Secure Boot is a feature on UEFI-based PCs that helps increase the security of a PC by preventing unauthorized software from running on a PC during the boot sequence. It checks that each piece of software has a valid signature, including the operating system that will be loaded. It’s a good security measure against rootkits.
How to enable Secure Boot
First of all, start “msinfo32” and check if you are using UEFI or Legacy. If it’s Legacy it means you have to reconfigure your firmware/BIOS and reinstall Windows.
Next, check in the same MSINFO32 if Secure Boot is enabled or not:
If it’s set of Off, follow these steps:
- Optional: Suspend Bitlocker (or have your recovery key ready)
- Boot to your UEFI firmware. Go to the Start Menu, type Advanced Startup Options, pick Advanced Startup.
- Your PC will reboot, choose Troubleshooting followed by UEFI Settings
- Browse all options and double check that:
- CSM is set to disabled
- Secure boot is enabled
- UEFI mode is set to UEFI Mode Only
- Intel TXT Support is set to ON
- Save and exit
- Enable Bitlocker again in Windows.
Check using MSINFO32 if Secure boot is set to On.