Microsoft Windows 11 is now available and in order to update your PC, you need to set up TPM 2.0 and Secure Boot in your motherboard BIOS. Secure Boot is a UEFI firmware feature that helps prevent malware and unapproved operating systems from loading during system startup. In this post, we’ll look at how to check if your computer has Secure Boot enabled and, if not, how to enable Secure Boot so you can continue installing Windows 11.
What is secure boot? Why do you need it?
The main purpose of Secure Boot is to block the execution of malicious operating systems and boot files until the computer boots. It verifies the signature of all boot software, including UEFI firmware drivers (also known as option ROMs), EFI programs, and the operating system.
The UEFI firmware contains a list of trusted vendors and only allows you to load software signed by a trusted vendor. While most new PCs have Secure Boot enabled, there may be times when it is disabled or your PC hardware is too old to handle it, in which case you can try to bypass the TPM and Secure Boot requirements to install Windows 11.
How to check if secure boot is enabled?
If you’re not sure if Secure Boot is enabled on your computer, follow these steps to learn more about its configuration status:
- Start by pressing the Start key on your keyboard or the Windows icon on the taskbar.
- Then enter the system information and select the one that best matches the same name.
- Under System Summary, check the Secure Boot Status and BIOS Mode. For Windows 11 to work on a computer, the BIOS mode must be set to UEFI and the secure boot state must be set to ON.
Don’t worry if any of the options turn out to be what they should be; keep reading the article to learn how to enable secure boot state.
How to enable secure boot via BIOS or UEFI
Enabling Secure Boot is a two-step process because you must also switch your PC’s boot mode to UEFI/BIOS from legacy modes if your PC is outdated or not configured properly. BIOS settings allow you to easily switch between PC boot modes.
Turn off the computer and enter the BIOS; you can enter the BIOS with the F12 or Del keys, depending on the manufacturer; A quick Google search can help you identify your laptop manufacturer’s BIOS boot keys. Enter the BIOS and look for an option that says “Advanced Boot Options”, “Boot Mode”or something like that with UEFI or Legacy options; enable it in UEFI if not already done and save the settings.
Keep in mind that if you already have an operating system (OS) installed on your system, you may need to reinstall it after changing the boot mode. Therefore, it is strongly recommended that you create a full backup of your data and keep the backup installation disk handy.
Convert storage to GPT format
When the PC boot state is switched to UEFI, certain hard disk settings must also be made. For example, the MBR format is not supported on UEFI-based operating systems. Thus, you must convert your hard drive to GPT format. This is easy to do with third party software or the command line. Learn how to convert MBR to GPT on Windows without data loss.
Enable UEFI Mode
Now that you’ve set up UEFI boot, it’s time to enable secure boot. While the Secure Boot switch can be easily accessed in the BIOS of some manufacturers, some manufacturers are likely to hide this option deep.
The Secure Boot switch is usually found under the Security tab in BIOS settings, or on some systems with a separate tab for Secure Boot; set the switch to the ON / Enabled position, save the changes and restart the computer. To determine the exact location of the switch, we recommend referring to the motherboard manufacturer’s official documentation.
Conclusion
To conclude, it is important to make sure that secure boot is enabled on your computer before attempting to install Windows 11 on your computer. To install Windows 11 on your PC, make sure you have TPM 2.0, secure boot is enabled, PC boot mode is set to UEFI, and the hard drive is formatted as GPT. Secure Boot adds a layer of security to your PC and can be enabled in the BIOS as mentioned in the guide above.