I had the same problem on a Lenovo ThinkPad P52.
In the BIOS, Secure Boot was enabled, but Windows 11 showed "Secure Boot State" as "Off".
The cause was, that the Secure Boot Mode in my BIOS was set to "Setup Mode".
To change it to "User Mode", I had to select "Restore Factory Keys" on the Security Page in the BIOS.
After that, I could start the computer and Windows 11 displayed that the Secure Boot State is "On".
Maybe this helps someone.
Microsoft Support
support.microsoft.com › en-us › windows › windows-11-and-secure-boot-a8ff1202-c0d9-42f5-940f-843abef64fad
Windows 11 and Secure Boot - Microsoft Support
Learn how to change settings to enable Secure Boot if you are not able to upgrade to Windows 11 because your PC is not currently Secure Boot capable.
Top answer 1 of 5
277
I had the same problem on a Lenovo ThinkPad P52.
In the BIOS, Secure Boot was enabled, but Windows 11 showed "Secure Boot State" as "Off".
The cause was, that the Secure Boot Mode in my BIOS was set to "Setup Mode".
To change it to "User Mode", I had to select "Restore Factory Keys" on the Security Page in the BIOS.
After that, I could start the computer and Windows 11 displayed that the Secure Boot State is "On".
Maybe this helps someone.
2 of 5
26
I’ve been searching for hours, I finally can play valorant again lol. Thank you!!
How to fix "The PC must support secure boot" error during windows 11 install
The pc has a decent hardware profile, including an Intel i9 processor, 32GB installed RAM and 1 TB SSD. Currently, Windows 10 Home is on the PC. When I was... More on techcommunity.microsoft.com
7
0
August 6, 2025How to enable the secure boot in Windows 11 again ?
Dear Support, For the Windows 11 unable to boot after BIOS enable the Secure Boot in a HP Notebook, Please help advise how can enable it without clear install the OS. Many thanks, More on learn.microsoft.com
2
0
April 20, 2026Secure Boot Enabled in BIOS, but not Windows 11
Hello! I've recevently been trying to get Secure Boot enabled on my machine, and I am at a bit of a loss. This came about as I was getting error "PCR7 binding is not supported..." error for device encryption, and after some research it seems… More on answers.microsoft.com
22
15
Secure boot enabled but not active for windows 11
As posted make sure its Secure Boot you need - not just UEFI boot. Make sure you are booting OK with CSM disabled before changing Secure Boot settings. People have bricked their system by following the wrong steps. I also had it saying enabled not Active - this is a BIOS glitch it's not really enabled On the secure boot settings if it says Mode:User you should be able to simply Enable Secure Boot Otherwise (if it says Mode:Setup) - Disable Secure Boot if it says Enabled - If it says Standard change to Custom - Change Custom to Standard accepting Factory Defaults - Enable Secure Boot More on reddit.com
1715
745
November 2, 2021Videos
02:30
How to Enable Secure Boot in Windows 11 | Step By Step Guide - YouTube
03:43
How to enable Secure Boot on your PC - YouTube
02:56
How to Enable Secure Boot in Windows 11 (Step-by-Step Tutorial) ...
02:40
How To Enable Secure Boot On Windows 11 - Step By Step - YouTube
How To Enable Secure Boot In Windows 11 - Full Guide
03:20
How To Enable Secure Boot In Windows 11 - YouTube
Reddit
reddit.com › r/gigabyte › secure boot enabled but not active for windows 11
r/gigabyte on Reddit: Secure boot enabled but not active for windows 11
November 2, 2021 -
Hey, I’m trying to get my pc to work with windows 11. I enabled tpm 2.0 and secure boot before installing it, Updated my bios and installed. However secure boot says it’s off on windows 11 and not active in bios even though it was on when I was running windows 10. I have an Aorus elite b550, r7 5800x and 3070. Any help with this would be great. Thanks in advance!
Top answer 1 of 5
139
As posted make sure its Secure Boot you need - not just UEFI boot. Make sure you are booting OK with CSM disabled before changing Secure Boot settings. People have bricked their system by following the wrong steps. I also had it saying enabled not Active - this is a BIOS glitch it's not really enabled On the secure boot settings if it says Mode:User you should be able to simply Enable Secure Boot Otherwise (if it says Mode:Setup) - Disable Secure Boot if it says Enabled - If it says Standard change to Custom - Change Custom to Standard accepting Factory Defaults - Enable Secure Boot
2 of 5
5
Go to BIOS and reset the keys. I enabled secure boot and it showed "off" in Windows. After I went into BIOS and reset the keys, it shows as "on" now. EDIT: Reset keys = reset factory defaults (I think that's what it's called).
Top answer 1 of 5
2
Windows 11 officially requires Secure Boot, but if your PC doesn’t support it or you can’t enable it, you can bypass the check using one of these methods.Boot into Windows 10/11 Setup (USB/DVD). At the "This PC can't run Windows 11" screen, press Shift + F10 to open Command Prompt. Type these commands to skip The PC must support secure boot issue.regeditNavigate to HKEY_LOCAL_MACHINE\SYSTEM\Setup. Right-click → New → Key → Name it LabConfig.Inside LabConfig, create these DWORD (32-bit) Values:BypassSecureBootCheck → Set value to 1Close Registry Editor and Command Prompt, then proceed with installation. At this time, Windows 11 setup wizard will skip secure boot check and let you install Windows 11 without secure boot.
2 of 5
0
Secure Boot is a security feature in modern computers that ensures only trusted software (like the operating system or firmware) can load during the boot process. It is part of the UEFI standard and helps prevent malware or unauthorized software from running at startup. And it is required by Windows 11!How to Check if Your PC Has Secure Boot Enabled1. Press Win + R, type 'msinfo32', and hit Enter.2. Look for "Secure Boot State" in the right panel.3. If it says "On", Secure Boot is enabled.4. If it says "Off" or "Unsupported", your PC either doesn’t support it or it’s disabled in BIOS/UEFI.Why Secure Boot Matters for Windows 11Prevents rootkits and bootkits from infecting the boot process.Required for Windows 11 (must be enabled to install).Enhances security against low-level malware.TroubleshootingIf Secure Boot is unsupported, your PC may be using Legacy BIOS instead of UEFI.Some Linux distributions may need additional steps to work with Secure Boot. To fix "The PC must support secure boot" error, you need to turn on Secure Boot or apply some trick to skip Windows 11 system check as the PC has a very powerful CPU and a lot of RAM.
AllThings
allthings.how › all things how › windows › how to fix “secure boot is not enabled on this machine” error on windows 11
How to Fix “Secure Boot is Not Enabled on This Machine” Error on Windows 11
November 27, 2024 - The ‘Secure Boot is not enabled on this machine’ error often occurs because Secure Boot is disabled in your system’s firmware settings. Enabling Secure Boot may resolve the issue. Follow the steps below to enable Secure Boot on your Windows 11 PC.
Eleven Forum
elevenforum.com › windows support forums › installation, updates and activation
Secure boot not enabled | Windows 11 Forum
September 4, 2023 - I'd leave the Secure Boot mode as Standard. If your new SSD is unallocated, the Windows 11 installer should be able to create and format the necessary partitions. How are you installing 11? I hope it's from a USB drive booted in UEFI. (For most motherboards, the USB drive must be FAT32.
EA Help
help.ea.com › home › technical issues › how to use secure boot
How do I use Secure Boot on my PC?
1 week ago - If BIOS Mode is UEFI, then you can move on to how to enable Secure Boot. If BIOS Mode is Legacy, you’ll need to check if your Windows disk is MBR or GPT. Heads up: your Windows install drive must be set up correctly to support Secure Boot. Secure Boot needs to use GPT (GUID Partition Table) instead of MBR (Master Boot Record). Heads-up: This article is a general guide, but it might not follow the exact steps of your PC.If you’re not used to navigating to and updating your BIOS settings, you should contact a professional or your manufacturer’s customer support.
Top answer 1 of 2
1
Use the following steps to re-enable Secure Boot on the HP notebook without a clean OS install and recover from the boot issue.
- First, get Windows booting again
If enabling Secure Boot makes Windows unable to start, follow this recovery sequence:
- Turn on the notebook and immediately press the HP BIOS key repeatedly (often Esc or F10) to enter the UEFI/BIOS menu.
- In the BIOS, locate Secure Boot (usually under Security, Boot, or Authentication) and set it to Disabled so the system can boot again.
- Save changes and exit; confirm that Windows now starts normally.
- Reset Secure Boot keys to factory defaults (if available)
- Re-enter the BIOS/UEFI menu.
- Go to the Secure Boot section.
- If there is an option like Reset to factory defaults or Reset Secure Boot keys, choose that (do not choose Clear; use Reset if both exist).
- Save and exit, then let Windows boot once with Secure Boot still disabled.
- Ensure the system is configured for UEFI boot
In Windows 11:
- Go to Settings > System > Recovery.
- Under Advanced startup, select Restart now.
- On the blue screen, select Troubleshoot > Advanced options > UEFI Firmware Settings > Restart to return to BIOS.
- In BIOS, make sure the boot mode is UEFI (not Legacy/CSM). If both are available, ensure UEFI is first or only.
- Save changes and exit, confirm Windows still boots.
- Re-enable Secure Boot
- Boot again into the BIOS/UEFI menu.
- Find the Secure Boot setting and set it to Enabled.
- If the BIOS offers a choice like Standard or Custom, select the default/standard option, or if required, load the built‑in Secure Boot keys.
- Save changes and exit.
- If the PC still cannot boot with Secure Boot enabled
- Go back into BIOS and disable Secure Boot again so Windows can start.
- From Windows, open an elevated Command Prompt and repair EFI boot files as described in the recovery procedure (only if boot files are damaged):
- Boot to Windows (with Secure Boot disabled).
- Open Command Prompt as Administrator and run, one by one:
mountvol s: /s del s:\*.\* /f /s /q bcdboot %systemroot% /s S: - After “Boot files successfully created.”, restart the device.
- Re-enter BIOS and try enabling Secure Boot again.
- If none of the above works Contact HP support for device‑specific BIOS guidance. As a last resort, reinstalling Windows from recovery media with UEFI mode and then enabling Secure Boot may be required, but that is only after the above steps and vendor assistance.
References:
- Windows 11 and Secure Boot
- Disabling Secure Boot
- How to manage the Windows Boot Manager revocations for Secure Boot changes associated with CVE-2023-24932
2 of 2
0
1
If Windows 11 came pre-installed on your PC, then Secure Boot should have been enabled by default, what happened on your PC before Secure Boot was not enabled.
2
If you enable Secure Boot now, when you try to start your PC, what is the boot sequence you see, and what error is indicated when startup fails, please provide an image of the error.
TechTarget
techtarget.com › searchenterprisedesktop › tip › How-to-fix-Windows-11-when-Secure-Boot-and-TPM-dont-work
How to fix Windows 11 when Secure Boot and TPM don't work | TechTarget
May 27, 2026 - If the tool shows TPM 1.2, it won't pass Windows 11 requirements for installation. If the tool doesn't open, then TPM isn't enabled. To enable TPM, boot the machine into the BIOS tool, navigate to the TPM option and ensure the field is enabled.
UMA Technology
umatechnology.org › home › secure boot is not enabled on this machine windows 11
Secure Boot Is Not Enabled On This Machine Windows 11 - UMA Technology
January 20, 2025 - This can often be found under the Boot or Security tab. Change the status from Disabled to Enabled. Save changes and exit the UEFI settings (usually by pressing F10). ... Once the machine is restarted, users can verify that Secure Boot is enabled by checking the System Information panel as ...
Activision Support
support.activision.com › articles › trusted-platform-module-and-secure-boot
Trusted Platform Module (TPM) 2.0 and Secure Boot for Call of Duty
April 30, 2026 - Information about enabling TPM 2.0 and Secure Boot on your PC to play Call of Duty
Super User
superuser.com › questions › 1735586 › cant-enable-secure-boot-in-windows-11
bios - Can't enable secure boot in Windows 11 - Super User
August 5, 2022 - Just disable the secure boot once and then save and exit and then again enable it that fixed this issue for me
Eleven Forum
elevenforum.com › windows support forums › antivirus, firewalls and system security
Secure boot enabled in BIOS but not on | Windows 11 Forum
July 25, 2025 - I had the same problem as your few months ago! What I did... I have restart Windows then go to my BIOS setting to disable Secure boot in my BIOS setting then boot up to Windows then restart Windows go back BIOS setting to re enable Secure boot to save the setting and boot up Windows.
IObit
iobit.com › en › knowledge-how-to-enable-secure-boot-on-windows--355.php
How to Enable Secure Boot on Windows?
1) Condition 1: Your PC will then reboot into BIOS. Click on the Security, then select the Secure Boot option. > Now enable the Secure Boot by toggling the option to 'On'. > Hit F10 to save the changes and exit BIOS. > After the system reboots, restart the Windows 11 installation process.
Microsoft Learn
learn.microsoft.com › en-us › mem › intune › user-help › you-need-to-enable-secure-boot-windows
Company Portal device setting requirements for Windows - Microsoft Intune | Microsoft Learn
April 30, 2024 - This error could be a result of poor network connectivity, low battery, battery saver mode, or a Company Portal error. To resolve, verify that you have a strong network reception.
DiskPart
diskpart.com › aomei software › free partition software › 3 ways to fix secure boot enabled but not active in windows 11/10
3 Ways to Fix Secure Boot Enabled But Not Active in Windows 11/10
March 14, 2025 - A common culprit is the "Secure Boot Disabled" status in the UEFI firmware settings. Although it appears enabled in the Windows interface, if this option is disabled in the firmware settings, the feature remains inactive, resulting in the above ...
Stellar Info
stellarinfo.com › home › [solved] – secure boot is greyed out on windows 11
[SOLVED] – Secure Boot is Greyed Out on Windows 11
After this, go to the System Configuration tab and locate Legacy Support. Disable it. Then, locate the Load Default Keys option in the same tab and press Enter. A prompt will come on the screen. Select Yes to proceed. Afterward, go to the Secure Boot and change it to Enabled/Disabled.
Published 2 weeks ago
XDA Developers
xda-developers.com › home › windows › windows guides › how (and why) to enable secure boot for windows 11
How (and why) to enable Secure Boot for Windows 11
October 15, 2024 - However, if you have a PC with Secure Boot disabled for whatever reason, you can easily re-enable it. This can allow you to install Windows 11 if you haven't done so already, or if you have, it's also important to help reduce the risk to your PC.