Enabling Secure Boot in Windows 8

Secure Boot is a feature on UEFI-based PCs that helps increase the security of a PC by preventing unauthorized software from running on a PC during the boot sequence. It checks that each piece of software has a valid signature, including the operating system that will be loaded. It’s a good security measure against rootkits.

How to enable Secure Boot

First of all, start “msinfo32” and check if you are using UEFI or Legacy. If it’s Legacy it means you have to reconfigure your firmware/BIOS and reinstall Windows.

image

Next, check in the same MSINFO32 if Secure Boot is enabled or not:

image

If it’s set of Off, follow these steps:

  1. Optional: Suspend Bitlocker (or have your recovery key ready)
  2. Boot to your UEFI firmware. Go to the Start Menu, type Advanced Startup Options, pick Advanced Startup.
  3. Your PC will reboot, choose Troubleshooting followed by UEFI Settings
  4. Browse all options and double check that:
    1. CSM is set to disabled
    2. Secure boot is enabled
    3. UEFI mode is set to UEFI Mode Only
    4. Intel TXT Support is set to ON
  5. Save and exit
  6. Enable Bitlocker again in Windows.

Check using MSINFO32 if Secure boot is set to On.

Comments

  • Anonymous
    November 17, 2014
    My role has previously primarily focused on Microsoft Intune, nowadays it’s more towards our whole Enterprise
  • Anonymous
    March 11, 2015
    I have a Dell Inspiron 660 tower, and I cannot select the enable option. Instead of being light blue, the switch is dark grey. When I move the keys to select it, it skips right over it. Hep do I fix this?
  • Anonymous
    July 28, 2015
    Okay, so I'm on Window 8.1 Update 1. I had no idea that my BIOS was set to legacy, and just didn't think to check it before installing. I'd hate to go all the way back to Windows 7, upgrade to Windows 8, and update everything all over again just to turn on secure boot. I will, but is it possible to use a recovery drive to reinstall Windows 8.1 Update 1, and make the switch to UEFI mode somewhere in that process?
  • Anonymous
    July 28, 2015
    Hi MichaelN, you will need to reinstall Windows with the legacy option disabled. You can use any media (win7/8/8.1) as long as you have a valid license for it. I would personally reinstall win7 or 8.1 and upgrade to win10 in a few days.
  • Anonymous
    September 04, 2015
    Hello. Thanks for these instructions. I noticed in msinfo32 that my BIOS mode is UEFI, but Secure Boot State is Off. I went to the BIOS and changed the settings to match those in step 4 above: CSM is set to disabled, Secure boot is enabled, UEFI mode is set to UEFI Mode Only, Intel TXT Support is set to ON.

    The laptop's splash screen changed slightly upon reboot. However, when I go to msinfo32, Windows still reports Secure Boot State is Off. Why would this be the case if I've enabled it in the BIOS? Thanks.
  • Anonymous
    October 27, 2015
    Hey Dan, I've got the same problem. Did you found a soloution?
  • Anonymous
    November 17, 2015
    hola tengo una surface con win8 RT y no me boot para cambiar para el arranque
  • Anonymous
    February 24, 2016
    i am on legacy and the secure boot state is ''unsopported'' what should i do?kindly tell me