• Microsoft has added support for Secure Boot on Windows 7.
  • The feature is available since September 2021 with the update KB5017361.
  • Secure Boot is only available for devices with UEFI Class 2.

Microsoft has quietly introduced native support for Secure Boot for UEFI systems running Windows 7. This isn’t a recent addition. According to a Chinese forum (via @TheBobPony), the company added the support back in September 2022 with the update KB5017361. However, the official update announcement didn’t mention the change.

On computing, Secure Boot is a module that ensures that the device starts only using the software that the manufacturer trusts.

Although it’s a welcome addition, the odd thing is the company released the feature three years after Windows 7 reached its mainstream support.

The only caveat about Secure Boot for Windows 7 is that it’s not fully implemented since UEFI Class 3 systems won’t be able to enable the feature in the motherboard’s firmware. For instance, users who tried to enable UEFI and Secure Boot on Class 3 systems didn’t go beyond the startup logo.

UEFI Class 3 systems offer only the modern firmware experience, while the UEFI Class 2 systems provide access to modern UEFI experience and legacy BIOS.

If you have a UEFI Class 3 system, you will need to use a workaround such as the UefiSeven available through GitHub to make it all work.

Furthermore, the update that brings Secure Boot to Windows 7 is only available for organizations with the Extended Security Update (ESU) subscription. This is not a free update.

Windows 7 officially reached the end of support on January 14, 2020, but the Extended Security Update (ESU) service offered paid security updates for businesses ended three years later on January 10, 2023.