Windows 10: Secure Boot question (Expert Key Management)? Solved

  1.    28 Dec 2017 #1

    Secure Boot question (Expert Key Management)?

    I want to enable Secure Boot, but there is another option under the Secure Boot menu within the UEFI firmware section that I don't know what it means and my question is, should I enable the Expert Key Management options as well when enabling Secure Boot?
    Attached Thumbnails Attached Thumbnails Capture.PNG  
      My ComputerSystem Spec

  2.    28 Dec 2017 #2

    That option is if you want to install your own secure boot keys - by default the Microsoft (and probably Dell) keys are already installed. You would need to install your own keys if you are using a non-Microsoft/non-Dell bootloader or UEFI drivers.
      My ComputerSystem Spec

  3.    29 Dec 2017 #3

    I want to keep it as it is if that would be possible and ONLY enable Secure Boot. Would that be fine?
    Or, do I need to enable the Expert Key Management option as well?

    I don't plan on adding my own keys and I would not even know how to do that.

    Another concern when enabling Secure Boot. Sometimes, Windows 10 downloads driver updates for Intel related stuff like network cards and maybe some display drivers as well. Since Intel is not Microsoft or Dell related, would this cause issues with Secure Boot?

      My ComputerSystem Spec

  4.    29 Dec 2017 #4

    Do not enable Expert Key Management it if you don't have your own keys, though I don't think it'll hurt anything if you enable it and don't load any certificates.

    3rd party drivers are still signed by Microsoft.

    Click image for larger version. 

Name:	image.png 
Views:	9 
Size:	8.6 KB 
ID:	169946
      My ComputerSystem Spec

  5.    29 Dec 2017 #5

    So let me just confirm one last time just to be sure.

    Is it fine to leave the Expert Key Management options alone and only enable Secure Boot?

    Please confirm.
      My ComputerSystem Spec

  6.    29 Dec 2017 #6

    Yes. Leave it alone.

    If you want to install some boot loader that isn't signed by Microsoft (or on their list of approved ones) then you might have to temporarily disable Secure boot until you can install your own key.

    If you are just running Windows then forget it.

    If you want to install something else that is unsigned then you must disable secure boot first. You can then self sign later if you really want to use secure boot.

    There is some more good reading here if you are interested - Secure Boot - ArchWiki
      My ComputerSystem Spec


Related Threads
Hei, So I'm the guy who tried to move from Legacy to UEFI some days ago. I managed to move both Ubuntu and W10 to UEFI. More info on both of the situations here: Solved Can't boot into UEFI mode - Lenovo Z50-70 - Windows 10 Forums ...
Boot mode uefi with secure boot disable in Installation and Upgrade
Ok im about to upgrade to win 10 then do a clean install afterwards of win 10, but i wanted to assure i have everything correct before i start. I updated again my profile with Belarc to assure i have a completed list of my software, i notice this...
Solved Turning off secure boot/fast boot required? in Installation and Upgrade
As I get ready to do a clean install of 10074 I am curious about the need to disable secure boot and fast boot options. If I do disable secure boot do I need to enable legacy boot? I have had limited success with previous installs to a 2nd hard...
Hi there I see that although VMware and VBOX can't do it (they can use UEFI) it seems HYPER-V CAN create a level 2 (type 2) VM which can enable secure boot. I want to have a go with this on a W2012 Server HOST. Anything special needed for...
So, basically if we have a computer that doesn't have a UEFI BIOS with Secure Boot, then we can't upgrade to Windows 10? Am I right or wrong here?
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 05:41.
Find Us