Microsoft have made Secure Boot a requirement for Windows 11. To avail of Secure Boot and the latest security features, devices need to be UEFI enabled. UEFI provides greater functionally to manage and secure the system boot process. Where BIOS ends at the calling of the boot loader, UEFI extends its control to include the boot loader and even the Operating System. UEFI requires use of disk partitioning system called GUID Partition Table (GPT). It is this built-in functionality that facilitates the additional Windows 11 security features supported with UEFI.
Typically a device would be UEFI enabled and have Secure Boot enabled before the OS is installed. UEFI would be detected on the OS Installation and the correct GPT disk partitioning applied. Providing a clean and seamless process. Most Windows devices shipped from OEMs would have come as such and and not require any firmware or partitioning changes. The process becomes a little more complex when you have existing devices that are BIOS enabled. These devices will utilize Master Boot Record (MBR) disk partitioning. Enabling UEFI will also require changing the disk partitioning to GPT. This can be managed either manually or automated say in ConfigMgr within task sequence.
The disk partitions themselves in MBR and GPT are not different but rather the partition tables themselves. In many cases, when migrating from BIOS with MBR to UEFI with GPT, the disk does not need to be re-partitioned. The disk partition table can be converted using the MBR2GPT tool provided by Microsoft. Microsoft provides the conversion tool MBR2GPT which has been included since Windows 10 Creators Update 15007. This is aimed at these In-place upgrade scenarios but could be used in others. It doesn’t require that the disk be cleaned (a.k.a. wiped), meaning that data can be retained. It has the flexibility that it can be used from within both active Windows OS or in WinPE as part of an imaging or OSD process.
Migration Steps
There are two steps when converting an existing device from BIOS to UEFI.
- Firstly, we need to change the firmware type from BIOS to UEFI and configure all the UEFI Firmware settings. As BIOS and UEFI are guidelines rather than a strict set of rules, different hardware manufacturers have different firmware implementations.
- The second step is to change the disk partition format from MBR to GPT. This can be done manually with the MBR2GPT tool or within a single ConfigMgr OSD task sequence.
As of ConfigMgr 1610, changes have been made to facilitate this process of migrating from BIOS to UEFI. Basically, Config Manager now allows a restart computer task to prepare a Fat32 partition on the hard drive by means of the TSUEFIDrive TS variable. This creates a new temporary UEFI boot system.