Skip to content

How To Enable Secure Boot Windows 11

    As a part of System requirements, in addition to a Trusted Platform Modulator (TPM), the device should be equipped with “Secure Boot” enabled to install Windows 11.

    Secure Boot is a security option that is available on the majority of new hardware equipped with UEFI firmware that provides security to begin Windows and to stop malware from taking over the system throughout the boot procedure. This means that Secure Boot allows the computer to start only using authentic software supplied by the manufacturer of original equipment (OEM).

    The advantage of this option is a more excellent security experience. That is among the main reasons Microsoft makes it a prerequisite that you install Windows 11. It is only a matter of activating this feature can hinder the use of other operating systems, such as Linux.

    This guide walks you through how to enable and check Secure Boot to upgrade from Windows 10 to 11.

    What exactly is Secure Boot? Secure Boot is a security option that ensures that your PC boots with only programs that its maker trusts. It also blocks harmful programs from being run on your system when the system starts.

    How do I access Secure Boot?

    • Go to the Start menu, then navigate Settings > Update and Security > Recovery.
    • Under Advanced Startup, select Restart Now.
    • The next screen that shows click Troubleshoot Advanced Options > UEFI Firmware Settings and then Restart to change the settings.
    • Change the boot mode of your PC from the Legacy BIOS (or CSM Mode in some computer models) to the UEFI/BIOS (Unified Extended Firmware Interface).
    • For some laptops, There are choices to allow both Legacy/CSM and UEFI. If this is the case, you’ll have to select that option to be the primary or sole option.
    • We suggest checking the PC manufacturer’s support on their website if you hesitate to make modifications to allow the UEFI/BIOS.

    How Does Secure Boot Work?

    Because Secure Boot is a protocol inside the UEFI BIOS that runs every time a computer starts up. It is in conjunction with TPM (Trusted Platform Module), which is also a requirement for Windows 11 installation. To summarize, TPM 2.0 is an application based on hardware and offers additional protection for data when software-based security cannot. The process blocks a computer’s booting up if the hardware is altered or unauthorized programs, such as malicious software, are used. Secure Boot adds another protection for your data. It is a layer of security that guarantees only digitally authenticated and signed programs are executed. Three databases are the main ones we’ll explore, and these include the signature database (DB) as well as the database with revoked signatures (DBX), as the critical enrollment database (KEK).

    Signature Database (DB) – The signature database holds the certificates and public keys of trusted firmware components operating system bootloaders, for example, Microsoft’s Microsoft loader for operating systems software for UEFI, as well as the UEFI driver.

    Revoked Signature Database (DBX) The signature database that has been revoked includes hashes of harmful and vulnerable components, keys that have been compromised, as well as compromised certificates. These block the execution of these components to secure your computer.

    Platform Key (PK) – The platform key creates a trust-based relationship between the user and firmware within the BIOS and controls access to the KEK Database.

    Key Exchange Key (KEK)Key Exchange Key (KEK) database that establishes an underlying trust relationship between operating systems as well as the firmware. The KEK includes a list of critical public keys verified when changing the allowlist database or revoking the signature databases. One platform may have several KEKs.

    Why Is It Useful For Industrial Edge Applications?

    As the world is witnessing the rise of cyberattacks, businesses need to take enterprises to need to take every step to prevent the security of their data from being altered. Top companies like Microsoft, AMD, and Intel have developed their strategies to improve protection against malware. Microsoft has launched Windows 11 with TPM 2.0 and Secure Boot requirements, and the major semiconductor firms, Intel and AMD, have created their versions of the firmware TPM (TPM). TPM is seen as a traditional component and was initially used by businesses that handled sensitive information. Today, TPM 2.0 is a part of the software and is nearly required for computers with industrial edge because of the increase in cyberattacks.

    What Is The Difference Between Secure Boot And TPM 2.0?

    Secure Boot is an essential security feature that UEFI BIOS can activate. Secure Boot’s function is to allow only certified software that is digitally signed to start. This includes, for instance, the compatible operating system, as well as any additional startup applications such as anti-malware software. TPM 2.0, however, functions as a vault that secures and stores the secure digital certificates and keys required to start the computer. If TPM detects a newly installed hard drive or an incorrect operating system license, it cannot let the system boot further. Secure Boot is a security feature that Secure Boot has; it acts as a security checkpoint, and it grants only access to valid startup software.

    What Are Some Disadvantages/Downsides Of Secure Boot?

    Secure Boot could be one of the most frustrating issues when trying to boot untrusted software, like an operating system that is not yours, or even dual-booting. If you want to use the dual-boot setup, Secure Boot must be turned off; however, be sure, that Ubuntu supports Secure Boot and dual-booting processes. If you must deactivate Secure Boot for the dual-boot system, restart Ubuntu to enable Secure Boot. Secure Boot is able to be restored. It is optional to constitute a reason enough to degrade the advantages or security offered by Secure Boot.

    Turning on Secure Boot for Windows 11

    Secure Boot: The Secure Boot tool checks the digital signatures of drivers, operating systems, and firmware every time you start your PC. Turning on Secure Boot is complicated, and it’s worth determining whether the software is activated.

    How Do I Enable Secure Boot?

    The easiest method of enabling Secure Boot is to do this via the BIOS/UEFI. The option is usually mentioned as one of many options in BIOS. So, you can enable it by switching it on.

    Start or reboot your laptop or computer. When it begins to start powering on, press the key repeatedly to open the BIS/UEFI. It is a specific feature of your motherboard’s manufacturer. The exact key may differ. However, the most common methods include Del, F2, and F10, as well as F11 and F12.

    To find specific guidelines regarding how to connect the UEFI/BIOS, check your motherboard’s or system’s manual or go to the manufacturer’s website. There is also Microsoft’s Windows Boot Manager if you prefer.

    If the UEFI/BIOS you use has an advanced and limited mode, change it to Advanced mode.

    You will see a menu on the upper right-hand side of the screen that says security or Boot. Secure Boot is the choice, which is most likely in one of the menus.

    The motherboard used in this tutorial and for the images is an ASROCK B450M PRO 4. It includes two sections: Boot and Security and Secure Boot—the Secure Boot option under the Security section. The position of the location of Secure Boot in your UEFI/BIOS could differ.

    Browse through the options available in the current tab that you’re looking for until you come across that Secure Boot option. If it’s possible to turn it off immediately, select it, then choose to enable it.

    Alternately, if Secure Boot has its submenu, you can navigate there first before turning it on.

    If your UEFI/BIOS contains an option to save modifications, press it. Alternately, go into the Save tab and Exit tab and choose Save.

    If you’re satisfied Secure Boot has been enabled, press the shortcut button to save and leave, or go to the menu Save and Exit (or similar), then select the Save option and Exit. If you’re asked to confirm whether or not you’d like to do it, you must confirm this.

    Bottom Line

    Can you use this article for you? Can you offer other suggestions concerning Secure Boot Windows 11? Leave your comments in the space below for discussion. In addition, if you encounter problems when using the MiniTool Partition Wizard, please feel free to contact us via [email protected]. We’ll get back to you as quickly as we can.

    Leave a Reply

    Your email address will not be published. Required fields are marked *