Many users report getting the “Secure Boot State Unsupported” error when trying to upgrade their PCs to Windows 11. This post offers a series of fixes designed to remove the error from your system.
Tip: Just created a bootable USB drive? Here’s how to check if it works in Windows.
Why Are You Getting the Error
Secure Boot is a security feature that prevents untrusted programs from being installed during the boot process. By doing so, the tool keeps malware and other malicious programs away from your PC while it’s booting.
Most modern PCs ship with Secure Boot enabled by default. But if you’ve disabled it due to any reason, you will probably get the “Secure Boot State Unsupported Error” while upgrading your PC from Windows 10 to 11.
On top of Secure Boot being disabled, here are more reasons that might be behind this error:
- Legacy BIOS mode
- Absence of trusted program module support (TPM) or disabled TPM.
1. Check TPM Support
TPM is a technology designed to enhance your computer’s security at a hardware level. Your PC needs to have TPM 2.0 working when upgrading your PC to Windows 11.
- Press Windows + R to open the Run window.
- Type
tpm.msc
in the search bar and click “OK” to open the “Trusted Platform Module” window.
- Right-click on the “Action” and click on “Prepare the TPM” if the option is not blurred.
- Restart your PC and check to see if the error is gone now.
2. Check Your BIOS
If Secure Boot is disabled in BIOS, you will get the error discussed in this article. This is how you can enable it.
Note: Depending on your PC model, steps to enable Secure Boot will vary. You should check with your PC manufacturer to know how to do it. For the purpose of this tutorial, we’re using an HP Pavilion laptop.
- Press Windows + R to open Run.
- Type
msinfo32
in the search bar to go to the System Information window.
- Scroll down in the right sidebar until you reach “Secure Boot State.” This should be “On” to avoid the error.
- Press Windows + I to open the Settings menu. Scroll down and click on “Update & Security.”
- In the left sidebar, click on “Recovery.” Find “Advanced startup” in the right sidebar. Click on the “Restart now” button.
- Opt for “Troubleshoot.”
- Click on “Advanced options.” Doing so will open multiple options on your PC screen.
- Click on “UEFI Firmware Settings.” Then, press “Restart.”
- Press F10 key to open “BIOS Setup.”
- Click on the “System Configuration” tab at the top, then on “Boot Options.”
- Locate the “Secure Boot” and enable it. Press F10 to save and exit.
- Restart your PC. The “Secure Boot Unsupported” error should be fixed now.
Tip: Upgraded to Windows 11 but you’re still nostalgic? Here’s how to make your OS look more like Windows 10.
3. Ensure Your BIOS Mode Is UEFI
Your PC has two boot options – one is Legacy and another is UEFI. You’ll need to switch to the newer UEFI standard if you want Secure Boot to be operational.
- Go to the “System Configuration” menu on your PC once again as shown in the previous section.
- Locate “Legacy Support” and disable it.
- Save the settings and exit.
- Restart your PC and try upgrading it. Check if the error is no longer showing.
4. Change Partition Style to GPT
Switching to UEFI mode in BIOS takes care of only half of the problem. UEFI mode supports GUID Partition Table (GPT), but if you’re PC was previously running Legacy mode, its partition style was set to Master Boot Record (MBR). This needs to be converted to GPT.
- Press Windows + X and select “Disk Management.”
- Right-click on the hard disk drive and select “Properties” from the context menu.
- Select the “Hardware” tab and click on “Properties.”
- Select the “Volumes” tab and check “Populate” to view your partition style.
- If your partition style is MBR, learn how to convert MBR to GPT and change Legacy BIOS to UEFI.
5. Clean Install Windows 11
If the above steps didn’t fix the error, perform a clean install of Windows on your PC. You’re likely to avoid the error if you do that.
A clean boot starts with minimal startup programs and drivers. So, if you clean install Windows 11, your system will have nothing left from its Windows 10 installation. All of your data will be deleted, so consider backing up your data before you proceed.
How to Bypass a Secure Boot Requirement
When upgrading to Windows 11, it’s possible to bypass a Secure Boot requirement. Here’s how.
- Press Windows + R to open Run.
- Type
regedit
and click “OK” to open “Registry Editor.”
- Paste the following in the address bar of “Registry Editor” and press Enter.
Computer\HKEY_LOCAL_MACHINE\SYSTEM\Setup
- Right-click on “Setup” in the left sidebar and click on “New -> Key” to create a new key.
- Rename the newly created key as “LabConfig.”
- Now right-click “LabConfig” and select “New → DWORD (32-bit) Value.”
- Name the newly created key as “BypassSecureBootCheck.” Double-click on it to modify “Value data” from “0” to “1.”
Good to know: Get up to speed on how to safely bypass the TPM 2.0 Requirement in Windows 11.
Frequently Asked Questions
How can I disable Secure Boot on my PC?
Yes, you can disable Secure Boot on your PC. But disabling Secure Boot is not recommended because it protects your PC from malware while you’re booting your PC. If you must disable Secure Boot, go to BIOS of your PC and disable Secure Boot in the “Security” tab of the Boot Options menu. The process of disabling or enabling Secure Boot can vary, deepening on your PC’s manufacturer.
Are Secure Boot and Trusted Boot the same?
No, Secure Boot and Trusted Boot are not the same. Secure Boot enables your PC to load only trusted operating system bootloaders when you boot up your PC, while Trusted Boot ensures the integrity of every component of the startup process. Both Secure Boot and Trusted Boot together help your PC boot up securely and safely.
What happens if I install Windows 11 without Secure Boot?
You can install Windows 11 without Secure Boot but doing so may result in the instability of your PC. And it can put your PC’s security at risk. Also, you may not receive updates from Microsoft. Secure Boot is officially required to install Windows 11 on a PC.
Will Secure Boot delete my files?
No, Secure Boot will not delete your files. Secure Boot only prevents unwanted software programs from loading when you boot your PC. The process doesn’t affect the files saved on your PC.
Image credit: Geralt via Pixabay. All screenshots by Sandeep Babu
Our latest tutorials delivered straight to your inbox