Vanguard requires Secure Boot to confirm your PC starts only trusted code, so the anti-cheat can safely load and allow the game to run.
If you launch VALORANT or another Riot title and see a message about Secure Boot, the anti-cheat (Vanguard) detected that your system isn’t meeting a baseline for trusted startup. In plain terms, your motherboard firmware must start Windows in a mode that accepts only signed boot components. When that chain is intact, Vanguard can install its protections and let you queue into matches. When it isn’t, you’ll get a VAN error and the game closes.
What Does It Mean When Vanguard Requires Secure Boot?
This warning means the game’s anti-cheat won’t run unless Secure Boot is active in your UEFI firmware. Secure Boot blocks unapproved low-level code from running before Windows loads, which helps stop kernel-level cheats and boot-time tampering. Vanguard checks that condition during startup. If the check fails, you’ll see messages like VAN 9001 or VAN 9003 on Windows 11 and the client won’t proceed.
Vanguard Requires Secure Boot: Reasons And Quick Checks
Secure Boot lives in your PC’s UEFI firmware. During power-on, the firmware verifies signatures for bootloaders and drivers. If everything is signed by a trusted key, the system hands control to Windows and continues. Vanguard relies on that trusted path so its driver can anchor itself early and watch for hooks that cheats use. If the trusted path breaks, Vanguard protects the match by refusing to load.
Fast Self-Check In Windows
- Press Windows key, type System Information, open it, then look for Secure Boot State. It should say On.
- On Windows 11, also confirm TPM 2.0 is ready: Press Windows + R, type tpm.msc. Status should say the TPM is ready.
Common VAN Errors Linked To Secure Boot
On Windows 11, Vanguard pairs Secure Boot with TPM 2.0. If either is off or misconfigured, you’ll hit an error and the game will exit before the splash screen.
Vanguard Secure Boot Errors, Causes, And Fixes
| Error Message | Likely Cause | Action That Usually Clears It |
|---|---|---|
| VAN 9001 | Secure Boot off in UEFI | Enter firmware, switch Secure Boot to Enabled, save, reboot |
| VAN 9003 | Secure Boot unsupported mode or legacy boot | Switch storage/boot to UEFI mode (no Legacy/CSM), then enable Secure Boot |
| VAN 9090 | TPM didn’t initialize | Enable fTPM/PTT, power-cycle fully, then relaunch the game |
| “This version of Vanguard requires Secure Boot” | Secure Boot disabled or keys cleared | Enable Secure Boot; if keys are empty, set factory defaults for PK/KEK/db |
| Game closes after splash | Driver blocked by untrusted boot chain | Confirm UEFI boot, reinstall Vanguard from the game folder |
| Secure Boot shows “Unsupported” | Drive installed in Legacy/MBR mode | Convert system disk to GPT, switch to UEFI, then enable Secure Boot |
| Secure Boot “On” but errors persist | Old firmware or wrong Secure Boot mode | Update BIOS/UEFI, set Standard/Windows UEFI mode, retry |
Why Secure Boot Matters For Anti-Cheat
Cheats that load before Windows can hide from normal tools. Secure Boot blocks unsigned early-boot loaders and option ROMs, which helps keep the path clean through Windows’ trusted boot stage. Vanguard checks that protection so ranked play isn’t at the mercy of stealth drivers.
Plain-English View Of The Boot Chain
Firmware powers on, verifies signatures, and hands off to a signed Windows bootloader. Windows then runs its trusted boot checks and moves to the desktop. Vanguard ties into that flow near startup so it can spot low-level tampering. If the flow isn’t verifiably clean, it refuses to run.
What You Need On Windows 11
For Windows 11, Riot requires both Secure Boot and TPM 2.0 to be running for Vanguard. If either is off, you’ll see a VAN error and the client exits. Windows 10 users usually only need UEFI mode with Secure Boot for full compatibility, but Windows 11 enforces the TPM piece too.
Enable Secure Boot Step-By-Step
- Open Advanced Startup: Settings > System > Recovery > Advanced startup > Restart now.
- Enter UEFI: Troubleshoot > Advanced options > UEFI Firmware Settings > Restart.
- Find Secure Boot: It may sit under Security, Boot, or Authentication.
- Switch To UEFI Mode: If you see Legacy/CSM, turn it off; keep UEFI only.
- Enable Secure Boot: Pick Enabled. If a Mode is present, select Standard or Windows UEFI.
- Save And Exit: Press the on-screen save key, confirm, then boot back to Windows.
Turn On TPM 2.0 (Windows 11)
In UEFI, look for fTPM (AMD) or PTT (Intel). Enable it, save, and restart. Back in Windows, run tpm.msc to confirm the module is ready. If your hardware lacks TPM 2.0, Windows 11 and Vanguard will stay out of compliance on that device.
Reinstall Or Repair Vanguard
After firmware changes, some players need to repair the anti-cheat to sync with the new boot state. Close the Riot client, open the game folder, run the Vanguard installer (or reinstall through the launcher), then reboot once more.
“what does it mean when vanguard requires secure boot?” In Practice
It means your firmware and Windows must provide a verifiable boot path with signatures that match trusted keys. Once Secure Boot and, on Windows 11, TPM 2.0 are active, Vanguard can attest the system and start. If you still get VAN 9003, your system is likely in Legacy mode, your disk is MBR, or Secure Boot keys were cleared.
Fix MBR/Legacy Without Reinstalling
Many PCs shipped with Legacy mode for older drives. To use Secure Boot, the system disk needs GPT and the firmware must run UEFI. You can convert an existing Windows install using Microsoft’s mbr2gpt tool, then switch firmware to UEFI and enable Secure Boot. Always back up files first.
Where The Requirement Comes From
Secure Boot is an industry standard baked into UEFI. PCs store signed keys that approve trusted bootloaders and drivers. Vendors publish revoked keys when a component is no longer trusted. Windows relies on this chain to keep low-level malware out, and anti-cheat software rides that protection so ranked matches aren’t compromised.
Trusted Boot And Vanguard
After Secure Boot finishes its part, Windows continues with a trusted boot sequence. Vanguard expects that state, and if it can’t confirm it, it refuses to initialize. That’s the design behind the requirement prompt you saw.
You can read Microsoft’s plain description of Secure Boot and Windows’ own overview of enabling Secure Boot on Windows 11. For game-specific errors on Windows 11, Riot’s support page explains why Vanguard pairs Secure Boot with TPM 2.0 and what each VAN code means.
Troubleshooting When Everything Looks “On”
Sometimes Secure Boot shows On, yet the game still throws VAN 9003. That usually points to a mismatch in mode or keys.
Reliable Fixes Players Miss
- Switch Secure Boot Mode: Some boards offer Custom vs Standard. Pick Standard/Windows UEFI.
- Restore Factory Keys: If keys were cleared, load default PK/KEK/db in the Secure Boot menu.
- Update Firmware: Install the newest UEFI release from your board vendor.
- Full Power-Cycle: Shut down, flip the PSU switch (if desktop), wait 30 seconds, then boot.
- Clean Vanguard Reinstall: Uninstall Vanguard, reboot, reinstall from the game folder, reboot.
Windows 11 Extras
Windows 11 needs TPM 2.0 and Secure Boot for Vanguard to pass its attestation checks. If tpm.msc shows the module isn’t ready, head back into UEFI and enable fTPM/PTT, then perform a full restart.
Where To Find Secure Boot In Common UEFI Menus
| Vendor | Menu Path (Typical) | Setting To Enable |
|---|---|---|
| ASUS | Boot > Secure Boot | Secure Boot: Enabled; OS Type: Windows UEFI |
| MSI | Settings > Advanced > Windows OS Configuration | Secure Boot: Enabled; Secure Boot Mode: Standard |
| Gigabyte | BIOS > Secure Boot | Secure Boot: Enabled; Key Management: Install default keys |
| ASRock | Security > Secure Boot | Secure Boot: Enabled; DB/KEK/PK: Load defaults |
| Lenovo (Laptops) | Security > Secure Boot | Secure Boot: Enabled; UEFI Only |
| HP (Laptops) | Security > Secure Boot Configuration | Secure Boot: Enabled; Legacy Support: Disable |
| Dell (Laptops) | Secure Boot > Secure Boot Enable | Secure Boot: Enabled; Load Legacy Option ROM: Off |
Safe Path To A Clean Vanguard Launch
Do This, In Order
- Confirm UEFI boot and Secure Boot On in System Information.
- On Windows 11, confirm TPM 2.0 is Ready in tpm.msc.
- Reboot once after any firmware change, then launch the game.
- If a VAN code appears, match it to the earlier table and apply the listed fix.
- Still blocked? Restore Secure Boot keys, update firmware, and reinstall Vanguard.
“what does it mean when vanguard requires secure boot?” Versus Other Messages
The Secure Boot message points to the trusted boot chain. Messages about virtualization or driver conflicts point elsewhere in the stack. If you only changed GPU drivers or Windows settings and now see VAN 9003, roll back the change or repair Vanguard after confirming Secure Boot stayed enabled.
When Your Hardware Can’t Comply
Some older boards lack Secure Boot or don’t expose the setting. In that case, Vanguard won’t run. If the device is your daily driver and you want to keep playing, the most reliable fix is a board or system that supports UEFI with Secure Boot and, for Windows 11, TPM 2.0 in hardware or firmware.
Final Checklist Before You Queue
- UEFI mode active; Legacy/CSM off
- Secure Boot set to Enabled with Standard/Windows UEFI mode
- Keys loaded to defaults (PK/KEK/db present)
- Windows boots cleanly; System Information shows Secure Boot State: On
- Windows 11 only: TPM 2.0 shows Ready
- Vanguard installed, repaired after changes, and the system rebooted