TroubleChute Logo
ENABLE SECURE BOOT, TPM & UEFI GUIDES

Enable Secure Boot, TPM and UEFI on ASUS TUF

Published: Oct 1, 2025
Last Edit: Oct 2, 2025
UEFI BIOS
581 Words, 3 Minutes.

Note about TPM

While a lot of motherboards support Secure Boot, most (even semi-modern) motherboards have a TPM or TPM 2.0 chip physically present.

If your motherboard does not have a dedicated TPM, it can come built-in to your CPU. This usually comes in a few names. Keep an eye out for:

If a dedicated chip is present it can show as dTPM or fTPM, for example. You may need to search a specific guide for your exact motherboard model if this generalized guide does not help you.

Note about UEFI mode

Enabling Secure Boot or TPM often requires UEFI mode to be enabled as well. While this is just a one-click toggle in the firmware settings, you do need your Windows configuration and drive to match BEFORE enabling this, or you may not be able to boot at all until this step is undone. Your drives need to be the newer GPT partition format.

Please view and verify UEFI mode can be enabled by checking the Convert MBR drives to GPT Guide.

Reboot into firmware settings

If you’re logged into Windows:

  1. Open this guide on another device, as your system will only show firmware settings when you’re in the UEFI/BIOS settings screen.
  2. Press Start or Windows and search for CMD. Open Command Prompt as Administrator.
  3. Type: shutdown /r /fw and press Enter to reboot your system directly into your firmware settings.

Alternatively:

  1. Reboot your system as normal.
  2. While booting: when you see your motherboard’s logo there is usually text below saying Press F2, F12, Delete or any other combination of buttons to enter Settings, BIOS or UEFI. Press that key while still on this screen.
  3. You should now be in your BIOS/UEFI settings ready to adjust your configuration.

On my system I needed to press F2.

You should now be on your BIOS/UEFI Configuration Screen

Simple Mode

Enable UEFI mode

This is displayed slightly differently - even from motherboard to motherboard from the same manufacturer.

  1. Use F7 to enter Advanced Mode (you’ll see it at the bottom-right). You may also be able to click this, or it could be a different key.
    Advanced Mode
  2. Use the arrow keys to navigate to the Boot tab at the top of your screen
    Boot Settings page
  3. Click on CSM (Compatibility Support Module)
  4. Click Launch CSM and set it to Disabled. This will turn off Legacy mode, and enable UEFI mode.
    CSM Settings page
  5. Note: If you just changed into UEFI mode, you may have a restart pending before more settings can be adjusted. Hit Escape, and use the Right arrow to get to the Exit tab. Choose Save Changes & Reset (Reset refers to the power, not your configuration!).

You should now boot into Windows with UEFI mode enabled!

Enable Secure Boot

  1. Head back to the Boot tab at the top of your screen
    Boot Settings page
  2. Click Secure Boot
    Secure Boot page
  3. Make sure OS Type is set to Windows UEFI Mode instead of Other OS. This will enable Secure Boot.

Enable TPM

  1. Select the Advanced tab
    Advanced tab
  2. Select and open either PCH-FW Configuration (Intel) or AMD fTPM configuration (AMD)
  3. For Intel devices: Set PTT to Enabled and For AMD devices: Set Firmware TPM Switch to Enable Firmware TPM or Discrete TPM
    PTT Option

Save and Exit

Hit Escape, and use the Right arrow to get to the Exit tab. Choose Save Changes & Reset (Reset refers to the power, not your configuration!).

Your system should now reboot with UEFI, Secure Boot and TPM all enabled.

TroubleChute © Wesley Pyburn (TroubleChute)
Support Me Privacy Policy Cookies Policy Terms of Service Change privacy settings Contact