How to enable secure boot mode?

[alyandrewsuk]

I tried going into my bios to enable secure boot mode but it said "Warning: CSM is Loaded! Disable the CSM in Setup, repeat operation after Reboot to ensure UEFI Video (GOP) driver is operational". I see no option to disable CSM? my motherboard is a MSI B350 Pc Mate

 

[gingerrankin]

First of all keep in mind that moving from CSM to UEFI can almost certainly mean that you should reformat your disks and reinstall windows 10. Do it only if you are totally sure of what you want to do and have good reasons to do so.

In the "BOOT" section there is the option Boot Mode Select [LEGACY + UEFI:]
"Sets the system boot mode from legacy or UEFI architecture depending on OS
installation requirement. This item will become un-selectable and will be configured
automatically by BIOS when Windows 10 WHQL Support is enabled.
[UEFI] Enables UEFI BIOS boot mode support only.
[LEGACY + UEFI] Enables both Legacy BIOS boot mode and UEFI BIOS boot
mode. "



Can I ask you why you want to switch to "secure mode"?

 

[alyandrewsuk]

From what I’ve read online, my disks are already in the correct format for UEFI. I installed Windows 10 in UEFI settings which shows in my system info. My boot mode is set to UEFI so I have no idea what CSM it is referring to? Under the section “Internal GOP configuration” it says ‘unknown device’ and ‘unknown’ driver, is there a reason for this? My bios is up to date and so is my gpu.

The only reason I want to enable secure boot is because under device security in windows 10, it says “standard hardware security not supported” because I haven’t enable secure boot (because I can’t). It’s just bugging me

 

[gingerrankin]

Sorry
Compatibility Support Module is (CSM) and it provides legacy BIOS = "LEGACY + UEFI".

If you want disable CSM you must choose UEFI instead of "LEGACY+UEFI"

 

[Karadjgne]

I'd leave well enough alone. Secure boot/CSM has introduced more issues with Windows 10 and lack of driver support than anything else. With CSM enabled and legacy options available, you have the best of all worlds, you can use older stuff, older software or newer and still be supported. Switching to uefi only and secure boot throws all that support out the window, so if you do have an older card, or use 16bit drivers or have a need to run anything not upgraded and certified for Win10 Creators Edition or newer use, you'll have issues.
https://www.techrepublic.com/article/microsofts-new-hardwarefirmware-security-standards-promise-highly-secure-windows-10-devices/

You'll also need to have the entire list of other stuff too, miss just 1 and you'll still get that warning whether secure boot is enabled or not. It's all a decision by Microsoft saying that to have a secure pc you need this, which means dumping any older games, tossing any older software or hardware that doesn't meet some pencil pushers recommended settings.

Of course if you have questionable surfing habits or frequent the tabloid news sites or celebrity must see sites etc, then no amount of 'secure boot', TPM, 8Gb of ram necessity will mean you 'still' have a secure pc.

 

[alyandrewsuk]

Sorry
Compatibility Support Module is (CSM) and it provides legacy BIOS = "LEGACY + UEFI".

If you want disable CSM you must choose UEFI instead of "LEGACY+UEFI"

Hi, i have already chosen UEFI instead of "LEGACY+UEFI" which is why I'm confused as to why it still tells me to disable it
:/

 

[alyandrewsuk]

I'd leave well enough alone. Secure boot/CSM has introduced more issues with Windows 10 and lack of driver support than anything else. With CSM enabled and legacy options available, you have the best of all worlds, you can use older stuff, older software or newer and still be supported. Switching to uefi only and secure boot throws all that support out the window, so if you do have an older card, or use 16bit drivers or have a need to run anything not upgraded and certified for Win10 Creators Edition or newer use, you'll have issues.
https://www.techrepublic.com/article/microsofts-new-hardwarefirmware-security-standards-promise-highly-secure-windows-10-devices/

You'll also need to have the entire list of other stuff too, miss just 1 and you'll still get that warning whether secure boot is enabled or not. It's all a decision by Microsoft saying that to have a secure pc you need this, which means dumping any older games, tossing any older software or hardware that doesn't meet some pencil pushers recommended settings.

Of course if you have questionable surfing habits or frequent the tabloid news sites or celebrity must see sites etc, then no amount of 'secure boot', TPM, 8Gb of ram necessity will mean you 'still' have a secure pc.

I have a Gt 710 which is an older card but is compatible with UEFI so that shouldn't be a problem. I switched my boot mode to UEFI only when I set up my pc a few days ago so I'm confused as to why it still tells me CSM is enabled. Thanks for the info on the list of requirements! I meet all the hardware requirements apart from 'Platform boot verification' which is why i was intrigued as to why it wont work. I guess I'll just leave it as it is for now then. Do you know why my GPU is not recognised in my BIOS under 'Internal GOP Configuration' by any chance?

 

[alyandrewsuk]

Just to let everyone know I have now solved this issue, finally! All i had to do was enable all factory keys, restart and enter bios and then CSM disabled itself after I restarted. My GPU is also now recognised under 'Internal GOP Configuration'. Many thanks for the help guys!

 

[Karadjgne]

Glad it worked out.

 

[gingerrankin]

Enjoy it!