What should I do with these BIOS settings: Software Guard Extensions (Intel SGX), Compatability Supp

zeal923

New Member
What should I do with these BIOS settings: Software Guard Extensions (Intel SGX), Compatability Support Module, Secure Boot

Hello! I recently built a PC, and this is my part list: https://pcpartpicker.com/list/3PyGnn

I was going through my ASUS UEFI BIOS, and I set my BIOS to optimized defaults. However, when I clicked the SAVE SETTINGS & EXIT option in the BIOS afterwards, it alerted me that Software Guard Extensions would change from DISABLED to SOFTWARE CONTROLLED. It also told me that my Secure Boot OS Type would change from Windows UEFI Mode to Other OS. I have Windows 10 installed on my PC, and want to use UEFI mode. Should I set the Software Guard Extensions to DISABLED and choose the OS Type as Windows UEFI Mode?

Also, I read that if you want to boot just UEFI mode, turn Compatibility Support Module to DISABLED for faster boot times. Should I set it to DISABLED, as I only want to use UEFI mode?

PS: I found this article about CSM mode and Secure Boot, but I can't seem to make sense of it. Can someone please explain the options to me? https://rog.asus.com/tag/disable-csm/
 
Last edited:

Jiniix

Well-Known Member
Honestly UEFI is trash and shouldn't be used. Doesn't make booting faster, as you say, only adds additional layers of nonsense.
Booting with UEFI only makes sense if you lock your BIOS with a password.
Legacy OPRom and "Other OS" is the way to go :)

Are you absolutely sure you need UEFI/Secure Boot?
 

zeal923

New Member
Thank you for your response. Yes, I want UEFI. Should I enable Secure Boot and set the OS type to Windows UEFI Mode if I want UEFI? What about CSM and SW Guard Extensions? I have these two disabled right now.
 

Jiniix

Well-Known Member
CSM is literally "Compatibility Support Module", which gives support for Legacy-only devices or operating systems when using UEFI.
SGX is a sort of DRM for applications. It's used to protect code from being altered, but it's very advanced and primarily used by developers.
Again, unless you know/been told that you absolutely need it (SGX specifically) I wouldn't worry. It's only found on the newest platform, many generations survived without it for decades :)
 

zeal923

New Member
CSM is literally "Compatibility Support Module", which gives support for Legacy-only devices or operating systems when using UEFI.
SGX is a sort of DRM for applications. It's used to protect code from being altered, but it's very advanced and primarily used by developers.
Again, unless you know/been told that you absolutely need it (SGX specifically) I wouldn't worry. It's only found on the newest platform, many generations survived without it for decades :)
Thank you! So from what you are saying, since I am planning to use only Windows UEFI, I should disable CSM. SGX would not be worried about, as I am not planning to be that advanced. So I will keep these disabled. As for Secure Boot, should I enable it and choose Windows UEFI mode? Sorry if I am asking the same questions over and over again btw :)
 

Jiniix

Well-Known Member
Just set it to Windows UEFI Mode if you're using Windows only. If you want to dual boot with Linux or something, you need "Other OS".
 
Top