| Asus Motherboard Specific Guide |
|
This guide is written specifically for NZXT Gaming PCs using Asus branded motherboards. Screenshots were captured on the ASUS PRIME X870-P WIFI motherboard. |
Secure Boot is a vital feature found on many motherboards that is necessary for newer operating systems, software, and features such as Secure Drive Encryption using tools such as BitLocker. A common reason Secure Boot will need to be enabled for Gaming PCs in particular is as a requirement for anti-cheat used in various games such as Valorant, EA Sports FC, Battlefield 6, etc. If you attempt to run these games without Secure Boot enabled, the game may refuse to launch or will provide an error popup.
| Before Starting - Updating your Motherboard UEFI |
|
Before continuing through this guide, it is highly recommended to make sure that your system's UEFI (also known as the BIOS) is up-to-date. For more information on updating your UEFI, please check the guide linked below: |
Preparing for Secure Boot
To adjust the Secure Boot settings you will need to reboot your PC into the UEFI. This can be done by rebooting your PC and pressing the Delete key at the Asus splash screen as shown below:
Once in the UEFI, make sure that you are in Advanced Mode by checking the top-left of the screen. If it shows EZ Mode or Easy Mode you will need to switch to Advanced Mode either by pressing F7 or clicking the link in the bottom-right of the screen.
In order to enable Secure Boot, there are two key settings that must be confirmed:
- Compatibility Support Module (CSM) is Disabled.
- Trusted Platform Module (TPM) is Enabled.
Compatibility Support Module
In order to enable Secure Boot and the Trusted Platform Module, the Compatibility Support Module (CSM) must be set to Disabled. This setting normally will block the use of Secure Boot, however if both settings are enabled it will prevent the PC from properly starting.
| What is Compatibility Support Module (CSM)? |
| The Compatibility Support Module (CSM) is a setting that allows modern UEFI to support older Legacy operating systems. This setting is generally unused with most gaming PCs, and is only necessary for older operating systems that do not support newer UEFI based systems normally. |
To disable CSM, open the Boot tab and select CSM (Compatibility Support Module), then make sure that Launch CSM is set to Disabled.
If this option was changed from Enabled to Disabled, click the Exit tab and choose Save Changes & Reset to restart the PC and then re-enter the UEFI.
Trusted Platform Module
For all supported NZXT Gaming PCs, we will use the Firmware TPM built-in to the motherboard. These settings can be found in the Advanced tab and may be listed as either AMD fTPM configuration (for AMD-based systems) or as PTT (for Intel-based systems).If
The Selects TPM device setting should be set to Enable Firmware TPM
| Where are PTT/Platform Trust Technology settings? |
| The exact location of the Platform Trust Technology (PTT) settings may vary depending on your motherboard. Some boards may immediately expose it under PCH-FW Configuration while other motherboards may have a secondary PTT Configuration menu in the PCH-FW Configuration settings. |
To confirm that the setting is active, select Trusted Computing in the Advanced tab and ensure that it states TPM 2.0 Device Found and shows Security Device Support as Enabled.
With the Trusted Platform Module enabled, we are ready to enable Secure Boot.
Enabling Secure Boot
To enable Secure Boot, click the Boot tab and select the Secure Boot option.
In the Secure Boot settings, Secure Boot state should show User with OS Type set to Windows UEFI mode. From here you can select the Exit tab and choose Save Changes & Reset to reboot into Windows. If the Secure Boot state instead says Setup, this means that Secure Boot is not enabled or that Secure Boot keys are not properly set up. To fix this change Secure Boot Mode to Custom and select Key Management.
In the Key Management options, the lower section of the settings should show various Secure Boot variables including the Platform Key (PK) and various other information. For this situation, it will likely show 0/0/No Keys.
Select Install Default Secure Boot Keys, then when prompted to Install factory defaults click Yes.
To complete the process, click the Exit tab and choose Save Changes & Reset to restart the PC.
Checking Secure Boot in Windows
The best way to check if Secure Boot is properly enabled is either to launch a program with the Secure Boot requirement or to check the System Information app. You can open the System Information app by pressing the Windows Key + R on your keyboard to open the Run box, then type in msinfo32 and press Enter.
In the System Information app, look for Secure Boot State which should appear as On.