Secure Boot Enabled But Not Active: 5 Ways to Fix It

Make sure CSM in your BIOS is disabled

by Vladimir Popescu
Vladimir Popescu
Vladimir Popescu
Managing Editor
Being an artist his entire life while also playing handball at a professional level, Vladimir has also developed a passion for all things computer-related. With an innate fascination... read more
Reviewed by Alex Serban
Alex Serban
Alex Serban
Windows Server & Networking Expert
After moving away from the corporate work-style, Alex has found rewards in a lifestyle of constant analysis, team coordination and pestering his colleagues. Holding an MCSA Windows Server... read more
Affiliate Disclosure
  • This issue could have occurred due to Compatibility Support Module being enabled, or your BIOS is outdated. 
  • This guide will discuss all the potential fixes and the causes of the issue.
Secure Boot Enabled But Not Active

To fix various PC problems, we recommend Restoro PC Repair Tool:
This software will repair common computer errors, protect you from file loss, malware, hardware failure and optimize your PC for maximum performance. Fix PC issues and remove viruses now in 3 easy steps:

  1. Download Restoro PC Repair Tool that comes with Patented Technologies (patent available here).
  2. Click Start Scan to find Windows issues that could be causing PC problems.
  3. Click Repair All to fix issues affecting your computer's security and performance
  • Restoro has been downloaded by 0 readers this month.

On the System Information page, if you see the Secure boot option is off, but in BIOS it is shown as Active, which can be confusing. However, it could be due to some misconfigured settings in BIOS, and it can be sorted with a few steps. 

Here in this guide, we will discuss some steps to fix this issue right after examining the causes of the issue. Let’s get started!

What causes the Secure Boot enabled but not active issue?

There could be various reasons why secure boot is not active on your computer, some of them are mentioned here: 

  • Secure Boot feature disabled –  Check if the Secure Boot option in UEFI firmware settings is set to Disabled; the feature won’t work, even if it is technically enabled. So double-check the settings in BIOS to be sure. 
  • CSM enabled – If Compatibility Support Module is enabled in UEFI settings, you might see that secure boot is not an active issue. It would be best if you disabled it to get the Secure boot option.
  • BIOS is outdated – if BIOS is not up to date, it might not support the Secure boot feature. Check the manufacturer’s website to download and install BIOS updates to enable the feature.
  • Scan for viruses – If your computer is infected with malware or viruses, you might see that secure boot is not active issue. You need to run a malware scan using a security tool.

What can I do if secure boot is enabled but not active?

Before moving to actual troubleshooting steps,  go through these preliminary checks: 

  •  Check for Windows updates
  • The operating system must be configured to support Secure boot.
  • Your device should have a valid Secure boot signature.

1. Update BIOS

  1. Press the Windows key, type CMD, and click Run as administrator.DOS COmmand Prompt - secure boot enabled but not active
  2. Type the following command to check the BIOS version and press Enter: wmic bios get smbiosbiosversion
  3. Next, open the device manufacturer’s website or open the assistant app if provided by the manufacturer. For demonstration purposes, we are using the HP Support Assistant tool.
  4. Open the app. Go to Updates, then click Check for updates.HP assistant
  5. If there is an update available, download and install the BIOS.

2. Disable CSM

  1. Press Windows + I to open Settings.
  2. Go to System, then click Recovery.System-Recovery-Windows-11 - secure boot enabled but not active
  3. Now under Advanced Startup, click Restart now.Advanced Startup
  4. From the Choose an option window, select Troubleshoot.Troubleshoot- enable secure boot without bios
  5. Now select Advanced Options.Troubleshoot WITH AO selected
  6. On the Advanced Options window, select UEFI Firmware Settings.UEFI
  7. Click RestartUEFI Restart
  8. The computer will restart and provide you with some options. First, choose the appropriate option to enter BIOS.
  9. Go to the Boot tab or Security tab, select CSM and choose Disabled.SupportCSM
  10. Now switch to the Exit tab and select Save changes and exit.

3. Change the platform 

  1. Enter the BIOS mode using the method explained in the above method.
  2. Navigate to System Mode, and select User instead of Setup.
  3. Now locate Secure Boot Mode, and choose Custom if Standard is selected.   enable secure boot without bios
  4. Then again, change it back to Standard.
  5. Now switch to the Exit tab and select Save changes and exit.

4. Enable Secure Boot properly 

  1. Again enter the BIOS using the method mentioned in method 2.
  2. From the Boot menu or Security menu, choose Secure boot.Secure-boot -enable secure boot without bios
  3. Select Enabled. Now switch to the Exit tab and select Save changes and exit.

5. Scan your computer for malware 

  1. Press the Windows key, type Windows Security and press click Open.Windows Security open
  2. Go to Virus & threat protection, and click Scan optionsV& T -enable secure boot without bios.
  3. Now select Full Scan, and click Scan now.Full scan -
  4. Once the Scan is complete, delete all the malicious files found.

So, you need to follow these steps to fix the secure boot enabled but not active. Try these methods and let us know which worked for you in the comments below.

Still having issues? Fix them with this tool:


If the advices above haven't solved your issue, your PC may experience deeper Windows problems. We recommend downloading this PC Repair tool (rated Great on to easily address them. After installation, simply click the Start Scan button and then press on Repair All.

This article covers:Topics: