How To Secure Boot Vanguard Windows 11

People are currently reading this guide.

The rise of robust anti-cheat systems, like Riot Games' Vanguard for games such as Valorant, has ushered in a new era of security requirements for PC gamers. If you're a Windows 11 user experiencing error messages like VAN9001 or VAN9003 when trying to launch Valorant, it's highly likely that you need to enable Secure Boot and TPM 2.0 on your system.

This comprehensive guide will walk you through every step to ensure your Windows 11 machine is properly configured for Vanguard, allowing you to get back into the action without a hitch. Get ready to dive into your system's settings and unlock the full potential of a secure gaming environment!

How to Secure Boot Vanguard on Windows 11: A Step-by-Step Guide

Before we begin, it's crucial to understand why Vanguard requires Secure Boot and TPM 2.0. These are not arbitrary demands; they are fundamental security features designed to protect your PC from malicious software, including sophisticated cheats. Secure Boot ensures that only trusted software loads during the startup process, while TPM 2.0 (Trusted Platform Module) provides hardware-level security for cryptographic keys and other sensitive data. Together, they create a "trusted state" for your PC, which Vanguard leverages to detect and prevent cheating.

Step 1: Verify Your Current Secure Boot and TPM 2.0 Status

Don't jump straight into changing settings! The very first thing you need to do is confirm whether Secure Boot and TPM 2.0 are already enabled or disabled on your system. This will save you a lot of time and potential headaches.

Sub-heading 1.1: Checking Secure Boot State via System Information

1. Open the Run dialog: Press the Windows Key + R simultaneously on your keyboard.
2. Type msinfo32: In the Run dialog box, type msinfo32 and press Enter. This will open the System Information window.
3. Locate "Secure Boot State": In the left pane, ensure "System Summary" is selected. On the right-hand side, scroll down until you find the entry for "Secure Boot State."
   • If it says ***"On"***, Secure Boot is already enabled.
   • If it says ***"Off"***, Secure Boot is disabled and you'll need to proceed with enabling it.
   • If it says ***"Unsupported"***, your PC's hardware may not support Secure Boot. In this rare case, consult your motherboard's manual or manufacturer's website.

Sub-heading 1.2: Checking TPM 2.0 Status via tpm.msc

1. Open the Run dialog: Press the Windows Key + R simultaneously.
2. Type tpm.msc: In the Run dialog box, type tpm.msc and press Enter. This will open the Trusted Platform Module Management console.
3. Verify TPM Status:
   • If you see a message stating ***"The TPM is ready for use"***, then TPM is enabled.
   • Under "TPM Manufacturer Information," check the "Specification Version." It must be 2.0.
   • If you see an error message like "Compatible TPM could not be found", then TPM is either disabled or your hardware doesn't support TPM 2.0.

Step 2: Accessing Your UEFI Firmware Settings (BIOS)

This is where things get a little technical, as you'll be entering your computer's low-level settings. The exact steps and menu names can vary significantly between different motherboard manufacturers (Dell, HP, ASUS, MSI, Gigabyte, etc.).

Sub-heading 2.1: The Easiest Way to Enter UEFI Firmware Settings (Recommended)

This method ensures you get into the UEFI settings without having to frantically mash a key during boot-up.

1. Open Windows Settings: Click the Start button and then the cogwheel icon (Settings). Alternatively, press Windows Key + I.

2. Navigate to Recovery: In the Settings window, go to System (on Windows 11) and then click on Recovery in the left-hand sidebar.

3. Initiate Advanced Startup: Under the "Recovery options" section, find "Advanced startup" and click on ***"Restart now"***.

   • Important: Save any open files and close all applications before clicking "Restart now," as your PC will reboot immediately.

4. Select UEFI Firmware Settings: After your PC restarts, you'll be presented with a blue screen with several options.

   • Select Troubleshoot.
   • Then, select Advanced options.
   • Finally, click on UEFI Firmware Settings.
   • Click "Restart" again if prompted. This will reboot your computer directly into the UEFI (BIOS) interface.

Sub-heading 2.2: The Traditional Way to Enter UEFI Firmware Settings (If the above fails)

If for some reason the advanced startup method doesn't work, you can try the traditional method.

1. Restart your PC: Perform a regular restart of your computer.
2. Press the BIOS/UEFI key repeatedly: As soon as your computer starts to boot up (you'll typically see the manufacturer's logo), begin rapidly pressing the BIOS/UEFI access key.
   • Common keys include: Delete, F2, F10, F12, or Esc.
   • The exact key varies by manufacturer. If you're unsure, check your PC or motherboard manual, or do a quick online search for "[Your PC/Motherboard Brand] BIOS key."
   • You might need to be quick! If you miss the window, Windows will boot normally, and you'll have to restart and try again.

Step 3: Configuring UEFI and Secure Boot in BIOS

Once you are in your UEFI/BIOS settings, be very careful when navigating and changing options. Use your keyboard's arrow keys, Enter, and Esc, as a mouse might not work in this environment.

Sub-heading 3.1: Ensure UEFI Boot Mode is Enabled

Secure Boot requires your system to be in UEFI boot mode. It will not work with Legacy BIOS or CSM (Compatibility Support Module) modes.

1. Navigate to the Boot Section: Look for a tab or section usually labeled Boot, Boot Options, Boot Configuration, or similar.
2. Set Boot Mode to UEFI: Find an option related to "Boot Mode," "BIOS Mode," or "OS Type."
   • Ensure it is set to UEFI (or Windows UEFI mode).
   • If you see Legacy, CSM, or Other OS, you must change it to UEFI.
   • Caution: If your Windows installation was originally done in Legacy/MBR mode, switching to UEFI/GPT can make your system unbootable. Most Windows 11 installations should already be on GPT and UEFI, but it's a good idea to confirm. You can check your disk partition style in Windows (Disk Management -> Right-click your OS drive -> Properties -> Volumes tab -> Partition style). If it's MBR and you need to convert it to GPT, that's a more advanced process (which we'll touch on in the FAQ).

Sub-heading 3.2: Enable Secure Boot

This is the core step for Vanguard compatibility.

1. Locate the Secure Boot Option: This setting is often found under the Boot, Security, or Authentication tab.
2. Enable Secure Boot: Find the "Secure Boot" option and set it to Enabled.
   • Important: On some motherboards, the "Secure Boot" option might be greyed out initially. If so, you might need to:
     • Set a BIOS Administrator Password (usually found in the Security tab).
     • Disable "CSM" or "Legacy Boot" entirely.
     • Sometimes, there's an option like "Windows 8.1/10 WHQL Support" or similar that needs to be enabled before Secure Boot becomes available. Enable this if you find it.
     • If you have a "Secure Boot Mode" option, ensure it's set to Standard, not Custom. If it's Custom, you might need to reset secure boot keys to default (often an option within the Secure Boot menu).

Sub-heading 3.3: Enable TPM 2.0 (if not already)

If you found TPM was disabled in Step 1, you'll need to enable it here.

1. Find the TPM Setting: This is typically located under Security, Advanced, or Trusted Computing.
2. Enable TPM: Look for options like:
   • TPM
   • Intel Platform Trust Technology (IPTT) (for Intel CPUs)
   • AMD CPU fTPM (for AMD CPUs)
   • Trusted Platform Module (TPM)
   • Security Device Support
   • Ensure this setting is set to Enabled.

Step 4: Save Changes and Exit BIOS

This is a critical step! If you don't save your changes, all your efforts will be in vain.

1. Locate the "Save and Exit" Option: This is usually found in an Exit tab or clearly labeled within the main menu.
2. Save Changes: Select Save Changes and Exit or Save & Exit Setup.
3. Confirm: You'll likely be prompted to confirm your decision (e.g., "Save configuration changes and exit now?"). Select Yes or OK.

Your computer will now restart.

Step 5: Verify Secure Boot and TPM 2.0 in Windows (Again!)

After your PC reboots, it's a good practice to re-verify that Secure Boot and TPM 2.0 are indeed enabled in Windows. Follow the steps from Step 1 again:

1. Check Secure Boot State: Open msinfo32 and confirm that "Secure Boot State" now shows ***"On"***.
2. Check TPM 2.0 Status: Open tpm.msc and confirm that "The TPM is ready for use" and "Specification Version" is 2.0.

If both are showing as enabled, congratulations! You have successfully configured your system for Vanguard. You should now be able to launch Valorant (or other Vanguard-protected games) without encountering the Secure Boot or TPM 2.0 related errors.

Troubleshooting Tips:

• BIOS/UEFI Layout Differences: Remember, every motherboard's BIOS/UEFI is unique. If you can't find a specific setting, consult your motherboard's manual or visit the manufacturer's support website. They often have detailed guides or diagrams.
• Greyed-Out Options: As mentioned, if Secure Boot or TPM options are greyed out, look for related settings like "CSM," "Legacy Boot," "Windows OS Configuration," or a "BIOS Admin Password" that might need to be changed first.
• BIOS Updates: In some older systems, or if you're facing persistent issues, updating your motherboard's BIOS/UEFI firmware to the latest version might be necessary. Proceed with caution when updating BIOS, as an incorrect update can damage your motherboard. Follow your manufacturer's instructions precisely.
• OS Drive Partition Style (MBR vs. GPT): If your "BIOS Mode" was Legacy and your disk partition style was MBR when you checked in Step 3, you might need to convert your disk to GPT format for Secure Boot to function. This can be done using the mbr2gpt tool in Windows, but it's a more advanced procedure and always recommend backing up your data first.

---

10 Related FAQ Questions

Here are some common questions you might have about Secure Boot, TPM 2.0, and Vanguard:

How to check if my motherboard supports Secure Boot and TPM 2.0?

You can usually find this information in your motherboard's specifications on the manufacturer's website or by checking the user manual that came with your PC or motherboard. Most modern motherboards designed for Windows 10/11 support both.

How to convert my MBR disk to GPT for Secure Boot?

This is an advanced process. You can use the mbr2gpt command-line tool built into Windows. Always back up your entire system before attempting this. Open an administrative Command Prompt or PowerShell and use commands like mbr2gpt /validate /disk:0 /allowFullOS (to check if conversion is possible) and then mbr2gpt /convert /disk:0 /allowFullOS (to perform the conversion). The disk number (disk:0) should correspond to your OS drive.

How to update my BIOS/UEFI firmware?

Visit your PC or motherboard manufacturer's official website. Locate your specific model, download the latest BIOS/UEFI firmware, and carefully follow their provided instructions. This usually involves putting the update file on a USB drive and flashing it from within the BIOS.

How to reset Secure Boot keys to default?

Within the Secure Boot section of your BIOS/UEFI settings, there is often an option to "Restore Factory Keys" or "Clear Secure Boot Keys." This can sometimes resolve issues if Secure Boot is enabled but Windows still reports it as off.

How to disable CSM (Compatibility Support Module)?

In your BIOS/UEFI settings, under the Boot or Boot Configuration section, look for an option related to "CSM" or "Legacy Boot." Set this option to Disabled if you intend to use UEFI and Secure Boot exclusively.

How to fix "Secure Boot state: Unsupported" in System Information?

If your "Secure Boot State" shows "Unsupported" in msinfo32, it means your hardware (motherboard) likely doesn't support Secure Boot. In this scenario, you won't be able to enable it, and thus won't be able to run Vanguard-required games on Windows 11 without a hardware upgrade.

How to fix VAN9001 or VAN9003 error messages in Valorant?

These error codes almost universally indicate that Vanguard requires Secure Boot and/or TPM 2.0 to be enabled. Following the steps in this guide should resolve these specific errors.

How to ensure Windows 11 is installed in UEFI mode?

You can check this in msinfo32 (System Information) under "BIOS Mode." If it says UEFI, you're good. If it says Legacy, your Windows was installed in Legacy BIOS mode, and you may need to convert your disk to GPT and then switch to UEFI mode in BIOS, or even reinstall Windows 11 in UEFI mode.

How to revert changes if my PC won't boot after enabling Secure Boot?

If your PC doesn't boot after making changes, you'll need to re-enter your BIOS/UEFI settings (using the traditional method from Step 2.2) and disable Secure Boot and/or revert any other changes you made, such as setting the boot mode back to Legacy/CSM if that's what it was previously.

How to contact Riot Games Support if issues persist?

If you've followed all the steps and are still encountering problems, it's best to reach out to Riot Games Support. They can offer more specific troubleshooting based on your unique system configuration and the error messages you're receiving.

0147240502112044669