How to activate secure boot
Last updated: April 1, 2026
Key Facts
- Secure Boot is a UEFI firmware security feature that prevents unauthorized software from running during system startup
- Accessing BIOS/UEFI requires restarting the computer and pressing a specific key during the boot process before the operating system loads
- Secure Boot requires UEFI firmware; older BIOS systems do not support this feature
- Enabling Secure Boot may require disabling compatibility mode or CSM (Compatibility Support Module) first
- Some legacy software or hardware drivers may be incompatible with Secure Boot enabled
Understanding Secure Boot
Secure Boot is a security standard that ensures only trusted software can run during the system startup process. It prevents rootkits, bootkit malware, and other unauthorized programs from loading before the operating system. Secure Boot uses digital signatures to verify that boot software comes from trusted sources.
System Requirements
Secure Boot is available on computers with UEFI firmware, which replaced the older BIOS system. Most computers manufactured after 2012 include UEFI. Check your computer's documentation or system information to confirm UEFI is installed. Legacy BIOS systems do not support Secure Boot functionality.
Accessing BIOS/UEFI Setup
To activate Secure Boot, you must enter your computer's firmware settings. Restart your computer and watch for the startup screen. Immediately press the appropriate key—commonly Delete, F2, F10, or Esc—before the operating system loads. The correct key depends on your manufacturer (Dell, HP, Lenovo, ASUS, etc.). If unsure, check your computer's manual or manufacturer website.
Locating and Enabling Secure Boot
Once in BIOS/UEFI, navigate to the Security, Boot, or System Security section using arrow keys. Find the Secure Boot option and select it. Change the setting from Disabled to Enabled. You may need to disable Compatibility Support Module (CSM) or Legacy Boot mode first, as these conflict with Secure Boot. Follow the on-screen prompts for any confirmation dialogs.
Saving and Exiting
After enabling Secure Boot, save your changes and exit. Use Save and Exit or Exit Saving Changes option. Your computer will restart. During the next boot, the system may take longer to start as it verifies boot software signatures. If you encounter startup errors, you may need to adjust boot mode settings or disable certain options in BIOS.
Related Questions
What is the difference between UEFI and BIOS?
UEFI (Unified Extensible Firmware Interface) is the modern replacement for BIOS, offering a graphical interface, support for larger drives, and built-in security features like Secure Boot. BIOS is legacy firmware with a text-based interface and more limited capabilities.
Why might Secure Boot be disabled on my computer?
Secure Boot may be disabled to support legacy software, older hardware drivers, or non-standard operating systems. Some users disable it for compatibility reasons, though this reduces security. Checking why it's disabled helps determine if re-enabling is safe.
Can Secure Boot prevent all malware?
Secure Boot specifically prevents unsigned bootloaders and firmware-level malware from executing. However, it does not protect against malware that runs after the operating system loads. It's one layer of security that should be combined with other defenses like antivirus software.
Sources
- Wikipedia - UEFI CC-BY-SA-4.0
- Wikipedia - Secure Boot CC-BY-SA-4.0