Share via

SECURE BOOT STATE OFF

happy candy 0 Reputation points
2026-06-05T06:19:57.2666667+00:00

Secure boot state always stays off. I have watched all the necessary videos to help me turn it on. For some reason it turned off on its own and I can't play certain games. When I go into the BIOS mode to enable secure boot mode the only options that are there is "Secure boot mode, standard or custom" and "OS type, OS or Windows uefi" and under that it says key management. So I don't know how they wan't me to enable it. CSM is disabled, ASUS ftpm is enabled and everything else is fine. Just can't find the actual button to enable secure boot mode.

Windows for home | Windows 11 | Gaming
0 comments

3 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. DaveM121 890.1K Reputation points Independent Advisor
    2026-06-05T06:56:42.8233333+00:00

    Before making any changes in BIOS, be sure you have a safe backup of your files and if your drive is encrypted with Bitlocker, log into your Microsoft account on this link and note down the Bitlocker key to ensure you do not get locked out of the C drive also, ensure you have a password set on your login account, in case the PIN login is disabled after making changes in BIOS.

    https://account.microsoft.com/devices/recoverykey

    Then boot into BIOS.

    Find the Boot Priority list and ensure that is set to 'Windows Boot Manager'.

    Disable CSM Support, then set OS Type to Windows UEFI.

    You should then see an option to reset TPM Keys to Factory Keys and also maybe the option to Reset Secure Boot Keys, apply that setting, then test if Windows will boot up.

    If not, go to the support page for your system on the manufacturers website to check for any BIOS update that may be available and not yet installed.

    Was this answer helpful?

    0 comments
  2. happy candy 0 Reputation points
    2026-06-05T06:21:58.5266667+00:00

    if i put the os type into windows uefi mode it will give me a secure boot violation pop up and grey out the options in bios

    Was this answer helpful?

    0 comments

  3. AI answer

    2026-06-05T06:20:07.5466667+00:00

    On many ASUS systems Secure Boot is considered “enabled” as soon as:

    • Boot mode is pure UEFI (CSM disabled)
    • OS type is set to a Windows/UEFI option
    • Secure Boot keys are installed and active

    There is often no separate on/off toggle; instead, it is controlled by mode and keys. Use these steps:

    1. Boot into UEFI/BIOS firmware setup.
    2. Confirm that CSM/Legacy/CSM Boot is disabled and the system is in UEFI mode only.
    3. In the Secure Boot section:
      • Set OS Type (or similar) to Windows UEFI mode (or Windows UEFI / UEFI as available).
      • Set Secure Boot mode to Standard (not Custom).
    4. Go into Key Management (or similar submenu) and look for an option such as Install Default Secure Boot Keys, Load factory keys, or Load/Restore Secure Boot keys. Run that option so the firmware has the Microsoft keys installed.
    5. Save changes and exit UEFI/BIOS.

    After this, Secure Boot should be active. If Windows still reports “Secure Boot state: Off” in System Information, re-enter UEFI and verify that:

    • The system is not in any Legacy/CSM mode.
    • Secure Boot keys remain installed (not cleared).

    If the menu still does not expose a clear enable state or keys cannot be installed, contact ASUS support or check the motherboard manual, as key installation and Secure Boot exposure are OEM‑specific.

    References:

    AI-generated content may be incorrect. Read our transparency notes for more information.

    Was this answer helpful?

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.