Skip to main content

Secure Boot Configuration

Use this menu to configure secure boot settings.

Note

Check your UEFI firmware version to decide whether asserting physical presence is required before any changes to security settings.
- UEFI firmware before v2.02
  Asserting physical presence is required.
- UEFI firmware v2.02 and later
  Asserting physical presence is no longer required, all local accounts and some authorized remote accounts can directly change the settings.

Item	Operation	Description
Secure Boot
Physical Presence	Asserted De-asserted	Dynamic information. Display the current Physical Presence status. Physical Presence is a form of authorization to perform certain security functions. [Asserted] means being authorized. Secure Boot Setting and Secure Boot Policy is modifiable when Physical Presence is asserted. De-asserted is the default setting Note When the setting is De-asserted, the whole page is grayed.
Secure Boot Status	Disabled Enabled	Dynamic information. Display the current secure boot status. Disabled is the default setting.
Secure Boot Mode	Setup Mode User Mode	Selectable option. System will do secure boot authentication when “Secure Boot Mode” is [User Mode] and secure boot is enabled. User Mode is the default setting.
Secure Boot Setting	Enable Disable	Selectable option. Enable/Disable secure boot. This setting is modifiable when “Physical Presence” is asserted and cannot be loaded to default in Setup Utility. User Mode is the default setting. Note When you attempt to enable secure boot while CSM is enabled, there is a prompt to tell you. Legacy BIOS will be disabled when secure boot is enabled. When you fail to change secure boot settings, verify physical presence and retry.
Secure Boot Policy	Factory Policy Custom Policy Delete All Keys Delete PK Reset All Keys to Default	Selectable option. This setting is modifiable when "Physical Presence" is asserted and cannot be loaded to default in Setup Utility. [Factory Policy]: Factory default keys will be used after reboot. Factory Policy is the default setting. [Custom Policy]: Customized keys will be used after reboot. [Delete All Keys]: PK, KEK, DB and DBX will be deleted after reboot. [Delete PK]: PK will be deleted after reboot. "Secure Boot Mode" is [Setup Mode] and "Secure Boot Policy" is [Custom Policy] after PK is deleted. [Reset All Keys to Default]: All the keys will be set to factory defaults and "Secure Boot Policy" is [Factory Policy] after reboot.
View Secure Boot Keys		Sub menu. View the details of PK(Platform Key) , KEK (Key Exchange Key) , DB (Authorized Signature Database) and DBX (Forbidden Signature Database).
Secure Boot Custom Policy		Sub menu. Customize PK (Platform Key), KEK (Key Exchange Key), DB (Authorized Signature Database) and DBX (Forbidden Signature Database). This item is available when Secure Boot Policy is set as [Custom Policy].

Give documentation feedback