If you encounter the “Secure Boot can be enabled when system in User Mode” error when you use Secure Boot, you don’t need to worry. This post from MiniTool Partition Wizard analyzes what causes this issue and provides several effective solutions to fix it.
Secure Boot Can Be Enabled When System in User Mode
Secure Boot is a security feature that ensures that your PC boots using only trusted software from the manufacturer, preventing malicious software from loading during start-up. The Windows 11 installation and some games require Secure Boot.
However, you may encounter the “Secure Boot can be enabled when system in User Mode” error while enabling Secure Boot.
Different people may encounter the error with different error messages. Here are two main error messages:
- Secure Boot can be enabled when Platform is in User Mode. Repeat operation after enrolling Platform Key (PM).
- System in Setup Mode! Secure Boot can be enabled when system in User Mode. Repeat operation after enrolling Platform Key(PK).
Why does the error occur? After investigating extensive user reports and references on the Internet, I found some reasons as follows:
- Corrupted Boot Configuration Data (BCD)
- Corrupt configurations of BIOS
- Viruses and malware infection
- Hardware issues
- User Mode is not enabled
- Outdated system firmware
- Corrupt system files
- Incompatible partition table
- Incompatible BIOS mode
- Enabled CSM
Solutions for Secure Boot Can Be Enabled When System in User Mode
How to fix the “Secure Boot can be enabled when system in User Mode” error? Here we summarize several practical solutions for you to get rid of the issue in 2 different cases. You can try them one by one until the error gets fixed.
Check the Secure Boot Status
According to the Secure Boot status, different measures are taken to eliminate the “Secure Boot can be enabled when system in User Mode” error. So, you’d better check the Secure Boot status on your PC first. Here’s how to do that:
- Press the Windows and R keys simultaneously to open the Run window.
- Type “msinfo32” in the box and press Enter to open the System information window.
- Find the Secure Boot State from the list and check what the state is like, “On”, “Off”, or “Unsupported”.
If it is “On”, it means Secure Boot has been enabled. No action is required. If it says “Unsupported” or “Off”, you need to follow the steps corresponding to different cases.
Case 1. Secure Boot Is Unsupported
The Unsupported Secure Boot state can be caused by various reasons, such as disabled TPM, and incompatible BIOS mode/partition table/hardware. So, if the Secure Boot state is Unsupported, you can try the following methods to fix the “Secure Boot can be enabled when system in User Mode” error.
Solution 1. Convert MBR to GPT
The secure boot function is only supported in UEFI boot mode, which only supports GPT disks. So, if you encounter the “Secure Boot can be enabled when system in User Mode” error, you’d better check your partition style first. To check that, you can refer to this post: How to Check Partition Style in Windows 10/11.
After checking, if you find your partition style is MBR, you need to convert it to GPT to fix the “Secure Boot can be enabled when system in User Mode” error. To convert MBR to GPT, MiniTool Partition Wizard is a good choice, as it can convert your partition type without any data loss.
Besides, this professional and multifunctional partition manager can also be used to migrate OS to SSD without reinstalling OS, check for disk errors, format USB to FAT32, partition hard drive, change cluster size, rebuild MBR, set partitions as logical/primary, and more.
Here’s how to use MiniTool Partition Wizard to convert MBR to GPT:
Step 1. Click the Download button to get the MiniTool Partition Wizard installation package, and then follow the on-screen instructions to install it on your PC.
Step 2. Enter the main interface of MiniTool Partition Wizard, choose the MBR disk you want to convert.
Step 3. Select Convert MBR Disk to GPT Disk function from the left pane, and then click OK in the Warning windows.
Step 4. Click Apply and Yes to execute the pending operations.
After the MBR to GPT conversion, you need to follow the steps in Solution 2 to modify the boot mode to UEFI. Otherwise, your PC won’t boot.
Solution 2. Change the Boot Mode from Legacy to UEFI
The Legacy boot mode doesn’t support Secure Boot, so it’s necessary for you to change the Legacy boot mode to UEFI. To do that, you can do with the following steps:
Step 1. Restart your PC and press the BIOS key to enter the BIOS menu.
Step 2. Navigate to the Boot Mode or Boot Option Priority setting.
Step 3. Use the arrow keys to change the setting from Legacy to UEFI.
Step 4. Save the changes, exit the BIOS mode, and then restart your PC.
Step 5. Once done, check if the error still persists.
Solution 3. Enable TPM
If your computer has disabled the TPM, you will encounter the Secure Boot state unsupported issue and result in the “Secure Boot can be enabled when system in User Mode” error. In this case, you need to enable TPM with the following steps:
Step 1. Open the Run window, type “tpm.msc” and press Enter.
Step 2. In the pop-up window, go to the Action tab and select Prepare the TPM from the drop-down menu.
Step 3. Restart your computer, check the Secure Boot state, and see if the “Secure Boot can be enabled when system in User Mode” error is fixed.
Case 2. Secure Boot Is off
If the Secure Boot state is off, you can try the following solutions to troubleshoot the “Secure Boot can be enabled when system in User Mode” error.
# 1. Enable User Mode
If the User Mode is disabled, you may also encounter the “Secure Boot can be enabled when system in User Mode” error. So, you can try enabling User Mode to fix the error. To enable the User Mode, you can do as following:
Step 1. Open the Run window, type “gpedit.msc” and press Enter to open the Local Group Policy Editor window.
Step 2. In the left pane of the Local Group Policy Editor window, navigate to Computer Configuration > Windows Settings > Security Settings > Local Policies < Security Options.
Step 3. In the right pane, locate and double-click on the User Account Control: Switch to the secure desktop when prompting for elevation policy.
Step 4. Select the Enabled option, and then click Apply and OK to save the changes.
Step 5. After that, Windows will enable User Mode and you can execute tasks without the administrator permissions.
# 2. Run SFC and DISM
Corrupted system files are also responsible for the “Secure Boot can be enabled when system in User Mode” error. In this situation, you can try performing SFC and DISM to fix the error. Here are the detailed steps:
Step 1. Press the Win + R to open Run window, type “cmd”, and then press Ctrl +Shift + Enter to run Command Prompt as administrator.
Step 2. Type the command “sfc /scannow” and press Enter to run a system file scan.
Step 3. Once done, if SFC find an error but is unable to fix it, run this command “DISM /Online /Cleanup-Image /RestoreHealth” and press Enter to restore the system image.
Step 4. After that, restart your PC and then check if the error has been resolved.
# 3. Fix the BCD Files
If there are any corrupted Boot Configuration Data files on your computer, you may also encounter the “Secure Boot can be enabled when system in User Mode” error easily. In this case, you can run commands in Command Prompt to fix the error. Here’s the tutorial:
Step 1. Use a Windows installation media to boot your PC, and click Repair your computer.
Step 2. In the Choose an option window, select the Troubleshoot option.
Step 3. Then, select Advanced options in the Troubleshoot window.
Step 4. In the Advanced options window, select the Command Prompt option.
Step 5. Type the following commands and press Enter after each command to fix the BCD files:
- bootrec /repairbcd
- bootrec /osscan
Step 6. Once the process is complete, restart your PC and check if the error has been resolved.
# 4. Disable CSM and Re-Install Windows
If none of the above solutions can help you fix the “Secure Boot can be enabled when system in User Mode” error, you can try disabling CSM and reinstalling Windows to fix the error.
However, this way may erase all the data, so it is essential to back up all the data on your system disk to another partition or external hard drive to prevent any data loss. Here’s the guide:
Part 1. Backup Data to Another
To make a backup, MiniTool ShadowMaker can help you with the process. If you decide to use it, please do as follows:
Step 1. Download and install MiniTool ShadowMaker on your PC. Then launch into its main interface. (If you see a price page, click Keep Trail.)
Step 2. Click the Backup tab on the left pane, and then click Source to choose which data to back up.
Step 3. Click Folder and Files to back up the problematic drive.
Step 4. Double-click the partition that stored the files or folders you want to backup. Then check the box beside the folder you want to backup. Next, click OK.
Step 5. Select Destination to choose which drive to store the backup data. In the new window, select a drive and click OK.
Step 6. Click the Back Up Now button on the right bottom, and then click OK in the Confirmation window. After that, wait for the backup process to complete.
Part 2. Disable CSM and Reinstall Windows
After making a backup of your system disk, you can continue to disable CSM and reinstall Windows. To do that, you can refer to these posts:
- What Is CSM Support & Should I Enable It in BIOS? [Answered]
- Detailed Steps and Instructions to Reinstall Windows 10
- How to Reinstall Windows 11? Try 3 Simple Ways Here Now!
Here are some solutions that work in common cases:
Way 1. Run a Full Scan
If there is a virus or malware infection on your PC, you can also encounter the “Secure Boot can be enabled when system in User Mode” error. In this situation, you can run a full scan of your PC to fix the error. Here is a guide that you can refer to: How to Run Windows Defender Full/Quick/Custom/Offline Scan.
Way 2. Update BIOS
If your system firmware is outdated and encounter the “Secure Boot can be enabled when system in User Mode” error, you can try updating BIOS to fix the error. Here’s the guide: How to Update BIOS Windows 10 | How to Check BIOS Version.
Way 3. Upgrade Hardware
If your hardware is outdated or has some issues and results in the “Secure Boot can be enabled when system in User Mode” error, you can try upgrading it with a new one to fix the error.
Way 4. Enrolling Platform Key (PM)
If all the above solutions are unable to help you fix the “Secure Boot can be enabled when system in User Mode” error, you can try enrolling Platform Key (PM) to fix the error. Some people use this way to fix the error successfully.
To do that, you just need to create a Password on the Admin and User security tab/section of your motherboard. Then, navigate to PK management and clear those passwords. After that, you may be able to use the grayed-out Secure Boot.
How to fix the “Secure Boot can be enabled when system in User Mode” error? If you are also troubled by this error, don’t worry. This post provides several effective troubleshooting methods. Read them now!Click to Tweet
Here comes the end of this post. We have analyzed the possible causes of the “Secure Boot can be enabled when system in User Mode” error and provided several feasible troubleshooting methods in the above. Do you have any other better solutions for this issue? Please share them with us in the following comment area. Besides, if you have difficulty using MiniTool Partition Wizard, contact us via [email protected] and we will back to you as soon as possible.