Secure Boot is a Windows 11 requirement, but sometimes your BIOS won't let you enable it.

You need a secure boot-compatible computer to install Windows 11. But there are other reasons to enable secure boot when available. It is a safety standard that prevents malicious codes from running on your PC during boot.

But what if secure boot option is grayed out in BIOS? This can happen due to incorrect changes to your BIOS settings. You can load the default boot configuration to restore secure boot on Windows. Here is how to troubleshoot and fix the secure boot grayed-out problem in the BIOS.

1. Set Admin Password in BIOS

You can set an administrator password in BIOS security to prevent unauthorized access to the setup utility. On some computers, you may need to enable an administrator password to enable secure boot.

To set an administrator password, you need to access the BIOS Security tab. The following steps are for an HP Pavilion laptop. Refer to your manufacturer's manual for other OEM devices.

To set an administrator password in BIOS:

1. Shut down your PC.
2. Press the Power to restart and then start pressing the F10 key to enter BIOS Setup Utility. Other manufacturers like Dell, Asus, and Lenovo use F2 to access the BIOS utility.
3. In the BIOS Setup Utility, use the right and left arrow keys to open the Security tab.

   

4. Next, select Administrator Password and press Enter. On other computers, you may see the Set Supervisor Password option instead.
5. Here, type your new administrator password and then repeat the password in the Confirm New Password field.
6. Press Enter to save the password.

   

7. Next, press F10 to save the changes and exit BIOS.
8. Boot into BIOS again, and Secure Boot should be available for use.

You can remove the administrator password after enabling Secure Boot. To do this, open the Security tab in BIOS and select Administrator Password. Next, enter your administrator password, but leave the Enter New Password and Confirm New Password fields blank. Press Enter again to save the changes.

2. Disable Fast Boot in BIOS

Fast Boot is a UEFI/BIOS feature. When enabled, it skips the check for a USB device, such as a bootable drive to speed up the boot process. However, the same can also prevent you from enabling secure boot in BIOS.

To fix the issue, boot into the BIOS Setup Utility and disable Fast Boot. This feature may not be available on all computers. If not available, skip to the next solution.

Note that the fast boot feature is different from Fast Startup. Fast Boot is a BIOS feature, whereas Fast Startup is a Windows feature to speed up the boot process.

To disable fast boot in BIOS:

1. Boot into BIOS
2. Use the right and left arrow keys to open the Advanced tab.
3. Next, select Boot Options and press Enter.
4. Select Fast Boot and set it to Disabled.
5. Press Enter to save the changes.
6. Press F10 to save the changes and exit.
7. After the computer restarts, boot into BIOS to see if you can access Secure Boot.

3. Restore the BIOS Security Settings to Factory Defaults

You can restore BIOS security settings to factory defaults to enable secure boot. If you have made major changes to the BIOS security settings, a reset will remove the custom configuration and restore the factory default security settings. Most BIOS utilities allow you to perform a restore in the BIOS Security tab.

To restore BIOS Security settings to factory defaults:

1. Boot into BIOS.
2. Open the Security tab using the arrow keys.
3. Use the down arrow keys and select Restore Security settings to factory defaults.

   

4. Read the description in the Security Feature Reset Request dialog. Here you'll need to enter a pass code to complete the reset request.
5. So, enter the shown pass code and press Enter.

   

6. Press F10 to save the changes and exit BIOS.
7. Boot into BIOS again and check if the greyed-out secure boot problem is resolved.

4. Update BIOS

If the issue persists, your problem may be due to outdated BIOS firmware. While you don't need to update your system BIOS as frequently, the newer version tends to bring bug fixes, performance improvements, and newer hardware support.

A BIOS update is recommended if your motherboard or laptop manufacturer recommends it. Any updates will be available via the laptop or motherboard manufacturer's websites.

Prepare Your Computer for a BIOS Update

Before you update your BIOS, you'll need to suspend BitLocker protection. You may also need to temporarily turn off Windows Security protection and third-party antivirus.

Next, check your current BIOS version. You don't want to install an older version of BIOS on your computer. So, press the Win key, type system information, and open the System Information app from the search results. In the System Information dialog, locate and check the BIOS Version/Date entry. Note down the BIOS version, for example, AMI F.27, 3/17/2022.

Unlike other driver and software feature updates, updating your BIOS can be tricky. You can update BIOS from within BIOS, where the BIOS Setup Utility can check your laptop manufacturer's website for BIOS updates. This option, however, is not available for all computers.

Alternatively, you can also manually install BIOS from within Windows. For example, on an HP computer, go to the HP Drivers page. Select your device manually or let the website detect the device for you.

Next, check for the pending drivers and BIOS updates. If detected, download the HP Notebook System BIOS Update (Intel / AMD Processors). Make sure to compare the version with the version installed on your PC. If same or older, you don't need to update your BIOS.

To update BIOS, run the firmware file and follow the on-screen instructions. Your computer will restart into the BIOS Update utility. Select Apply Update Now and wait for the update to finish installing. Once done, boot into BIOS and check if the Secure Boot option is available. Make sure to enable your antivirus and BitLocker protection again.

5. Load the BIOS Defaults Settings

You can restore your BIOS to its factory default settings to fix issues occurring due to corrupt BIOS configuration. While loading the default settings will not affect your data, we recommend you back up any and all the important data on your computer before proceeding with a BIOS reset.

To load BIOS defaults settings:

1. Boot into BIOS and open the Exit tab.
2. Next, select the Load Setup Defaults option and press Enter.
3. Select Yes and press Enter. This will load setup default values for all SETUP items.
4. Select Save Changes and Exit.
5. Boot into BIOS again and check if the secure boot option is restored.

Fixing the Grayed Out Secure Boot Option in BIOS

Secure Boot in BIOS is greyed out if the administrator password is not set. In other instances, incorrect BIOS security settings and outdated BIOS can cause the issue. As a last resort, try to restore BIOS settings to factory defaults to restore Secure Boot in BIOS.