Controls which Secure Boot update actions to perform on the device. Setting the appropriate bitfield here initiates the deployment of new Secure Boot certificates and related updates.

Troubleshoot errors from the “Something went wrong” startup screen on Xbox.

Windows updates released on and after February 13, 2024 include the ability to apply the Windows UEFI CA 2023 certificate to UEFI Secure Boot Allowed Signature Database (DB). Updating the DB will enable devices to receive future boot loader updates that are included in monthly updates.

Learn how to change settings to enable Secure Boot if you are not able to upgrade to Windows 11 because your PC is not currently Secure Boot capable.

Learn how to update your security processor or TPM firmware to protect Windows 10 and your device from attacks by malicious software.

Starts Windows using your current video driver and using low resolution and refresh rate settings. You can use this mode to reset your display settings. Enable Safe Mode. Safe mode starts Windows in a basic state, using a limited set of files and drivers.

System Configuration is a system utility that allows you to troubleshoot issues with Windows startup. It provides options to customize the startup process, including the ability to enable or disable software, control startup services, and access other advanced system settings.

In the Windows Security app on your PC, select Device security, or use the following shortcut: Device security. A Secured-core PC is designed to provide advanced security features right out of the box. These PCs integrate hardware, firmware, and software to offer robust protection against sophisticated threats.

To install the update, use either of the following methods. Automatically install from Windows Update. KB5007651. Manually download the update. Note: Run the installation as an administrator. Learn more about the Windows Security app here.

When you first sign in or set up a device with a Microsoft account, or work or school account, Device Encryption is turned on and a recovery key is attached to that account. If you're using a local account, Device Encryption isn't turned on automatically.