| Secure Boot Status | | Display the current secure boot status. |
| Secure Boot Mode | | System performs secure boot authentication when this item is set to [User Mode] and secure boot is enabled. |
| Secure Boot Setting | Enabled Disabled (Default)
| Enable or disable Secure Boot. A mode change requires a system reboot. The Secure Boot feature is Active only when Secure Boot is enabled, Platform Key (PK) is enrolled, and the system is in [User Mode] (Secure Boot Mode). |
| Secure Boot Policy | Factory Policy (Default) Custom Policy Delete All Keys Delete PK
| Secure Boot policy options: [Factory Policy]: Factory default keys will be used after reboot. When this option is selected, customized keys will be deleted. [Custom Policy]: Customized keys will be used after reboot. When this option is selected, you can enter the Secure Boot Custom Policy page to do key customization, for example, add/delete a specific key or enroll a UEFI image. [Delete All Keys]: Platform Key (PK), Key Exchange Key (KEK), Authorized Signature Database (DB), and Forbidden Signature Database (DBX) will be deleted after reboot. After all keys are deleted, Secure Boot Mode will be [Setup Mode] and Secure Boot Policy will be [Custom Policy]. [Delete PK]: PK will be deleted after reboot. After the PK is deleted, Secure Boot Mode will be [Setup Mode] and Secure Boot Policy will be [Custom Policy]. [Reset All Keys to Default]: All keys will be set to factory defaults and Secure Boot Policy will be set to [Factory Policy] after reboot.
The options cannot be loaded to default in the Setup Utility. |
| View Secure Boot Keys | N/A | View the details of the PK, KEK, DB, and DBX. |
| Secure Boot Custom Policy | N/A | Customize the PK, KEK, DB, and DBX. This menu is configurable only when Secure Boot Policy is set to [Custom Policy]. |