![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(25.6, 88%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECM%3C/text%3E%3C/svg%3E)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(291.2, 38%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMP%3C/text%3E%3C/svg%3E)
Secure Boot is a firmware security feature built into modern UEFI-based systems. Its purpose is to ensure that only trusted, cryptographically signed bootloaders and operating system components are allowed to run during startup. In practice, it helps block bootkits and low-level malware that try to load before Windows or Linux, where they would be very hard to detect or remove. It’s one of those “invisible” protections that usually just works in the background until something about your system configuration or hardware changes causes it to complain or turn off.
Most of the confusion comes when Secure Boot is reported as “disabled” or “not supported,” or when a system refuses to boot after a change like installing Linux, swapping drives, enabling virtualization features, or resetting BIOS settings. Another common scenario is Windows requiring Secure Boot for certain features (like Windows 11 compliance, BitLocker protections, or anti-cheat systems in games), and the system firmware not being configured correctly to satisfy it. The key point is that Secure Boot is not something you install in Windows—it’s controlled entirely in your motherboard/firmware (UEFI), so the “fix” almost always happens outside the operating system.
To remedy most Secure Boot problems, you typically enter your system’s UEFI/BIOS settings during startup (often by pressing Delete, F2, F10, or Esc depending on the manufacturer). Inside, you look for Secure Boot settings under a “Boot,” “Security,” or “Authentication” section. The system usually needs to be in UEFI mode rather than Legacy/CSM mode for Secure Boot to work at all. If Legacy/CSM boot is enabled, Secure Boot is usually disabled by design, so switching to UEFI-only is often the first correction. In many cases there is also an option to “Restore Factory Keys” or “Install default Secure Boot keys,” which is required if the key database has been cleared or altered.
If Windows still reports Secure Boot as unsupported after enabling it, the issue is often how the disk is partitioned. Secure Boot typically goes hand-in-hand with GPT (GUID Partition Table) rather than MBR. If your Windows installation is on an MBR disk, the firmware may refuse Secure Boot even if it’s enabled. In that case, the fix involves converting the disk to GPT (Windows has a built-in tool called mbr2gpt that can do this safely in many situations) and ensuring the system is booting in UEFI mode afterward. Once both UEFI mode and valid Secure Boot keys are in place, Windows should report Secure Boot as active in msinfo32.
If the above response helps answer your question, remember to "Accept Answer" so that others in the community facing similar issues can easily find the solution. Your contribution is highly appreciated.
hth
Marcin