How To Enable UEFI Secure Boot On Gigabyte | BIOS Guide

Enabling UEFI Secure Boot on a Gigabyte motherboard requires disabling CSM Support, turning on Secure Boot in the BIOS, and restoring the factory keys before the setting becomes active.

Most Gigabyte boards ship with Secure Boot off and the BIOS option hidden behind a single compatibility toggle. Disabling CSM Support is the first step in how to enable UEFI Secure Boot on Gigabyte motherboards, followed by enabling Secure Boot itself and loading the factory keys so it registers as active. Without that last step, the system shows Secure Boot as enabled but never actually enforces it.

What You Need Before Enabling Secure Boot

Secure Boot requires specific firmware and disk conditions. The table below lists every prerequisite. If any one is missing, the setting either stays hidden or fails to engage.

Prerequisite What To Check Where To Confirm
UEFI Mode Active BIOS must be in UEFI mode, not Legacy/CSM BIOS → Advanced Mode → Boot → Boot Mode Select
GPT Disk Layout Drive must use GPT, not MBR Windows → Disk Management → right-click disk → Properties → Volumes tab
CSM Support Disabled Compatibility Support Module must be turned off BIOS → Advanced Mode → Boot → CSM Support → Disabled
TPM 2.0 Enabled fTPM for AMD or PTT for Intel must be on BIOS → Settings → AMD CPU fTPM (AMD) or Trusted Computing (Intel)
Factory Keys Installed Default Secure Boot keys must be loaded BIOS → Secure Boot menu → Restore Factory Keys
Supported OS Windows 10/11 or any UEFI-aware OS System Information → OS Architecture
Latest BIOS Version Recent firmware avoids bugs with Secure Boot BIOS → System Information → BIOS Version

Enabling Secure Boot On Gigabyte Boards: The Step Order That Works

Gigabyte motherboards use a consistent BIOS layout across most modern models. The steps below follow the official sequence from Gigabyte’s own support documentation.

Step 1: Enter The BIOS And Switch To Advanced Mode

Restart the PC and press Delete repeatedly during boot. If the system lands on Gigabyte’s Easy Mode screen, press F2 to switch to Advanced Mode where all settings are visible.

Step 2: Disable CSM Support

Navigate to Advanced Mode > Boot > CSM Support and set it to Disabled. This step is mandatory — Secure Boot does not appear in the BIOS menu while CSM is enabled. On some boards the whole Secure Boot section stays hidden until CSM is turned off.

Step 3: Turn On Secure Boot

Still under the Boot tab, locate Secure Boot and set it to Enabled. If the option is grayed out, go back and confirm CSM Support is disabled.

Step 4: Restore Factory Keys

Set Secure Boot Mode to Custom, then open Key Management or Expert Key Management and select Restore Factory Keys. Confirm the prompt and wait for the system to load the default certificates. After this step, change Secure Boot Mode back to Standard if the option appears.

Step 5: Save, Exit, And Re-enter The BIOS

Press F10 to save and exit. After the reboot, press Delete again to re-enter the BIOS and verify the field below Secure Boot shows Active. If it still reads Not Active, repeat the key-restore step and reboot once more.

Why Does Secure Boot Show As Not Active?

This is the single most common frustration. The BIOS says Secure Boot is enabled, but the status line underneath reads Not Active. The cause is almost always missing factory keys. Enabling Secure Boot flips the toggle, but without the default certificate database loaded, the system never enters “User Mode” — it stays in “Setup Mode” where Secure Boot has no keys to enforce. Restoring factory keys is what pushes it over the edge into active enforcement.

On AMD systems, you must also confirm AMD CPU fTPM is enabled under Settings > AMD CPU fTPM before disabling CSM. Intel boards need Trusted Computing > Security Device Support set to Enabled. Without TPM active, the key-restore process may not complete correctly.

How Do You Verify Secure Boot Is On?

There are two reliable ways to confirm, one inside the firmware and one inside Windows.

  • In the BIOS: Re-enter the BIOS and look under the Boot or Security tab. The line below Secure Boot must read Active — not just Enabled.
  • In Windows: Press Win + R, type msinfo32, and press Enter. Find the line labeled Secure Boot State. It should read On. If it reads Off, the BIOS changes did not take effect or the system booted in CSM mode.

If Windows still shows Secure Boot off after the BIOS reports it active, the disk may be using an MBR partition table. Convert it to GPT using the mbr2gpt tool in Windows before attempting the BIOS again.

Troubleshooting Common Secure Boot Problems

Even with the correct steps, certain mistakes block Secure Boot from working the first time. The table below covers the most frequent issues and how to resolve each one.

Problem Likely Cause Fix
Secure Boot option missing from BIOS CSM Support is still enabled Disable CSM Support under Boot, then save and re-enter BIOS
Secure Boot enabled but not active Factory keys not loaded Restore Factory Keys in Key Management, then reboot
PC won’t boot after saving changes Disk is MBR or OS doesn’t support UEFI Reset BIOS to defaults via Load UEFI Defaults, convert disk to GPT
Windows still shows Secure Boot off Booted in CSM or legacy mode Confirm CSM is disabled and Windows install is on a GPT disk
Keys option is grayed out Secure Boot Mode set to Standard instead of Custom Change Secure Boot Mode to Custom to unlock Key Management
AMD fTPM not visible Older BIOS version on AMD board Update BIOS to latest version from Gigabyte’s support page

One additional tip: changing multiple security settings at once can leave the board in an inconsistent state. If you run into trouble, reset the BIOS to factory defaults using Load UEFI Defaults, apply the changes one at a time, and reboot between each major toggle.

Gigabyte’s official support page covers the complete Secure Boot setup and key-recovery process in detail. Gigabyte’s Secure Boot FAQ 4395 walks through the exact BIOS paths for both AMD and Intel boards.

Three BIOS Changes That Activate Secure Boot

  • Disable CSM Support — this reveals the Secure Boot menu and forces UEFI-only booting.
  • Enable Secure Boot — flips the feature on, but alone it leaves the system in Setup Mode.
  • Restore Factory Keys — loads the certificate database that moves Secure Boot from Setup Mode to User Mode and changes the status from Not Active to Active.

Run msinfo32 in Windows after the final reboot. A Secure Boot State of “On” confirms the process finished correctly. If the value is “Off,” the boot drive likely still uses MBR or the system booted with a CSM fallback.

References & Sources

Please use a real email you check. If it's fake or mistyped, your message won't reach us and we can't reply — wrong addresses are rejected automatically.