Fix Secure Boot Enabled but Not Active

Deep
14 Oct, 2025

Secure Boot Enabled but Not Active

Boot Enabled but Not Active: How to Fix It on Gigabyte and Other PCs (2025 Guide)

What Does “Secure Boot Enabled but Not Active” Mean?

If you open your BIOS or run msinfo32 In Windows, if Secure Boot Is Enabled but Not Active, it means your system is configured for Secure Boot, but it’s not yet operational.

In simple terms, your PC is ready for Secure Boot, but something’s stopping it from running (usually a BIOS or drive mode issue).

What Is Secure Boot?

Secure Boot is a UEFI security feature that ensures only trusted software and operating systems load when you start your computer.
It helps protect against malware, rootkits, and boot-time viruses — and it’s required for Windows 11 installation.

 Common Causes of “Secure Boot Enabled but Not Active”

Secure Boot Enabled but Not Active

How to Fix “Secure Boot Enabled but Not Active” (Gigabyte, ASUS, MSI, etc.)

Follow these steps carefully 👇

 Step 1: Disable CSM (Compatibility Support Module)

  1. Restart your PC and press Delete (or F2) to open the BIOS.

  2. Go to BIOS → CSM Support.

  3. Set CSM Support = Disabled.

  4. Press F10 → Save and reboot.

💡 Disabling CSM ensures your system runs in full UEFI mode.

Step 2: Check Your Boot Mode

Back in BIOS → Go to Boot → Boot Option Priorities

  • If you see Windows Boot Manager (Your Drive) → it’s UEFI ✅

  • If you only see the drive name (e.g., “Samsung SSD 870 EVO”) → it’s Legacy ❌

If you’re in Legacy mode, convert the drive to GPT next.

Step 3: Convert MBR to GPT (No Data Loss)

In Windows (Admin Command Prompt), run:

mbr2gpt /convert /allowfullos

After it finishes:

  • Reboot into BIOS

  • Confirm Boot Mode = UEFI

Step 4: Install Secure Boot Keys

In BIOS:

  1. Go to Settings → Miscellaneous → Secure Boot.

  2. Choose Install Factory Defaults or Install Default Secure Boot Keys.

  3. Set:

  4. Save changes (F10) and reboot.

Step 5: Confirm in Windows

  1. Press Windows + R, type msinfo32, and hit Enter.

  2. Look for:

If it’s ON, your Secure Boot is now fully active 🎉

Bonus Tip: For Gigabyte Motherboards

Some Gigabyte users still see the message after enabling everything.
Here’s what to do:

  1. Set Secure Boot Mode = Custom

  2. Clear all keys → reboot

  3. Reopen BIOS → Set Secure Boot Mode = Standard

  4. Click Install Default Secure Boot Keys

  5. Save & Exit

This resets the Platform Key (PK) properly and activates Secure Boot.

 Summary Table

SettingCorrect Value
CSM SupportDisabled
Boot ModeUEFI
Secure BootEnabled
Secure Boot ModeStandard
Secure Boot KeysInstalled
Drive TypeGPT
Windows BootWindows Boot Manager

Final Thoughts

If your BIOS says “Secure Boot enabled but not active”, it’s not a bug — it just means you’re halfway there.
Once you disable CSM, install the keys, and boot in UEFI mode, Secure Boot will activate automatically, keeping your system safe.


Previous Post