diff --git a/CHANGELOG.md b/CHANGELOG.md
index aedea13..7e390e0 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,6 +4,10 @@ Changes are identified by the date of the released firmware including them. If
 you are running System76 Open Firmware, opening the boot menu will show this
 date followed by an underscore and a short git revision.
 
+## unreleased
+
+- Enabled support for Secure Boot
+
 ## 2022-11-21
 
 - lemp11: Added workaround to force S0ix entry on suspend
diff --git a/models/addw1/edk2.config b/models/addw1/edk2.config
index 28b2a3c..b237808 100644
--- a/models/addw1/edk2.config
+++ b/models/addw1/edk2.config
@@ -2,7 +2,7 @@ BOOTLOADER=COREBOOT
 DISABLE_SERIAL_TERMINAL=TRUE
 PLATFORM_BOOT_TIMEOUT=2
 PS2_KEYBOARD_ENABLE=TRUE
-#SECURE_BOOT_ENABLE=TRUE
+SECURE_BOOT_ENABLE=TRUE
 SERIAL_DRIVER_ENABLE=FALSE
 SHELL_TYPE=NONE
 TPM_ENABLE=TRUE
diff --git a/models/addw2/edk2.config b/models/addw2/edk2.config
index 28b2a3c..b237808 100644
--- a/models/addw2/edk2.config
+++ b/models/addw2/edk2.config
@@ -2,7 +2,7 @@ BOOTLOADER=COREBOOT
 DISABLE_SERIAL_TERMINAL=TRUE
 PLATFORM_BOOT_TIMEOUT=2
 PS2_KEYBOARD_ENABLE=TRUE
-#SECURE_BOOT_ENABLE=TRUE
+SECURE_BOOT_ENABLE=TRUE
 SERIAL_DRIVER_ENABLE=FALSE
 SHELL_TYPE=NONE
 TPM_ENABLE=TRUE
diff --git a/models/addw3/edk2.config b/models/addw3/edk2.config
index 28b2a3c..b237808 100644
--- a/models/addw3/edk2.config
+++ b/models/addw3/edk2.config
@@ -2,7 +2,7 @@ BOOTLOADER=COREBOOT
 DISABLE_SERIAL_TERMINAL=TRUE
 PLATFORM_BOOT_TIMEOUT=2
 PS2_KEYBOARD_ENABLE=TRUE
-#SECURE_BOOT_ENABLE=TRUE
+SECURE_BOOT_ENABLE=TRUE
 SERIAL_DRIVER_ENABLE=FALSE
 SHELL_TYPE=NONE
 TPM_ENABLE=TRUE
diff --git a/models/bonw14/edk2.config b/models/bonw14/edk2.config
index 28b2a3c..b237808 100644
--- a/models/bonw14/edk2.config
+++ b/models/bonw14/edk2.config
@@ -2,7 +2,7 @@ BOOTLOADER=COREBOOT
 DISABLE_SERIAL_TERMINAL=TRUE
 PLATFORM_BOOT_TIMEOUT=2
 PS2_KEYBOARD_ENABLE=TRUE
-#SECURE_BOOT_ENABLE=TRUE
+SECURE_BOOT_ENABLE=TRUE
 SERIAL_DRIVER_ENABLE=FALSE
 SHELL_TYPE=NONE
 TPM_ENABLE=TRUE
diff --git a/models/darp5/edk2.config b/models/darp5/edk2.config
index 28b2a3c..b237808 100644
--- a/models/darp5/edk2.config
+++ b/models/darp5/edk2.config
@@ -2,7 +2,7 @@ BOOTLOADER=COREBOOT
 DISABLE_SERIAL_TERMINAL=TRUE
 PLATFORM_BOOT_TIMEOUT=2
 PS2_KEYBOARD_ENABLE=TRUE
-#SECURE_BOOT_ENABLE=TRUE
+SECURE_BOOT_ENABLE=TRUE
 SERIAL_DRIVER_ENABLE=FALSE
 SHELL_TYPE=NONE
 TPM_ENABLE=TRUE
diff --git a/models/darp6/edk2.config b/models/darp6/edk2.config
index 28b2a3c..b237808 100644
--- a/models/darp6/edk2.config
+++ b/models/darp6/edk2.config
@@ -2,7 +2,7 @@ BOOTLOADER=COREBOOT
 DISABLE_SERIAL_TERMINAL=TRUE
 PLATFORM_BOOT_TIMEOUT=2
 PS2_KEYBOARD_ENABLE=TRUE
-#SECURE_BOOT_ENABLE=TRUE
+SECURE_BOOT_ENABLE=TRUE
 SERIAL_DRIVER_ENABLE=FALSE
 SHELL_TYPE=NONE
 TPM_ENABLE=TRUE
diff --git a/models/darp7/edk2.config b/models/darp7/edk2.config
index 28b2a3c..b237808 100644
--- a/models/darp7/edk2.config
+++ b/models/darp7/edk2.config
@@ -2,7 +2,7 @@ BOOTLOADER=COREBOOT
 DISABLE_SERIAL_TERMINAL=TRUE
 PLATFORM_BOOT_TIMEOUT=2
 PS2_KEYBOARD_ENABLE=TRUE
-#SECURE_BOOT_ENABLE=TRUE
+SECURE_BOOT_ENABLE=TRUE
 SERIAL_DRIVER_ENABLE=FALSE
 SHELL_TYPE=NONE
 TPM_ENABLE=TRUE
diff --git a/models/darp8/edk2.config b/models/darp8/edk2.config
index 28b2a3c..b237808 100644
--- a/models/darp8/edk2.config
+++ b/models/darp8/edk2.config
@@ -2,7 +2,7 @@ BOOTLOADER=COREBOOT
 DISABLE_SERIAL_TERMINAL=TRUE
 PLATFORM_BOOT_TIMEOUT=2
 PS2_KEYBOARD_ENABLE=TRUE
-#SECURE_BOOT_ENABLE=TRUE
+SECURE_BOOT_ENABLE=TRUE
 SERIAL_DRIVER_ENABLE=FALSE
 SHELL_TYPE=NONE
 TPM_ENABLE=TRUE
diff --git a/models/galp2/edk2.config b/models/galp2/edk2.config
index 28b2a3c..b237808 100644
--- a/models/galp2/edk2.config
+++ b/models/galp2/edk2.config
@@ -2,7 +2,7 @@ BOOTLOADER=COREBOOT
 DISABLE_SERIAL_TERMINAL=TRUE
 PLATFORM_BOOT_TIMEOUT=2
 PS2_KEYBOARD_ENABLE=TRUE
-#SECURE_BOOT_ENABLE=TRUE
+SECURE_BOOT_ENABLE=TRUE
 SERIAL_DRIVER_ENABLE=FALSE
 SHELL_TYPE=NONE
 TPM_ENABLE=TRUE
diff --git a/models/galp3-b/edk2.config b/models/galp3-b/edk2.config
index 28b2a3c..b237808 100644
--- a/models/galp3-b/edk2.config
+++ b/models/galp3-b/edk2.config
@@ -2,7 +2,7 @@ BOOTLOADER=COREBOOT
 DISABLE_SERIAL_TERMINAL=TRUE
 PLATFORM_BOOT_TIMEOUT=2
 PS2_KEYBOARD_ENABLE=TRUE
-#SECURE_BOOT_ENABLE=TRUE
+SECURE_BOOT_ENABLE=TRUE
 SERIAL_DRIVER_ENABLE=FALSE
 SHELL_TYPE=NONE
 TPM_ENABLE=TRUE
diff --git a/models/galp3-c/edk2.config b/models/galp3-c/edk2.config
index 28b2a3c..b237808 100644
--- a/models/galp3-c/edk2.config
+++ b/models/galp3-c/edk2.config
@@ -2,7 +2,7 @@ BOOTLOADER=COREBOOT
 DISABLE_SERIAL_TERMINAL=TRUE
 PLATFORM_BOOT_TIMEOUT=2
 PS2_KEYBOARD_ENABLE=TRUE
-#SECURE_BOOT_ENABLE=TRUE
+SECURE_BOOT_ENABLE=TRUE
 SERIAL_DRIVER_ENABLE=FALSE
 SHELL_TYPE=NONE
 TPM_ENABLE=TRUE
diff --git a/models/galp3/edk2.config b/models/galp3/edk2.config
index 28b2a3c..b237808 100644
--- a/models/galp3/edk2.config
+++ b/models/galp3/edk2.config
@@ -2,7 +2,7 @@ BOOTLOADER=COREBOOT
 DISABLE_SERIAL_TERMINAL=TRUE
 PLATFORM_BOOT_TIMEOUT=2
 PS2_KEYBOARD_ENABLE=TRUE
-#SECURE_BOOT_ENABLE=TRUE
+SECURE_BOOT_ENABLE=TRUE
 SERIAL_DRIVER_ENABLE=FALSE
 SHELL_TYPE=NONE
 TPM_ENABLE=TRUE
diff --git a/models/galp4/edk2.config b/models/galp4/edk2.config
index 28b2a3c..b237808 100644
--- a/models/galp4/edk2.config
+++ b/models/galp4/edk2.config
@@ -2,7 +2,7 @@ BOOTLOADER=COREBOOT
 DISABLE_SERIAL_TERMINAL=TRUE
 PLATFORM_BOOT_TIMEOUT=2
 PS2_KEYBOARD_ENABLE=TRUE
-#SECURE_BOOT_ENABLE=TRUE
+SECURE_BOOT_ENABLE=TRUE
 SERIAL_DRIVER_ENABLE=FALSE
 SHELL_TYPE=NONE
 TPM_ENABLE=TRUE
diff --git a/models/galp5/edk2.config b/models/galp5/edk2.config
index 28b2a3c..b237808 100644
--- a/models/galp5/edk2.config
+++ b/models/galp5/edk2.config
@@ -2,7 +2,7 @@ BOOTLOADER=COREBOOT
 DISABLE_SERIAL_TERMINAL=TRUE
 PLATFORM_BOOT_TIMEOUT=2
 PS2_KEYBOARD_ENABLE=TRUE
-#SECURE_BOOT_ENABLE=TRUE
+SECURE_BOOT_ENABLE=TRUE
 SERIAL_DRIVER_ENABLE=FALSE
 SHELL_TYPE=NONE
 TPM_ENABLE=TRUE
diff --git a/models/galp6/edk2.config b/models/galp6/edk2.config
index 28b2a3c..b237808 100644
--- a/models/galp6/edk2.config
+++ b/models/galp6/edk2.config
@@ -2,7 +2,7 @@ BOOTLOADER=COREBOOT
 DISABLE_SERIAL_TERMINAL=TRUE
 PLATFORM_BOOT_TIMEOUT=2
 PS2_KEYBOARD_ENABLE=TRUE
-#SECURE_BOOT_ENABLE=TRUE
+SECURE_BOOT_ENABLE=TRUE
 SERIAL_DRIVER_ENABLE=FALSE
 SHELL_TYPE=NONE
 TPM_ENABLE=TRUE
diff --git a/models/gaze14_1650/edk2.config b/models/gaze14_1650/edk2.config
index 28b2a3c..b237808 100644
--- a/models/gaze14_1650/edk2.config
+++ b/models/gaze14_1650/edk2.config
@@ -2,7 +2,7 @@ BOOTLOADER=COREBOOT
 DISABLE_SERIAL_TERMINAL=TRUE
 PLATFORM_BOOT_TIMEOUT=2
 PS2_KEYBOARD_ENABLE=TRUE
-#SECURE_BOOT_ENABLE=TRUE
+SECURE_BOOT_ENABLE=TRUE
 SERIAL_DRIVER_ENABLE=FALSE
 SHELL_TYPE=NONE
 TPM_ENABLE=TRUE
diff --git a/models/gaze14_1660ti/edk2.config b/models/gaze14_1660ti/edk2.config
index 28b2a3c..b237808 100644
--- a/models/gaze14_1660ti/edk2.config
+++ b/models/gaze14_1660ti/edk2.config
@@ -2,7 +2,7 @@ BOOTLOADER=COREBOOT
 DISABLE_SERIAL_TERMINAL=TRUE
 PLATFORM_BOOT_TIMEOUT=2
 PS2_KEYBOARD_ENABLE=TRUE
-#SECURE_BOOT_ENABLE=TRUE
+SECURE_BOOT_ENABLE=TRUE
 SERIAL_DRIVER_ENABLE=FALSE
 SHELL_TYPE=NONE
 TPM_ENABLE=TRUE
diff --git a/models/gaze15/edk2.config b/models/gaze15/edk2.config
index 28b2a3c..b237808 100644
--- a/models/gaze15/edk2.config
+++ b/models/gaze15/edk2.config
@@ -2,7 +2,7 @@ BOOTLOADER=COREBOOT
 DISABLE_SERIAL_TERMINAL=TRUE
 PLATFORM_BOOT_TIMEOUT=2
 PS2_KEYBOARD_ENABLE=TRUE
-#SECURE_BOOT_ENABLE=TRUE
+SECURE_BOOT_ENABLE=TRUE
 SERIAL_DRIVER_ENABLE=FALSE
 SHELL_TYPE=NONE
 TPM_ENABLE=TRUE
diff --git a/models/gaze16-3050/edk2.config b/models/gaze16-3050/edk2.config
index 28b2a3c..b237808 100644
--- a/models/gaze16-3050/edk2.config
+++ b/models/gaze16-3050/edk2.config
@@ -2,7 +2,7 @@ BOOTLOADER=COREBOOT
 DISABLE_SERIAL_TERMINAL=TRUE
 PLATFORM_BOOT_TIMEOUT=2
 PS2_KEYBOARD_ENABLE=TRUE
-#SECURE_BOOT_ENABLE=TRUE
+SECURE_BOOT_ENABLE=TRUE
 SERIAL_DRIVER_ENABLE=FALSE
 SHELL_TYPE=NONE
 TPM_ENABLE=TRUE
diff --git a/models/gaze16-3060-b/edk2.config b/models/gaze16-3060-b/edk2.config
index 28b2a3c..b237808 100644
--- a/models/gaze16-3060-b/edk2.config
+++ b/models/gaze16-3060-b/edk2.config
@@ -2,7 +2,7 @@ BOOTLOADER=COREBOOT
 DISABLE_SERIAL_TERMINAL=TRUE
 PLATFORM_BOOT_TIMEOUT=2
 PS2_KEYBOARD_ENABLE=TRUE
-#SECURE_BOOT_ENABLE=TRUE
+SECURE_BOOT_ENABLE=TRUE
 SERIAL_DRIVER_ENABLE=FALSE
 SHELL_TYPE=NONE
 TPM_ENABLE=TRUE
diff --git a/models/gaze16-3060/edk2.config b/models/gaze16-3060/edk2.config
index 28b2a3c..b237808 100644
--- a/models/gaze16-3060/edk2.config
+++ b/models/gaze16-3060/edk2.config
@@ -2,7 +2,7 @@ BOOTLOADER=COREBOOT
 DISABLE_SERIAL_TERMINAL=TRUE
 PLATFORM_BOOT_TIMEOUT=2
 PS2_KEYBOARD_ENABLE=TRUE
-#SECURE_BOOT_ENABLE=TRUE
+SECURE_BOOT_ENABLE=TRUE
 SERIAL_DRIVER_ENABLE=FALSE
 SHELL_TYPE=NONE
 TPM_ENABLE=TRUE
diff --git a/models/gaze17-3050/edk2.config b/models/gaze17-3050/edk2.config
index 28b2a3c..b237808 100644
--- a/models/gaze17-3050/edk2.config
+++ b/models/gaze17-3050/edk2.config
@@ -2,7 +2,7 @@ BOOTLOADER=COREBOOT
 DISABLE_SERIAL_TERMINAL=TRUE
 PLATFORM_BOOT_TIMEOUT=2
 PS2_KEYBOARD_ENABLE=TRUE
-#SECURE_BOOT_ENABLE=TRUE
+SECURE_BOOT_ENABLE=TRUE
 SERIAL_DRIVER_ENABLE=FALSE
 SHELL_TYPE=NONE
 TPM_ENABLE=TRUE
diff --git a/models/gaze17-3060-b/edk2.config b/models/gaze17-3060-b/edk2.config
index 28b2a3c..b237808 100644
--- a/models/gaze17-3060-b/edk2.config
+++ b/models/gaze17-3060-b/edk2.config
@@ -2,7 +2,7 @@ BOOTLOADER=COREBOOT
 DISABLE_SERIAL_TERMINAL=TRUE
 PLATFORM_BOOT_TIMEOUT=2
 PS2_KEYBOARD_ENABLE=TRUE
-#SECURE_BOOT_ENABLE=TRUE
+SECURE_BOOT_ENABLE=TRUE
 SERIAL_DRIVER_ENABLE=FALSE
 SHELL_TYPE=NONE
 TPM_ENABLE=TRUE
diff --git a/models/lemp10/edk2.config b/models/lemp10/edk2.config
index 28b2a3c..b237808 100644
--- a/models/lemp10/edk2.config
+++ b/models/lemp10/edk2.config
@@ -2,7 +2,7 @@ BOOTLOADER=COREBOOT
 DISABLE_SERIAL_TERMINAL=TRUE
 PLATFORM_BOOT_TIMEOUT=2
 PS2_KEYBOARD_ENABLE=TRUE
-#SECURE_BOOT_ENABLE=TRUE
+SECURE_BOOT_ENABLE=TRUE
 SERIAL_DRIVER_ENABLE=FALSE
 SHELL_TYPE=NONE
 TPM_ENABLE=TRUE
diff --git a/models/lemp11/edk2.config b/models/lemp11/edk2.config
index 28b2a3c..b237808 100644
--- a/models/lemp11/edk2.config
+++ b/models/lemp11/edk2.config
@@ -2,7 +2,7 @@ BOOTLOADER=COREBOOT
 DISABLE_SERIAL_TERMINAL=TRUE
 PLATFORM_BOOT_TIMEOUT=2
 PS2_KEYBOARD_ENABLE=TRUE
-#SECURE_BOOT_ENABLE=TRUE
+SECURE_BOOT_ENABLE=TRUE
 SERIAL_DRIVER_ENABLE=FALSE
 SHELL_TYPE=NONE
 TPM_ENABLE=TRUE
diff --git a/models/lemp9/edk2.config b/models/lemp9/edk2.config
index 28b2a3c..b237808 100644
--- a/models/lemp9/edk2.config
+++ b/models/lemp9/edk2.config
@@ -2,7 +2,7 @@ BOOTLOADER=COREBOOT
 DISABLE_SERIAL_TERMINAL=TRUE
 PLATFORM_BOOT_TIMEOUT=2
 PS2_KEYBOARD_ENABLE=TRUE
-#SECURE_BOOT_ENABLE=TRUE
+SECURE_BOOT_ENABLE=TRUE
 SERIAL_DRIVER_ENABLE=FALSE
 SHELL_TYPE=NONE
 TPM_ENABLE=TRUE
diff --git a/models/oryp10/edk2.config b/models/oryp10/edk2.config
index 28b2a3c..b237808 100644
--- a/models/oryp10/edk2.config
+++ b/models/oryp10/edk2.config
@@ -2,7 +2,7 @@ BOOTLOADER=COREBOOT
 DISABLE_SERIAL_TERMINAL=TRUE
 PLATFORM_BOOT_TIMEOUT=2
 PS2_KEYBOARD_ENABLE=TRUE
-#SECURE_BOOT_ENABLE=TRUE
+SECURE_BOOT_ENABLE=TRUE
 SERIAL_DRIVER_ENABLE=FALSE
 SHELL_TYPE=NONE
 TPM_ENABLE=TRUE
diff --git a/models/oryp11/edk2.config b/models/oryp11/edk2.config
index 28b2a3c..b237808 100644
--- a/models/oryp11/edk2.config
+++ b/models/oryp11/edk2.config
@@ -2,7 +2,7 @@ BOOTLOADER=COREBOOT
 DISABLE_SERIAL_TERMINAL=TRUE
 PLATFORM_BOOT_TIMEOUT=2
 PS2_KEYBOARD_ENABLE=TRUE
-#SECURE_BOOT_ENABLE=TRUE
+SECURE_BOOT_ENABLE=TRUE
 SERIAL_DRIVER_ENABLE=FALSE
 SHELL_TYPE=NONE
 TPM_ENABLE=TRUE
diff --git a/models/oryp5/edk2.config b/models/oryp5/edk2.config
index 28b2a3c..b237808 100644
--- a/models/oryp5/edk2.config
+++ b/models/oryp5/edk2.config
@@ -2,7 +2,7 @@ BOOTLOADER=COREBOOT
 DISABLE_SERIAL_TERMINAL=TRUE
 PLATFORM_BOOT_TIMEOUT=2
 PS2_KEYBOARD_ENABLE=TRUE
-#SECURE_BOOT_ENABLE=TRUE
+SECURE_BOOT_ENABLE=TRUE
 SERIAL_DRIVER_ENABLE=FALSE
 SHELL_TYPE=NONE
 TPM_ENABLE=TRUE
diff --git a/models/oryp6/edk2.config b/models/oryp6/edk2.config
index 28b2a3c..b237808 100644
--- a/models/oryp6/edk2.config
+++ b/models/oryp6/edk2.config
@@ -2,7 +2,7 @@ BOOTLOADER=COREBOOT
 DISABLE_SERIAL_TERMINAL=TRUE
 PLATFORM_BOOT_TIMEOUT=2
 PS2_KEYBOARD_ENABLE=TRUE
-#SECURE_BOOT_ENABLE=TRUE
+SECURE_BOOT_ENABLE=TRUE
 SERIAL_DRIVER_ENABLE=FALSE
 SHELL_TYPE=NONE
 TPM_ENABLE=TRUE
diff --git a/models/oryp7/edk2.config b/models/oryp7/edk2.config
index 28b2a3c..b237808 100644
--- a/models/oryp7/edk2.config
+++ b/models/oryp7/edk2.config
@@ -2,7 +2,7 @@ BOOTLOADER=COREBOOT
 DISABLE_SERIAL_TERMINAL=TRUE
 PLATFORM_BOOT_TIMEOUT=2
 PS2_KEYBOARD_ENABLE=TRUE
-#SECURE_BOOT_ENABLE=TRUE
+SECURE_BOOT_ENABLE=TRUE
 SERIAL_DRIVER_ENABLE=FALSE
 SHELL_TYPE=NONE
 TPM_ENABLE=TRUE
diff --git a/models/oryp8/edk2.config b/models/oryp8/edk2.config
index 28b2a3c..b237808 100644
--- a/models/oryp8/edk2.config
+++ b/models/oryp8/edk2.config
@@ -2,7 +2,7 @@ BOOTLOADER=COREBOOT
 DISABLE_SERIAL_TERMINAL=TRUE
 PLATFORM_BOOT_TIMEOUT=2
 PS2_KEYBOARD_ENABLE=TRUE
-#SECURE_BOOT_ENABLE=TRUE
+SECURE_BOOT_ENABLE=TRUE
 SERIAL_DRIVER_ENABLE=FALSE
 SHELL_TYPE=NONE
 TPM_ENABLE=TRUE
diff --git a/models/oryp9/edk2.config b/models/oryp9/edk2.config
index 28b2a3c..b237808 100644
--- a/models/oryp9/edk2.config
+++ b/models/oryp9/edk2.config
@@ -2,7 +2,7 @@ BOOTLOADER=COREBOOT
 DISABLE_SERIAL_TERMINAL=TRUE
 PLATFORM_BOOT_TIMEOUT=2
 PS2_KEYBOARD_ENABLE=TRUE
-#SECURE_BOOT_ENABLE=TRUE
+SECURE_BOOT_ENABLE=TRUE
 SERIAL_DRIVER_ENABLE=FALSE
 SHELL_TYPE=NONE
 TPM_ENABLE=TRUE
diff --git a/models/qemu/edk2.config b/models/qemu/edk2.config
index 3b24613..e72d944 100644
--- a/models/qemu/edk2.config
+++ b/models/qemu/edk2.config
@@ -2,7 +2,7 @@ BOOTLOADER=COREBOOT
 DISABLE_SERIAL_TERMINAL=TRUE
 PLATFORM_BOOT_TIMEOUT=2
 PS2_KEYBOARD_ENABLE=TRUE
-#SECURE_BOOT_ENABLE=TRUE
+SECURE_BOOT_ENABLE=TRUE
 SERIAL_DRIVER_ENABLE=FALSE
 SHELL_TYPE=NONE
 TPM_ENABLE=TRUE
diff --git a/models/serw13/edk2.config b/models/serw13/edk2.config
index 28b2a3c..b237808 100644
--- a/models/serw13/edk2.config
+++ b/models/serw13/edk2.config
@@ -2,7 +2,7 @@ BOOTLOADER=COREBOOT
 DISABLE_SERIAL_TERMINAL=TRUE
 PLATFORM_BOOT_TIMEOUT=2
 PS2_KEYBOARD_ENABLE=TRUE
-#SECURE_BOOT_ENABLE=TRUE
+SECURE_BOOT_ENABLE=TRUE
 SERIAL_DRIVER_ENABLE=FALSE
 SHELL_TYPE=NONE
 TPM_ENABLE=TRUE