2 Intern
•
403 Posts
0
4038
February 2nd, 2022 11:00
Turning On Secure Boot
I Upgraded to Win 11 when it was first available. I turned on TPM 2.0 to install it. Everything has been working OK. I just realized that "secure boot" was never turned on after installing Win 11.
Should it be on? If I do turn it on, would I still be able to do a clean install of Win 11 if I need to sometime in the future? Or would I have to turn it off again?
Thanks
No Events found!
dmc3
17 Posts
1
February 13th, 2022 05:00
Gotcha. To the best of my knowledge, no. You should be able to toggle Secure Boot on and off as needed.
For example, I sometimes need or want to use a USB flash drive to boot a Linux distro. Without getting into gory details of Secure Boot, it's generally necessary to disable it to do this. When I'm done with that, I re-enable Secure Boot and boot into Windows.
MS Instructions for Disabling and Re-Enabling
Disabling Secure Boot | Microsoft Docs
Saltgrass
3 Apprentice
•
4.3K Posts
1
February 4th, 2022 06:00
Win 11 is not supposed to be available without Secure Boot enabled. We have seen some strange situations but keep in mind there is a related setting called CSM which should also be disabled for true Secure Boot to function.
I would have to believe a system with an 8th generation processor was delivered with Secure Boot enabled. If it isn't then hard for us to know your exact configuration.
spotteddog
2 Intern
•
403 Posts
0
February 4th, 2022 07:00
I thought I understood all this and had my PC set up correctly. I can verify the Secure Boot is enabled and boot mode is UEFI. I can't find anything pertaining to CSM in the BIOS. I don't know if it is disabled or not. My PC has been working fine since installing Windows 11. All I did to install Windows 11 was enable TPM 2.0. I was already in UEFI with Windows 10, so I figured I didn't have to change anything.
dmc3
17 Posts
0
February 12th, 2022 12:00
TL;DR is that the best recommendation may be to do a fresh re-install of Win 11.
I suspect that your Windows system boot drive may be formatted as MBR instead of GPT and this is the reason Secure Boot will not enable. (Noting that you upgraded from 10 to 11.) I believe it requires a GPT disk with an EFI system partition.
There is a method to convert an MBR disk to GPT, but as with a re-install, backup is obvious prerequisite.
MBR2GPT - Windows Deployment | Microsoft Docs
I believe Compatibility support module (CSM) is/was a crutch to allow booting with UEFI and an MBR disk. This would not support Secure Boot. If you have a compatibility mode enabled, it's probably best to disable it prior to doing a fresh install.
spotteddog
2 Intern
•
403 Posts
0
February 12th, 2022 19:00
dmc3,
Sorry for the misunderstandings.
I changed my SSD boot drive from MBR to GPT before I installed Windows 10 when Windows 10 first came out.
I did a clean install of Windows 11 the day it was released. As I said, I recently realized Secure Boot was not enabled, so I enabled it. No problems enabling it.
Before doing a clean install of Windows 11 I enabled TMP 2.0 but forgot about secure boot at the time. So both TMP 2.0 and secure boot are now enabled.
My question was if enabling secure boot months after installing Windows 11 instead of before installing Windows 11 would cause any problems.
Thanks
spotteddog
2 Intern
•
403 Posts
0
February 13th, 2022 06:00
dmc3
Thanks for the link on Secure Boot. That will help if I run into any problems later on.