In this blog, we’ll simplify the concepts of Secure Boot and MBR, and we’ll provide guidance on how to enable Secure Boot on an MBR drive and convert an MBR drive to GPT.
Here is a quick step guide to enable secure boot on UEFI mode:
- Enter UEFI settings and set Secure Boot to UEFI mode
- Set Secure Boot type to UEFI (not Legacy)
- Choose a Secure Boot protocol (e.g., UEFI, UEFI with CSM)
- Select a Secure Boot key (e.g., UEFI, UEFI with CSM)
- Save changes and exit UEFI settings
- Verify Secure Boot is enabled in UEFI settings
Continue reading the full blog as this is just an overview of steps. Further in the blog, we have mentioned a detailed, step-by-step guide to enable Secure Boot on MBR and how to convert an MBR drive to GPT.
What is Secure Boot ?
Secure Boot is a security standard developed to ensure that your PC boots using only software that is trusted by the PC manufacturer.
Furthermore, when a computer starts, Secure Boot verifies the signatures of boot loaders and drivers, ensuring that they have not been altered.
As a result, this helps protect against attacks and malware that seek to take control of your PC during the boot process.
How Secure Boot Works ?
- Verification Process: First, when the PC is turned on, Secure Boot verifies every piece of software, including UEFI (Unified Extensible Firmware Interface) firmware drivers, EFI applications, and the operating system, ensuring that they are signed with valid certificates.
- Certificates and Keys: Additionally, Secure Boot uses cryptographic keys and certificates to authenticate software. The PC manufacturer provides keys that are stored in the UEFI firmware. These keys are used to verify the integrity of the software being loaded.
- Boot Process: Specifically, if the software is signed and the signature matches one of the valid keys, the boot process continues. If not, Secure Boot prevents the PC from booting, protecting the system from potential threats.
Also Check: How to fix Windows error code 0x80070570 ?
Benefits of Secure Boot
- Improved security: Firstly, prevents malicious software and unauthorized operating systems from loading during the boot process.
- Integrity checking: Secondly, it ensures that the software running on the system is authentic and has not been tampered with.
- Compatibility: Moreover, Secure Boot works with multiple operating systems, including Windows and certain Linux distributions.
Now that you understand what Secure Boot is and how it works, it’s important to note that you cannot enable Secure Boot on an MBR disk.
Secure Boot is a feature of UEFI firmware, while MBR is an older partitioning scheme incompatible with UEFI.
Consequently, to enable Secure Boot, you’ll need to convert your MBR disk to GPT (GUID Partition Table).
This process can be complex and risky, so it’s recommended to back up your data before proceeding.
How to convert MBR Disk to GPT Disk ?
Converting a Master Boot Record (MBR) disk to a GUID Partition Table (GPT) disk can be done using several methods, including tools built into Windows.
To begin, here is a step-by-step guide on how to convert a disk from MBR to GPT using the Windows Disk Management tool and Command Prompt.
Method 1: Using Disk Management (Data Loss Warning)
Note: This method requires deleting all partitions on the MBR disk, which will result in data loss. Therefore, make sure to back up your data before proceeding.
Backup Your Data: Ensure that you have backed up all important data from the MBR disk.
Open Disk Management:
- Firstly, right-click on the Start menu and select Disk Management.
Delete Partitions:
- Secondly, click on each partition on the MBR disk and select Delete Volume. Repeat this for all partitions until the disk shows as unallocated space.
Convert to GPT:
- After that, right-click on the unallocated space of the MBR disk and select Convert to GPT Disk.
Create New Partitions:
- In last, after conversion, you can right-click on the unallocated space to create new partitions as needed.
Method 2: Using Command Prompt (Data Loss Warning)
Note: Similarly, this method also requires deleting all partitions on the MBR disk, leading to data loss. As a result, it’s crucial to back up your data first.
Backup Your Data: To begin, ensure that you have backed up all important data from the MBR disk.
Open Command Prompt as Administrator:
- First, press Windows + X and select Command Prompt (Admin) or Windows PowerShell (Admin).
Launch Diskpart:
- Next, type diskpart and press Enter.
List Disks:
- After that, type list disk and press Enter. Identify the disk number of the MBR disk you want to convert.
Select the Disk:
- Once you identified the disk, type select disk X (replace X with the disk number) and press Enter.
Clean the Disk:
- Then, type clean and press Enter. This will delete all partitions and data on the disk.
Convert to GPT:
- Following that, type convert gpt and press Enter.
Exit Diskpart:
- Lastly, type exit and press Enter to close Diskpart.
Create New Partitions:
- Finally, you can now create new partitions on the GPT disk using Disk Management.
Once you have a GPT disk, you can follow the steps outlined to enable Secure Boot in your UEFI firmware settings.
Also Check: How to fix USB drive not appearing in win 10 ?
How to enable Secure Bot in GPT Drive or UEFI mode ?
Enabling Secure Boot in UEFI mode on a GPT (GUID Partition Table) drive involves accessing your system’s UEFI firmware settings. Below are detailed steps for various methods to enable Secure Boot.
Method 1: Enabling Secure Boot via UEFI Firmware Settings
Access UEFI Firmware Settings:
- First, restart your computer.
- During the boot process, press the appropriate key to enter the UEFI/BIOS setup. This key varies by manufacturer (common keys include F2, F10, DEL, or ESC). You may see a prompt on the screen indicating which key to press.
Navigate to the Secure Boot Option:
- Next, once in the UEFI setup, use the arrow keys to navigate through the menus. Look for a tab labeled Security, Boot, or Authentication. The exact location may vary depending on your motherboard manufacturer.
Enable Secure Boot:
- Then, find the Secure Boot option and set it to Enabled. If you see an option for OS Type, select Windows UEFI Mode if applicable.
Save Changes and Exit:
- After enabling Secure Boot, navigate to the Exit tab and select Save Changes and Exit. Confirm any prompts to save your changes.
Reboot Your System:
- Finally, your system will restart, and Secure Boot should now be enabled.
Method 2: Enabling Secure Boot via Windows Settings (Windows 10/11)
Open Windows Settings:
- First, click on the Start menu and select Settings (the gear icon).
Go to Update & Security:
- Next, in the Settings window, click on Update & Security.
Access Recovery Options:
- Then, click on Recovery in the left sidebar.
- Under Advanced startup, click on Restart now. Your computer will restart and take you to the Windows Recovery Environment (WinRE).
Navigate to UEFI Firmware Settings:
- In the WinRE menu, select Troubleshoot.
- Next, select Advanced options.
- Then, click on UEFI Firmware Settings and then select Restart.
Enable Secure Boot:
- Finally, follow the steps in Method 1 to enable Secure Boot in the UEFI firmware settings.
Method 3: Using Command Prompt (Advanced Users)
Open Command Prompt as Administrator:
- First, press Windows + X and select Command Prompt (Admin) or Windows PowerShell (Admin).
Check Secure Boot Status:
- Next, type the following command and press Enter: Confirm-SecureBootUEFI
- If it returns True, Secure Boot is already enabled. If it returns False, you will need to enable it via UEFI settings as described in Method 1.
Important Notes
- Compatibility: Firstly, ensure that your operating system and hardware support Secure Boot. Most modern systems with UEFI firmware and Windows 8 or later support this feature.
- Backup Data: Secondly, before making changes to your UEFI settings, it’s always a good idea to back up your important data.
- Potential Issues: Finally, enabling Secure Boot may prevent some older hardware or software from functioning correctly. If you encounter issues, you may need to disable Secure Boot again.
By following these methods, you can successfully enable Secure Boot on a GPT drive in UEFI mode, enhancing your system’s security against unauthorized access and malware.
Also Check: How to open CMD as Admin ?
Conclusion
In short, Secure Boot is an important security feature that helps protect your computer by verifying the integrity of software loaded during the boot process.
First, to enable Secure Boot, you’ll need to make sure your system is using a GUID Partition Table (GPT) drive instead of the older Master Boot Record (MBR) format.
Converting from MBR to GPT can be a bit complex, so be sure to back up your data first.
Then, once you have a GPT drive, you can enable Secure Boot through your computer’s UEFI firmware settings.
This involves locating the Secure Boot options, turning the feature on, and possibly selecting the appropriate operating system type.
Source: [ microsoft, superuser, pureinfotech, tenforums ]
Frequently Asked Question’s (FAQ’s)
No, Secure Boot does not work on MBR (Master Boot Record) disks. Secure Boot is a feature of UEFI firmware, which requires a GPT (GUID Partition Table) disk for compatibility. To enable Secure Boot, you must convert an MBR disk to GPT.
Windows 11 requires Secure Boot, which is compatible only with UEFI firmware and GPT disks. While it can run on MBR disks, Secure Boot will not function. For optimal security and compliance, a GPT disk is necessary.
Choose GPT (GUID Partition Table) for modern systems, as it supports larger drives, more partitions, and features like Secure Boot. MBR (Master Boot Record) is limited to 2TB and four primary partitions. For better performance and future-proofing, GPT is the better option.