Asus Motherboard Specific Guide

This guide is written specifically for NZXT Gaming PCs using Asus branded motherboards. Screenshots were captured on the ASUS PRIME X870-P WIFI motherboard.

Secure Boot is a vital feature found on many motherboards that is necessary for newer operating systems, software, and features such as Secure Drive Encryption using tools such as BitLocker.  A common reason Secure Boot will need to be enabled for Gaming PCs in particular is as a requirement for anti-cheat used in various games such as Valorant, EA Sports FC, Battlefield 6, etc.  If you attempt to run these games without Secure Boot enabled, the game may refuse to launch or will provide an error popup.

Preparing for Secure Boot

To adjust the Secure Boot settings you will need to reboot your PC into the UEFI.  This can be done by rebooting your PC and pressing the Delete key at the Asus splash screen as shown below:

Once in the UEFI, make sure that you are in Advanced Mode by checking the top-left of the screen.  If it shows EZ Mode or Easy Mode you will need to switch to Advanced Mode either by pressing F7 or clicking the link in the bottom-right of the screen.

In order to enable Secure Boot, there are two key settings that must be confirmed:

• Compatibility Support Module (CSM) is Disabled.
• Trusted Platform Module (TPM) is Enabled.

Compatibility Support Module

In order to enable Secure Boot and the Trusted Platform Module, the Compatibility Support Module (CSM) must be set to Disabled.  This setting normally will block the use of Secure Boot, however if both settings are enabled it will prevent the PC from properly starting.

To disable CSM, open the Boot tab and select CSM (Compatibility Support Module), then make sure that Launch CSM is set to Disabled.

If this option was changed from Enabled to Disabled, click the Exit tab and choose Save Changes & Reset to restart the PC and then re-enter the UEFI.

Trusted Platform Module

For all supported NZXT Gaming PCs, we will use the Firmware TPM built-in to the motherboard.  These settings can be found in the Advanced tab and may be listed as either AMD fTPM configuration (for AMD-based systems) or as PTT (for Intel-based systems).If

The Selects TPM device setting should be set to Enable Firmware TPM

To confirm that the setting is active, select Trusted Computing in the Advanced tab and ensure that it states TPM 2.0 Device Found and shows Security Device Support as Enabled.

With the Trusted Platform Module enabled, we are ready to enable Secure Boot.

Enabling Secure Boot

To enable Secure Boot, click the Boot tab and select the Secure Boot option.

In the Secure Boot settings, Secure Boot state should show User with OS Type set to Windows UEFI mode.  From here you can select the Exit tab and choose Save Changes & Reset to reboot into Windows.  If the Secure Boot state instead says Setup, this means that Secure Boot is not enabled or that Secure Boot keys are not properly set up.  To fix this change Secure Boot Mode to Custom and select Key Management.

In the Key Management options, the lower section of the settings should show various Secure Boot variables including the Platform Key (PK) and various other information.  For this situation, it will likely show 0/0/No Keys.

Select Install Default Secure Boot Keys, then when prompted to Install factory defaults click Yes.

To complete the process, click the Exit tab and choose Save Changes & Reset to restart the PC.

Checking Secure Boot in Windows

The best way to check if Secure Boot is properly enabled is either to launch a program with the Secure Boot requirement or to check the System Information app.  You can open the System Information app by pressing the Windows Key + R on your keyboard to open the Run box, then type in msinfo32 and press Enter.

In the System Information app, look for Secure Boot State which should appear as On.