Enable Secure Boot to block malware attacks, virus infections, and the use of nontrusted hardware or bootable CDs or DVDs that can harm the computer. You can also disable Secure Boot to use trusted but unrecognized hardware (such as older video cards) or to boot from unrecognized recovery media.
All HP computers manufactured with Windows 11 and 10 come with Secure Boot enabled by default.
If you run the Windows 11 operating system without Secure Boot, it might cause instability and prevent Windows from making updates to your computer.
To enable or disable Secure Boot on an HP consumer notebook, first confirm if Legacy Support is available and enabled.
Turn off the computer.
Press the power button to turn on the computer, and then immediately press the esc key repeatedly until the Startup Menu opens.
Press f10 to open BIOS Setup.
Use the right arrow key to select System Configuration, use the down arrow key to select Boot Options, and then press enter.
Find Legacy Support in the list.
If Legacy Support is not listed, continue to the next step.
If Legacy Support is listed and you are enabling Secure Boot, use the down arrow to select Legacy Support, press enter, select Disabled, press enter, and then continue to the next step.
If Legacy Support is listed and you are disabling Secure Boot, continue to the next step.
Use the down arrow key to select Secure Boot, and then press enter.
Use the down arrow key to select Enabled or Disabled, depending on your requirements.
Press enter to save the change.
If you enabled Secure Boot, depending on your notebook, press f10 to save the changes and reboot, or use the left arrow key to select the File menu, use the down arrow key to select Save Changes and Exit, and then press enter to select Yes to confirm the change.
If you disabled Secure Boot, continue to the next step.
Use the arrow keys to select Legacy Support, press enter to change the setting to Enable, press enter, select Yes in the confirmation window, and then press enter.
Use the down arrow key to select a device in the Legacy Boot Order menu, and then press f5 and f6 to move the device down or up.
Press f10 to accept the changes, use the left arrow key to select Yes, and then press enter to Exit Saving Changes and restart the computer.
If an Operating System Boot Mode Change message is displayed, type the code shown, and then press enter and start Windows.
Turn off the computer and wait a few seconds. Then, turn on the computer, and immediately press esc repeatedly until the Startup Menu opens.
When the Startup Menu is displayed, press f9 to select Boot Device Options.
When Boot Manager opens, use the down arrow key to select a boot device, and then press enter to start the computer from the selected device.
Use the BIOS settings to enable or disable Secure Boot on an HP commercial notebook or workstation computer.
BIOS interface might vary depending on the computer series.
Turn off the computer.
Press the power button to turn on the computer, and then immediately press the esc key repeatedly until the Startup Menu opens.
Select BIOS Setup (F10), and then press enter.
Select the Security tab, and then select Secure Boot Configuration.
If you do not see the Secure Boot Configuration option, update your computer to the latest BIOS.
In the Secure Boot Configuration window, select the Secure Boot box to enable Secure Boot, or clear the Secure Boot box to disable it.
If you enabled Secure Boot, select the Main tab, select Save Changes and Exit, and then click Yes to confirm the change.
If you disabled Secure Boot, continue to the next step.
Select the Main tab, select Save Changes and Exit, and then click Yes to display a PIN.
Type the PIN, and then press enter.
Turn off the computer.
Press the power button to turn on the computer, and then immediately press the esc key repeatedly until the Startup Menu opens.
Select BIOS Setup (F10), and then press enter.
Select the Advanced tab, and then select Boot Options.
Under Legacy Boot Order, select a boot device, and then press enter.
Select the Main tab, select Save Changes and Exit, and then click Yes to confirm.
The computer starts from the bootable device selected.
Use the BIOS settings to enable or disable Secure Boot on an HP desktop computer.
Turn off the computer.
Press the power button to turn on the computer, and then immediately press the f10 key repeatedly until the Computer Setup Utility opens.
Use the arrow keys to select the Security menu, select Secure Boot Configuration, and then press enter.
When the Secure Boot Configuration message is displayed, press f10.
Change the Secure Boot setting.
To enable Secure Boot, use the arrow keys to select Disable next to Legacy Support, and then select Enable next to Secure Boot. Press f10 to accept the changes.
To disable Secure Boot, use the arrow keys to select Disable next to Secure Boot, and then select Enable next to Legacy Support. Press f10 to accept the changes, and then continue to the next step.
Press f10 again, and then press enter twice to restart the computer.
If you disabled Secure Boot, type the four-digit code displayed in the Operating System Boot Mode Change message, and then press enter to confirm the change.
Make sure that you type the code correctly. There is no text field to see what you are typing. This behavior is expected.
Press the power button to turn off the computer, wait a few seconds, turn on the computer, and then immediately press esc repeatedly until the Startup Menu opens.
Use the down arrow key to select a device under the Legacy Boot Sources heading, and then press enter to start the computer from the selected device.
Read frequently asked questions about how Secure Boot works and to troubleshoot any issues.
With Secure Boot disabled, your computer is at greater risk from rootkit infections that install themselves before the Windows boot process. Antivirus or security software typically does not protect against these types of threats.
Disabling Secure Boot might also cause system instability and prevent Windows from making updates to your computer.
Your computer must be Secure Boot capable to upgrade to Windows 11.
Any PC sold with Windows 10 is Secure Boot capable. Your BIOS settings might cause your computer to appear to not be Secure Boot capable.
To upgrade to Windows 11, you must disable Legacy Boot and enable UEFI BIOS.
If the computer does not start, a blue or a blank screen is displayed, or a BIOS error is displayed after installing new compatible hardware, such as a video card, Secure Boot might not recognize it. Return the computer to its original state, and then enable Legacy Boot to install the new component.
Turn off the computer.
Uninstall the new hardware or component, and then reinstall the original component.
Use the instructions provided for your computer to enable Legacy Boot:
Turn off the computer, reinstall the new component, and then restart the computer.
Secure Boot prevents legacy boot devices from starting your computer, including bootable CDs, DVDs, and USB flash drives. To start your computer from valid recovery media, enable Legacy Support, and then select the correct drive as the boot device.
Turn off the computer.
Use the instructions provided for your computer to enable Legacy Boot:
Insert the CD, DVD, or USB flash drive into the computer.
Press the power button to turn off the computer, and then wait 5 seconds.
Press the power button again to turn on the computer.
The computer starts from the selected boot source.