to enable Secure Boot. Legacy (BIOS) – implies that the functionality can be enabled, but it will need extra actions. If the “Secure Boot State” is Off and the BIOS Mode is UEFI, you can continue with the instructions listed below to enable Secure Boot to with the Windows 11 standards.
If the “Secure Boot State” is set to Off and “BIOS Mode” is Legacy, then please see this detailed guide on How to Convert a System Drive from MBR to GPT Partition on Windows 10, and then continue with the steps to enable Secure Boot.
How to enable Secure Boot on Windows 10
The steps listed below assume that the device is already running UEFI firmware. If the machine is still running the Legacy BIOS, you may need to convert the disk from MBR to GPT first. The conversion is not required if you want to execute a clean installation, but it is required before an in-place update. The conversion of the disk partition should have no effect on the installation, but it is usually a good idea to make a backup before starting.
Use the following steps to enable Secure Boot on a machine with UEFI firmware: Press the Windows Key to open the Start menu and search for Settings.
Go to Settings and select Update & Security.
Select Recovery and click the Restart now option under the “Advanced startup” section.
On the advance startup page, click on Troubleshoot.
Next click on Advanced options.
Click the UEFI Firmware Settings from the menu. If you have a Legacy BIOS, this option will be unavailable.
Click the Restart button.
Navigate to the boot or security settings page. Note: UEFI settings vary by manufacturer and even by computer model. To locate the settings, you may need to consult the manufacturer’s support website. For example on HP EliteBook 820 computer go to the Advanced section and click on the Boot options.
Tick the SecureBoot box and press the Save button.
Exit the UEFI settings.
After you finish the steps, the system will begin using the Secure Boot feature to meet the requirements of Windows 11.
Enable Secure Boot during startup
Instead of using the Settings app, you may enable Secure Boot on the computer during startup. Follow these procedures to access the device firmware during the Windows boot process:
- Click the Power button.
- Check the screen splash to determine which key you must hit to enter the firmware (if applicable).
- Keep pressing the needed key until you reach the setup mode. Typically, you must press Esc, Delete, or one of the Function keys (F1, F2, F10, etc.).
- Navigate to the boot or security settings page.
- Select the SecureBoot option and press save.
Exit the UEFI settings.
Once the steps are completed, Secure Boot will allow you to support the installation of Windows 11. If you are unable to reach the firmware via the keyboard, see the manufacturer’s instructions to determine the keyboard key to use during boot.
I hope you found this blog post helpful. If you have any questions, please let me know in the comment session.