Question How to enable security boot on Gigabyte Z390 Aorus Xtreme before upgrading to Windows 11?

modeonoff

Honorable
Jul 16, 2017
1,290
8
11,285
0
Hello, I went to the BIOS but there is no security nor boot tab. It has M.I.T., System, BIOS, Peripherals, Chipset, Power and Save & Exit only.

Also, am I supposed to enable CSM Support and PTT? Both are disabled by default.
I enabled Trusted Computing yesterday already.
 

Colif

Win 11 Master
Moderator
Jun 12, 2015
61,161
5,187
166,290
10,454

need to make sure your drive is GPT before you swap.

looks at who asked. oh hi
 
Reactions: Dark Lord of Tech

Colif

Win 11 Master
Moderator
Jun 12, 2015
61,161
5,187
166,290
10,454
sorry, im used to seeing Amd Gigabyte boards asking that questions

So do you have the latest BIOS on motherboard? its possible boot tab will show up then as a video for the Z390 Aorus master shows a boot tab

since you have csm off I have to guess the boot drive is GPT. That makes it easier.

Secure boot
If you upgrade from win 10 to 11, no, its not needed
If you clean install win 11 it is probably needed.
 
Reactions: modeonoff

modeonoff

Honorable
Jul 16, 2017
1,290
8
11,285
0
Yesterday I enabled Trusted Computing and the status of the update changed from PC not satisfying the requirements to now eligible to update to Windows 11. So, I also need to turn on PTT?
 

Colif

Win 11 Master
Moderator
Jun 12, 2015
61,161
5,187
166,290
10,454
Intel® Platform Trust Technology (Intel® PTT) - Intel® Platform Trust Technology (Intel® PTT) offers the capabilities of discrete TPM 2.0. Intel PTT is a platform functionality for credential storage and key management used by Windows 8* , Windows® 10 and Windows* 11. Intel PTT supports BitLocker* for hard drive encryption and supports all Microsoft requirements for firmware Trusted Platform Module (fTPM) 2.0.
https://www.intel.com.au/content/www/au/en/support/articles/000007452/intel-nuc.html
Every search for Trusted computing leads to PTT
AFAIK it should be on - https://www.thurrott.com/forums/microsoft/windows/thread/how-to-enable-tpm-on-gigabyte-z390-boards

leave it as is and see how you go.

2nd post down here has your motherboard - https://www.tenforums.com/tutorials/36454-verify-trusted-platform-module-tpm-chip-windows-pc-5.html
 
Reactions: modeonoff

modeonoff

Honorable
Jul 16, 2017
1,290
8
11,285
0
Thanks. There is something wrong. Yesterday things were going well and I expected that Windows 11 would be available today.

Then, I enabled PTT and Secure Boot via disabling CSM. Windows 10 and Health Check said that my system does not satisfy the requirements for Windows 11. Secure boot not supported. I enabled CSM again (PTT and Trusted Computing enabled) and Health Check said my PC satisfies the requirement for the update. Even strange is that after enabling CSM which disables Secure Boot, Health Check said that my PC supports secure boot.
 

Colif

Win 11 Master
Moderator
Jun 12, 2015
61,161
5,187
166,290
10,454
While the requirement to upgrade a Windows 10 device to Windows 11 is only that the PC be Secure Boot capable by having UEFI/BIOS enabled, you may also consider enabling or turning Secure Boot on for better security.
well, that explains that then
Wonder if that counts for clean installs too.
 
well, that explains that then
Wonder if that counts for clean installs too.
yup it counts

what is needed for win 11 is:
enabled virtualisation
enabled TPM 2.0
secure boot needs to be available, that means bios mode needs to be set as UEFI , boot drive needs to be on GPT
CSM on or off is mainboard specific, basicly if CSM is enabled, storage needs to be in UEFI, that way measured boot will be still running (atleast something, but enough for win11 to pass check)
 
Reactions: Colif

ASK THE COMMUNITY