08-23-2018 08:28 AM
I am interested in using bitlocker and so in BIOS i have secure boot enabled.
I wanted to know what the difference between User Mode for Platform Mode and Setup Mode was?
What does "Clear all secure boot keys" do? Does it make the system less secure?
I'm asking as an application will not work if it is in User Mode in Windows 10, however, when it is in Setup Mode it works perfectly.
08-31-2018 10:50 AM - edited 08-31-2018 10:52 AM
This is all explained in the help text in BIOS setup itself. Look at the "item specific help" on the right side of the screen.
Setup mode clears the factory keys and certificates so that you can install your own, and until you do, Secure Boot is essentially disabled. It is definitely making the system less secure unless you install your own keys and certificates. You can confirm this in Windows by running msinfo32.exe and looking at the "Secure Boot State". If it's Off, your system is insecure.
If you have an app that doesn't work when Secure Boot is enabled and in User mode, it means the app is not properly signed for Secure Boot. My guess is that the app is depending on some unsigned driver or service.