Secure boot is a technology that allows only trusted code to be executed during boot time. This may be an inconvenience if you want to dual boot Windows with Linux but it is a good security feature that is designed to prevent rootkits and malwares.
UEFI is required for enabling secure boot and the operating system disk has to be partitioned GPT style for UEFI to work properly.
With Windows 10 Creator's update, it is now a 5 min job to convert a MBR disk to GPT disk and then enable UEFI and Secure Boot.
These steps will only work from Windows 10 creators update onwards.
- Suspend BitLocker if it is enabled, for all the drives on the disk.
- Go to "Manage BitLocker" in Control Panel and click suspend BitLocker.
- Open a command prompt (cmd) in Administrator mode.
MBR2GPT.EXE /validate /allowFullOsto first validate whether your disk can be converted successfully to GPT or not.
- You shouldn't have more than 3 partitions on the disk that you are trying to convert. Go to Disk Management in Control Panel to see how many partitions you have.
- In case you have 4 or more partitions, you will have to bring down the count to 3. You can achieve this by deleting partitions. Don't forget to take the backup. Recovery partition created by Windows can also be deleted if you have a Windows 10 bootable CD/USB with you.
- Once validated, run
MBR2GPT.EXE /convert /allowFullOs
- This may fail if your OS drive doesn't have enough space to shrink to create the new EFI partition that is required by UEFI. The error code that it throws is "0x000036B7"
- Once the conversion happens successfully, reboot your computer and enter BIOS and set the boot mode to UEFI and turn on Secure Boot.
- Once Windows is booted successfully. You may need this Stack Overflow answer to successfully enable BitLocker.