Solutions

Seek Solutions & Frequently Asked Questions (FAQ)

Oct 1, 2025
How to Enable Secure Boot and TPM 2.0 on GIGABYTE AM4 Motherboards

Background

As several upcoming game titles will require Secure Boot and TPM 2.0 to be enabled, a message will appear indicating that your system does not meet security requirements if these features are disabled.

On newer AM5 platforms running Windows 11, these features are typically enabled by default.

However, on AM4 platforms running Windows 10, manual configuration may be necessary. In such cases, the system disk must use the GPT partition style and the BIOS must be set to UEFI mode; otherwise, forcing Secure Boot may cause Windows to fail to boot.

Preparation (to confirm before enabling)

1.Check that the disk partition style is GPT (GUID Partition Table)

Secure Boot requires the disk to be GPT (not the older MBR, Master Boot Record). You can check this in Windows by using diskpart or the Disk Management tool.

2.Check that Windows is booting in UEFI mode (not Legacy BIOS/CSM)

In Windows, open System Information (msinfo32) and check if “BIOS Mode” shows UEFI. If it shows Legacy/BIOS mode, you may need to convert or reinstall.

3.Back up important data

It is safer to back up important data before making any configuration changes.

Enabling TPM 2.0 (AMD fTPM) on GIGABYTE AM4 Motherboards

1.Boot into BIOS/UEFI menu (usually by pressing the Delete key).

2.Go to Advanced Mode > Settings > AMD CPU fTPM, then choose Enabled.

3.Save changes/ Exit and then reboot the system.

Enabling Secure Boot

After confirming that the system is UEFI + GPT and AMD CPU fTPM has been enabled:

1.Enter BIOS/UEFI menu again (by pressing the Delete key).

2.Go to Advanced Mode > Boot > CSM Support, then choose Disabled.

3.Once the CSM Support is disabled, then the Secure Boot will be shown.

4.Go to Advanced Mode > Boot > Secure Boot > Secure Boot Mode, then choose Custom.

5.The Restore Factory Keys will pop-up a message shows “Install Factory Defaults”, choose Yes.

6.The 2nd pop-up message shows “Reset Without Saving”, choose Yes, then the restore factory keys will be processed, and the system will be rebooted.

7.Enter BIOS/UEFI menu, check whether the field below Secure Boot/Enabled shows Active. If it does, it means Secure Boot has been successfully enabled.

Troubleshooting and Notes

1.If Windows fails to boot after enabling Secure Boot, it may be due to disk partitioning, boot mode, or driver incompatibility. In such cases, you can return to BIOS to disable Secure Boot, or switch CSM Support back to Enabled (aka Legacy mode) to restore the previous system state.

2.Some BIOS updates may adjust the menu path or option names. If your BIOS layout differs, please refer to the motherboard manual from GIGABYTE official website.

3.If you cannot find the AMD CPU fTPM or Secure Boot options in the BIOS menu, it may be due to an unsupported AMD processor or an incompatible BIOS version on your motherboard. It is recommended to update the BIOS to the latest version available on the official GIGABYTE website. Be sure to back up important data and verify system stability before proceeding with the update.