Do you see a system error whenever you attempt to boot into secure mode? Maybe you're trying to play a game that requires Secure Boot, like Valorant, or maybe you're upgrading Windows 10 to Windows 11; whatever the case, we've got you covered! The error text simply means that you have to do a few more things before you can boot your computer in secure mode. Read on to learn more about this message and what to do when you see it.
Secure Boot Can Be Enabled When System in User Mode
If you see this message and Secure Boot is already on, change the "Secure Boot Mode" from "Standard" to "Custom", then apply the factory default keys, and change the Boot Mode back to "Standard". If Secure Boot is greyed out in BIOS, you need to change your partition format from MBR to GPT and change your firmware from BIOS to UEFI.
Steps
Enabling Secure Boot in BIOS
-
Enter BIOS. As soon as you see the manufacturer’s logo, press the key indicated on the screen to enter Setup or BIOS. The key you'll need to use varies by manufacturer and model. Keep pressing it over and over again until you enter the BIOS. Here's a list of some of the most common setup keys by manufacturer:
- Acer : F2 or Del
- ASUS : F2 or Del
- Dell : F2 or F12
- HP : ESC or F10
- Lenovo Desktops : F1 or F2 (hold down the Fn key if your F keys are blue or orange)
- Lenovo IdeaPad : F9 or Fn + F9
- Lenovo ThinkPad, ThinkCentre, & ThinkStation : F1 or Enter
- MSI : Del for both MSI motherboards and PCs
- Microsoft Surface Tablets : Press and hold the volume-up button.
- Origin PC : F2
- Samsung : F2
- Sony : F1, F2, or F3
- Toshiba : F2
- If you don’t hit the key in time, Windows will load, and you will have to reboot and try again.
-
Select the Advanced tab. If your mouse doesn't work, you can use the arrow keys on your keyboard to navigate and press Enter to make a selection.
- Some motherboards, like the MSI motherboard, have a directory instead, like Settings\Advanced\Windows OS\Configuration\Secure Boot .
-
Change the "Windows OS Configuration" mode to Custom . You might see this option next to "Secure Boot Mode."
-
Select Enroll all Factory Default keys . This will use the factory default keys. [1] X Research source
- Select Yes to continue when you're asked if you're sure that you want to use factory default keys.
- Select No when prompted if you want to reset without saving.
-
Enable Secure Boot. Select Secure Boot and click Enabled .
-
Change the "Windows OS Configuration" mode to Standard . You might see this option next to "Secure Boot Mode."
- Click Yes to use default keys.
- Click No' to the prompt to reset without saving.
-
Save configuration and restart. Click the "x" to get out of BIOS, and you'll be asked to save and reset to apply your changes. Click Yes to continue. [2] X Research source
- If you are using an ASRock Phantom Gaming UEFI, go to Settings > Security > Secure Boot > Key Management > Platform Key > Generate , then go back to the BIOS and use your default keys to enable Secure Boot. [3] X Research source
Switching BIOS to UEFI on Windows 10
-
Check whether the system is already using MBR or GPT. UEFI systems are more secure than the legacy BIOS, and old BIOS systems are triggering the "Secure Boot can be enabled when system in user mode" message. This is useful if the Secure Boot option in BIOS is greyed out. Here's how to check your current setup:
- Open Disk Management.
- Right-click the drive with the Windows installation and select Properties .
- Click the Volumes
tab.
- Look next to "Partition style": If you see "GUID Partition Table (GPT)", nothing needs to be converted. If you see "Master Boot Record (MBR)", you need to convert the files.
- Click Cancel
to close the "Properties" window.
- If you are converting files, make sure the website for your device manufacturer says that your hardware supports UEFI.
-
Convert the partition style from MBR to GPT. It's best to do this offline to avoid any potential problems and here's how you can do it:
- Open Settings and go to Update & Security > Recovery > Restart now (Under Advanced Startup) .
- Select Troubleshoot > Advanced options > Command Prompt .
- Choose your account and sign in, if prompted.
- If needed, navigate to the System32 folder.
- Enter mbr2gpt /validate . Press Enter after the command.
- Enter mbr2gpt /convert . Press Enter after the command to start converting your partition style.
- Command Prompt will tell you to restart your computer to finalize the process.
- Close the Command Prompt window by clicking the "x" in the top right corner, then turn off your computer.
- You won't be able to boot your computer completely until you change the motherboard's settings.
-
Change the firmware mode from BIOS to UEFI. Turn on your PC and press the BIOS key (F1, F2, F3, F10, Del, or Esc).
- Navigate to the Boot menu.
- Enable the UEFI option.
- You can also enable Secure Boot now if it was previously greyed out.
- Close the menu and restart your PC.
-
Double-check your changes. Once your computer restarts, open Device Manager again to make sure your changes applied.
- Right-click the drive where Windows is installed and select Properties .
- Look next to "Partition style" to make sure it says "GUID Partition Table (GPT)."
- To make sure the firmware has changed from BIOS to UEFI and that Secure Boot is enabled, do the following:
- Open System Information.
- Select System Summary on the left.
- Check that "BIOS Mode" says "UEFI."
- Check that "Secure Boot State" says "On." [4] X Research source