What is Secure Boot? How to enable it on any motherboard

Secure boot is a security feature designed by Microsoft. They first introduced this feature in Windows 11.

Secure boot is mandatory to install Windows 11. If you are currently using Windows 10 and want to upgrade to Windows 11, you must enable secure boot. 

You can’t enable secure boot from inside Windows or any OS. You must go to the BIOS settings to enable it. 

What is a Secure Boot?

Microsoft partnered with the largest PC manufacturers to develop a solution that prevents untrusted system files from booting. 

It uses a cryptographic digital signature database stored on your firmware by the motherboard manufacturers. 

While booting your computer, it checks the hash of the operating system files and UEFI drivers to ensure they are authentic and not modified. 

The signature database has a list of active operating system loaders and a list of revoked items that are untrusted and shouldn’t be loaded. 

Benefits of Secure Boot

It prevents malicious files from tampering with your boot or system files. It matches every file using the digital signature and prevents any file from loading that doesn’t have a valid signature. 

It protects your bootloader from malicious attacks. Even if there’s a virus on your computer, it can’t tweak the bootloader or OS files.

Secure Boot will try to restore a trusted version if your firmware is tweaked. Or, if the Windows Boot Manager is untrusted, the firmware will try to boot a trusted backup copy of the Windows Boot Manager.

Simply put, Secure Boot won’t let anything compromise your bootloader or operating system files.

You can turn on your PC safely and diagnose problems without worrying about a corrupted system. 

Disadvantages of Secure Boot

There’s a major disadvantage of Secure Boot. It checks the Operating System Files while booting. 

That’s why you must disable secure boot if you try to dual-boot any Linux OS with Windows or try any other OS other than Microsoft Windows.

Your firmware won’t be able to verify the operating system files and prevent them from booting. Hence your Linux operating system will show an error. 

How to enable Secure Boot?

Enabling a secure boot is different on every motherboard. 

Why?

It’s because the BIOS interface is different for each motherboard manufacturer. 

Enable Secure Boot in Gigabyte

Gigabyte motherboards make it easiest to enable the secure boot from the BIOS. Turn off your computer if it’s on.

  1. Power on your computer.
  2. Continuously press the Del key to go to the BIOS settings.
  3. Switch to the Boot tab from the navigation panel.
  4. Click on CSM Support and choose Disabled.
  5. Press F10 to save and reset; click Yes from the pop-up.
  6. Keep pressing the Del key until it takes you to the BIOS again.
  7. Switch to the Boot tab and go to Secure Boot.
  8. Click on Secure Boot and select Enabled.
  9. Click on Secure Boot Mode and select Custom.
  10. Press F10 to save progress and restart; cluck Yesf from the menu. 

Enable Secure Boot in ASUS TUF

  1. Power on your computer and continuously press the Del key to the BIOS. If your PC is on, turn it off and follow the step. 
  2. Press F7 to go to the Advanced Mode.
  3. Go to the Boot page. 
  4. Click on CSM (Compatibility Support Module). 
  5. Click on the drop-down menu and select Disabled.
  6. Press Backspace to return to the Boot page.
  7. Click on Secure Boot. 
  8. Click on the OS Type and select Windows UEFI mode.
  9. Press F10 and click Yes from the pop-up. 

Enable Secure boot in MSI

  1. Turn on your computer and go to the BIOS by continuously pressing the Del key.
  2. Go to Settings > Advanced > Windows OS Configuration.
  3. Click on BIOS UEFI/CSM Mode and select UEFI.
  4. Press F10 to save and exit; click Yes to confirm.
  5. Again continuously press the Del key to go to the BIOS.
  6. Navigate to Avanced > Windows OS Configuarion > Secure Boot.
  7. Click on Secure Boot Mode and select Standard; click Yes to install factory defaults.
  8. Click on Secure Boot and select Enabled.
  9. Press F10 to save changes and exit. 

Enable Secure boot in ASRock

Enabling the secure boot in ASRock motherboard is straightforward and only takes a few clicks.

  1. Turn on your computer and press the Del key simultaneously to enter BIOS mode.
  2. Switch to the Security tab.
  3. Click on Secure Boot.
  4. Click on Secure Boot Mode and select Standard.
  5. Click on Secure Boot and select Enabled.
  6. Press F10 and click Yes to save changes and exit.

However, secure boot alone is not the only requirement for Windows 11. You must enable TPM from the BIOS to install Windows 11 successfully. 

Uchchash Talukder Rana is the founder of @ansmegeek. He is the jack of all trades and master of a few. He uses Windows, Mac, Android & iOS on a daily basis. If he is not sleeping, either he is writing articles or playing Valorant.

Spread the love

Leave a comment