Guide | Enable UEFI Secure Boot for Windows 11

If you want to upgrade Windows 11, it’s necessary to enable UEFI secure boot for Windows 11 update. In this page, you will learn about detailed information about UEFI secure boot, and how to enable UEFI secure boot.

Michael

By Michael / Updated on January 3, 2024

Share this: instagram reddit

What is UEFI secure boot?

UEFI, short for Unified Extensible Firmware Interface, is a standard to ensure that PCs only boot with OEM (Original Equipment Manufacturer). It helps PCs resist attacks of viruses and malware.

When this option is enabled, the computer will only load drivers having Microsoft certificates. By authenticating the digital signatures of boot loaders, crucial operating system files, and illegitimate option ROMs, Secure Boot identifies manipulation. Detections are stopped before they may assault or infect the system.

Luckily, secure boot is widely supported. Please read on and learn how to enable UEFI secure boot in on this page.

How to make sure whether the PC supports UEFI secure boot?

How to make sure your PC supports UEFI secure boot? In fact, this is no longer an unusual question. However, for non-computer professionals, this is still a difficult question, In the following contents, 5 ways to check whether a PC supports UEFI secure boot is provided.

▶ Method 1. Check system information tool

First, you can check the secure boot state in the System information.

1. Press “Win+R” simultaneously, type msinfo32 and hit “ENTER”.

run window

2. In the “System Information” window, select “System Summary” and look for “Secure Boot State” on the right side. If the value is “on”,  the secure boot is enabled; if “off”,  the secure boot isn’t enabled and you need to enable it for Windows 11.

system info

▶ Method 2. Use CMD command

The built-in CMD is a basic way to see whether the secure boot is enabled. Let’s see how it works.

1. Press “Win+R” simultaneously to launch the “Run” window, Then, type “cmd” and hit “ENTER”.

2. Type bcdedit/enum {current} and hit “ENTER” to execute it.

3. Among the listed information, locate “path”. If the path show “winload.efi”, it means Windows has enabled UEFI secure boot; if the path show “winload.exe”, it means Windows has enabled the traditional way to boot.

cmd

▶ Method 3. Use PowerShell Cmdlet

The Windows PowerShell would help by checking the “path”.

1. In the start menu on the lower left, find “Windows PowerShell”. Then, right-click on it and run it as administrator.

2. Type “bcdedit” and hit “ENTER” to commit it. Now, locate “path” as what you do in Method 2. Then, check what is behind the path, “winload.efi” or “winload.exe”.

powershell

▶ Method 4. Check Windows Disk Management

Since the specific relationship of GPT and UEFI, if the “Convert to GPT Disk” button greyed out, the PC is in UEFI secure boot mode, and vice versa.

1. Press “Win + R” to open the “Run” window, then, type “diskmgmt.msc” and hit the “ENTER” key.

2. Right-click on disk 0 and if there is the option of “Convert to GPT Disk”, it means your PC is running in the traditional way; if it shows “Convert to MBR Disk”, it means the PC is in the UEFI secure boot mode.

dm

▶ Method 5. Check the motherboard’s production date

Besides, you can also view the production data of the motherboard in “BIOS Versions”, then judge whether the secure mode is enabled.

1. Press “Win + R” simultaneously to open the run window. Then, type “cmd” and hit “ENTER”.

2. In the window, type “systeminfo” and hit the “ENTER” key. Wait a moment before you can check the info of your PC. You can see the production data of the motherboard after the option of “BIOS Versions”.

motherboard info

Attention: When you change the secure boot state, you may encounter some hardware failures. You can easily solve the problem by simply disconnecting the inoperable hardware from the PC after changing the secure boot state, and then reconnecting it.

How to enable UEFI secure boot?

If your PC supports secure boot but it hasn’t been enabled. The following guide provides detailed steps to enable the secure mode.

1. Reboot your computer and hit “ESC/Delete/F1/F2/F10 to enter the BIOS system (the keys are different depending on computer hosts). Then, click on “Boot” and select “Secure Boot”.

boot

2. Now, you can secure boot is shut down. Click on “Key Management”.

3. Select “Install default Secure Boot Keys” to enable secure boot.

key management

4. Finally, return to the previous column and you can see Secure Boot is enabled.

view secure start

Windows 11 Secure Boot bypass using the install disk to boot

If your computer doesn’t support secure boot, you can use the install disk to boot to bypass UEFI detection. The following guide teaches how to bypass UEFI detection to install Windows 11 in detail.

1. First of all, you need to download Windows 11 ISO pack. You’re supposed to directly download the Windows 11 ISO file in preview version (Windows 11 standard hasn’t been published). Here, the download entry page of the official website is provided and after getting in, you need to click on the profile on the upper right to create an account. It can be a little bit slow. So, be patient.

mirror file download page

2. After creating the account and logining in, scroll down the page and select version and language. Then, you can download the ISO file of the Windows 11 preview version.

download image file

3. After you finish downloading, you need to make an installation disk in order that you can be led by the installation disk to enter the Windows 11 installation process.

4. Insert the prepared installation disk into the USB port of the PC that needs to install Windows 11, and immediately press the shortcut key to enter the boot startup interface (different motherboard shortcut keys are different, usually F8/F11/F12).

5. After booting into the startup window, select the option of installation disk and click on it.

select installation disk

6. Now, you need to wait around 1 minute and then you will enter the interface of Windows installer. At this time, you just need to follow the regular Windows installation onscreen guide to finish the Windows 11 installation,

windows setup

Does UEFI secure boot affect performance of the PC?

After going through the entire post, some people may wonder whether UEFI secure boot affects their PC’s performance. The answer is definitely negative. Enabling UEFI Secure Boot will increase protection and prevent your computer from virus attacks, so it won’t affect performance. 

Conclusion

This page focuses on showing you what is UEFI, and how to enable it for Windows 11 updates. There are 5 methods for you to check whether your computer supports UEFI Secure Boot. If your computer doesn’t support it, you can bypass UEFI detection with an installation disk, then execute Windows 11 installation; If you’ve enabled UEFI Secure Boot successfully, congratulations, you can turn to the next operation of Windows 11 upgrade.

Michael
Michael · Staff Editor
Michael is a professinal editor of AOMEI editor team.