Facing the “Secure Boot can be enabled when system in User Mode” error? This article from MiniTool Partition Wizard explains why the error occurs and shows step-by-step solutions to fix it, including enabling UEFI, disabling CSM, and converting MBR to GPT.

Secure Boot is an important security feature in computers, ensuring that the computer boots using only trusted software, thus reducing the risk of malware attacks during the boot process.

However, many users encounter the error “Secure Boot can be enabled when system in User Mode” when trying to enable Secure Boot.

The picture showing the Secure Boot can be enabled when system in User Mode error.

This problem is usually related to an unregistered Secure Boot key or the system using the MBR partition style.

This article will introduce the common causes of this error and provide 6 effective solutions to help you successfully enable Secure Boot.

What Causes the Secure Boot Can Be Enabled When System in User Mode Error

When you try to enable Secure Boot, you may receive the message “Secure Boot can be enabled when system in User Mode”.

This error usually indicates that your current system configuration does not meet the requirements for enabling Secure Boot.

Here are some common reasons:

  • Secure Boot key not registered: The key required for Secure Boot is not correctly registered. The system will be unable to verify the boot environment, thus preventing Secure Boot from enabling.
  • CSM enabled: CSM allows the computer to boot in Legacy mode, while Secure Boot requires UEFI mode. Therefore, enabling CSM may prevent Secure Boot from starting.
  • System disk using MBR partition style: Secure Boot typically requires UEFI and GPT.
  • System using Legacy boot mode: Secure Boot is a UEFI feature. If the computer is currently booting in Legacy mode, Secure Boot cannot be enabled correctly.
  • Outdated BIOS version: An outdated BIOS may have compatibility issues, causing Secure Boot-related options to malfunction.

Next, you can try the following methods to resolve the “Secure Boot can be enabled when in User Mode” error.

CSM vs UEFI: What’s the Difference Between the Two Modes
CSM vs UEFI: What’s the Difference Between the Two Modes

What’s the difference between CSM and UEFI? Which one should you choose? You may get the answers from this CSM vs UEFI comparison guide.

Read More

How to Fix Secure Boot Can Be Enabled When System in User Mode

After understanding the common causes of this error, you can try the following methods to resolve the “Secure Boot can be enabled when system in User Mode” problem.

To fix the problem, try these solutions:

CauseSolution
Missing Secure Boot Keys (Platform Key/PK)Restore Factory Keys
CSM EnabledDisable CSM
Legacy BIOSEnable UEFI
MBR DiskConvert MBR Disk to GPT
Outdated BIOSUpdate BIOS
TPM DisabledEnable TPM

Fix 1: Restore Secure Boot Factory Keys

When you encounter the error Secure Boot can be enabled when System in User Mode, one of the most common causes is that the Secure Boot keys on the motherboard are missing, deleted, or unregistered.

Tips:
Secure Boot relies on four sets of security keys to verify the boot process; one of these is the Platform Key (PK).

If these keys are not installed, the system may be in Setup Mode, preventing Secure Boot from being enabled.

Therefore, you need to restore the Secure Boot keys so that the system switches to User Mode, thereby allowing Secure Boot to be enabled.

Step 1: Restart your computer and repeatedly press the BIOS key (such as F2, Delete, or F10) during startup to enter the BIOS firmware settings interface.

Step 2: Navigate to the Secure Boot or Secure Boot Mode option.

Step 3: Find the Key Management section, select Restore Factory Keys or a similar option, and then confirm the restoration of the motherboard’s default Secure Boot keys.

Step 4: Press F10 to save the settings and exit the BIOS, then wait for the computer to restart automatically.

Step 5: Set Secure Boot to Enabled, save the changes, and restart the computer.

Fix 2: Disable CSM Support

CSM is used to enable Legacy BIOS mode, while Secure Boot only supports UEFI mode.

Therefore, enabling CSM may cause Secure Boot to fail to start, displaying the message “Secure Boot can be enabled when system in User Mode”.

To resolve this issue, it is recommended to disable CSM and switch to UEFI boot mode.

Here are the steps:

Step 1: Enter the BIOS setup interface again. Once in the BIOS, navigate to the Boot tab, locate an option such as CSM Support or Legacy Support, and set it to Disabled.

Step 2: Save the settings and restart the computer. Then, re-enter the BIOS, go to the Secure Boot settings page, and set Secure Boot to Enabled.

Finally, save the changes, exit the BIOS, and boot into Windows to verify that Secure Boot has been successfully enabled.

Fix 3: Switch BIOS Mode to UEFI

Legacy boot mode does not support Secure Boot. If your system is set to Legacy, Secure Boot may be disabled, and you may see the “Secure Boot can be enabled when system in User Mode” message.

To fix this, you need to switch the boot mode from Legacy to UEFI.

Step 1: Restart your PC and enter the BIOS/UEFI settings by pressing the BIOS key.

Step 2: Go to the Boot tab or Boot Options menu.

Step 3: Go to the Boot Menu.

Step 4: Change the mode from Legacy to UEFI.

Step 5: Save changes and exit BIOS, then restart your computer.

After rebooting, verify the error message is resolved.

Fix 4: Convert MBR to GPT

If you have restored the default Secure Boot keys, disabled CSM, and enabled UEFI, but still cannot activate Secure Boot, you need to check whether your system disk uses the MBR partition style.

Secure Boot supports only the UEFI boot mode, and most Windows systems booting via UEFI require the GPT partition table.

If your system disk is still in MBR format, Secure Boot may fail to enable; therefore, you will need to convert the disk from MBR to GPT.

Note:
This method applies only if the system disk is currently MBR. If the disk is already GPT, no action is required.

Windows provides the MBR2GPT tool, but it requires the use of the command line and is not particularly user-friendly for beginners.

If you prefer to perform the conversion via a graphical interface, you can use MiniTool Partition Wizard to convert MBR to GPT without deleting partitions or data.

MiniTool Partition Wizard DemoClick to Download100%Clean & Safe

Step 1: Launch MiniTool Partition Wizard to its main interface.

Step 2: Choose the MBR disk you want to convert.

Step 3: Select the Convert MBR Disk to GPT Disk function from the left pane, and then click OK in the warning window.

The MiniTool Partition Wizard interface with the selected Convert MBR Disk GPT Disk option.

Step 4: Click Apply > Yes to execute the pending operations

Fix 5: Enable TPM

TPM does not directly cause the Secure Boot User Mode error. However, many users need to enable both Secure Boot and TPM when installing Windows 11 or running certain games.

Therefore, if you have successfully enabled Secure Boot but still receive TPM-related notifications, you can follow the steps below to check and enable TPM.

Step 1: Press Win + R to open the Run window, type tpm.msc, and press Enter.

Step 2: In the pop-up window, go to the Action tab and select Prepare the TPM from the drop-down menu.

Step 3: Restart your computer, check the Secure Boot state, and see if the “Secure Boot can be enabled when system in User Mode” error is fixed.

Fix 6: Update BIOS

If none of the above methods work, the issue may be caused by an outdated motherboard BIOS version.

Older BIOS versions may have Secure Boot compatibility issues, firmware defects, or missing security updates that prevent Secure Boot from being enabled correctly.

Motherboard manufacturers typically resolve these issues in BIOS updates, making a BIOS update a solution worth trying.

Also read: How to Update BIOS Windows 10 | How to Check BIOS Version.

This article introduces six methods to help you resolve the “Secure Boot can be enabled when system is in User Mode” issue. Hope you find it helpful.Click to Tweet

Secure Boot Can Be Enabled When System in User Mode FAQ

1. What is the Platform Key (PK)?
The Platform Key (PK) is the master key for Secure Boot. When the PK is properly installed, the system is in User Mode, and Secure Boot can be enabled. If the PK is missing, the system enters Setup Mode, and Secure Boot cannot be enabled.
2. What is Secure Boot in UEFI?
Secure Boot is a security mechanism provided by UEFI firmware. During the computer’s startup process, it verifies the digital signatures of the operating system, drivers, and boot files.
By allowing only trusted software to run, it helps prevent malware and unauthorized programs from loading when the system starts up.
3. What is the difference between Setup Mode and User Mode?
Setup Mode indicates that the Platform Key (PK) has not been installed, so Secure Boot cannot be enabled. User Mode indicates that the Platform Key has been installed and the system has completed Secure Boot configuration.
4. How do I know if my disk is MBR or GPT?
You can check whether your disk is MBR or GPT in Windows Disk Management. Right-click your disk and select Properties > Volumes. You will see either MBR or GPT.

Bottom Line

The error “Secure Boot can be enabled when system in User Mode” is typically caused by a missing Secure Boot PK or the system disk using the MBR partition format. This article provides six detailed solutions.

If you have any questions or feedback about MiniTool Partition Wizard, feel free to contact our support team at [email protected] for additional help.

  • linkedin
  • reddit

About The Author

Cecilia
Cecilia

Position: Columnist

Cecilia has been an editor at MiniTool for two years. She primarily focuses on disk and partition-related content, with particular expertise in disk cloning, partition recovery, and PDF document conversion. She is dedicated to providing users with clear and accurate solutions to help them efficiently resolve common computer problems.

User Comments :