Secure Boot and Encryption

Just had two questions that I couldn’t find any other posts on:

1: Not sure if this is the right place to ask but: for enabling secure boot on an asus board, should we be enabling Standard or Custom for the Secure boot mode? I know the OS mode still needs to be windows in order for secure boot to be enabled but wasn’t sure with the other option ([Motherboard] How to enable or disable Secure Boot ? | Official Support | ASUS Global). I also assume we need to disable secure boot until the key is registered and then re enabling it after?

2: How does drive encryption with the TPM script work when we have two drives? I’m referring to ujust setup-luks-tpm-unlock

I also assume we need to disable secure boot until the key is registered and then re enabling it after?

I can’t answer all your questions because I don’t run secure boot and don’t know. However, if you ctrl-f and search for ‘secure boot’ on this page you will find out how to enroll the keys. It can be done during installation or after.

https://universal-blue.discourse.group/docs?topic=1145