Ora

How to Enable Secure Boot on Gigabyte?

Published in Gigabyte Secure Boot 5 mins read

Enabling Secure Boot on your Gigabyte motherboard is a crucial step for enhancing system security and is often a prerequisite for upgrading to or installing Windows 11. This process involves navigating your UEFI BIOS settings to configure your system for a more secure boot environment.

What is Secure Boot?

Secure Boot is a security feature within the UEFI (Unified Extensible Firmware Interface) standard that prevents malicious software from loading during the system startup process. It works by ensuring that only software with a valid digital signature (trusted by the PC manufacturer) can execute. This includes bootloaders, drivers, and the operating system itself, helping to protect your system from rootkits and other low-level malware.

Steps to Enable Secure Boot on Gigabyte Motherboards

Follow these detailed instructions to enable Secure Boot on your Gigabyte system. The exact menu names might vary slightly depending on your motherboard model and BIOS version, but the general steps remain consistent.

1. Accessing Your System's BIOS/UEFI

The first step is to enter your motherboard's BIOS/UEFI utility.

  • Restart your PC.
  • As your computer boots up and the Gigabyte logo appears, repeatedly press the DEL key on your keyboard. While F2 is also common for some brands, DEL is the primary key for accessing BIOS settings on most Gigabyte motherboards.

2. Disabling Compatibility Support Module (CSM)

Secure Boot operates in UEFI mode, which means the Compatibility Support Module (CSM) must be disabled. CSM is designed to allow older, non-UEFI compatible hardware and operating systems to boot.

  1. Once you are in the BIOS, navigate to the "Boot" or "BIOS" tab.
  2. Locate the option labeled "CSM Support" or simply "CSM".
  3. Set this option to "Disabled".

3. Setting OS Type/Windows Features

Next, you need to configure your system for UEFI mode, specifically for Windows.

  1. Within the "Boot" or "BIOS" tab, find an option such as "Windows 8/10 Features" or "OS Type".
  2. Change this setting to "Windows 8/10 WHQL" or "UEFI Mode". This setting is often required to make the Secure Boot option available or enabled.

4. Enabling Secure Boot

With CSM disabled and the correct OS type selected, you can now enable Secure Boot.

  1. Navigate to the "Boot", "Security", or "BIOS Features" tab.
  2. Find the "Secure Boot" option. It might initially appear greyed out or show as "Disabled."
  3. Set "Secure Boot Mode" to "Standard".
  4. Then, change the main "Secure Boot" option itself to "Enabled".
  5. If you see options like "Install Default Secure Boot Keys" or "Load PK/KEK/db," proceed to install the default keys. This step is vital for Secure Boot to function correctly with trusted certificates.

5. Saving Changes and Re-entering BIOS (If Needed)

After applying these changes, it is crucial to save them. Sometimes, a system reboot is required for certain Secure Boot options to become fully active or accessible.

  1. Go to the "Save & Exit" tab in the BIOS.
  2. Select "Save & Exit Setup" or "Save Changes and Reset". Your PC will restart.
  3. Once your PC restarts and the Gigabyte motherboard logo appears again, repeatedly press the BIOS key (typically DEL) to enter the BIOS once more. This step allows you to confirm the Secure Boot status or to finalize key installations if they weren't fully processed on the first pass.
  4. Re-navigate to the "Secure Boot" section to verify that it is now "Enabled" and that the keys are loaded (often indicated by an "Active" or similar status).

6. Final Save and Exit

Once you have confirmed that Secure Boot is enabled and all necessary keys are installed, save your final settings.

  1. Go to the "Save & Exit" tab.
  2. Select "Save & Exit Setup".

Your PC will now boot with Secure Boot enabled, meeting the security requirements for modern operating systems.

Quick Reference Table for Gigabyte BIOS Settings

Setting Category Option Name (Common) Recommended Setting Description
Boot / BIOS CSM Support Disabled Ensures the system operates in UEFI mode.
Boot / BIOS Windows 8/10 Features / OS Type Windows 8/10 WHQL / UEFI Configures the BIOS for UEFI-specific Windows boot.
Boot / Security Secure Boot Mode Standard Defines how Secure Boot manages authentication keys.
Boot / Security Secure Boot Enabled Activates the Secure Boot feature itself.
Boot / Security Install Default Secure Boot Keys Execute / Yes (if available) Loads the manufacturer's default digital signatures.

Troubleshooting Tips

  • Greyed-Out Options: If Secure Boot options are greyed out, ensure CSM is disabled and the OS Type is correctly set to "Windows 8/10 WHQL" or "UEFI Mode" first.
  • Boot Drive Issues: Secure Boot requires your operating system drive to be formatted with a GPT (GUID Partition Table) partition style. If your Windows installation is on an MBR (Master Boot Record) drive, your system may fail to boot. You might need to convert your drive using tools like MBR2GPT.
  • Clear CMOS: For persistent issues, clearing your CMOS (Complementary Metal-Oxide-Oxide Semiconductor) can reset your BIOS settings to default, allowing you to re-attempt the configuration. Consult your motherboard manual for the specific method to clear CMOS.

Verifying Secure Boot Status in Windows

You can easily check if Secure Boot is enabled from within your Windows operating system:

  1. Press the Win + R keys to open the Run dialog.
  2. Type msinfo32 and press Enter.
  3. In the System Information window that appears, look for the entry "Secure Boot State." It should display "On."
← Previous Article
What Does 'She Is My Twin' Mean?
Next Article →
How Did Cotton Become King in the South?