How to turn on Secure Boot on Windows 10

• Windows 10 PCs can use Secure Boot only under UEFI firmware, not legacy BIOS.
• If your system is already UEFI, you just enable Secure Boot in firmware settings. If the system is using BIOS (legacy), you must convert the system drive from MBR to GPT, switch to UEFI mode, and then enable Secure Boot.

On Windows 10, enabling Secure Boot can be a bit tricky to explain because the operating system can run on either Unified Extensible Firmware Interface (UEFI) or legacy Basic Input/Output System (BIOS) firmware.

If the device is already using UEFI, you can simply access the firmware and enable the security feature.

On the other hand, if the computer uses BIOS, you’ll have to take extra steps to convert the current partition style from Master Boot Record (MBR) to GUID Partition Table (GPT) before switching from BIOS to UEFI and enabling Secure Boot on Windows 10.

What’s Secure Boot?

Secure Boot is a UEFI firmware security feature that only allows trusted software to load during startup, protecting against boot-level malware (such as bootkits, rootkits, and, in this case, game cheat systems). Although Windows 11 recommends Secure Boot, it’s not always enabled by default.

Why turn on Secure Boot?

On Windows 10, it’s not a requirement to turn on Secure Boot to install the operating system, but it’s a recommended component, as more applications now require it. It is also a standard practice to help protect your computer from malware and rootkits that can infect the boot process.

For instance, if you have a gaming rig, some games (such as Battlefield 6) require Secure Boot to ensure that they meet the mandatory anti-cheat requirement.

Why turn off Secure Boot?

In rare cases, enabling Secure Boot might interfere with older hardware or non-Windows operating systems. You might need to disable it temporarily (or keep it turned off) in such scenarios. However, for optimal security, it’s generally recommended to keep it enabled.

In this guide, I will walk you through the steps to turn on Secure Boot on Windows 10.

• Enable Secure Boot on Windows 10 (UEFI)
• Enable Secure Boot on Windows 10 (BIOS)

Enable Secure Boot on Windows 10 (UEFI)

If you’re running Windows 10 on modern hardware, your computer may already be using the UEFI, which also means that your current setup is using the GPT partition style.

As a result, you only have to confirm whether Secure Boot is enabled, and then continue with the steps if it’s disabled.

1. Check if Secure Boot is on or off

To check if your Windows 10 computer is using UEFI and Secure Boot, follow these steps:

1. Open Start.

2. Search for System Information and click the top result to open the app.

3. Click on System Summary on the left pane.

4. Check the “BIOS Mode” information and confirm it is set to UEFI.

   Quick note: If it’s set to Legacy, the device is configured to use BIOS, which is incompatible with Secure Boot.

5. Check the “Secure Boot State” information and confirm the feature is turned “On.” (If not, you need to enable the option manually.)

   

Once you complete the steps, if the system is using the UEFI firmware type, you can proceed to enable Secure Boot on the computer. If you’re using the legacy BIOS, you’ll need to convert the drive from MBR to GPT before switching from BIOS to UEFI and then enabling Secure Boot.

2. Turn on Secure Boot on UEFI

If the computer is using UEFI, you can use these steps to enable Secure Boot:

1. Open Settings.

2. Click on Update & Security.

3. Click the Recovery page.

4. Click the Restart now button under the “Advanced startup” section.

   

5. Click the Restart now button one more time.

6. Click on Troubleshoot.

7. Click on Advanced options.

8. Click the “UEFI Firmware settings” option.

   

9. Click the Restart button.

10. Open the advanced, security, or boot settings page, depending on the motherboard.

11. Select the “Secure Boot” option and choose the Enabled option.

After you complete the steps, the security feature will be enabled on your computer.

Enable Secure Boot on Windows 10 (BIOS)

If you’re using the legacy BIOS, you’ll need to convert the drive partition style from MBR to GPT before switching from BIOS to UEFI and enabling Secure Boot.

When performing these steps, you’ll be modifying the storage structure. After switching to the GPT style, your computer will no longer boot until you switch the firmware type to UEFI. If you’re unsure if your device supports firmware type switching, it’s recommended to check your manufacturer’s support website (by searching online for your device brand and model) to confirm before proceeding.

1. Check the Windows 10 partition style

To check the partition style of a drive on Windows 10, follow these steps:

1. Open Start.

2. Search for Disk Management and click the top result to open the app.

3. Right-click the disk (not the partition) and select the Properties option.

   

4. Click the Volumes tab.

5. Check the “Partition style” field to confirm if the drive is formatted using the “Master Boot Record (MBR)” or “GUID Partition Table (GPT)” style.

   

Once you complete the steps, you’ll confirm the partition style on your current setup. 

The GPT partition style is typically not compatible with systems that use a traditional legacy BIOS for booting. If your computer is using the legacy firmware, chances are that the partition is already set to MBR, and conversion is needed.

2. Convert an MBR partition to the GPT style

To convert the partition style from MBR to GPT on Windows 10, follow these steps:

1. Open Settings.

2. Click on Update & Security.

3. Click on Recovery.

4. Click the Restart now button under the “Advanced startup” section.

   

5. Click on Troubleshoot.

6. Click on Advanced options.

7. Click the Command Prompt option.

   

8. Select your administrator account and sign in with your credentials (as necessary).

9. Type the following command to validate that the drive can be converted and press Enter:

   mbr2gpt /validate

   

10. Type the following command to convert the system drive to GPT from MBR and press Enter:

    mbr2gpt /convert

    

11. Type the following command to close the console and press Enter:

    exit

12. Click the Turn off your PC option.

When using the mbr2gpt command-line tool, only the system drive will be converted to GPT unless you modify the command and specify which drives to convert.

Related

How to fix errors converting drive from MBR to GPT on Windows 10

3. Switch from BIOS to UEFI on Windows 10

To switch from BIOS to UEFI on your Windows 10 computer, follow these steps:

1. Power on and boot to the firmware.

   Quick note: The steps to access and modify the firmware settings will vary per manufacturer and computer model. It’s recommended to consult your device manufacturer’s support website for more specific details. However, typically, you can access the firmware during boot by pressing the Delete, Esc, or one of the Function keys.

2. Navigate to the boot sequence, advanced, or boot settings page, depending on your motherboard.

3. Turn off the legacy BIOS and enable UEFI mode.

4. Save the settings

5. Power off the computer.

Once you complete the steps, the last step is to enable Secure Boot in the firmware.

4. Enable Secure Boot in UEFI

To enable Secure Boot inside UEFI for Windows 10, follow these steps:

1. Power on and boot to the firmware (again).

2. Depending on the motherboard, navigate to the advanced, security, or boot options page.

3. Select the “Secure Boot” option and choose the Enabled option.

   

4. Save the settings

5. Restart the computer.

After you complete the steps, the computer should boot up correctly with Secure Boot enabled.

Alongside Secure Boot, if you’re running Windows 10, you may need to enable the TPM 2.0 security feature manually.