Question How to enable security boot on Gigabyte Z390 Aorus Xtreme before upgrading to Windows 11?

modeonoff

Honorable
Jul 16, 2017
1,352
11
11,285
Hello, I went to the BIOS but there is no security nor boot tab. It has M.I.T., System, BIOS, Peripherals, Chipset, Power and Save & Exit only.

Also, am I supposed to enable CSM Support and PTT? Both are disabled by default.
I enabled Trusted Computing yesterday already.
 

Colif

Win 11 Master
Moderator

need to make sure your drive is GPT before you swap.

looks at who asked. oh hi
 
  • Like
Reactions: Dark Lord of Tech

Colif

Win 11 Master
Moderator
sorry, im used to seeing Amd Gigabyte boards asking that questions

So do you have the latest BIOS on motherboard? its possible boot tab will show up then as a video for the Z390 Aorus master shows a boot tab

since you have csm off I have to guess the boot drive is GPT. That makes it easier.

Secure boot
If you upgrade from win 10 to 11, no, its not needed
If you clean install win 11 it is probably needed.
 
  • Like
Reactions: modeonoff

Colif

Win 11 Master
Moderator
Intel® Platform Trust Technology (Intel® PTT) - Intel® Platform Trust Technology (Intel® PTT) offers the capabilities of discrete TPM 2.0. Intel PTT is a platform functionality for credential storage and key management used by Windows 8* , Windows® 10 and Windows* 11. Intel PTT supports BitLocker* for hard drive encryption and supports all Microsoft requirements for firmware Trusted Platform Module (fTPM) 2.0.
https://www.intel.com.au/content/www/au/en/support/articles/000007452/intel-nuc.html
Every search for Trusted computing leads to PTT
AFAIK it should be on - https://www.thurrott.com/forums/microsoft/windows/thread/how-to-enable-tpm-on-gigabyte-z390-boards

leave it as is and see how you go.

2nd post down here has your motherboard - https://www.tenforums.com/tutorials/36454-verify-trusted-platform-module-tpm-chip-windows-pc-5.html
 
  • Like
Reactions: modeonoff

modeonoff

Honorable
Jul 16, 2017
1,352
11
11,285
Thanks. There is something wrong. Yesterday things were going well and I expected that Windows 11 would be available today.

Then, I enabled PTT and Secure Boot via disabling CSM. Windows 10 and Health Check said that my system does not satisfy the requirements for Windows 11. Secure boot not supported. I enabled CSM again (PTT and Trusted Computing enabled) and Health Check said my PC satisfies the requirement for the update. Even strange is that after enabling CSM which disables Secure Boot, Health Check said that my PC supports secure boot.
 

Colif

Win 11 Master
Moderator
While the requirement to upgrade a Windows 10 device to Windows 11 is only that the PC be Secure Boot capable by having UEFI/BIOS enabled, you may also consider enabling or turning Secure Boot on for better security.
well, that explains that then
Wonder if that counts for clean installs too.
 
well, that explains that then
Wonder if that counts for clean installs too.
yup it counts

what is needed for win 11 is:
enabled virtualisation
enabled TPM 2.0
secure boot needs to be available, that means bios mode needs to be set as UEFI , boot drive needs to be on GPT
CSM on or off is mainboard specific, basicly if CSM is enabled, storage needs to be in UEFI, that way measured boot will be still running (atleast something, but enough for win11 to pass check)
 
  • Like
Reactions: Colif