PRO Z690-A Secure Boot disabled in Windows 11

Joined
Jun 1, 2022
Messages
4
Hi,
I have just built a pc for the first time, with a PRO Z690-A motherboard. I installed Windows 11 after updating the BIOS using M-Flash. I flashed version 7D25vA3, as the newest version (7D25vA4) appeared to be in beta a few days ago. However, it seems like it is no longer showing up as being a beta version right now. Its description mentions: "Change the default setting of Secure Boot."

In fact, I have just noticed that Secure Boot seems to be disabled on my system so I was wondering if I should enable it and how.

If flashing this new BIOS would solve this, the idea of going through the procedure scares me a bit, now that I have installed Windows 11 and all my 4 drives and my graphics card seem to be working ok. I worry that it might cause issues (maybe I'm wrong, but I'm just a first-time builder).

Can Secure Boot be enabled in the BIOS and would this achieve the same result as flashing the new BIOS would? Or should I just go ahead and use M-Flash with the latest version of the BIOS?

Thanks!
 

dvair

Active member
SECOND LIEUTENANT
Joined
Nov 4, 2009
Messages
849
Yes, Secure Boot is enabled/disabled in the BIOS. Look for something that says Security or Trusted Computing.
 
Joined
Jun 1, 2022
Messages
4
Thank you, I found it under Security. The help section of the Secure Boot option states: "Secure Boot function can be enabled only when the Platform Key (PK) is enrolled and running accordingly."
What does this mean?

Also, do I really need Secure Boot for Windows 11 to work optimally?

For a bit more context, Windows 11 was installed on an M.2 SSD with the MOBO default settings, (fTPM on, UEFI mode, and TPM 2.0 Device appears as "found"), with an Intel i5 12400 CPU. I have not activated Windows yet as I am trying to figure out if everything is working as it should. But if Secure Boot is needed I guess I will need to enable it in some way.
 

keith3_16

Active member
CORPORAL
Joined
Apr 20, 2015
Messages
467
You'll need to activate secure boot, or windows will keep telling you to activate it. In some cases, you'll be unable to "activate" windows 11 until this is done.
 
Joined
Jun 1, 2022
Messages
4
Ok, I've tried to enable Secure Boot in the BIOS and I get this message: "Secure Boot can be enabled when System in User Mode. Repeat operation after enrolling Platform Key (PK).
What should I do?
 

citay

Pro
SERGEANT
Joined
Oct 12, 2016
Messages
14,412
What i do after a BIOS update in regards to Secure Boot is what i mention here (from memory, hope i didn't forget something):
- Go to Settings\Security\Secure Boot
- Set it to [Enabled], it will probably be in "Custom" mode now and tell you to "Enroll keys" first, so do that (maybe you can enroll keys straight away). It will ask you to reboot without saving, confirm.
- Enter the BIOS, now you can set it to [Enabled]. It wants a reboot again.
- Enter the BIOS, now you can set it from [Custom] to [Standard]. Done.

Depending on how they set it now with the new update, one or all steps might not be necessary. I don't know, i never had a BIOS update that had this enabled by default.
 
Joined
Jun 1, 2022
Messages
4
Thank you very much!
I was able to set Secure Boot to Enabled (and Standard mode). The exact steps were slightly different on this board but your instructions still apply and were easy to follow. It required only one reboot and it was done.

Cheers!
 

Richj44

Member
Joined
Sep 6, 2021
Messages
180
You'll need to activate secure boot, or windows will keep telling you to activate it. In some cases, you'll be unable to "activate" windows 11 until this is done.
This is not correct, secure boot does not need to be activated for Windows 11. The system needs to be capable of secure boot, but you don't need to activate it.
 

keith3_16

Active member
CORPORAL
Joined
Apr 20, 2015
Messages
467
This is not correct, secure boot does not need to be activated for Windows 11. The system needs to be capable of secure boot, but you don't need to activate it.
Technically you don't "need" to have secure boot at all. As you can install Windows 11on systems with out it. When I upgraded to.windows 11, it kept telling me to enable secure boot before I could activate it.
 
Joined
Dec 4, 2021
Messages
63
Thank you, I found it under Security. The help section of the Secure Boot option states: "Secure Boot function can be enabled only when the Platform Key (PK) is enrolled and running accordingly."
What does this mean?

Also, do I really need Secure Boot for Windows 11 to work optimally?

For a bit more context, Windows 11 was installed on an M.2 SSD with the MOBO default settings, (fTPM on, UEFI mode, and TPM 2.0 Device appears as "found"), with an Intel i5 12400 CPU. I have not activated Windows yet as I am trying to figure out if everything is working as it should. But if Secure Boot is needed I guess I will need to enable it in some way.
Well if you play or plan on playing Valorant it requires secure boot don't know if any other games do and annoying.
Don't bother trying to run Valorant if you don't have Secure Boot activated (windowsreport.com)
 

Byteus

New member
Joined
Apr 9, 2022
Messages
29
Glad MSI made this a default setting, I missed it during my initial system build and install of Windows 11. Enabling it after the install I believe caused Windows Hello to break. Easy fix, log in with your password and reset your Windows Hello pin, no need to change it.
 
Joined
Dec 4, 2021
Messages
63
Glad MSI made this a default setting, I missed it during my initial system build and install of Windows 11. Enabling it after the install I believe caused Windows Hello to break. Easy fix, log in with your password and reset your Windows Hello pin, no need to change it.
Maybe I"ll try updating to latest BIOS now then.
One reason I haven't bothered to update is having to fix Windows Hello after every BIOS update!
 
Top