[SOLVED] – Secure Boot is Greyed Out on Windows 11
Summary: Secure Boot is an added security feature of Windows 10 & 11 to protect the system during boot up. If the Secure Boot is greyed out in BIOS, it could be due to improper boot drive partition style or incompatible hardware. You can fix the greyed-out Secure Boot option by restoring the BIOS security settings or changing the boot drive’s partition style from MBR to GPT. Read this blog for more details.
When Microsoft launched Windows 11, it came with a general list of system requirements. In that list, there was a necessary requirement that seemed odd to many users. This was the Secure Boot capability. Many users felt this way as it was an optional feature in Windows 10 designed for systems with 2 OS installed.
Secure Boot is a critical system feature designed by Microsoft to protect a PC during a system boot. It prevents unsigned or malicious code from loading while a computer boots up.
In most cases, a user can tweak Secure Boot settings by simply going into the BIOS. However, in some situations, Secure Boot is greyed out and is stuck in either an enabled or disabled state. The option is usually greyed out due to unsupported hardware or MBR partitioning style of the boot drive.
Let’s see why it happens and some methods to fix it.
What is Secure Boot?
A computer is most vulnerable while it is booting. Certain malicious code or viruses can activate and infect the system during this process. To prevent any unsigned code from loading, Microsoft introduced the Secure Boot feature with Windows 10. Secure Boot is an essential security feature by Microsoft for safeguarding the system and preventing an unknown code from booting while the system boots.
Eventually, with Windows 11, Microsoft made it necessary for a PC to be capable of a Secure Boot.
Most modern computers support Secure Boot, but some might not. This is due to misconfigured settings or unsupported system configuration. As the Secure Boot setting is in UEFI/BIOS, the boot drive must have GPT partitioning style to enable it on a PC. It doesn’t work on Legacy BIOS.
Why is Secure Boot Greyed Out?
When in UEFI, you can easily tweak the Secure Boot settings. However, if you try to enable Secure Boot on Windows 10 installed on an MBR partitioned boot drive with Legacy BIOS, it will be greyed out or absent.
Here are some prominent reasons why Secure Boot is greyed out on a Windows PC –
- Unsupported hardware
- MBR partitioned boot drive
- Legacy BIOS instead of UEFI
- CSM mode enabled
- Created a new registry key in the MoSetup directory in the HKLM registry hive
- Lack of administrator password
- Outdated BIOS firmware
Methods to Fix the Greyed-Out Secure Boot Option On Windows
In this section, we will learn ways to fix greyed out Secure Boot on a Windows 11 computer.
Caution – Carefully proceed with the methods explained below. Fiddling with BIOS settings can have negative implications, leading to problems such as a bricked motherboard, an unstable system, or an unbootable computer. If you are unsure about accessing the BIOS yourself, take the help of an IT professional.
Note – Before moving on with the methods, we advise you to completely backup your data and files on an external storage drive. Once you are ready, carefully follow the methods below.
Method 1: Restore Security Settings & Factory Keys
If there is any security setting tweaked incorrectly in the BIOS, it could be behind why Secure Boot is greyed out. You can fix this by restoring the security settings to factory defaults. Here’s what to do –
Note – Power ON the computer and keep pressing the assigned key to enter the BIOS. It could be F2, F8, F10, F11, ESC, DEL, or any other key designated by the computer manufacturer. Refer to your device’s manual for more info.
- In the BIOS, go to the Security tab.
- Go to the Restore Security Settings to Factory Defaults options. Press Enter.
- You’ll see the Security Feature Reset Request pop-up box.
- Carefully read the instructions.
- Use the code and hit Enter to execute the changes.
- After this, go to the System Configuration tab and locate Legacy Support. Disable it.
- Then, locate the Load Default Keys option in the same tab and press Enter.
- A prompt will come on the screen. Select Yes to proceed.
- Afterward, go to the Secure Boot and change it to Enabled/Disabled.
Method 2: Disable Fast Boot
Fast Boot is a feature that saves the current Windows OS state to the disk and uses it the next time you boot your system. While it helps save booting time, it skips on certain POST stages and bootable media. If you are trying to install Windows 11 via a bootable USB and cannot access BIOS due to fast boot, turn it off.
Note – Do not confuse Fast Boot with Fast Startup. Fast Boot is a BIOS setting, while Fast Startup is a Windows OS setting, a form of hibernation.
Here’s how to disable Fast Boot –
- Enter BIOS via WinRE.
- Go to the Advanced tab and select Boot Options. Press Enter.
- Click on Fast Boot and change its status to Disable.
- Press Enter to make the changes.
- Save and Exit the BIOS. The system will automatically restart.
Now, try to access BIOS. You should be able to do so and install Windows 11 using the bootable media.
Note – If you have installed Windows 10 in CSM mode, do not enable or disable Secure Boot. It can cause more problems and make the system unstable or, worse, unbootable.
Method 3: Set Administrator Password in BIOS
Setting up an administrator password in BIOS ensures you have the highest level of permission to change system settings. Some users fixed the ‘Secure Boot is greyed out’ issue by setting up an administrator password. To do this –
- Enter BIOS.
- Navigate to the Security tab.
- Locate the Administrator Password option and press Enter.
- Enter a new password and confirm.
- Save the changes and exit the BIOS.
- Restart the system and re-enter BIOS. This should fix the Secure Boot is greyed out issue.
Note – Remember the administrator password. Losing it could make it impossible to recover the password. If lost, only Resetting CMOS or NVRAM will reset BIOS to factory settings and remove passwords.
Method 4: Do a Fresh Installation of Windows
If you don’t want to meddle with settings in BIOS, you can do a fresh installation of Windows 10 or 11. However, before doing so, take a complete backup of your data and files, as this process can lead to data loss.
Here are the guides to perform clean installation of Windows –
Perform a clean installation of Windows 10
Perform a clean installation of Windows 11
Unbootable System After Changing BIOS Settings?
Changing BIOS settings is tricky, and any misconfigured setting can result in problems. Sometimes, these problems can even prevent your computer from booting Windows. This could make the data on the drive inaccessible and render the system unbootable. Hence, you should be careful while making changes in BIOS or take the help of a professional.
An unbootable computer can cause a lot of anxiety among users who have data stuck inside it. However, there is nothing to worry about, as there is a professional data recovery software like Stellar Data Recovery Professional to help you rescue your files.
Thanks to its advanced algorithms and option to create bootable media, it can easily retrieve files from a crashed or unbootable PC. The software can also recover files from various data loss scenarios like deletion, formatting, and more.
Wrapping it Up
Secure Boot is an essential feature of Windows OS that adds an extra layer of security to the OS. However, users find Secure Boot to be greyed out due to misconfiguration or bugs. This prevents them from changing its status, leading to problems like incompatible applications or an unstable system.
If this is the case with your Windows 11 PC, the methods mentioned above can help you fix the Secure Boot is greyed out issue. However, as a precaution, take a backup of your data before changing the BIOS settings.
0 Comments