The purpose of this article is to provide a general overview and walkthrough of the Secure Boot Keys Autoenrollment feature.
Problem
PC games now require secure boot in some cases, necessitating the enablement of the feature.
Solution
1. Enable Secure boot keys auto enrollment in ggRock via Settings > Secure boot.
2. Access the BIOS setup menu of any PC. Typically this is done by pressing F2, F8, F10, F12, ESC, or DEL during the bootup of the PC.
2. Enable Secure Boot (Note for HP OMEN and other models), and set the secure boot mode to custom.
3. Put the platform in setup mode (this can be accomplished by clearing secure boot keys.) (Delete all Secure Boot variables)
Tip:
Make sure any options such as "Provision Factory Default keys" are disabled or any changes made to the keys will automatically be reverted at each reboot.
4. During the next reboot of the station, the secure boot certificates will be automatically installed.
5. Reboot the station again. The machine status indicator in the ggRock web UI will indicate that Secure Boot is now enabled with a shield symbol.
Final BIOS Configuration
- Disable Secure boot keys auto enrollment in ggRock via Settings > Secure boot.
- Reboot the PC
- Access the BIOS setup menu (usually by pressing <F10>, <ESC>, or <DEL> during startup).
- In BIOS, navigate to "Boot Options".
- Enable "Secure Boot" (some manufacturers may refer to this as "Windows UEFI Mode").
NOTE:
In some cases, setting the PK value will automatically enable secure boot, on other platforms such as for HP OMEN models, this step must be manually performed as outlined above.
6. Save the changes and exit the BIOS setup menu.
NOTE:
If you boot to Windows and run msinfo32.exe, you should see the BIOS mode is “UEFI” and the Secure Boot State is “On”.
You may also confirm Secure Boot status by utilizing the "Confirm-SecureBootUEFI" powershell cmdlet. If this cmdlet returns "true" then secure boot is enabled.