issue-secure-boot
BIOS and system settings
Preface #preface
Nowadays, many menus have some requirements for the system/hardware/BIOS, and there are too many online tutorials that are daunting. Here is a summary for everyone (if your problem is not solved here, you can get relevant tutorials through search engines/AI [ChatGPT/DeepSeek and other AI software])
Disable fast startup #disable-fast-startupv
Quick startup can speed up system startup. It is enabled by default, but some menus need to be closed. It is recommended to add it back when not in use.
Right clickClick on the Start menu in the lower left corner - clickTerminal Administrator (Windows PowerShell [Administrator]), enter the following content and press Enter,Need to restart the computer to take effect
powercfg /h off
If you need to re-enable it, just change off in the above command to on and do it again.
Note: This command will disable/enable system hibernation at the same time. If you use the on command to enable fast startup, it is recommended to manually disable system hibernation. Just search online for how to disable system hibernation.
Disable Secure Boot #disable-secure-boot
Safe boot may affect anti-virus software and security protection measures (in fact, if you get used to it, you won’t be infected). It is turned on normally, but some menus need to be turned off for normal use. They can be turned on when not in use.
Check if it is enabled:Right clickClick on the Start menu in the lower left corner - clickTerminal Administrator (Windows PowerShell [Administrator]),enterConfirm-SecureBootUEFIand press Enter (if False is displayed, you don’t need to read the tutorial below. You have disabled secure boot.If True, please continue reading.)
Please be sure to turn off BitLocker before operating, otherwise you may not be able to enter the system: **Win+**S inputBitLocker,EnterManaging BitLocker, confirm theBitLocker is closed, if not, please close
Restart the computer, enter the BIOS, enter the Boot startup section, find Secure Boot, turn it off (change it to Disable/OFF), finally save it, and restart the computer.
-
How to enter BIOS?
Different motherboard manufacturers have different
Right clickClick on the Start menu in the lower left corner - clickTerminal Administrator (Windows PowerShell [Administrator]),enterwmic baseboard get productThen press Enter to see the motherboard model. Go to the Internet/AI to search for the key you pressed to enter the BIOS for this model. Then restart the computer and immediately start pressing this key until you see an interface you have never seen before. -
How to find Secure Boot and save changes
Secure Boot means secure boot. The location in the BIOS of each motherboard is different. It is usually found in Boot/Security/Advanced (if it is a Chinese interface, it is easier to find). Click the switch/drop-down list next to it and select Disable/NO/OFF/No. Finally, find Save & Exit in the BIOS to save and exit the BIOS (Asus needs to change it to Custom first). Customize and then clear the key (Key), different manufacturers are different, if you are not sure, I recommend Baidu)
Disable kernel isolation #disable-kernel-isolation-v
Just disable it, it's usually no big deal
Right clickClick on the Start menu in the lower left corner - clickTerminal Administrator (Windows PowerShell [Administrator]), enter the following content and press Enter
cmd /c "reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CI\Config /v VulnerableDriverBlocklistEnable /t REG_DWORD /d 0 /f && bcdedit /set hypervisorlaunchtype off"
If the operation fails, please check whether Virtualization Technology is disabled in the BIOS: enter the BIOS, find Virtualization Technology, and set it to on (refer to the secure boot steps above)
To enable it, directly change off to on and execute it again.
Modify MBR partition to GPT #gpt-partition
Computers after 2015 are basically GPT. If you use Win11, it must be GPT.
Right clickClick on the Start menu in the lower left corner - clickTerminal Administrator (Windows PowerShell [Administrator]), enter the following content and press Enter
Get-Disk -Number 0 | Select-Object PartitionStyle
If the output is GPT, then the output is GPT, otherwise the output is MBR.
If you have multiple hard drives and are not sure which of your hard drives is the system drive,Right clickClick on the Start menu in the lower left corner - clickDisk management, find the disk on the left side of your system disk (usually C drive), right-click Properties - Volume - check whether the disk partition format isGPT
Can be referencedthis videoMake non-destructive modifications
Modify BIOS mode from Legacy to UEFI #uefi
Recent computers are generally UEFI. Some old motherboards (most computers after 2015 support UEFI and are turned on by default) do not support UEFI and modifications may require reinstalling the system/changing the boot file. If you don’t understand, it is recommended not to operate.
Right clickClick on the Start menu in the lower left corner - clickTerminal Administrator (Windows PowerShell [Administrator]), enter the following content and press Enter
(Get-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\SecureBoot\State").UEFISecureBootEnabled
If the output is 1, it means UEFI. If it is 0, you need to confirm whether your motherboard supports it (be sure to search whether your motherboard model supports it). If it does not support it, change the motherboard. If it supports it:
Please make sure that the above #Modify the MBR partition to GPT and this part is a GPT partition, followed by:
Restart the computer, enter the BIOS, enter the Boot security section, find the Boot Mode related items, change Legacy to UEFI, finally save and restart the computer.
-
How to enter BIOS?
Different motherboard manufacturers have different
Right clickClick on the Start menu in the lower left corner - clickTerminal Administrator (Windows PowerShell [Administrator]),enterwmic baseboard get productThen press Enter to see the motherboard model. Go to the Internet/AI to search for the key you pressed to enter the BIOS for this model. Then restart the computer and immediately start pressing this key until you see an interface you have never seen before. -
How to find Boot Mode and save changes
The location in the BIOS of each motherboard is different. It is usually found in Boot (it is easier to find if it has a Chinese interface). Find the words related to Boot Mode (UEFI / Legacy) and change it to UEFI; finally, find Save & Exit in the BIOS to save and exit the BIOS and you will be successful (different manufacturers are different, if you are not sure, I recommend Baidu)
Disable TPM
Restart the computer, enter the BIOS, enter the Security section, find the TPM related items, turn it off (change it to Disable/OFF), finally save and restart the computer.
- How to enter BIOS?
Different motherboard manufacturers have differentRight clickClick on the Start menu in the lower left corner - click**Terminal Administrator (Windows PowerShell [Admin])**, enter wmic baseboard get product and press Enter to see the motherboard model. Go to the Internet/AI to search what key you press to enter the BIOS for this model; then restart the computer and immediately start pressing this key until you see an interface you have never seen before.
- How to find the TPM and save changes
The location in the BIOS of each motherboard is different. It is usually found in Security / Advanced (if the Chinese interface is easier to find), click the switch / drop-down list next to it and select Disable / NO / OFF / No; finally, find Save & Exit in the BIOS, save and exit the BIOS and you will be successful (different manufacturers are different, if you are not sure, I recommend Baidu)
It's the same way to start it.
Turn on CPU virtualization technology
Verify whether it is turned on (normally it is turned on by default):Right clickClick on the Start menu in the lower left corner - click**task manager**- Select above**performance**page, whether it is enabled after "Virtualization:" in the lower right corner of the CPU section. If not, please see the tutorial below (the following is classified according to your CPU brand, if you are not sure, check your own computer configuration)
Intel platform: Restart the computer, enter the BIOS, enter**Advanced**Advanced section, find**Intel Virtualization** **Technology**, enable (change to Enable/ON), finally save and restart the computer.
AMD platform: Restart the computer, enter the BIOS, enter**Advanced** Advanced section, find**SVM mode**, enable (change to Enable/ON), finally save and restart the computer.
- How to enter BIOS?
Different motherboard manufacturers have differentRight clickClick on the Start menu in the lower left corner - click**Terminal Administrator (Windows PowerShell [Admin])**, enter wmic baseboard get product and press Enter to see the motherboard model. Go to the Internet/AI to search what key you press to enter the BIOS for this model; then restart the computer and immediately start pressing this key until you see an interface you have never seen before.
- How to find and change save
The location in the BIOS of each motherboard is different. It is usually found in Advanced (if the Chinese interface is easier to find), click the switch/drop-down list next to it and select Enable / YES / ON / Yes; finally, find Save & Exit in the BIOS, save and exit the BIOS and it will be successful (different manufacturers are different, if you are not sure, I recommend Baidu)