This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(160, 85%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ED%3C/text%3E%3C/svg%3E)
I just want to understand what happens exactly when I choose the "Reset To Setup Mode" option in the Aptio Setup. It literally says "Delete all Secure boot key databases from NVRAM". Does it effectively mean I'll irrevocably lose all the keys that are stored in the MB TPM including the factory ones so that I'll have to resort to external sources like BIOS flash to get the default/factory keys?
If you want to take full control of your computer's Secure Boot functionality, you can replace the keys with your own. The process to do so is difficult to describe because the tools to do this are not very user-friendly and some critical details vary from one computer to another.
It's definitely easier to simply disable Secure Boot, but of course if you want the benefits of Secure Boot without using Microsoft's (or your computer manufacturer's) keys, replacing those keys is the way to go.
Setup mode enables you to enter new Secure Boot variables. You shouldn't run perpetually in Setup mode. You might be able to get away with it, but it's not what you're supposed to do, so running that way in the long term is poorly-tested at best. Setup mode is intended to be used only while setting new Secure Boot variables. Ordinarily, Secure Boot is either on (with default or customized keys) or off (in which case the keys are irrelevant)
Source:
What happens if you delete all secure boot variables?
https://superuser.com/questions/1012567/what-happens-if-you-delete-all-secure-boot-variables
Also, you could consult the manufacturer support of your device for some ideas.
-------------------------------------------------------------------------------------
If the Answer is helpful, please click "Accept Answer" and upvote it.
Information posted in the given link is hosted by a third party. Microsoft does not guarantee the accuracy and effectiveness of information.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(163.2, 56.00000000000001%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EEA%3C/text%3E%3C/svg%3E)
Hi I am unable to play a game without secure boot so I am trying to enable it however it does not let me below it it says restore secure boot to factory settings - restore all of the secure boot settings to default factory settings and enable secure boot. Firstly will it enable secure boot secondly will it harm or do anything else to my pc ?
Thanks
Please if you could help @Teemo Tang i would rlly appreciate it any1 else who knows
Btw it does not allow me as it is greyed out and I cannnlt click it to change it
Teemo Tang, thank you for being so readily responsive! But I asked a bit different question. Currently, I'm not interested in setting new custom keys in Secure Boot, like adding my own or something. No, my question was - and is - much simpler: what exactly does the "Reset To Setup Mode" BIOS option do to the factory keys? Does it wipe them entirely out from the NVRAM/TPM so there is no way to load the factory keys from the motherboard unless I flash the BIOS anew? OR does it just erase the currently installed keys with perfectly available possibility to then load the factory keys from the NVRAM/TPM in the Setup Mode?
You are welcome.
When secure boot is enabled, it is initially placed in Setup Mode, which allows a public key known as the Platform key (PK) to be written to the firmware. Once the key is written, secure boot enters User Mode, where only drivers and loaders signed with the platform key can be loaded by the firmware.
Reset to setup mode option clearing the PK will set you back to Setup Mode from User Mode. However, while there's no key and your firmware is compromised, so is the process of setting the PK, then there's no point on enrolling a PK.
-------------------------------------------------------------------------------------
If the Answer is helpful, please click "Accept Answer" and upvote it.
Information posted in the given link is hosted by a third party. Microsoft does not guarantee the accuracy and effectiveness of information.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Does it mean I'll be able to enroll factory keys from the NVRAM after switching the system to the "Reset to Setup Mode"? Or doing so will also clear the factory keys from the NVRAM?
Does this mean that "Reset to Setup Mode" option clears factory keys also? Or I will be able to load them from NVRAM after the reset?