![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(220.8, 94%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKJ%3C/text%3E%3C/svg%3E)
The red banner with an unlocked lock on Surface Laptop 5 indicates Secure Boot is turned off. To re‑enable it on a Surface device, use Surface UEFI rather than standard PC BIOS steps.
Follow these steps to turn Secure Boot back on:
- Shut down the Surface Laptop 5 completely and wait about 10 seconds.
- Press and hold the Volume Up button.
- While holding Volume Up, press and release the Power button.
- Keep holding Volume Up until the Surface UEFI screen appears.
- In UEFI, select the Security page.
- Under Secure Boot, select Change configuration.
- Choose a Secure Boot certificate keyset, for example Microsoft only.
- Select Exit > Restart now to save the changes and reboot.
After restart, the red banner and unlocked lock should no longer appear, and Secure Boot should be enabled again. If the issue started after a firmware update and persists even after these steps, install all pending Windows and Surface firmware updates, then repeat the procedure; interrupted firmware updates are completed on subsequent reboot cycles.
References:
- Surface turns on but shows a red bar and an unlocked lock icon
- Manage Surface UEFI settings
- Surface Secure Boot Certificates
- Disabling Secure Boot
- Secure boot state is still off tried alot of things - Microsoft Q&A
- why don't i have the 2023 secure boot keys - Microsoft Q&A
- Secure Boot certificates have been updated but are not yet applied - Microsoft Q&A
- Secure Boot certificate updates: Guidance for IT professionals and organizations