Automated Secure Boot Enrollment with ggRock

🛑 Why Enable Secure Boot?

Some PC games and applications now require Secure Boot to be enabled to ensure system integrity and prevent tampering. This means both Secure Boot and its associated keys must be properly configured.

✅ Step-by-Step Guide

1. Enable Auto-Enrollment in ggRock

1. Navigate to Settings > Secure Boot in the ggRock web UI.
2. Enable Secure Boot Keys Auto-Enrollment.

📸 Example:

2. Enter the BIOS Setup

Access the BIOS/UEFI setup menu on the client machine:

• Common keys: F2, F8, F10, F12, ESC, or DEL (varies by manufacturer).

📸 Example:

3. Configure Secure Boot in BIOS

1. Enable Secure Boot.
2. Set the Secure Boot mode to Custom.
3. Put the platform in Setup Mode by clearing existing Secure Boot keys (i.e., delete all Secure Boot variables).

📸 Example Screenshots:

4. Auto-Enrollment Process

1. Reboot the PC.
2. During the next boot, the Secure Boot certificates will automatically install.
3. Reboot again. You will now see a shield icon in the ggRock UI, indicating Secure Boot is active. 🛡️

📸 Example:

🔁 Finalizing the BIOS Configuration

Once Secure Boot is confirmed:

1. Disable Secure Boot Keys Auto-Enrollment in Settings > Secure Boot on ggRock.
2. Reboot the PC.

3. Re-enter BIOS setup (F10, ESC, or DEL).
4. Go to Boot Options.
5. Ensure Secure Boot is enabled (may be called “Windows UEFI Mode” on some systems).
6. Save changes and exit BIOS.

📸 Example:

🧪 Verifying Secure Boot Status

There are two ways to verify that Secure Boot is correctly configured:

Method 1: msinfo32

1. Boot into Windows.
2. Press Win + R, type msinfo32, and press Enter.
3. Look for:

• BIOS Mode: UEFI
• Secure Boot State: On

📸 Example:

Method 2: PowerShell

Run the following command in an elevated PowerShell window:

Confirm-SecureBootUEFI

If it returns True, Secure Boot is active. ✅

Updated on: 10/12/2025