To enable Secure Boot on a Gigabyte motherboard, follow these essential steps:
- Enter the BIOS/UEFI Setup by restarting the computer and pressing the Delete (Del) key repeatedly during boot.
- Disable CSM (Compatibility Support Module) Support to ensure the system is set to pure UEFI mode.
- Navigate to the "Boot" or "Security" tab within the BIOS.
- Find the Secure Boot option and set it to "Enabled."
- If present, set Secure Boot Mode to "Standard" and run "Restore Factory Keys" if needed.
- Save the settings and exit BIOS (usually by pressing F10).
Additional requirements and checks:
- Your system disk must use the GPT partition style, not MBR, to support Secure Boot.
- Windows should be booting in UEFI mode, not Legacy BIOS.
- To verify Secure Boot is enabled in Windows, press Win + R, type "msinfo32" and check the "Secure Boot State" which should say "On."
For Gigabyte systems, Secure Boot is often disabled by default and enabling it ensures better system security by protecting against UEFI rootkits. If Secure Boot does not appear in the BIOS:
- Make sure CSM is disabled.
- Confirm the BIOS is set to UEFI mode.
- Check the BIOS version and update it if it is outdated, as some older versions may lack proper Secure Boot support.
Enabling TPM (Trusted Platform Module) 2.0 is often recommended alongside Secure Boot for full Windows 11 compatibility. This procedure safeguards system integrity by allowing only signed bootloaders to execute, boosting protection against low-level malware or rootkits.
