Generally you don't mess with Key Management if you are running a common operating system like Windows or Ubuntu.

TPM 2.0 does help back the Secure Boot process, but also is required to be on for those new anti-cheats as an integrity check measure.

Secure Boot will not affect performance; it only applies during the startup process where the firmware verifies the signature of the bootloader before running it. TPM 2.0 should not affect performance unless you are running an AMD system with a fTPM flaw that causes whole system stutter.

keys are just signature for known proper bootloader

its a whitelist you dont need to fiddle with

Originally posted by Blaagh:

keys are just signature for known proper bootloader

its a whitelist you dont need to fiddle with

in some youtube he says to Install the key, so do i need install it? or my job is end after pick Secure boot : Wwindows UEFI mode

Originally posted by Crashed:

Generally you don't mess with Key Management if you are running a common operating system like Windows or Ubuntu.

TPM 2.0 does help back the Secure Boot process, but also is required to be on for those new anti-cheats as an integrity check measure.

Secure Boot will not affect performance; it only applies during the startup process where the firmware verifies the signature of the bootloader before running it. TPM 2.0 should not affect performance unless you are running an AMD system with a fTPM flaw that causes whole system stutter.

damn iam using AMD, i want to play BF6 T_T

That fTPM issue was resolved with an updated AGESA. Update your firmware (BIOS). Also alternatively depending on your motherboard you may also have a TPM header which you could get a hardware TPM module that wouldn’t have that issue either.

Install CPUz and run the validator then post the link to the results so people can see what specific hardware you have including your motherboard model.

In regards to the keys, no it’s not like a password. It is a cryptographic key pair and you’re TPM module (or fTPM in your CPU) stores on part of the key pair, the other part is used to sign your bootloader and kernel so that your system will only boot to them if they are signed to prevent unsigned code such as a rootkit or boot sector virus, from being able to run and load into memory before Your OS and thus continue to compromise the system.

https://valid.x86.fr/3ml5ic

so let say i dont want to use Secure boot again, i can just delete the key? i saw the option on key management

Originally posted by PopinFRESH:

That fTPM issue was resolved with an updated AGESA. Update your firmware (BIOS). Also alternatively depending on your motherboard you may also have a TPM header which you could get a hardware TPM module that wouldn’t have that issue either.

Install CPUz and run the validator then post the link to the results so people can see what specific hardware you have including your motherboard model.

In regards to the keys, no it’s not like a password. It is a cryptographic key pair and you’re TPM module (or fTPM in your CPU) stores on part of the key pair, the other part is used to sign your bootloader and kernel so that your system will only boot to them if they are signed to prevent unsigned code such as a rootkit or boot sector virus, from being able to run and load into memory before Your OS and thus continue to compromise the system.

Originally posted by ˢᵈˣ FatCat:

Originally posted by Blaagh:

keys are just signature for known proper bootloader

its a whitelist you dont need to fiddle with

in some youtube he says to Install the key, so do i need install it? or my job is end after pick Secure boot : Wwindows UEFI mode

Originally posted by Crashed:

Generally you don't mess with Key Management if you are running a common operating system like Windows or Ubuntu.

TPM 2.0 does help back the Secure Boot process, but also is required to be on for those new anti-cheats as an integrity check measure.

Secure Boot will not affect performance; it only applies during the startup process where the firmware verifies the signature of the bootloader before running it. TPM 2.0 should not affect performance unless you are running an AMD system with a fTPM flaw that causes whole system stutter.

damn iam using AMD, i want to play BF6 T_T

No key needs to be installed, and if your system is already running fine with fTPM on there is no downside to turning on Secure Boot for a Windows 10 or 11 system.

Originally posted by ˢᵈˣ FatCat:

https://valid.x86.fr/3ml5ic

so let say i dont want to use Secure boot again, i can just delete the key? i saw the option on key management

Originally posted by PopinFRESH:

That fTPM issue was resolved with an updated AGESA. Update your firmware (BIOS). Also alternatively depending on your motherboard you may also have a TPM header which you could get a hardware TPM module that wouldn’t have that issue either.

Install CPUz and run the validator then post the link to the results so people can see what specific hardware you have including your motherboard model.

In regards to the keys, no it’s not like a password. It is a cryptographic key pair and you’re TPM module (or fTPM in your CPU) stores on part of the key pair, the other part is used to sign your bootloader and kernel so that your system will only boot to them if they are signed to prevent unsigned code such as a rootkit or boot sector virus, from being able to run and load into memory before Your OS and thus continue to compromise the system.

No the purpose is that the bootloader and kernel are signed and need need your enrolled key as the second part of the key pair. If you turn off secure boot or wipe the key / enroll a different key then you will no longer be able to boot that installation.

That TPM key store is also going to be where your encryption key is stored if you enabled bitlocker full disk encryption.

Secure Boot if you wipe your key you just won't be able to boot the system. Your data would still be accessible if you connected your disk to another system.

Bitlocker full disk encryption if you wipe your key your data is encrypted and you won't be able to access it any more.

If you reinstall Windows with Secure Boot and then reset your UEFI/BIOS and/or turn off either fTPM or Secure Boot you just won't be able to boot until you turn Secure Boot and fTPM back on; just don't wipe or enroll new keys when doing so.

The latest stable firmware version for your board is Version 3621; so you should be able to boot into UEFI/BIOS and check which version it is to see if you should update or not. I believe Version 3404 is the version with the AGESA that resolved the issue with the stutter.

Originally posted by PopinFRESH:

Originally posted by ˢᵈˣ FatCat:

https://valid.x86.fr/3ml5ic

so let say i dont want to use Secure boot again, i can just delete the key? i saw the option on key management

No the purpose is that the bootloader and kernel are signed and need need your enrolled key as the second part of the key pair. If you turn off secure boot or wipe the key / enroll a different key then you will no longer be able to boot that installation.

That TPM key store is also going to be where your encryption key is stored if you enabled bitlocker full disk encryption.

Secure Boot if you wipe your key you just won't be able to boot the system. Your data would still be accessible if you connected your disk to another system.

Bitlocker full disk encryption if you wipe your key your data is encrypted and you won't be able to access it any more.

If you reinstall Windows with Secure Boot and then reset your UEFI/BIOS and/or turn off either fTPM or Secure Boot you just won't be able to boot until you turn Secure Boot and fTPM back on; just don't wipe or enroll new keys when doing so.

The latest stable firmware version for your board is Version 3621; so you should be able to boot into UEFI/BIOS and check which version it is to see if you should update or not. I believe Version 3404 is the version with the AGESA that resolved the issue with the stutter.

Ooh i see i see, i seems understand lil bit but still cant grasping , but let see
So by turning secure boot, my system only acknowledge my SSD, because the key is on the SSD right, something like that
No i sont want use bitlocker i saw my coworkers have problem with them, he forgot the key
But i belive it was resolved by asking Microsoft directly,i think.
So let say somewhere in the future i want to sell whole my pc i just keep the secure boot on?
So if i put my ssd into different system, it wont boot?

Best to ensure Motherboard is up to date first