Secure Boot question (Expert Key Management)?

  1. Posts : 752

    Secure Boot question (Expert Key Management)?

    I want to enable Secure Boot, but there is another option under the Secure Boot menu within the UEFI firmware section that I don't know what it means and my question is, should I enable the Expert Key Management options as well when enabling Secure Boot?
    Attached Thumbnails Attached Thumbnails Secure Boot question (Expert Key Management)?-capture.png  
      My Computer

  2. Posts : 809

    That option is if you want to install your own secure boot keys - by default the Microsoft (and probably Dell) keys are already installed. You would need to install your own keys if you are using a non-Microsoft/non-Dell bootloader or UEFI drivers.
      My Computer

  3. Posts : 752
    Thread Starter

    I want to keep it as it is if that would be possible and ONLY enable Secure Boot. Would that be fine?
    Or, do I need to enable the Expert Key Management option as well?

    I don't plan on adding my own keys and I would not even know how to do that.

    Another concern when enabling Secure Boot. Sometimes, Windows 10 downloads driver updates for Intel related stuff like network cards and maybe some display drivers as well. Since Intel is not Microsoft or Dell related, would this cause issues with Secure Boot?

      My Computer

  4. Posts : 809

    Do not enable Expert Key Management it if you don't have your own keys, though I don't think it'll hurt anything if you enable it and don't load any certificates.

    3rd party drivers are still signed by Microsoft.

    Secure Boot question (Expert Key Management)?-image.png
      My Computer

  5. Posts : 752
    Thread Starter

    So let me just confirm one last time just to be sure.

    Is it fine to leave the Expert Key Management options alone and only enable Secure Boot?

    Please confirm.
      My Computer

  6. Posts : 5,478

    Yes. Leave it alone.

    If you want to install some boot loader that isn't signed by Microsoft (or on their list of approved ones) then you might have to temporarily disable Secure boot until you can install your own key.

    If you are just running Windows then forget it.

    If you want to install something else that is unsigned then you must disable secure boot first. You can then self sign later if you really want to use secure boot.

    There is some more good reading here if you are interested - Secure Boot - ArchWiki
      My Computer


  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 19:37.
Find Us

Windows 10 Forums