# What should I do with these BIOS settings: Software Guard Extensions (Intel SGX), Compatability Supp



## zeal923

*What should I do with these BIOS settings: Software Guard Extensions (Intel SGX), Compatability Support Module, Secure Boot*

Hello! I recently built a PC, and this is my part list: https://pcpartpicker.com/list/3PyGnn

I was going through my ASUS UEFI BIOS, and I set my BIOS to optimized defaults. However, when I clicked the SAVE SETTINGS & EXIT option in the BIOS afterwards, it alerted me that Software Guard Extensions would change from DISABLED to SOFTWARE CONTROLLED. It also told me that my Secure Boot OS Type would change from Windows UEFI Mode to Other OS. I have Windows 10 installed on my PC, and want to use UEFI mode. Should I set the Software Guard Extensions to DISABLED and choose the OS Type as Windows UEFI Mode?

Also, I read that if you want to boot just UEFI mode, turn Compatibility Support Module to DISABLED for faster boot times. Should I set it to DISABLED, as I only want to use UEFI mode?

PS: I found this article about CSM mode and Secure Boot, but I can't seem to make sense of it. Can someone please explain the options to me? https://rog.asus.com/tag/disable-csm/


----------



## Jiniix

Honestly UEFI is trash and shouldn't be used. Doesn't make booting faster, as you say, only adds additional layers of nonsense.
Booting with UEFI only makes sense if you lock your BIOS with a password.
Legacy OPRom and "Other OS" is the way to go 

Are you absolutely sure you _need _UEFI/Secure Boot?


----------



## zeal923

Thank you for your response. Yes, I want UEFI. Should I enable Secure Boot and set the OS type to Windows UEFI Mode if I want UEFI? What about CSM and SW Guard Extensions? I have these two disabled right now.


----------



## Jiniix

CSM is literally "Compatibility Support Module", which gives support for Legacy-only devices or operating systems when using UEFI. 
SGX is a sort of DRM for applications. It's used to protect code from being altered, but it's very advanced and primarily used by developers. 
Again, unless you know/been told that you absolutely need it (SGX specifically) I wouldn't worry. It's only found on the newest platform, many generations survived without it for decades


----------



## zeal923

Jiniix said:


> CSM is literally "Compatibility Support Module", which gives support for Legacy-only devices or operating systems when using UEFI.
> SGX is a sort of DRM for applications. It's used to protect code from being altered, but it's very advanced and primarily used by developers.
> Again, unless you know/been told that you absolutely need it (SGX specifically) I wouldn't worry. It's only found on the newest platform, many generations survived without it for decades


Thank you! So from what you are saying, since I am planning to use only Windows UEFI, I should disable CSM. SGX would not be worried about, as I am not planning to be that advanced. So I will keep these disabled. As for Secure Boot, should I enable it and choose Windows UEFI mode? Sorry if I am asking the same questions over and over again btw


----------



## Jiniix

Just set it to Windows UEFI Mode if you're using Windows only. If you want to dual boot with Linux or something, you need "Other OS".


----------



## zeal923

Jiniix said:


> Just set it to Windows UEFI Mode if you're using Windows only. If you want to dual boot with Linux or something, you need "Other OS".


Ok! Thank you so much!


----------

