Secure Boot Enabled in BIOS but Disabled in Windows 11 — HP PC, Platform Key Not Enrolled
How to FIX secure boot unsupported?
Secure boot isn't turning on in HP laptop (windows 11)
How do i enable secure Boot?
Videos
Hi everyone,
I’m running into a strange issue on my HP PC and could use some help.
System Specs:
-
CPU: AMD Ryzen 5 5600G with Radeon Graphics @ 3.90 GHz
-
OS: Windows 11 Home 24H2
-
Motherboard: HP (OEM board)
-
BIOS: Secure Boot enabled
The problem:
Even though Secure Boot is enabled in the BIOS, Windows 11 shows it as off in System Information (msinfo32). In the BIOS, it also says "Platform Key (PK) not enrolled".
I’ve already tried:
-
Disabling and re-enabling Secure Boot
-
Resetting BIOS to default settings
-
Clearing and reloading factory keys
-
Checking for BIOS updates (I’m on the latest)
-
Switching between Legacy/UEFI boot modes
-
Reinstalling Windows 11 in UEFI mode
Nothing has worked — Windows still says Secure Boot is off.
Has anyone dealt with this issue before, especially on HP systems? Is it just the missing Platform Key that’s causing this? And if so, how can I properly enroll it without breaking my boot setup?
Thanks in advance!
Hello Mohd_357,
Welcome to Microsoft Community.
I understand the frustration you’re facing with Secure Boot on your HP laptop. Let’s troubleshoot this issue step by step:
- Load HP Factory Default Keys:
- Go into the BIOS settings.
- Navigate to System Configuration > Boot Options.
- Look for an option to Load HP Factory Default Keys. If available, select it.
- Check if Secure Boot becomes available after doing this.
- Disable Fast Startup:
- Boot into your operating system (Windows 11).
- Open Settings.
- Go to Updates & Security > Recovery.
- Click Restart Now under “Advanced startup.”
- Wait for your PC to boot into the system recovery menu.
- Select Troubleshoot and then choose Advanced options.
- Finally, select UEFI Firmware Settings.
- Check BIOS Mode:
- Ensure that your Windows 11 installation is in UEFI mode, not legacy mode.
- If your notebook’s BIOS mode is set to legacy, you won’t be able to enable Secure Boot. You may need to reinstall Windows 11 from an EFI boot source.
- Reset BIOS settings to Default:
- Reset BIOS settings may restore secure boot settings to normal factory state.
Regarding TPM 2.0:
- Your PC may not have TPM (Trusted Platform Module) support, which is required for Windows 11.
- Additionally, Windows 11 requires an Intel 8th gen core processor or newer.
I hope it can solve your problem.
Thank you for your patience and cooperation.
Best Regards,
William.S - MSFT
Hi, If you figure out a solution, let me know.