Skip to main content

Secure Boot Configuration

Item

Options

Description

Physical Presence
  • Asserted

  • De-asserted

View the current Physical Presence status. Physical Presence is a form of authorization to perform certain security functions. Asserted means being authorized.

When Physical Presence is asserted, Secure Boot Setting and Secure Boot Policy will be modifiable.

When Physical Presence is De-asserted, the whole page will be grayed.

Secure Boot Status
  • Disabled

  • Enabled

View the current secure boot status.

Secure Boot Mode
  • Setup Mode

  • User Mode

When this item is in User Mode, and Secure Boot is enabled, the system will do secure boot authentication.

Secure Boot Setting
  • Enable

  • Disable (Default)

Enable/Disable Secure Boot. This setting is modifiable when Physical Presence is asserted and cannot be loaded to default in Setup Utility.

Note
Message boxWhat it means
WARNING: Legacy BIOS will be disabled when secure boot is enabled.
You attempt to enable secure boot while CSM is also enabled
Please verify physical presence and retry.
The change is failed. Please double-check.
Secure Boot Policy
  • Factory Policy (Default)

  • Custom Policy

  • Delete All Keys

  • Delete PK

  • Reset All Keys to Default

This item is modifiable when Physical Presence is asserted and cannot be loaded to default in Setup Utility.

  • Factory Policy: Factory default keys will be used after reboot.

  • Custom Policy: Customized keys will be used after reboot.

  • Delete All Keys: PK, KEK, DB and DBX will be deleted after reboot.

  • Delete PK: PK will be deleted after reboot. After the PK is deleted, Secure Boot Mode will be in Setup Mode, and Secure Boot Policy will be Custom Policy.

  • Reset All Keys to Default: all the keys will be set to factory default and Secure Boot Policy will be Factory Policy after reboot.

Note
Message boxWhat it means
Please verify physical presence and retry.
The change is failed. Please double-check.
View Secure Boot Keys 
View the details of:
  • PK (Platform Key)

  • KEK (Key Exchange Key)

  • DB (Authorized Signature Database)

  • DBX (Forbidden Signature Database)

Secure Boot Custom Policy 

Customize PK, KEK, DB or DBX.