Skip Ribbon Commands
Skip to main content

Ondrej Sevecek's English Pages


Engineering and troubleshooting by Directory Master!
MCM: Directory

Quick Launch

Ondrej Sevecek's English Pages > Posts > Once again, how to enable Secure Boot in UEFI BIOS configuration
February 05
Once again, how to enable Secure Boot in UEFI BIOS configuration

I have already covered all the steps in a previous article about UEFI Secure Boot configuration and Windows 2016 installation from USB flash drive. Here I will just repeat what are the necessary steps to undertake in the UEFI BIOS in order to have the Secure Boot enabled in Windows 2016 or Windows 10. I have just experienced another motherboard which taught me it once again (it was Gigabyte H170-D3H motherboard with the original F4 and later with F20 and later with F21 BIOS update):

Basic requirements

  •  CSM disabled - the compatibilitu support mode (CSM) must be disabled or it would allow nonUEFI boot media and boot loaders to be started which would effectively make the secure boot a nonsense
  • require Administrator password to enter BIOS - this is another requirement as well. Without having the BIOS configuration password protected, secure boot is again without a logic
  • Windows 8/10 Features setting enabled - you have to enable either the Windows 8/10 or the Windows 8/10 WHQL setting for the Windows 8/10 Features configuration option (you will find it on the BIOS tab). For me, both options worked to boot into the Secure Boot. I was not able to find any documentation about any differences in the two of them. So select whichever you like more :-)
  • Secure Boot enabled - sure you have to change the setting to enabled :-) it is not enable by default
  • Intel TXT - if the option is not present in the BIOS at all, it seems like it is supported automatically. I didn't need to do anything regarding this so called trusted execution technology.

The crucial thing to enable the Secure Boot

You must always Provision Factory Default keys! Even if you have just received your machine from manufacturing, you have to do it yourself. This cannot be done if the Secure Boot Mode is set to Standard. So the crucial technique is to first enable the Customized mode for secure boot, then provision the factory default keys manually and only then switch back to the Standard mode:

  1. switch the Attempt Secure Boot to Enabled
  2. switch the Secure Boot Mode to Customized - it enables the Key Management submenu
  3. go into the Key Management sub menu
  4. switch the Provision Factory Default keys to Enabled
  5. go back up
  6. switch the Secure Boot Mode to Standard

And you are all done.


That's great.

Thanks a lot for this article.
It saved my live.
 on 21/08/2018 08:51

Re: Once again, how to enable Secure Boot in UEFI BIOS configuration

Solution :
Go to BIOS then
change the FAST BOOT to enable and here will see the USB boot.
Change the Storage Boot option to LEGACY, same for Other PCI devices.

SAve and exit
 on 28/02/2020 17:34

Add Comment

Sorry comments are disable due to the constant load of spam *

This simple antispam field seems to work well. Just put here the number.


You do not need to provide any value this column. It will automatically fill with the name of the article itself.

Author *

Body *