[SOLVED] Please help to set up some bios options related secure boot before clean installing windows 10

eziowar

Distinguished
Jun 11, 2015
417
14
18,795
hi, my cpu i5-4670k, gpu - zotac 1050ti mini, mobo- gigabyte z87x-ud3h, bios version F10b, psu corsair cs650m , ram 4x4gb @1600 mhz, MX 500 500gb ssd, WD 1TB sata internal hdd, AHCI,windows10,
i bought that ssd 2 days ago and i'm plaining to clean install my windos 10 on that, i'm gonna use uefi,fgt,csm disabled, secure boot enabled. spent last 2 days just solving several hardware/bios issues and gathering all types of info before installing win10 for precaution and proper bios settings. this is my first ever ssd, so i'm really hyped and became impatient a bit in last couple of days. this is my final needed info about secure boot before i can install my windows. in my bios u can see these are bios features-
View: https://i.imgur.com/qGQnSF6.jpg
u can see at first windows 8 features have 3 options- other os, win8, win8 WHQL. after searching through web i think win8 would be proper otion for that, am i right? now in secure boot View: https://i.imgur.com/GI5IKmY.jpg
here's 2 options - standard and manual. when standard is selected , the "image execution policy " and "key management options " are grayed out . only after selecting manual in "secure boot mood" then i can click "image execution policy "and "key management options " .after selecting "image execution policy " u can see this window comes out View: https://i.imgur.com/MxnGlce.jpg
. there all the 3 rows have deny execute, always execute etc option but first row "internal fv" has only always execute option. what should i select here for all 4 rows? Now when i select "key management options " this window comes out View: https://i.imgur.com/aJAvaQZ.jpg?1
. here should i enable "default key provisioning" and then install all the keys available on that window? please help me out to choosing proper option to enable secure boot. btw should i enable secure boot before windows installation or after? any input is much appreciated.
 
Last edited:
Solution
WHQL would have been the right choice
The Windows 10 WHQL Setting in the BIOS:

  1. Checks for signed drivers during the boot process
  2. Lets you enable UEFI support.
Before we talk about the setting, let’s get to know a bit about WHQL. It stands for Windows Hardware Quality Labs. The program certifies that the drivers are compatible with Windows version, and is also applicable to hardware.

So what is this setting doing in the BIOS? There are two possible explanations.

1] Check for signed drivers during boot

The first possible explanation is it is to check for hardware drivers compatibility. When you enable this in BIOS, the computer will run a full test during boot, and if it finds drivers which are not...
WHQL would have been the right choice
The Windows 10 WHQL Setting in the BIOS:

  1. Checks for signed drivers during the boot process
  2. Lets you enable UEFI support.
Before we talk about the setting, let’s get to know a bit about WHQL. It stands for Windows Hardware Quality Labs. The program certifies that the drivers are compatible with Windows version, and is also applicable to hardware.

So what is this setting doing in the BIOS? There are two possible explanations.

1] Check for signed drivers during boot

The first possible explanation is it is to check for hardware drivers compatibility. When you enable this in BIOS, the computer will run a full test during boot, and if it finds drivers which are not entirely signed, then it will halt the boot process. The BIOS can’t interact with the boot process of an operating system. The UEFI (Universal Extensible Firmware Interface) can do this, and that’s why it can check if all drivers are WHQL certified. It does by examining the drivers listed in the registry and compiling hardware database.

It is best for consumers not to use this option because it is possible that they might have such drivers. If you have accidentally enabled it, get back to BIOS settings, and choose something else or use default settings.

2] Enable Full UEFI Support

The second possibility is that this or any similar option enables full UEFI Support.
https://www.quora.com/What-is-Windows-10-s-WHQL-setting-on-the-BIOS

As for secure boot, I would have left that as standard. They are greyed out as they are preset. Selecting manual lets you edit the values... its for people who know what they want to change. If you not sure, use Standard.

As for enabling before install, I would once you ready to put win 10 on ssd, and when you go to install win 10, use the Boot override menu on the Save & exit screen in BIOS to choose the USB as boot device just that once. See page 62 - https://download.gigabyte.com/FileList/Manual/mb_manual_ga-z87x-ud3h_e.pdf - put ssd as 1st item in boot order

Only have ssd in PC when you install on it. its less messy that way.
 
Last edited:
Solution
WHQL would have been the right choice

https://www.quora.com/What-is-Windows-10-s-WHQL-setting-on-the-BIOS

As for secure boot, I would have left that as standard. They are greyed out as they are preset. Selecting manual lets you edit the values... its for people who know what they want to change. If you not sure, use Standard.

As for enabling before install, I would once you ready to put win 10 on ssd, and when you go to install win 10, use the Boot override menu on the Save & exit screen in BIOS to choose the USB as boot device just that once. See page 62 - https://download.gigabyte.com/FileList/Manual/mb_manual_ga-z87x-ud3h_e.pdf - put ssd as 1st item in boot order

Only have ssd in PC when you install on it. its less messy that way.
thank you for replying, now that i have already installed windows 10 without whql , is it ok if i now choice whql in bios? ando also keeping "standard" secure boot did not enabled, i had to select manual and then install default keys to enable secure boot