If you’re running into the “System In Setup Mode! Secure Boot can be enabled when system is in user mode. Repeat operation after enrolling Platform Key (PK)” error, don’t worry – you’re not alone.
This can be a frustrating error to deal with, but fortunately there are a few things you can do to fix it.
In this blog post, we’ll walk you through the steps needed to resolve this issue. We’ll also show you the cause of the problem and the necessary things you need to do to fix the problem.
So without further ado, let’s get started!
Last update on 2023-03-17 / As an Amazon Associate, we earn from qualifying purchases. / Images from Amazon Product Advertising API
What Does Secure Boot Enable Mean?
Secure boot is a security measure that helps ensure that your PC boots using only software that is trusted by the PC manufacturer.
Secure boot helps protect your PC from malware by making sure that only trusted software can run when your PC starts up.
If secure boot is enabled, and you try to install an untrusted piece of software, or if you try to boot from an untrusted disk or USB drive, your PC will not be able to run the software or boot from the disk/drive.
Importance
Secure boot is important because it helps to protect your PC from malware that may try to take over your PC during the boot process. By making sure that only trusted software can run when your PC starts up, secure boot helps to keep your PC safe from harm.
Is It Enabled By Default?
If you’re not sure whether secure boot is enabled on your PC, you can check in the BIOS settings. Secure boot is usually enabled by default on new PCs, but it’s worth checking to make sure. If secure boot is disabled, you should enable it to help keep your PC safe from malware.
Reasons Why You Are Getting This Error
If you have been getting a secure boot error when trying to start your MSI laptop whenever you are trying to install OS like Windows 11, you’re not alone.
This problem can be caused by 2 primary factors, which can actually be resolved by entering your BIOS settings.
These are the two reasons:
- The error occurs when your system was running in the CSM mode and you changed it to UEFI mode.
- The error also shows up when the system already has some platform keys enrolled.
How do you Fix It?
The best way to fix the problem is by enabling secure boot and changing it from custom to standard. The below tutorial will show you exactly how to do just that.
How To Fix System In Setup Mode Error
The best way to fix this error is by switching from standard mode to boot mode after enabling secure boot. Follow the instructions below to achieve this.
Step to fix System in setup mode error:
1. Access the secure boot option after entering your BIOS.
2. Change Secure boot mode to custom from standard.
3. Click on “Enroll all factory default keys”
4. Click on “Yes” to reset without saving.
5. Reset without saving? Click “No”, or you can click on “Yes” and the system will restart.
6. No enable secure boot.
7. Change the secure boot mode from custom to “Standard”.
8. Click on the X (close) button and click on yes to save.
9. Your computer will restart and be set to standard.
Now, you have the option to enable TPM 2.0
How To Enable Secure Boot And TPM 2.0 MSI
Secure boot is a security feature that ensures only trusted software can be loaded into your PC during startup.
Trusted Platform Module (TPM) is a hardware component that stores cryptographic keys and measurements that ensure the integrity of the boot process and helps to prevent tampering with your system.
TPM 2.0 is the latest version of TPM and offers improved security features.
In order to enable secure boot and TPM 2.0, you will need to enter the BIOS/UEFI settings for your PC. The exact steps for doing this will vary depending on your specific motherboard and BIOS version.
Once you have entered the BIOS/UEFI settings, you will need to find the options for secure boot and TPM 2.0. These options are usually located in the Security or Boot sections. Once you have found the options, you will need to enable them and save your changes.
After you have enabled secure boot and TPM 2.0, you will need to install a compatible operating system that supports these features.
Windows 10 and 11 is the only currently supported operating system that meets these requirements.
Once you have installed Windows 10, you will need to open the TPM Management console and initialize the TPM.
After the TPM has been initialized, you will need to create a backup of your TPM owner information.
This backup is important in case you ever need to reinitialize the TPM or if you ever need to use the TPM on another computer.
Now that you have enabled secure boot and TPM 2.0, your PC will be more secure against malware and other attacks.
These features will help to ensure that your personal data and files are safe and secure.
Alternative Troubleshooting Tips
If you have tried the above troubleshooting method and it doesn’t work, what you can do is to take advantage of these other troubleshooting methods that can potentially help you to resolve this problem.
These are the troubleshooting tips:
Confirm If BIOS Supports Secure Boot
Checking if your computer supports secure boot can help to fix the secure boot error. If your computer does not support secure boot, you may be able to install third-party software that will enable it.
Once secure boot is enabled, you can then take measures to ensure that only trusted software is allowed to run on your computer.
This can help to prevent malicious software from taking control of your computer and wreaking havoc. Taking these steps can help you to avoid the secure boot error and keep your computer safe.
Re-Enable Secure Boot In Bios
If you are getting a secure boot error, it is likely because secure boot has been disabled in your BIOS. You can re-enable secure boot to help fix the error.
To do this, enter your BIOS setup and look for the secure boot option. Once you find it, enable it and save your changes.
Reboot your computer and see if the error is fixed. If not, you may need to proceed to the next step.
Change Legacy To Uefi (Mbr To Gpt, If Supported)
Changing from legacy to UEFI can help to fix the secure boot error by providing a more secure boot process.
UEFI provides a more robust and secure boot process by verifying the digital signature of each piece of code that is loaded during boot.
This helps to ensure that only trusted code is executed, and prevents malicious code from running. Additionally, UEFI provides support for secure boot policies, which allows administrators to configure what types of code are allowed to run on a system.
This can help to further prevent unauthorized or malicious software from running. Changing from legacy to UEFI can help to fix the secure boot error by providing a more secure and customizable boot process.
Disable CSM
One way to try and fix the secure boot error is to disable CSM. CSM stands for Compatibility Support Module, and is a BIOS feature that allows the computer to run non-UEFI operating systems.
In some cases, disabling CSM can help to fix the secure boot error.
To do this, you will need to enter your BIOS settings and look for the CSM setting. Once you have found it, you will need to change it from Enabled to Disabled.
Save your changes and exit the BIOS, and then try booting your computer again. If this does not fix the problem, you may need to try another solution.
Re-Install Windows
If you are having problems with your computer’s secure boot feature, you may want to try reinstalling Windows.
This can help to fix the secure boot error and get your computer back up and running properly. Keep in mind, however, that this will erase all of the data on your hard drive, so be sure to backup any important files before proceeding.
Another way to clear this error is by resetting the CMOS battery which should get rid of all the errors that was stored by your BIOS.
How To Enroll Platform Key MSI
If you need to enroll your platform key in MSI mode, you’ll first need to create a new Platform Key and store it securely. Once you have your new Platform Key, follow these steps:
1. Go to the “Security” tab in the BIOS settings.
2. Select “Platform Key Enrollment” and press Enter.
3. Choose “MSI” as the enrollment mode.
4. Enter the path to your new Platform Key and press Enter.
5. Follow the on-screen instructions to complete the enrollment process.
Once you’ve enrolled your new Platform Key, your system will be able to boot using MSI mode. This enrollment process is necessary in order to use features like Secure Boot and BitLocker drive encryption.
What Is Platform Key In Bios?
A Platform Key is used to verify the authenticity of a bootloader, which is a critical component in the boot process of a computer.
The key is typically stored in the BIOS of the computer, and its presence is verified by the bootloader before it executes.
If the key is not present or is not valid, the bootloader will not execute and the computer will not boot.
In some cases, the key may be present after XMP is enabled in the BIOS which should make things a lot easier.
Why Can’t I Enable Secure Boot In BIOS?
These are the reasons:
Unable To Enter BIOS
The reason you can’t enable secure boot in BIOS is because you don’t have access to the BIOS. The BIOS is a special piece of software that is stored on a chip on your computer’s motherboard.
In order to change the BIOS settings, you need to have special privileges that are typically only available to the computer’s manufacturer.
So, if you’re trying to enable secure boot on your computer, and you can’t access the BIOS, it’s most likely because your computer doesn’t support secure boot, or because the feature has been disabled by the manufacturer.
Secure Boot Is Already Enabled
Secure boot is already enabled on most PCs, which is why you can’t enable it in BIOS. When secure boot is enabled, your PC checks for a digital signature from each piece of boot software before it runs.
This helps to ensure that your PC only runs software that is trusted and has not been tampered with. Secure boot can help to protect your PC from malware, but it is not a perfect solution.
Even with secure boot enabled, you should still install security software and keep it up to date.
BIOS Doesn’t Support Secure Boot
The computer BIOS that doesn’t support secure boot is the reason why you can’t enable secure boot in BIOS.
If your computer came with UEFI boot enabled, chances are good that it has support for secure boot.
To check if your computer has UEFI support, look for a message during startup that says something like “press the F2 key to enter BIOS.”
If you see that message, your computer supports UEFI. If you don’t see that message, your computer doesn’t support UEFI.
If your computer doesn’t have UEFI support, you’ll need to install a third-party boot manager that supports secure boot. Boot managers like rEFInd and gummiboot (also known as systemd-boot) support secure boot on a variety of computers.
If your computer has UEFI support, you can enable secure boot without any third-party software.
Can Secure Boot Be Enabled?
Yes, secure boot can be enabled. It’s a security feature that helps protect your PC from malware. Secure boot verifies that the firmware and bootloaders are signed with cryptographic keys authorized by Microsoft. This helps make sure that only trusted software can start up on your PC.
