Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Enabling Secure Boot on H770 in BIO still has it unsupported in Windows

andi0661
Level 7

‎09-09-2024 02:13 AM

Hello,

I am trying to enable secure boot so Windows 11 is happy.

I have enabled secure boot in the BIOS, and have the following settings there:

Secure Boot:

* Secure Boot state: User (greyed out)
* OS Type: Windows UEFI mode
* Secure Boot Mode: Standard

CSM:

* Launch CSM: Enabled
* Boot Device Control: UEFI and Legacy OPROM
* Boot from Network Devices: ignore
* Boot from Storage Devices: ignore
* Boot from PCI-E/PCI Expansion Devices: Legacy only

When I check the secure boot enablement status in Windows, it is still not on: msinfo32 shows "Secure Boot State = unsuported" and the PC-integrity (aka Health Check) tool shows that there is 1 issue due to secure boot not being enabled.

Board: TUF H770-Pro WiFi
BIOS version: American Megatrends Inc. 1220, 28.07.2023
CPU: i5-13400T
Memory: 64 GB
Windows version: Windows 10 Pro, Version 22H2, Build 19045.4780
Boot drive: SSD disk

Note: I upgraded to Windows 11 - don't know why it still shows Windows 10.

* Does the H770 board support secure boot?
* Do I need to do anything on my boot disk?
* What else can I do to get secure boot enabled?

Andy

0 Kudos
1,351 Views
7 REPLIES 7

andi0661
Level 7

‎09-09-2024 03:29 AM

Update: It seems I just *tried* to upgrade to Windows 11 which failed because of Secure Boot not being enabled.

0 Kudos

andi0661
Level 7

‎09-09-2024 10:14 AM

On the question whether the TUF H770-Pro WiFi board supports Secure Boot: I am asking this because the information about it on the ASUS site is confusing:

* This Win11 ready list does not show this board: https://www.asus.com/microsite/motherboard/ASUS-motherboards-Win11-ready/
* The TechSpec of this board does show Windows 11 support: https://www.asus.com/motherboards-components/motherboards/tuf-gaming/tuf-gaming-h770-pro-wifi/techsp...

0 Kudos

achugh
Level 14
In response to andi0661

‎09-14-2024 04:42 PM - edited ‎09-14-2024 06:28 PM

Hi @andi0661 I believe your board does not have TPM Chip (Trusted Platform Management) which is a requirement for Windows 11 to be installed. This is why it is not listed on Windows 11 Ready list.

Do you see PTT in your BIOS? Is it ENABLED? See https://www.crucial.com/support/articles-faq-ssd/alternatives-to-tpm-components article that shows an image of ASUS BIOS where PTT can be enabled. This might help you install Windows 11. If this does not work, see below for another option.

You can still install Windows 11 at least the current Windows 11 23H2 version by using RUFUS to create your Windows 11 USB Drive with TPM check disabled as an option. This means it is best to do a fresh clean install preferably on a different drive since you will do it as a test first to check if Windows 11 is working properly for you or not.

If you need some help on how to do a fresh clean installation, please see https://rog-forum.asus.com/t5/gaming-motherboards/can-asus-support-fix-realtek-audio-drivers-with-bo... post of mine where I have recorded a fresh clean installation of Windows from start to finish.

I also have an earlier POST with RUFUS screenshots, see https://rog-forum.asus.com/t5/gaming-motherboards/can-asus-support-fix-realtek-audio-drivers-with-bo... what you want to do is CHECK the first checkbox that REMOVES the TPM check when creating the USB Windows Installation Drive for a fresh installation.

I hope this information helps you get around this issue for you and you are able to move forward. Good luck!

 

Disclaimer: I am not an ASUS support person so my information may be incomplete. Always follow official documentation and material provided by ASUS representatives.

INTEL i9-14900K / CORSAIR VENGEANCE RGB 192GB (4x48GB) 5200 CAS38 / ROG Z790 DARK HERO / ROG TUF GAMING RTX 4090 OC / ProArt PA-602 Case / SEASONIC PRIME TX-1300 ATX 3.0 / CORSAIR MP700 PRO 2TB PCIe Gen5 / CRUCIAL T500 2TB PCIe Gen4 / EIZO CG2700X
0 Kudos

Wesley1
Level 12

‎09-16-2024 12:09 PM - edited ‎09-16-2024 12:10 PM

Launch CSM: Enabled

^ This disables Secure Boot. It is compatibility mode for old BIOS.

You also need to convert your system partiton C: drive from MBR to GPT type.

0 Kudos

andi0661
Level 7
In response to Wesley1

‎09-16-2024 08:04 PM

Wesley, if I disable CSM, the system does not boot from the boot disk anymore. It goes directly into the BIOS and the Boot Option Priorities and Boot Override menu entries are greyed out.

When a bootable USB stick is inserted, it boots from the stick.

Why does it not show the options for selecting the boot order anymore when CSM is disabled?

0 Kudos

Wesley1
Level 12
In response to andi0661

‎09-17-2024 03:47 PM

You probably need to convert your main boot drive from old MBR (non-UEFI) format to GPT (only format supported by UEFI).
One you'll have that then you shouldbe able to enable Secure Boot.

https://answers.microsoft.com/en-us/windows/forum/all/convert-an-existing-windows-10-installation-fr...

0 Kudos

achugh
Level 14
In response to Wesley1

‎09-28-2024 06:52 PM

Hi @andi0661 ,

I am doing a friendly check if your issue was resolved or are you still looking for any additional information to resolve your issue.

 

Disclaimer: I am not an ASUS support person so my information may be incomplete. Always follow official documentation and material provided by ASUS representatives.

INTEL i9-14900K / CORSAIR VENGEANCE RGB 192GB (4x48GB) 5200 CAS38 / ROG Z790 DARK HERO / ROG TUF GAMING RTX 4090 OC / ProArt PA-602 Case / SEASONIC PRIME TX-1300 ATX 3.0 / CORSAIR MP700 PRO 2TB PCIe Gen5 / CRUCIAL T500 2TB PCIe Gen4 / EIZO CG2700X
0 Kudos