Secure Boot Configuration

Display the current secure boot status.

System performs secure boot authentication when this item is set to [User Mode] and secure boot is enabled.

Enable or disable Secure Boot. A mode change requires a system reboot.

The Secure Boot feature is Active only when Secure Boot is enabled, Platform Key (PK) is enrolled, and the system is in [User Mode] (Secure Boot Mode).

Secure Boot policy options:

• [Factory Policy]: Factory default keys will be used after reboot. When this option is selected, customized keys will be deleted.

• [Custom Policy]: Customized keys will be used after reboot. When this option is selected, you can enter the Secure Boot Custom Policy page to do key customization, for example, add/delete a specific key or enroll a UEFI image.

• [Delete All Keys]: Platform Key (PK), Key Exchange Key (KEK), Authorized Signature Database (DB), and Forbidden Signature Database (DBX) will be deleted after reboot. After all keys are deleted, Secure Boot Mode will be [Setup Mode] and Secure Boot Policy will be [Custom Policy].

• [Delete PK]: PK will be deleted after reboot. After the PK is deleted, Secure Boot Mode will be [Setup Mode] and Secure Boot Policy will be [Custom Policy].

• [Reset All Keys to Default]: All keys will be set to factory defaults and Secure Boot Policy will be set to [Factory Policy] after reboot.

View the details of the PK, KEK, DB, and DBX.