If you’re trying to enable Secure Boot and you’ve seen a message like “Secure Boot can be enabled when system in User Mode. Repeat operation after enrolling platform key,” you’re not alone. This guide explains what this message means, how to fix it, and how to enable Secure Boot in User Mode step-by-step. We’ll keep the language simple, so whether you’re new to BIOS settings or just trying to secure your Windows system, you’ll be able to follow along.
Secure Boot is a feature built into most modern computers. It protects your system from malware and unauthorized software during startup. It ensures only trusted software, like Windows or signed Linux distributions, can boot on your machine.
In short, Secure Boot helps to:
Prevent rootkits and boot-level malware
Keep your OS secure at the hardware level
Ensure only signed OS loaders can run at startup
To use Secure Boot, your PC must support UEFI firmware, and the feature must be enabled in BIOS.
Before you can enable Secure Boot, it’s important to understand the difference between Setup Mode and User Mode.
Setup Mode: This is the default mode when Secure Boot has not been configured. The system doesn’t have a Platform Key (PK) installed. In this mode, Secure Boot is disabled.
User Mode: This is when the Platform Key has been added. In this mode, Secure Boot can be enabled.
So, if you see the message:
“Secure Boot can be enabled when system in user mode,”
it means you’re in Setup Mode and need to move to User Mode by enrolling a Platform Key.
The Platform Key (PK) is a special digital signature stored in your BIOS. It helps your system verify the authenticity of the operating system during boot.
When you enroll a Platform Key:
Your system enters User Mode
Secure Boot becomes available
Unauthorized bootloaders are blocked
Enrolling the Platform Key is the step that makes your system trust the OS you’re using.
This message means your system is still in Setup Mode, and Secure Boot is not yet active. It’s telling you that you must:
Enroll the Platform Key (PK)
Switch from Setup Mode to User Mode
Try enabling Secure Boot again
Only then can Secure Boot be enabled when the system is in User Mode.
To find out if your system is in Setup Mode or User Mode, follow these steps:
Click Start → type System Information → Open it.
Scroll down to the Secure Boot State section.
You’ll see one of the following:
“On” → Secure Boot is enabled.
“Off” → Secure Boot is off but the system is in User Mode.
“Unsupported” or “Setup Mode” → Secure Boot isn’t set up.
Here’s a step-by-step guide to go from Setup Mode to User Mode and enable Secure Boot:
Restart your computer.
While booting, press the BIOS key (usually Del, F2, or Esc depending on your brand—ASRock, MSI, Gigabyte, etc.).
Go to Security or Boot tab.
Secure Boot often requires CSM (Compatibility Support Module) to be disabled.
Find CSM under the Boot tab.
Set it to Disabled.
Save and reboot into BIOS again.
Note: On some systems like MSI and Gigabyte, you may need to disable the CSM in setup repeat operation for Secure Boot to function correctly.
Find the Secure Boot or Secure Boot Control option.
Select Key Management or Install Default Secure Boot Keys.
Choose Enroll all factory default keys or Enroll Platform Key (PK).
Confirm when prompted.
After doing this, your system will switch from Setup Mode to User Mode.
Now that the Platform Key is enrolled:
Go back to Secure Boot settings.
Change Secure Boot Mode to Standard or Custom.
Set Secure Boot to Enabled.
Save and exit BIOS.
You’ve now successfully enabled Secure Boot in User Mode!
If you’re specifically trying to enable User Mode, the only way to do this is by enrolling the Platform Key as shown above. Once the Platform Key is added, the system automatically switches from Setup Mode to User Mode.
This is usually a misread message. You might actually be in Setup Mode, and the message says Secure Boot can be enabled when system is in User Mode. Make sure to enroll the Platform Key.
Try setting Secure Boot Mode to Custom first
Then, the Enroll PK option should become active
For MSI motherboards:
Disable CSM
Go to Settings > Advanced > Windows OS Configuration
Select Secure Boot → Choose Install Default Key
Then enable Secure Boot
For ASRock boards:
Go to Advanced > Security
Set Secure Boot to Enabled
Under Key Management, install default keys
After that, Secure Boot will be available
A: You must enroll the Platform Key in BIOS. This changes the system from Setup Mode to User Mode.
A: Go to BIOS → Security → Secure Boot → Set Secure Boot Mode to Custom → Enroll Platform Key or Load Default Keys.
A: It’s the state when Secure Boot is ready to be enabled because the Platform Key has been enrolled.
A: You cannot directly change User Mode in Windows. You must do it via the BIOS by enrolling the Platform Key.
A: It means you tried to enable Secure Boot while still in Setup Mode. After enrolling the Platform Key, repeat the action to enable Secure Boot.
To wrap up, Secure Boot can be enabled when system in User Mode, but first, your system must enroll the Platform Key. This process is done inside the BIOS, not in Windows. Follow the steps in this guide carefully:
Disable CSM
Enroll the Platform Key (PK)
Enable Secure Boot
Exit and boot safely
This way, you protect your system from threats and ensure that only signed software can run on startup.
Remember: You may see different options depending on your BIOS brand like MSI, ASRock, or Gigabyte. But the core steps are always the same.
Leave a Reply