| ASRock Motherboard Specific Guide |
|
This guide is written specifically for NZXT Gaming PCs using Asus branded motherboards. Screenshots were captured on the ASRock B650E PG Riptide WiFi motherboard. |
Secure Boot is a vital feature found on many motherboards that is necessary for newer operating systems, software, and features such as Secure Drive Encryption using tools such as BitLocker. A common reason Secure Boot will need to be enabled for Gaming PCs in particular is as a requirement for anti-cheat used in various games such as Valorant, EA Sports FC, Battlefield 6, etc. If you attempt to run these games without Secure Boot enabled, the game may refuse to launch or will provide an error popup.
| Before Starting - Updating your Motherboard UEFI |
|
Before continuing through this guide, it is highly recommended to make sure that your system's UEFI (also known as the BIOS) is up-to-date. For more information on updating your UEFI, please check the guide linked below: |
Preparing for Secure Boot
To adjust the Secure Boot settings you will need to reboot your PC into the UEFI. This can be done by rebooting your PC and pressing the Delete key at the ASRock splash screen as shown below:
Once in the UEFI, make sure that you are in Advanced Mode by checking the top-right of the screen.
- If the button says Advanced Mode (F6), click the button or press F6 on your keyboard to switch modes.
- If the button says Easy Mode (F6), you are already in Advanced Mode and ready to go.
In order to enable Secure Boot, there are two key settings that must be confirmed:
- Compatibility Support Module (CSM) is Disabled.
- Trusted Platform Module (TPM) is Enabled.
Compatibility Support Module
In order to enable Secure Boot and the Trusted Platform Module, the Compatibility Support Module (CSM) must be set to Disabled. This setting normally will block the use of Secure Boot, however if both settings are enabled it will prevent the PC from properly starting.
| What is Compatibility Support Module (CSM)? |
| The Compatibility Support Module (CSM) is a setting that allows modern UEFI to support older Legacy operating systems. This setting is generally unused with most gaming PCs, and is only necessary for older operating systems that do not support newer UEFI based systems normally. |
To disable CSM, open the Boot tab and make sure that CSM is set to Disabled.
If this option was changed from Enabled to Disabled, click the Exit tab and choose Save Changes and Exit to restart the PC and then re-enter the UEFI.
Trusted Platform Module
For all supported NZXT Gaming PCs, we will use the Firmware TPM built-in to the motherboard. The location of this setting will vary depending on the type of motherboard that you have:
AMD Motherboards
To enable the Trusted Platform Module on an AMD Motherboard, open the Advanced tab and select CPU Configuration.
In CPU Configuration, select AMD fTPM switch and make sure that it is set to AMD CPU fTPM.
Intel Motherboards
To enable the Trusted Platform Module on an Intel Motherboard open the Security tab, then select Intel(R) Platform Trust Technology and make sure that it is set to Enabled.
Image captured from the ASRock Z790 LiveMixer
Confirming Trusted Platform Module is Active
To confirm the Trusted Platform Module is active, open the Advanced tab and select Trusted Computing.
If properly enabled, TPM 2.0 Device Found will be visible at the top of this screen and Security Device Support can be set to Enabled.
With the Trusted Platform Module enabled, we are ready to enable Secure Boot.
Enabling Secure Boot
To enable Secure Boot, click the Boot tab and select Secure Boot.
In the Secure Boot settings, make sure that Secure Boot is set to Enabled and shows Active. If you have changed the setting to Enabled and it shows Not Active, select the Exit tab and choose Save Changes and Exit to reboot the PC and re-open the UEFI. This should update the status to Active.
If you get an error that states Secure Boot can be enabled when System in User Mode. Repeat operation after enrolling Platform Key(PK) or if the Secure Boot mode does not change to Active, you will need to restore the default Secure Boot keys before continuing.
Change Secure Boot Mode to Custom, then select Key Management.
In the Key Management options, the lower section of the settings should show various Secure Boot variables including the Platform Key (PK) and other information. For this situation, it will likely show 0/0/No Keys.
Select Install default Secure Boot keys, then when prompted to Install Default Secure Variables click Yes. If you are prompted to Discard Changes and Exit, click Yes and then re-enter the UEFI.
Once the UEFI is open, return to the Secure Boot settings and make sure that Secure Boot is enabled, then click Exit and choose Save Changes and Exit to reboot your PC into Windows.
Checking Secure Boot in Windows
The best way to check if Secure Boot is properly enabled is either to launch a program with the Secure Boot requirement or to check the System Information app. You can open the System Information app by pressing the Windows Key + R on your keyboard to open the Run box, then type in msinfo32 and press Enter.
In the System Information app, look for Secure Boot State which should appear as On.
Comments
0 comments
Article is closed for comments.