As part of my Windows 11 upgrade activities, MS says my PC does not support Secure Boot. Something also confirmed by msinfo32.exe: msinfo32 snapshot
Strangely enough, when I entered BIOS it states Secure Boot state: “Enabled”: BIOS Secure Boot Menu snapshot
I thus assumed other BIOS settings are also required to be set.
I then tried several combinations values of both this Secure Boot menu (by changing OS Type: “Other OS” to “Windows UEFI mode”) and in CSM menu: BIOS CSM Menu snapshot
But my Windows stopped booting whenever I changed CSM\Launch CSM to either “Disabled” (no matter the Secure Boot\OS Type value) or “Auto” when Secure Boot\OS Type = “Windows UEFI mode”. All other combinations didn’t seem to make any difference for Secure Boot purposes.
I didn’t mess around with Secure Boot\Key Management (should I?...):
BIOS Secure Boot Key Management snapshot
Digging further, I found a SuperUser posting stating:
If OS was installed under CSM, it thinks this machine is not UEFI compatible and installs in legacy mode. If you switch to UEFI it won't boot because this is not UEFI loader expects to see. If system was installed under UEFI, it detects that and configures BIOS so it wouldn't boot if you switch to CSM afterwards, because this is not legacy BIOS loader expects to see. It is possible to configure a system to boot either way, but it's not very easy and I don't know how to do this in Windows.
As I have a custom-made machine, in which I installed Windows 10 with mostly BIOS defaults, I now suspect that my Windows was installed under CSM.
So, is there an easy way (say, by tweaking BIOS) to support Secure Boot, without requiring Windows 10 reinstallation?
Windows 10 Pro, 64-bit (21H1)
M/B Asus Prime Z370-P
RAM: 16GB
Intel i7 8700
GPU on board (Intel 630)
Broadcom 802.11ac PCIe
Sound Blaster X-Fi Xtreme Audio PCIe
Shift
+F10
to access a terminal → Correctly configure Windows for EFI boot (you'll need to convert the OS partition from MBR to GPT first via a CLI utility - see Microsoft Docs or Superuser; I'll create an answer later, as I don't have time at the moment)