Share via

I have a Surface Laptop 5 - Cant enable Secure Boot

Ian A 20 Reputation points
2026-02-16T14:23:46.14+00:00

My Surface Laptop 5 - 13.5 in. i5/8/256 Serial number [Moderator note: PII removed]. I cannot enable Secure Boot. I have tried the UEFI Menu under Security and selecting Change Secure Boot Configuration to Microsoft only but the message is that the system failed to update the Secure Boot certificate keyset. I reset the whole laptop also but to no avail.

Surface | Surface Laptop | Safety and security
0 comments
Answer accepted by question author
  1. Lychee-Ng 15,480 Reputation points Microsoft External Staff Moderator
    2026-02-17T09:10:15.37+00:00

    Hi Ian A,

    Welcome to Microsoft Q&A!

    Please note that our forum is a public platform, and we will modify your question to hide your personal information in the description. Kindly ensure that you hide any personal or organizational information the next time you post an error or other details to protect personal data.

    I’m sorry to hear that you’re having trouble enabling Secure Boot on your Surface Laptop 5, even after resetting Windows. Since the keys are stored and managed in the UEFI firmware, this issue cannot be fixed by basic desktop solutions. Here’s what you can still try:

    1 - Install all Surface firmware updates

    • Go to Settings > Windows Update > Check for updates.
    • Also open Advanced options > Optional updates > install anything listed.
    • If there’s a firmware update, restart the device and test Secure Boot again in Surface UEFI.

    2 - If there’s no updates, try resetting Surface UEFI to defaults

    • Shut down completely > hold Volume Up + press Power to enter UEFI.
    • Choose Reset to default / Restore factory settings (if it’s available).
    • Save and restart > enter UEFI and enable Secure Boot again.

    If the error still appears, this indicates a firmware-level failure. Consider repair / replacement if your Surface Laptop 5 is under warranty or recently purchased: How to get service or repair for Surface - Microsoft Support. Or you can reach out to Microsoft Support first:

    1. Visit Contact Us - Microsoft Support > Sign in 
    2. Type in your problem > click Get Help to make request 
    3. Scroll to the bottom and click Contact Support to connect to agent
    4. Select category again > click Next and you should be added to a chat queue

    Note: The support contact team only works at certain times, so if the last window shows that it's unavailable, try opening it again the next day. If you prefer phone support, you can leave a phone number. This way, they can call you and help you. 

    Unfortunately, Surface devices do not support manual Secure Boot key enrollment like generic PCs. There is no supported way to force repair from Windows or UEFI.

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Q&A Assist
    2026-02-16T14:23:54.9566667+00:00
    AI generated content. This question contains an answer created with AI from Q&A Assist. Learn more

    If you're unable to enable Secure Boot on your Surface Laptop 5 and receive a message indicating that the system failed to update the Secure Boot certificate keyset, here are some steps you can try:

    1. Check Compatibility: Ensure that all hardware components and any installed operating systems are compatible with Secure Boot. If there are incompatible components, you may need to uninstall them.
    2. Access UEFI Firmware Settings: You can access the UEFI firmware settings by:
      • Pressing the appropriate key (like F1, F2, F12, or Esc) during boot.
      • Alternatively, from Windows, hold the Shift key while selecting Restart, then navigate to Troubleshoot > Advanced Options > UEFI Firmware Settings.
    3. Reset BIOS to Factory Settings: If you haven't already, consider resetting the BIOS to factory settings, as this can sometimes resolve configuration issues that prevent Secure Boot from being enabled.
    4. Contact Support: If the issue persists after trying the above steps, it may be necessary to contact Microsoft support or your device manufacturer for further assistance, as there could be a deeper issue with the firmware or hardware.

    These steps should help you troubleshoot the Secure Boot issue on your Surface Laptop 5.

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.