F5F Stay Refreshed Software Operating Systems How to activate Secure Boot on an Intel-based Z490-P?

How to activate Secure Boot on an Intel-based Z490-P?

How to activate Secure Boot on an Intel-based Z490-P?

N
Neko___Chan
Junior Member
Find
26
09-18-2021, 03:19 PM
#1
I'm aware that the process should be fairly straightforward, but I've also seen a whole lot of claims that there are other settings that need to be changed to enable Secure Boot, as well as a bold claim that a complete reinstall of Win11 would be required if Secure Boot wasn't enabled during the initial installation/upgrade.
From my understanding, CSM and Fast Boot need to be disabled before enabling Secure Boot. Fast Boot should be a simple change as it appears to be just two settings, "Fast Boot" and an option for "Next Boot after AC Power Loss" — unless there are other settings that need to be changed.
Disabling CSM seems slightly more confusing as there is five total settings there (everything in parentheses is my current settings):
Launch CSM (Enabled)
Boot Device Control (UEFI and Legacy OPROM)
Boot from Network Devices (Legacy only)
Boot from Storage Devices (Legacy only)
Boot from PCI-E/PCI Expansion Devices (Legacy only)
I know that once I disable CSM and Fast Boot, I'll need to reboot the PC before going back into the UEFI to enable Secure Boot. I only saw one setting for that, "OS Type", with the options being "Other OS" and "Windows UEFI mode".
Are there any other settings or steps I need to be aware of? Both of my drives use GPT already, so I don't need to worry about that. I did see a comment about restoring "default key management values" but I'm not sure what that means.
Reply
Reply
N
Neko___Chan
09-18-2021, 03:19 PM #1

I'm aware that the process should be fairly straightforward, but I've also seen a whole lot of claims that there are other settings that need to be changed to enable Secure Boot, as well as a bold claim that a complete reinstall of Win11 would be required if Secure Boot wasn't enabled during the initial installation/upgrade.
From my understanding, CSM and Fast Boot need to be disabled before enabling Secure Boot. Fast Boot should be a simple change as it appears to be just two settings, "Fast Boot" and an option for "Next Boot after AC Power Loss" — unless there are other settings that need to be changed.
Disabling CSM seems slightly more confusing as there is five total settings there (everything in parentheses is my current settings):
Launch CSM (Enabled)
Boot Device Control (UEFI and Legacy OPROM)
Boot from Network Devices (Legacy only)
Boot from Storage Devices (Legacy only)
Boot from PCI-E/PCI Expansion Devices (Legacy only)
I know that once I disable CSM and Fast Boot, I'll need to reboot the PC before going back into the UEFI to enable Secure Boot. I only saw one setting for that, "OS Type", with the options being "Other OS" and "Windows UEFI mode".
Are there any other settings or steps I need to be aware of? Both of my drives use GPT already, so I don't need to worry about that. I did see a comment about restoring "default key management values" but I'm not sure what that means.

Reply
Reply
J
Juan2610
Posting Freak
Find
875
09-19-2021, 11:56 AM
#2
CSM functions identically to Legacy BIOS, must be turned off to enable UEFI mode and its capabilities such as TPM and secure boot.
Reply
Reply
J
Juan2610
09-19-2021, 11:56 AM #2

CSM functions identically to Legacy BIOS, must be turned off to enable UEFI mode and its capabilities such as TPM and secure boot.

Reply
Reply