6 Proven Methods to Fix Secure Boot State Unsupported In 2026

By /

Getting the Secure Boot State Unsupported message on Windows 10/11? Learn 6 proven ways to fix secure “Boot State Unsupported” it by aligning UEFI, TPM, and GPT so your PC stays secure and upgrade-ready.

Why the “Secure Boot State Unsupported” Error Appears in Windows 10/11

Seeing the “Secure Boot State Unsupported” message can be confusing, especially when you’re trying to update your system or meet the requirements for Windows 10 or Windows 11.

This alert simply means your PC isn’t meeting one or more conditions needed for Secure Boot, a feature built into modern hardware to protect the startup process from malware and unauthorized software.

Secure Boot is part of the UEFI (Unified Extensible Firmware Interface) — a modern replacement for legacy BIOS — and helps ensure that only signed and trusted bootloaders run when your computer starts.
It helps defend your system from rootkits, boot-sector malware, or unauthorized system modifications before Windows loads.

Secure Boot only works when your system uses UEFI firmware and supports trusted boot components.

Many users bump into this issue during upgrades, fresh installs, or security checks.

Sometimes Secure Boot is turned off, sometimes the system is running in Legacy mode, and sometimes the hardware isn’t configured to support it at all.’

Secure Boot State Unsupported Fix

No matter the cause, the good news is that most situations can be fixed with a few guided steps.

Also, Windows 11 requires Secure Boot capability, which means the system must use UEFI firmware and meet certain security standards.

If your PC shows “unsupported,” it may block upgrades or trigger compatibility warnings.

Secure Boot-capable systems are a core requirement for Windows 11 installation and security compliance.

In this guide, we’ll walk through the exact reasons why the Secure Boot state may show as unsupported, and the most reliable ways to turn that status around.

You’ll learn how features like UEFI, TPM 2.0, and GPT-based drives influence Secure Boot — and more importantly, how to align your system with what Windows expects.

What Secure Boot Is and Why Windows 11 Requires It (Secure Boot Explained)

Secure Boot is a protective feature built into modern UEFI firmware that ensures your computer starts in a trusted state. When the system powers on, Secure Boot checks each boot-related file — including the bootloader, firmware drivers, and key system components — to confirm they haven’t been tampered with. If anything fails verification, the PC immediately blocks the startup to prevent hidden threats like rootkits from loading.

This creates a trusted boot chain, where each step is verified before the next is allowed to run. Older Legacy BIOS systems didn’t perform this kind of validation, which made them easier targets for low-level attacks. Secure Boot’s verification process helps modern systems stay protected even before Windows loads.

Secure Boot ensures your PC starts only with software that’s cryptographically trusted — stopping threats before they ever reach Windows.

Windows 11 places a strong emphasis on hardware-based security. That’s why the operating system requires devices to support UEFI, Secure Boot, and TPM 2.0. These components work together to block unauthorized code, improve system integrity, and strengthen protections against modern malware that can target the boot process.

When Secure Boot isn’t available or isn’t recognized correctly, Windows may display warnings such as Secure Boot state unsupported, especially during system checks or upgrade attempts. This usually occurs because of firmware settings, compatibility issues, or storage formats that don’t align with Secure Boot requirements.

How to Check Secure Boot Status in Windows (msinfo32 Secure Boot State Check)

Before fixing anything, it’s important to confirm how Windows currently reads your Secure Boot configuration. The System Information tool lets you verify this quickly.

  1. Press Win + R to open the Run dialog.
  2. Type msinfo32 and press Enter to open System Information.
  3. Select System Summary from the left pane.
  4. Look for the values next to:
    • Secure Boot State
    • BIOS Mode

These values reveal whether Secure Boot is working, disabled, or unsupported:

  • On — Secure Boot is active and functioning correctly.
  • Off — Your system supports Secure Boot, but it’s currently disabled in UEFI settings.
  • Unsupported — The system cannot use Secure Boot because required features aren’t configured, or your hardware isn’t compatible.

If BIOS Mode shows Legacy, Secure Boot will always appear as Unsupported because Secure Boot can only run in UEFI mode.

Checking these fields helps you understand whether the issue is a simple configuration change or something deeper, such as the need to convert your drive to GPT, enable TPM, or switch your system from Legacy to UEFI mode. This small step sets the foundation for applying the right fix later on.

Why Secure Boot Shows “Unsupported” in Windows 10/11 (Main Causes Explained)

When Windows reports “Secure Boot State Unsupported,” it means the system cannot meet one or more requirements needed for Secure Boot to function correctly.

Often this isn’t a hardware failure — but a misconfiguration or compatibility issue that prevents Windows from recognizing Secure Boot support.

Here are the most common reasons why that “unsupported” alert shows up:

  1. Your PC uses Legacy boot mode instead of UEFI: Secure Boot only works when your system boots in UEFI mode. If your firmware (BIOS/UEFI) is set to Legacy (or CSM) mode, Secure Boot won’t be active.
  2. Boot drive is formatted as MBR instead of GPT: Secure Boot and UEFI rely on a GPT (GUID Partition Table) partition style. If your boot disk still uses the older MBR (Master Boot Record) format, Secure Boot compatibility fails.
  3. TPM 2.0 / PTT / fTPM or platform-security features are disabled: Many modern Windows 11 features — and Secure Boot compatibility — often expect TPM (Trusted Platform Module) or equivalent platform security to be active. If these are disabled in firmware settings, Secure Boot might show unsupported.
  4. Secure Boot is manually turned off in firmware settings: Even if your PC supports everything needed, disabling Secure Boot from the UEFI/BIOS firmware will make Windows mark it as unavailable.
  5. Outdated firmware or motherboard limitations: Some older or budget motherboards may lack full UEFI + Secure Boot support — or may need a firmware (BIOS/UEFI) update to expose Secure Boot options properly.
  6. Combination issues (partition style + boot mode + firmware): Secure Boot depends on multiple conditions together: UEFI mode, GPT disk, firmware support — missing any one often triggers “unsupported.” As one community resource puts it, Secure Boot is only fully functional when “UEFI firmware, GPT partition, and platform security features operate together.”

Secure Boot works only when UEFI firmware, GPT partitions, and platform security features operate together — if even one is missing, Windows shows the status as unsupported.

Because there are so many moving parts, the “unsupported” status might be triggered by any single misconfiguration — or a combination of them.

Thus, before attempting any fixes, a quick check of your system’s firmware settings, partition style, and security modules often reveals exactly what’s misaligned.

Quick Pre-Fix Checklist (Do These Before Trying Anything)

Use this checklist to confirm whether your PC is capable of enabling Secure Boot — and which parts might need adjustment:

  1. Confirm if your system uses UEFI mode (not Legacy BIOS): Secure Boot only functions under UEFI firmware. If you’re in Legacy mode, you need to enable UEFI boot.
  2. Check that your boot drive uses GPT partition style (not MBR): Because UEFI + Secure Boot need GPT formatting, an MBR disk will block Secure Boot from working.
  3. Ensure TPM 2.0 / PTT / fTPM (platform security) is enabled in firmware: For full Secure Boot compatibility and Windows 11 readiness, these modules should be active.
  4. Verify Secure Boot isn’t disabled or hidden in firmware settings: On some systems, Secure Boot is disabled by default — or hidden until other settings (like CSM) are turned off.
  5. Confirm your motherboard supports Secure Boot / UEFI fully (check specs or documentation): If the hardware is older or limited, it might simply not support Secure Boot.

A system must support UEFI, GPT partition style, Secure Boot keys, and platform security modules for Secure Boot to function correctly.

Running through this checklist gives clarity. It helps you see whether the “unsupported” label is due to a simple setting you can change — or a deeper hardware limitation you need to plan around.

Secure Boot State Unsupported Fix: Step-by-Step Solutions for Windows 10/11

When Windows displays Secure Boot State Unsupported, it indicates that one or more core requirements for Secure Boot aren’t correctly configured.

6 Proven Methods to Fix Secure Boot State Unsupported

Secure Boot depends on a combination of UEFI firmware, GPT partitioning, platform security modules, and trusted boot keys. If any part of this ecosystem is misaligned, Windows cannot verify Secure Boot support.

The following solutions walk through each requirement in detail, helping you restore compatibility and maintain a secure boot environment.

Fix 1: Enable Secure Boot in BIOS/UEFI to Resolve Unsupported State

If your device already supports Secure Boot but isn’t using it, enabling the feature is often the simplest fix.

  1. Restart your PC and press the manufacturer-specific key for UEFI firmware settings
    (common keys: Delete, F2, F10, F12, or Esc).
  2. Navigate to menus such as Boot, Security, or System Configuration.
  3. Locate the Secure Boot option and set it to Enabled.
  4. Save changes and reboot your PC.

Some systems require disabling CSM (Compatibility Support Module) before Secure Boot can be toggled. In many UEFI interfaces, Secure Boot is hidden until CSM is turned off. Once Secure Boot is enabled, the system loads trusted certificates and boot keys stored in firmware.

Secure Boot relies on verified bootloaders, so enabling it forces the system to allow only digitally trusted software during startup.

Fix 2: Enable TPM 2.0 / PTT / fTPM for Secure Boot Compatibility

Secure Boot often pairs with TPM (Trusted Platform Module) or equivalent firmware-based modules such as Intel PTT or AMD fTPM. These technologies store keys required for platform integrity checks.

  1. Open the Run dialog using Win + R.
  2. Type tpm.msc and press Enter.
  3. If the console reports “TPM is ready for use”, your system already supports it.
  4. If TPM is “not found” or “disabled,” enter your UEFI settings and enable:
    • TPM 2.0
    • Intel Platform Trust Technology (PTT)
    • AMD fTPM
    • Security Device Support

Many Windows 11 readiness checks require both Secure Boot capability and TPM 2.0, and enabling TPM improves system integrity signals that Windows uses during startup.

Fix 3: Change BIOS Mode from Legacy to UEFI for Secure Boot Support

Secure Boot requires the system to operate in UEFI mode. If your device is currently using Legacy BIOS or CSM, Secure Boot cannot be initialized.

  1. Restart your system and enter UEFI firmware settings.
  2. Navigate to the Boot or Startup menu.
  3. Change the Boot Mode from Legacy/CSM to UEFI.
  4. Save your configuration and reboot.

On some devices, switching to UEFI automatically disables CSM and unlocks Secure Boot controls. This change modernizes your firmware environment, which is necessary for loading Secure Boot keys.

UEFI mode enables modern boot features, including Secure Boot, faster startup speeds, and improved firmware-level security.

Fix 4: Convert MBR to GPT (Required for Enabling Secure Boot in Windows 10/11)

Secure Boot requires your boot drive to use the GPT (GUID Partition Table) format. If your disk is still using MBR, Secure Boot cannot function.

To convert without data loss:

  1. Open Command Prompt as Administrator.
  2. Run the built-in Microsoft conversion tool: mbr2gpt /convert /allowfullOS
  3. After conversion, restart the device.
  4. Enter the UEFI menu and confirm Boot Mode is set to UEFI.

If MBR2GPT encounters errors (for example, missing recovery partitions), third-party partition managers may also perform the GPT conversion safely.

This step is essential because GPT supports key UEFI features such as Secure Boot, multiple partitions, and improved data structures for modern systems.

Fix 5: Perform a Clean Boot to Fix Secure Boot State Detection Errors

Occasionally, certain background services or low-level drivers can interfere with how Windows reads Secure Boot. A clean boot starts the system with only essential services, helping identify conflicts.

  1. Open msconfig via the Run dialog.
  2. On the Services tab, enable Hide all Microsoft services, then click Disable all.
  3. Go to Startup, open Task Manager, and disable all enabled items.
  4. Restart your computer.

If Secure Boot is correctly detected after a clean boot, the problem likely lies within a non-Microsoft startup program. Re-enabling items one at a time helps pinpoint the conflicting software.

A clean boot isolates software conflicts that may prevent Windows from detecting Secure Boot capabilities correctly.

Fix 6: Run an In-Place Upgrade or Clean Install if Secure Boot Remains Unsupported

If Windows continues to misinterpret Secure Boot status after UEFI, TPM, and GPT changes, refreshing or reinstalling system files may correct the issue.

Option A: In-Place Upgrade

This method reinstalls Windows while preserving apps and files.

  1. Download the Windows 10 or Windows 11 ISO.
  2. Mount the ISO and run Setup.exe.
  3. Choose Keep personal files and apps.
  4. Proceed with installation.

An in-place upgrade reinitializes Secure Boot detection routines and re-syncs Windows with updated firmware settings.

Option B: Clean Install

A clean install resets the operating system entirely.

  1. Backup your data.
  2. Create installation media.
  3. Boot from the USB drive.
  4. Install Windows fresh on a GPT-formatted disk.

A clean installation ensures Secure Boot, UEFI mode, and trusted boot keys are recognized correctly without legacy configurations interfering.

When Your PC Cannot Support Secure Boot (UEFI & TPM Hardware Limitations)

Even after applying every fix, some PCs still show Secure Boot State Unsupported simply because the hardware and firmware were never designed to support Secure Boot.

Unlike misconfigurations, these limitations come from the system’s motherboard design, firmware generation, or processor/TPM hardware availability, and cannot be solved through settings alone.

In these scenarios, the system cannot load the necessary Secure Boot keys, cannot support full UEFI mode, or lacks the required TPM 2.0 / firmware-based security module that modern Windows versions expect. Recognizing these hardware barriers helps you avoid wasted effort and plan realistic next steps.

Here are the common hardware-level reasons Secure Boot cannot function — and what they mean:

Legacy-Only or Very Old Motherboards Without UEFI Support

Some older PCs were built only for Legacy BIOS, not UEFI. These systems never included the UEFI firmware framework required for Secure Boot. Without UEFI, Secure Boot simply cannot initialize — and there’s no firmware update or settings change to “add” real UEFI support.

For example, certain older desktops with BIOS only show no UEFI or Secure Boot options even after updates, which means Secure Boot isn’t available on that hardware generation.

If your motherboard firmware shows no UEFI/CSM toggle or Secure Boot menu — it’s a hardware limitation, not a settings issue.

Partial or Limited UEFI Implementations That Lack Secure Boot Key Support

Even among PCs that list UEFI in firmware, some older or budget-range boards don’t fully implement all UEFI specs — particularly the parts related to Secure Boot: storage of secure-boot certificates, signature enforcement, or firmware-level key management.

These limitations might manifest as:

  1. No Secure Boot option in BIOS despite UEFI being listed.
  2. Secure Boot option greyed out or unavailable.
  3. Inability to disable CSM (Compatibility Support Module) fully.
  4. Missing firmware-level controls for Secure Boot keys or trusted certificate stores.

In such cases, the hardware “sort-of supports” UEFI, but not the Secure Boot subset — so Windows continues to list Secure Boot as unsupported.

Absence of TPM 2.0 or Compatible Security Module (PTT / fTPM)

While Secure Boot doesn’t strictly require TPM, many modern security standards — including those enforced by newer OS versions — expect a Trusted Platform Module (TPM 2.0) or equivalent firmware-based security (like Intel PTT or AMD fTPM) to be present and enabled.

If your CPU / motherboard lacks TPM 2.0 support — or if only TPM 1.2 is available (now considered outdated) — Secure Boot may still “work,” but your system won’t meet Windows 11’s full security baseline. Many older systems simply don’t include the needed module, and no BIOS update can retroactively add it.

CPU or Platform Doesn’t Meet Modern Security Architecture Requirements

Some older processors lack the necessary firmware hooks or hardware-level instructions used by UEFI and Secure Boot for cryptographic signature verification, firmware protections, or secure key storage.

That means even if every other aspect is correct, the CPU itself may be incompatible with full Secure Boot support.

OEM / Manufacturer Firmware Restrictions or OEM-Locked Systems

In certain laptops or desktops — especially older business-line devices — the manufacturer may ship firmware that completely omits Secure Boot capability, or hides Secure Boot keys behind restricted menus. In such cases, even if the hardware generically supports UEFI and TPM, the firmware shipped with the system blocks Secure Boot.

This often affects refurbished devices, enterprise-class desktops, or off-the-shelf builds from a few years back, where the firmware was optimized for compatibility over security features.

What You Can Do: Realistic Options When Hardware Fails the Test

If your system falls into any of the above categories, here are practical approaches instead of chasing disappearing firmware options:

  1. Continue using Windows 10 or earlier OS versions — where Secure Boot isn’t mandatory (though you’ll lose Windows 11’s enhanced security benefits).
  2. Consider upgrading hardware (motherboard, CPU, or full PC) — to ensure full support for UEFI + Secure Boot + TPM 2.0.
  3. Use Secure Boot–agnostic OS or virtualization — if you only need newer software but don’t rely on Secure Boot.
  4. Understand risks before forcing Windows 11 or bypassing requirements — some tools attempt to skip Secure Boot/TPM checks, but this compromises security integrity and may block system updates or compatibility with security-sensitive software.

Secure Boot Unsupported FAQ (Common Windows 10/11 Questions Answered)

Why does Secure Boot say “unsupported” even when it’s enabled in BIOS?

This happens when another requirement — like UEFI mode, GPT disk, or Secure Boot keys — isn’t configured correctly. Windows needs all three before it can show Secure Boot as supported.

Can you enable Secure Boot without UEFI mode?

No. Secure Boot works only in UEFI mode. If the PC boots using Legacy/CSM, Secure Boot stays unsupported.

Do I need TPM 2.0 for Secure Boot to work?

Secure Boot doesn’t technically require TPM, but Windows 11 expects TPM 2.0 + Secure Boot together for full security and compatibility checks.

Why is Secure Boot greyed out or missing in BIOS?

Common causes include:

  • CSM enabled,
  • Disk still MBR,
  • Firmware with partial UEFI support,
  • Secure Boot keys not initialized.

Disabling CSM usually reveals Secure Boot settings.

Can I enable Secure Boot after installing Windows?

Yes — as long as you switch to UEFI mode, convert the disk to GPT, and enable TPM/secure device support in firmware.

Is Secure Boot required for gaming anti-cheat systems?

Yes for some games. Titles like Valorant and others require Secure Boot + TPM to prevent tampering.

Can Secure Boot be enabled on older hardware?

Not on PCs with Legacy BIOS only or limited UEFI. If Secure Boot doesn’t appear in firmware, the hardware doesn’t support it.

Does converting MBR to GPT erase data?

Microsoft’s MBR2GPT tool converts without deleting data, assuming the disk meets requirements. A backup is still recommended.

Why does Windows require Secure Boot for Windows 11 installs?

Windows 11 uses Secure Boot to block boot-level malware and enforce trusted startup, forming the base of its hardware security model.

Is it safe to bypass Secure Boot requirements?

It works, but isn’t recommended. You may face reduced security, limited updates, and issues with drivers or anti-cheat systems.

Final Thoughts: Understanding the Best Fix for Secure Boot State Unsupported

Resolving the Secure Boot State Unsupported message in Windows 10/11 depends on aligning several system components — UEFI firmware, GPT partitions, TPM 2.0, and Secure Boot key support. Once these align, Secure Boot usually becomes available and functional.

Modern PC security relies heavily on Secure Boot and its support for a trusted boot chain. Secure Boot verifies every component that loads at startup — from firmware to the operating system — ensuring only digitally signed, trusted software runs.

Scenario 1: Your PC Supports Secure Boot — But It’s Disabled or Misconfigured

For many PCs, the root problem is simply that Secure Boot or related settings aren’t enabled. Enabling Secure Boot in firmware, switching to UEFI mode, or activating TPM 2.0 / PTT / fTPM tends to resolve the unsupported status. Once these are correctly set, Windows recognizes Secure Boot’s availability.

If your device supports UEFI, enabling Secure Boot and TPM is often all you need.

In this scenario, the solution doesn’t require hardware changes — just configuration via firmware settings. This applies to most modern desktops and laptops built in the last few years.

Scenario 2: System Uses Legacy Boot / MBR — Secure Boot Needs UEFI + GPT

If your BIOS mode is Legacy and your disk is formatted as MBR, Secure Boot will remain unavailable. For Secure Boot to work properly, the system must boot via UEFI and use a GPT-formatted boot drive.

Switching to UEFI and converting the disk to GPT — when supported — helps your PC meet modern security standards and Windows 11 requirements.

Secure Boot needs UEFI + GPT — without both, Windows will always report unsupported.

When Hardware Limits Prevent Secure Boot

Sometimes, despite all efforts, the PC simply isn’t built to support Secure Boot. This can be due to older motherboards without full UEFI implementation, missing TPM 2.0 support, or firmware that doesn’t support Secure Boot keys properly.

In these cases, no amount of configuration changes will enable Secure Boot. It’s a hardware limitation — not a software bug.

For these systems, recommended paths forward include:

  1. Continuing on Windows 10 (until its end-of-support date) with regular updates and a good antivirus.
  2. Considering hardware upgrade (motherboard or full PC) for Secure Boot + TPM 2.0 support.
  3. Using virtualization or alternate OS setups, if Secure Boot is a must for certain applications.

Why Secure Boot Matters: Beyond Just a Windows Checkbox

With Secure Boot enabled, your system gains a strong defense against advanced threats such as rootkits, bootkits, and firmware-level malware. Secure Boot ensures only trusted, signed software loads — protecting the OS even before antivirus or other protections begin.

For Windows 11, this isn’t optional. Secure Boot combined with TPM 2.0 forms a foundational security layer that helps protect system integrity, user data, and device identity.

Final Recommendation

Whether your PC is using Secure Boot already or still shows “unsupported,” it’s worth checking — because enabling Secure Boot offers real security benefits with minimal trade-offs if your hardware supports it. If it’s a configuration issue, a few steps in firmware settings can get you there.

If it’s a hardware limitation, it’s wise to acknowledge it rather than chase endless fixes. In that case, plan for hardware upgrades, or use alternate approaches — but make sure you’re aware of the trade-offs.

With the right setup — UEFI + GPT + TPM 2.0 + Secure Boot keys — your system will be aligned with modern Windows security standards and ready for the future.

Useful Official Microsoft Resources to Help Fix “Secure Boot State Unsupported”

These official Microsoft guides give your readers accurate, trustworthy steps to understand why Secure Boot isn’t working — and what they can do to fix it. Each link supports a key part of your troubleshooting flow, from checking TPM to converting MBR to GPT.

Windows 11 System Requirements (Official Security + Compatibility Rules): This page explains exactly what Windows 11 expects from your PC — including Secure Boot, UEFI, and TPM 2.0. It’s a great reference for readers unsure whether their hardware is eligible.

How to Enable TPM 2.0 on Your PC (Official Microsoft TPM Guide): If TPM or firmware-based security is turned off, Secure Boot may still appear as unsupported. This guide shows how to check TPM status and enable it safely.

Windows 11 and Secure Boot (Official Setup + UEFI Access Guide): A simple walkthrough from Microsoft on where to find Secure Boot settings, how to enter UEFI, and what the feature actually does for your device security.

Convert MBR to GPT Using MBR2GPT.exe (Official Disk Conversion Guide): If your boot drive still uses MBR, Secure Boot cannot function. This official document shows how to convert safely to GPT without losing your data — a crucial step for many users.

TPM Configuration & Initialization (Official Technical Resource): For devices where TPM isn’t ready or needs initialization, Microsoft provides this deeper guide on configuring ownership and preparing TPM correctly.

Visit Our Post Page: Blog Page

Leave a Comment

Your email address will not be published. Required fields are marked *