Question How to enable Secure Boot for an Intel-based Z490-P ?

Toggle sidebar Toggle sidebar
Orbit Storm

Orbit Storm

Distinguished
Dec 24, 2014
145
1
18,695
I'm aware that the process should be fairly straightforward, but I've also seen a whole lot of claims that there are other settings that need to be changed to enable Secure Boot, as well as a bold claim that a complete reinstall of Win11 would be required if Secure Boot wasn't enabled during the initial installation/upgrade.

From my understanding, CSM and Fast Boot need to be disabled before enabling Secure Boot. Fast Boot should be a simple change as it appears to be just two settings, "Fast Boot" and an option for "Next Boot after AC Power Loss" — unless there are other settings that need to be changed.

Disabling CSM seems slightly more confusing as there is five total settings there (everything in parentheses is my current settings):
  • Launch CSM (Enabled)
  • Boot Device Control (UEFI and Legacy OPROM)
  • Boot from Network Devices (Legacy only)
  • Boot from Storage Devices (Legacy only)
  • Boot from PCI-E/PCI Expansion Devices (Legacy only)
I know that once I disable CSM and Fast Boot, I'll need to reboot the PC before going back into the UEFI to enable Secure Boot. I only saw one setting for that, "OS Type", with the options being "Other OS" and "Windows UEFI mode".

Are there any other settings or steps I need to be aware of? Both of my drives use GPT already, so I don't need to worry about that. I did see a comment about restoring "default key management values" but I'm not sure what that means.
 
Orbit Storm said:
I'm aware that the process should be fairly straightforward, but I've also seen a whole lot of claims that there are other settings that need to be changed to enable Secure Boot, as well as a bold claim that a complete reinstall of Win11 would be required if Secure Boot wasn't enabled during the initial installation/upgrade.

From my understanding, CSM and Fast Boot need to be disabled before enabling Secure Boot. Fast Boot should be a simple change as it appears to be just two settings, "Fast Boot" and an option for "Next Boot after AC Power Loss" — unless there are other settings that need to be changed.

Disabling CSM seems slightly more confusing as there is five total settings there (everything in parentheses is my current settings):
  • Launch CSM (Enabled)
  • Boot Device Control (UEFI and Legacy OPROM)
  • Boot from Network Devices (Legacy only)
  • Boot from Storage Devices (Legacy only)
  • Boot from PCI-E/PCI Expansion Devices (Legacy only)
I know that once I disable CSM and Fast Boot, I'll need to reboot the PC before going back into the UEFI to enable Secure Boot. I only saw one setting for that, "OS Type", with the options being "Other OS" and "Windows UEFI mode".

Are there any other settings or steps I need to be aware of? Both of my drives use GPT already, so I don't need to worry about that. I did see a comment about restoring "default key management values" but I'm not sure what that means.
Click to expand...
CSM is same as Legacy BIOS, needs to be disabled to use UEFI mode and it's features like TPM and secure BOOT.
 
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom