Computer Tutorials
Troubleshooting
How to fix Windows not booting after activating Secure Boot?
Secure Boot is a built-in security function of newer UEFI firmware that helps make sure only trusted, digitally signed operating systems and bootloaders can boot on your PC. By verifying the signatures of key boot components, Secure Boot protects against certain types of malware and unauthorized modifications to the boot process. However, some users lament that Windows boot failure after enabling Secure Boot becomes a maddening reality when their computer cannot pass the signature verifications.
When Windows fails to boot when Secure Boot is on, typical symptoms may be a black screen with no loading icon, reboot loops, or an error message that the boot device is not recognized. In most instances, the system may hang prior to any Windows logo being displayed, so recovery options will not be available through normal boot processes. This issue can arise shortly after Secure Boot has been enabled in the UEFI settings, even on otherwise properly booting configurations.
There are a number of reasons why the PC will not boot when Secure Boot is enabled. Older machines or drives employing a legacy BIOS/MBR configuration usually do not have the GPT partitioning and signed bootloaders Secure Boot needs. Unsigned or custom boot managers, UEFI firmware with old versions, and third-party drivers will cause boots to fail if Secure Boot validation is activated. In enterprises, incorrectly set up Secure Boot keys or multiple platform key (PK) policies may stop Windows from booting properly.
Since the root causes are complex, fixing Windows not booting when Secure Boot is turned on may be done with numerous different approaches, from disk conversion to GPT to firmware updates, default Secure Boot keys reset, to reinstalling Windows in UEFI mode.
The following section contains detailed, step-by-step instructions that are specific to these situations. If you prefer an automatic repair to fix system problems, you can try using the FortectMac Washing Machine X9 maintenance and repair software that can automate the diagnostic process and have your system running.
Access Safe Mode [if applicable]
If you can't access Windows, you should access Safe Mode or Windows Recovery Environment to proceed with further fixes. Here's how:
- Restart your computer.
- Once Windows starts booting, press the Power button, interrupting the loading process – do this two more times.
- After that, Windows will automatically enter Advanced Startup mode.
- Select Troubleshoot > Advanced options > Startup Settings and Restart.
- After a reboot, pick either 4/F4 for Safe Mode or 5/F5 for Safe Mode with Networking.
Fix 1. Convert disk to GPT
Secure Boot requires a GPT-partitioned disk for UEFI boot. Converting your drive from MBR to GPT without data loss ensures compatibility.
- Type cmd in Windows search.
- Right-click on Command Prompt and select Run as administrator.
- Type in the following command to check compatibility and press Enter:
mbr2gpt /validate /allowFullOS - If the command is succesfull, follow up with the following command:
mbr2gpt /convert /allowFullOS - Restart your PC and enable Secure Boot in UEFI.
Fix 2. Disable CSM or legacy mode
Compatibility Support Module (CSM) or legacy BIOS mode can conflict with Secure Boot. Disabling it forces the system to use UEFI only.
- Reboot your PC and press F2, F8, F10, Del, or a similar button (this varries based on the device/motherboard manufacturer) to access BIOS.
- Go to the Boot tab/section.
- Locate CSM or Legacy Support option.
- Set it to Disabled.
- Save changes and exit.
Fix 3. Update UEFI firmware/BIOS
Outdated firmware may lack Secure Boot support or contain bugs that prevent UEFI boot. Updating to the latest version can resolve these issues.
- Access your laptop/motherboard manufacturer's website and download your specific model's latest BIOS update file (you can check which BIOS you are using by typing System information in Windows search and checking the BIOS Version/Date and BaseBoard Product entries there).
- Extract the BIOS update files and read any provided instructions or documentation.
- Create a bootable USB drive with the BIOS update files, if required.
- Update the BIOS using the manufacturer's recommended method, which may be through a built-in utility or booting from a USB drive.
- Restart your computer to complete the process and attempt to enable Secure Boot again.
Fix 4. Restore secure boot defaults
Corrupted or custom Secure Boot keys can block the bootloader. Restoring factory defaults reloads Microsoft’s trusted keys.
- Restart your PC and enter BIOS setup.
- Go to one of the sections that would have an option to reset BIOS (varies depending on your motherboard).
- Select Load optimized defaults or similar.
- Press F10 to save changes and exit.
- Restart the PC and check if it boots normally.
Fix 5. Repair Windows Boot Manager
If the Boot Manager entry is missing or invalid, Windows cannot launch under Secure Boot. Repairing it restores the correct UEFI entry.
- Boot from a Windows installation media (you should create it on a working computer).
- Go to Repair your computer and select Troubleshoot > Advanced options > Command Prompt.
- In Command Prompt, type the following commands and press Enter after each:
bootrec /fixmbr
bootrec /fixboot
bootrec /rebuildbcd - Restart the computer to check if the error is resolved.
Fix 6. Disable driver signature enforcement
Unsigned drivers can prevent Secure Boot from validating system components. Temporarily disabling enforcement allows the system to boot.
- Restart your computer and press F8 (or another key, depending on your motherboard/laptop manufacturer) before Windows starts.
- In the Advanced Startup mode, go to Troubleshoot.
- Select Advanced options and pick Startup settings.
- From here, press 7 on your keyboard or pick Disable driver signature enforcement option.
- Let Windows boot, then uninstall or update unsigned drivers.
Fix 7. Ensure correct boot order
If the UEFI boot order doesn’t prioritize Windows Boot Manager, Secure Boot may fail to locate the signed bootloader.
- Enter BIOS during startup as previously explained.
- Open the Boot or Boot Order menu.
- Move Windows Boot Manager to the top of the list.
- Save changes and exit UEFI.
Fix 8. Suspend BitLocker encryption
Active BitLocker protection can interfere with Secure Boot changes. Suspending it allows UEFI modifications without triggering recovery.
- In Windows search, type cmd.
- Right-click on Command Prompt and select Run as administrator. In Windows Recovery Environment, go to Repair your computer and select Troubleshoot > Advanced options > Command Prompt.
- Type the following command and press Enter:
manage-bde -protectors -disable C: - Reboot to enable Secure Boot.
- After successful boot, re-enable BitLocker with the following command:
manage-bde -protectors -enable C: - Close down Command Prompt.
The above is the detailed content of How to fix Windows not booting after activating Secure Boot?. For more information, please follow other related articles on the PHP Chinese website!
Hot AI Tools
Undress AI Tool
Undress images for free
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
Windows Security is blank or not showing options
Jul 07, 2025 am 02:40 AM
When the Windows Security Center is blank or the function is missing, you can follow the following steps to check: 1. Confirm whether the system version supports full functions, some functions of the Home Edition are limited, and the Professional Edition and above are more complete; 2. Restart the SecurityHealthService service to ensure that its startup type is set to automatic; 3. Check and uninstall third-party security software that may conflict; 4. Run the sfc/scannow and DISM commands to repair system files; 5. Try to reset or reinstall the Windows Security Center application, and contact Microsoft support if necessary.
PEAK Voice Chat Not Working on PC: Check This Stepwise Guide!
Jul 03, 2025 pm 06:02 PM
Players have been experiencing the PEAK voice chat not working issue on PC, impacting their cooperation during climbs. If you are in the same situation, you can read this post from MiniTool to learn how to resolve PEAK voice chat issues.Quick Navigat
Windows stuck on 'undoing changes made to your computer'
Jul 05, 2025 am 02:51 AM
The computer is stuck in the "Undo Changes made to the computer" interface, which is a common problem after the Windows update fails. It is usually caused by the stuck rollback process and cannot enter the system normally. 1. First of all, you should wait patiently for a long enough time, especially after restarting, it may take more than 30 minutes to complete the rollback, and observe the hard disk light to determine whether it is still running. 2. If there is no progress for a long time, you can force shut down and enter the recovery environment (WinRE) multiple times, and try to start repair or system restore. 3. After entering safe mode, you can uninstall the most recent update records through the control panel. 4. Use the command prompt to execute the bootrec command in the recovery environment to repair the boot file, or run sfc/scannow to check the system file. 5. The last method is to use the "Reset this computer" function
Proven Ways for Microsoft Teams Error 657rx in Windows 11/10
Jul 07, 2025 pm 12:25 PM
Encountering something went wrong 657rx can be frustrating when you log in to Microsoft Teams or Outlook. In this article on MiniTool, we will explore how to fix the Outlook/Microsoft Teams error 657rx so you can get your workflow back on track.Quick
The RPC server is unavailable Windows
Jul 06, 2025 am 12:07 AM
When encountering the "RPCserverisunavailable" problem, first confirm whether it is a local service exception or a network configuration problem. 1. Check and start the RPC service to ensure that its startup type is automatic. If it cannot be started, check the event log; 2. Check the network connection and firewall settings, test the firewall to turn off the firewall, check DNS resolution and network connectivity; 3. Run the sfc/scannow and DISM commands to repair the system files; 4. Check the group policy and domain controller status in the domain environment, and contact the IT department to assist in the processing. Gradually check it in sequence to locate and solve the problem.
The requested operation requires elevation Windows
Jul 04, 2025 am 02:58 AM
When you encounter the prompt "This operation requires escalation of permissions", it means that you need administrator permissions to continue. Solutions include: 1. Right-click the "Run as Administrator" program or set the shortcut to always run as an administrator; 2. Check whether the current account is an administrator account, if not, switch or request administrator assistance; 3. Use administrator permissions to open a command prompt or PowerShell to execute relevant commands; 4. Bypass the restrictions by obtaining file ownership or modifying the registry when necessary, but such operations need to be cautious and fully understand the risks. Confirm permission identity and try the above methods usually solve the problem.
the default gateway is not available Windows
Jul 08, 2025 am 02:21 AM
When you encounter the "DefaultGatewayisNotAvailable" prompt, it means that the computer cannot connect to the router or does not obtain the network address correctly. 1. First, restart the router and computer, wait for the router to fully start before trying to connect; 2. Check whether the IP address is set to automatically obtain, enter the network attribute to ensure that "Automatically obtain IP address" and "Automatically obtain DNS server address" are selected; 3. Run ipconfig/release and ipconfig/renew through the command prompt to release and re-acquire the IP address, and execute the netsh command to reset the network components if necessary; 4. Check the wireless network card driver, update or reinstall the driver to ensure that it works normally.
How to fix 'SYSTEM_SERVICE_EXCEPTION' stop code in Windows
Jul 09, 2025 am 02:56 AM
When encountering the "SYSTEM_SERVICE_EXCEPTION" blue screen error, you do not need to reinstall the system or replace the hardware immediately. You can follow the following steps to check: 1. Update or roll back hardware drivers such as graphics cards, especially recently updated drivers; 2. Uninstall third-party antivirus software or system tools, and use WindowsDefender or well-known brand products to replace them; 3. Run sfc/scannow and DISM commands as administrator to repair system files; 4. Check memory problems, restore the default frequency and re-plug and unplug the memory stick, and use Windows memory diagnostic tools to detect. In most cases, the driver and software problems can be solved first.
