How to Fix Secure Boot Won’t Enable on Windows 11

In the realm of computer security, Secure Boot stands as a crucial line of defense against malicious attacks. Designed to protect the integrity of the boot process, Secure Boot ensures that only trusted software is executed during startup, effectively preventing unauthorized code from running. However, there are instances when Secure Boot won’t enable, leaving systems vulnerable. 

In this article, we delve into the reasons behind this occurrence and explore potential solutions.

Why can’t I enable Secure Boot Windows 11?

Secure Boot plays a crucial role in defending against malware and unauthorized software. By preventing the execution of unsigned or tampered code during startup, it effectively mitigates the risk of bootkits, rootkits, and other malicious software compromising the system. Furthermore, Secure Boot establishes a foundation of trust, enabling the secure execution of subsequent software layers. Here are some reasons why secure boot won’t enable:

• Compatibility Issues
• Firmware Configuration
• Unsigned or Improperly Signed Bootloader
• Malware or Unauthorized Modifications

Secure Boot Won’t Enable on Windows 11: Best Fixes

There are various methods to enable secure boot on Windows 11. We suggest you take these quick steps before going through the detailed methods.

Quick steps:

• Verify Compatibility by checking the manufacturer’s documentation or website for information regarding compatibility requirements.
• Update the Windows and Drivers.

After these quick steps, follow these methods to fix the secure boot issue you are encountering,

1. Configure BIOS/UEFI Settings:

1. Press the Win+R key to open the Run dialog box.
2. Then type the following command, and press Enter: msinfo32
3. It will open the System information window.
4. Click on System Summary and check the Secure Boot State in the right pane.
   

If the Secure Boot status is Off, you must enable it through your BIOS. Follow the instructions to enable it:

1. Press the Win+I to open the Settings app.
2. Then go to System > Recovery.
3. Click on Restart now next to Advanced startup, and It will restart your computer.
   

5. In the Advanced startup mode, select Troubleshoot and then Advanced options.
6. Choose UEFI Firmware Settings and click on Restart. 
   
7. It will boot you into Windows UEFI BIOS.
8. Navigate through the BIOS/UEFI settings to find the Secure Boot option. It is usually located under the Security or Boot menu. 
9. Once located, ensure that the Secure Boot option is enabled. If it is already enabled, proceed to the next step.
   

[Note that the steps to enable Secure Boot will differ for different manufacturers. You can check out your manufacturer’s BIOS page to know how to do it on your computer.]

2. Enable TPM Support:

If TPM is disabled on your computer, you can enable TPM by following the below instructions:

1. Open the Run dialog box like before.
2. Then type the following command  and press Enter: tpm.msc
3. In the TPM management window, click on Actions in the top bar.
4. Select Prepare the TPM from the menu.
   
5. Restart your device.

3. Disable Legacy Boot Options:

Sometimes, Secure Boot may fail to enable due to conflicting legacy boot options. To fix this, follow these steps:

1. Open the BIOS/UEFI settings on your computer like before.
2. Then choose Boot Sequence from the left panel.
3. Look for settings related to Legacy Boot or Compatibility Support Module (CSM).
4. Select the UEFI option instead of Legacy External Devices.
   
5. Then save the changes and restart your device.

Again, the process will differ for different manufacturers; therefore, you must check your manufacturer’s BIOS page to know how to do it on your computer.

4. Convert the Partition Style From MBR to GPT

You must check your computer partition style to convert the partition style from MBR to GPT. Here’s how:

4.1 Check the Partition Style:

1. Press the Win+X key to open the Power menu.
2. Then Select Disk Management.
3. In the Disk Management window, right-click on the hard disk drive and choose Properties from the menu.
4. Go to the Volumes tab.
5. Check the Partition style. If it shows Master Boot Record (MBR), then you have to convert it to GPT.
   

4.2 Convert the Partition Style:

To convert the MBR partition style to GPT, follow these steps:

1. Press the Win+X key to open the Power menu.
2. Select Terminal (Admin).
3. Then type the following command and press Enter: mbr2gpt /validate /allowfullOS
   
4. This command will validate the partition.
5. Once the validation is complete, type the following command and press Enter: mbr2gpt /convert /allowfullOS

Now Windows will start converting the partition style. The process may take some time, depending on the size of your drive.

Extra Steps:

If the above methods don’t work, then try these additional steps:

• Perform Security Scans.
• Consider a BIOS/UEFI Update.
• If none of the methods work for you, Seek Professional Assistance.

If necessary, learn how to boot into clean boot mode.

---

Secure Boot is a vital security feature to protect systems from unauthorized software execution during startup. While it offers robust protection, there are instances when Secure Boot won’t enable. By understanding the underlying reasons and implementing the suggested solutions, users can ensure that Secure Boot is active, providing a solid defense against malware and unauthorized code.