Written by
Eudora LiuSummary: Although Secure Boot is a wonderful feature to maintain the security of your Windows, it may bring some issues like 'Secure Boot Can Be Enabled When System in User Mode'. Don't be nervous, this post from iBoysoft gives you four methods to fix it.
Supporting UEFI Secure Boot is one of the requirements for Windows 11, which is a new hardware need for installing Windows on your PC. Secure Boot allows you to load only trusted software during booting up.
However, when you try to enable Secure Boot, you might receive an error message reading Secure Boot Can Be Enabled When System in User Mode while enabling Secure Boot in the UEFI menu.
This error message prevents you from enabling Secure Boot and even playing games that require the secure boot. This post explains why you need to enable Secure Boot, discusses the reasons behind this issue, and offers some methods for you to fix it.
Much appreciate it if you would like to share this post on your social media.
Why do you need to enable Secure Boot on Windows?
Secure Boot is a security standard developed by members of the PC industry to help make sure that your PC boots up using only software that is trusted by the PC manufacturer. When the PC starts, the firmware verifies the signature of each piece of boot software whether it is from a trusted source and has not been tampered with.
This verification process helps your PC to prevent viruses and other malware from running on the system, making it more difficult for attackers to take control of the machine. Once the software has been verified, it will be signed with a digital signature.
Thus, it's an essential feature for most users to ensure that only trusted software can be executed on the system. But what causes Secure Boot Can Be Enabled When System in User Mode? We listed some possible reasons below:
- Corrupted BCD. Boot Configuration Data tells Windows how to boot when running on the PC. If you get the corrupted BCD, your PC may not startup normally or you will get some errors when booting up.
- Disabled User Mode. Secure Boot can be only enabled when your system is in User Mode. If you are not enabled User Mode, it will cause this issue.
- Unsupported firmware. A supported firmware is the key to enabling Secure Boot. If your firmware does not support Secure Boot, you need to update your firmware.
How to Fix Secure Boot Can Be Enabled When System in User Mode?
After you understand the reason why you get the error message reading Secure Boot Can Be Enabled When System in User Mode during enabling Secure Boot in the UEFI menu, you can use the following methods to fix this issue.
Change UEFI Firmware Settings
One of the reasons that cause this issue is the unsupported firmware, so updating the firmware is necessary.
- Hold on to the Shift key and then restart your PC to boot your PC into Safe Mode.
- Click on Troubleshoot > Advance option > UEFI Firmware Settings.
- Tap on Restart to access the startup menu and then press the F8 key.
- Find Secure Boot in the Boot Options or Security tab and then press Enter to enable it if it is disabled.
- Click Save Changes and Exit and then click Yes to wait for your PC to restart.
- Press Win + R to open the Run dialog box, then type in msinfo32, and press Enter to open System Information.
- Check the Secure Boot State entry to see whether it says "on".
With firmware updates, many manufacturers update their device's UEFI support and the system settings menu options.
Convert the partition to GPT
Windows 11 only boots on a GPT partitioning system, so if your PC doesn't have a GPT partition, you need to change one from MBR to GPT.
- Press Win + R to open the Run dialog box, then type in diskmgmt.msc, and press Enter to open Disk Management.
- Right-click your drive and select Properties.
- Turn to the Voulme tab and check Partition style.
- Press Win + Shift + Enter to open Command Prompt with administrator privileges if the partition is MBR.
- Type in the following command and then hit Enter to run.
mbr2gpt.exe /convert /allowfullos
Wait for the process to finish and then check the partition style in Disk Management again whether it is GPT now.
Enable User Mode
Every user process operates under the user mode. In this mode, processes do not have direct access to the RAM or other hardware resources and have to make system calls to the underlying APIs to access these resources.
- Press Win + R to open the Run dialog box, then type in gpedit.msc, and press Enter to open Group Policy Editor.
- Turn to Computer Configuration > Administrative Templates > System.
- Find and double-click on User Account Control: Switch to the secure desktop when prompting for elevation.
- Click Enabled and then click Apply and OK to confirm.
After that, you can use your PC normally and perform tasks that do not need administrative permission.
Disable CSM and reinstall Windows
CSM means Compatibility Support Module, which is a sub-item in the Boot option in BIOS, and it is a parallel item with Secure Boot. Thus, try to disable CSM and then reinstall Windows to check whether the issue can be fixed.
- Hold on to the Shift key and then restart your PC to boot your PC into Safe Mode.
- Click on Troubleshoot > Advance option > UEFI Firmware Settings.
- Check for the Compatibility Support Module(CSM) option and disable it.
- Create a bootable USB and then reboot your PC from it.
- Check the Secure Boot State entry to see whether it says "on".
During the process of disabling CSM and reinstalling Windows on your PC, your data may get lost, so back up your data before.
Bottom Line
Secure Boot is a crucial feature to maintain your Windows security. However, you may encounter issues like 'Secure Boot Can Be Enabled When System in User Mode', take it easy, and use the methods mentioned in this post to try fixing it. Hope you can solve it successfully.
If you have fixed the 'Secure Boot Can Be Enabled When System in User Mode' issue successfully, don't forget to share these useful methods with those who need them.