How to dosable Secure Boot in BIOS, not Windows Startup

[Astralv]

Hey there

I have Asus Rog Maximus IX Hero Z270 motherboard. I have issue with some very important driver not installing, and I was checking Secure Boot (thinking- the driver has issue with Windows drivers signing) and Secure boot was disabled. I reinstalled Windows and now it shows Enabled,
and it is grayed out, so I can not change it. I don't understand how that happened- I did not update the BIOS. Secure boot is what checks for drivers signature. I know it was disabled, because even system data collection software showed it as disabled and I remember seeing it disabled (also I always doubt my memory but it was important). But now it says "Enabled", grayed out, has weird options of "Windows UEFI mode" and "Other OS" mode." Other mode supposed to be for OS not supporting Secure Boot, and for some reason Other OS was selected. There also some strange Secure boot keys: PK Management, KEK Management, DB Management and DBX Management. How do I disable Secure Boot again? Thank you.

 

[Colif]

Your manual

Secure boot mentioned on 3-22 of manual but it doesn't say a lot

If CSM is set to enabled Secure Boot is ignored and disabled regardless of its setting.

 

[Astralv]

What is CSM?

 

[Colif]

have a look at the link I showed above., on same page as secure boot is CSM. It stands for compatibility Support Mode. Its purpose is to allow you to install and boot older operating systems than win 8. If you installed win 7 for instance, you need it set to disabled.

its set to Auto in Asus bios so they can swap between 10 & 7 without needing to go into bios to change it.

 

[Astralv]

It says, "UEFI will check the boot loader before launching it and ensure it’s signed by Microsoft. If a rootkit or another piece of malware does replace your boot loader or tamper with it, UEFI won’t allow it to boot. This prevents malware from hijacking your boot process and concealing itself from your operating system."

Is it all it does? Does it affect other drivers when OS already booted?

I don't see anything in article talking about CSM. I guess I can enable it if it is there.

 

[Astralv]

Ok- CSM was enabled. But my driver still not working!

In Secure Boot settings it used to be set to "Other OS". but I changed to "Windows UEFI mode" (this only works on OS supporting Secure Boot). That should not matter, if CSM was enabled right?

So back to my other thread- I am going to reinstall Windows AGAIN...

 

[Colif]

Secure boot existed long before win 10 started checking driver signatures, it doesn't do that at all.

lol. too many threads, the thing you read above is in the thread about drivers, the link I am referring to above is the manual for your motherboard which does mention CSM on page 3-22.

CSM booting[edit]
To ensure backward compatibility, most UEFI firmware implementations on PC-class machines also support booting in legacy BIOS mode from MBR-partitioned disks, through the Compatibility Support Module (CSM) that provides legacy BIOS compatibility. In this scenario, booting is performed in the same way as on legacy BIOS-based systems, by ignoring the partition table and relying on the content of a boot sector.[35]
BIOS-style booting from MBR-partitioned disks is commonly called BIOS-MBR, regardless of it being performed on UEFI or legacy BIOS-based systems. Furthermore, booting legacy BIOS-based systems from GPT disks is also possible, and such a boot scheme is commonly called BIOS-GPT.

https://en.wikipedia.org/wiki/Unified_Extensible_Firmware_Interface#CSM_booting