Possible to turn off Secure Boot?

If I build SLES11 SP4 x86_64 on HP Gen9 server with UEFI and Secure Boot enabled the mgag200 video driver is used (I believe). If later I disable Secure Boot in hardware RBSU settings, the OS will still boot but no graphical session starts. Secure Boot must be re-enabled in HW for my graphical session to start. Anyone know if this is by design? After installation with Secure Boot enabled, is the only possibility of disabling Secure Boot to reinstall the OS after first disabling Secure Boot in HW? Or…is there some setting in the OS that can be changed prior to changing the HW setting that allows moving the same installation between Secure Boot off and on?
Likewise, if SLES11 SP4 is installed with Secure Boot off, is there a way to turn Secure Boot on, or must I reinstall?
I suppose it wouldn’t be very Secure if it could be turned off, but I can’t find anything in writing regarding this and my organization wants to know the rules: When a change can be made, when a system must be reinstalled if that change is desired, etc.

I wouldn’t have thought so, I’ve had SLED 11 SP4 running secure and non-secure with the radeon driver. I’m assuming you are also enabling/disabling via YaST bootloader as well?

No, wasn’t making any changes to bootloader - will try that. Thanks

That was it, just make change with yast2 bootloader, reboot and change hardware settings (secure boot enable/disable) to match new bootloader settings and can switch back and forth between enabled/disabled. On HP Proliant Gen9 with matrox video, the video driver has to be switched, but sax2 does this, startx brings up KDE. Going from secure boot disabled to enabled the first time requires creating a new boot entry, but the HP UEFI utilities will do this.

Or you can use the efibootmgr command to add entries in the uefi nvram…