Enable Secure Boot on a Gigabyte motherboard by entering the UEFI/BIOS, disabling CSM, setting Secure Boot Mode to Custom, and restoring the factory secure boot keys.
Enabling Secure Boot on a Gigabyte motherboard isn’t complicated, but it requires a specific BIOS sequence. Without the correct preparation, it’s easy to end up in a state where Secure Boot shows “Enabled” but never becomes “Active.” The fix is deliberate, but it relies on two conditions that must be checked first: your system drive must be formatted as GPT and Windows must be installed in UEFI mode. If either of those isn’t true, forcing Secure Boot can stop Windows from booting entirely.
What Is Needed Before Enabling Secure Boot on Gigabyte?
Secure Boot requires three hardware and software conditions to function correctly on Gigabyte boards: a GPT-formatted system drive, UEFI boot mode, and the Compatibility Support Module (CSM) disabled. Per the official Gigabyte FAQ, the system disk must be partitioned using the GUID Partition Table (GPT), not the older Master Boot Record (MBR). A disk management check or the diskpart command-line tool will verify this before you make any BIOS changes.
Run msinfo32 in Windows to confirm the BIOS Mode is set to UEFI. If it says Legacy, Secure Boot cannot be enabled without converting the disk and reinstalling or migrating the OS. Gigabyte also recommends updating to the latest BIOS available from their official website before changing security settings, as older versions may lack the relevant menu options or key management tools.
How To Enable Secure Boot In Gigabyte BIOS (The Official Steps)
The official method, documented by Gigabyte for their AM4 and sTRX4 motherboards, involves entering the BIOS, disabling CSM, and then restoring the factory Secure Boot keys. This is the most reliable path.
- Restart the PC and press the Delete key repeatedly during startup to enter the UEFI/BIOS menu.
- Switch to Advanced Mode (usually by pressing the F2 key) to access all settings.
- (AMD platforms only) Navigate to Settings > AMD CPU fTPM and set it to Enabled. Save and exit, then re-enter the BIOS.
- Go to Boot and locate CSM Support. Set it to Disabled.
- Save the changes (F10) and exit. Re-enter the BIOS.
- Navigate to Boot > Secure Boot.
- Set Secure Boot Mode to Custom.
- Open Key Management (or Expert Key Management) and select Restore Factory Keys. Confirm Install Factory Defaults = Yes and Reset Without Saving = Yes when prompted.
- Save and exit, then re-enter the BIOS one more time.
- Check the field directly below Secure Boot; it must now read Active.
This approach works on modern Gigabyte firmware. Setting the mode to Custom instead of Standard forces the BIOS to reveal the key management interface, and restoring the factory keys is the step that pushes the status from “Enabled” to “Active.”
Gigabyte Secure Boot BIOS Steps Summary
| Step | Action | Key Setting / Note |
|---|---|---|
| 1 | Enter BIOS | Press Delete during startup. |
| 2 | Enter Advanced Mode | Press F2 to switch from Easy Mode. |
| 3 | Disable CSM | Set Boot > CSM Support to Disabled. |
| 4 | Set Secure Boot Mode | Set Boot > Secure Boot > Secure Boot Mode to Custom. |
| 5 | Restore Factory Keys | Select Key Management > Restore Factory Keys and confirm both prompts. |
| 6 | Verify Active Status | Re-enter BIOS and confirm Secure Boot shows Active. |
| 7 | Save & Exit | Press F10 to permanently apply all changes. |
What If Secure Boot Shows Enabled But Not Active?
Seeing “Enabled” but “Not Active” means the motherboard is missing its factory secure boot keys or the key database is empty. The fix is straightforward: while Secure Boot Mode is still set to Custom, open the Key Management submenu and systematically restore the factory keys. This is the single most common issue on Gigabyte boards and the exact reason the official FAQ prescribes the Custom mode path.
If restoring keys in Custom mode doesn’t immediately switch the status to Active, try switching Secure Boot Mode to Standard after the keys are restored. NZXT’s Gigabyte support guide also confirms that a full power cycle unloading the residual power from the PSU capacitors can sometimes resolve a stubborn “Not Active” status, though this is less common than a simple keys reset.
How To Verify Secure Boot Is Working In Windows
After the BIOS shows Active, confirm Secure Boot is working on the OS side. Open the Start menu, type System Information (msinfo32), and press Enter. Look for Secure Boot State; it should read On. If the BIOS shows Active but Windows still reports it as Off, the Windows installation may not support Secure Boot or the OS was originally installed in Legacy mode and needs a conversion.
Common Secure Boot Mistakes and Fixes
| Symptom | Likely Cause | Fix |
|---|---|---|
| Secure Boot option missing in BIOS | CSM Support is still enabled. | Disable CSM Support completely under the Boot tab. |
| Windows won’t boot after enabling Secure Boot | System disk is MBR or OS installed in Legacy mode. | Convert the disk using the MBR2GPT tool or reinstall Windows in UEFI mode. |
| Secure Boot shows “Enabled” but not “Active” | Secure Boot keys are not installed or are invalid. | Set Secure Boot Mode to Custom and restore factory keys. |
| Changes won’t save or menu options are missing | Outdated BIOS firmware. | Update to the latest BIOS from the official Gigabyte website. |
The Three-Step Verification
Once the steps above are completed, confirm the setup is fully locked in with this final check. A reader should never need a second tab to act on this article.
- Windows System Information (msinfo32): Confirm BIOS Mode = UEFI and Secure Boot State = On.
- Gigabyte BIOS: Under Boot tab, confirm CSM Support is Disabled and Secure Boot displays Active.
- Disk Management: Right-click the system disk and confirm its partition style is GUID Partition Table (GPT).
References & Sources
- Gigabyte. “How to Enable AMD CPU fTPM and Secure Boot for GIGABYTE Motherboards.” Official FAQ documenting the required BIOS path to enable Secure Boot on AM4 and sTRX4 platforms.
- NZXT. “How to enable Secure Boot on your Gaming PC (Gigabyte).” Support guide providing the steps and troubleshooting for Gigabyte motherboards used in pre-built systems.