UEFI is a firmware standard required to support modern security features such as Secure Boot (introduced in Windows 8), Device Guard and Credential Guard (introduced in Windows 10). Prior to Windows 8, UEFI was only partially supported on the 64-bit edition of Windows 7 and most organizations today are running Windows 7 on devices that are equipped with UEFI firmware but are running in BIOS-emulation mode.
BIOS to UEFI enables organizations to automate the necessary firmware reconfiguration on Dell, Lenovo and HP systems to switch from BIOS-emulation to native UEFI with Secure Boot during the deployment of Windows 10. The feature is implemented as four custom steps integrated into a Configuration Manager OS Deployment task sequence used to deploy Windows 10. It enables the firmware and disk format changes to be made and the new Windows 10 operating system to be deployed in a single task sequence with no need to PXE boot after reconfiguring the firmware.
The BIOS to UEFI feature is designed to work with Dell, HP and Lenovo systems. In each case, it uses vendor-specific firmware configuration tools to make changes to the firmware settings. These vendor-specific tools must be included along with the 1E files (1EEFIOEM_amd64.exe and 1EEFIOEM_x86.exe) in a Configuration Manager Package, which can be created automatically using the Create 1E OEM Toolkit Package wizard.
This package is defined as a reference package in the properties of the 1E BIOS to UEFI OEM Task Sequence step. When it is executed on a client, it translates the options selected in the Task Sequence step properties (such as UEFI Native with Secure Boot) to the corresponding command-line required to configure those options with the vendor-specific tool and executes that command line. The feature can therefore only be supported on systems that meet the following criteria:
- The firmware must support UEFI. Most devices manufactured from 2013 onwards should support UEFI. All devices that are certified for Windows 8 or later are required to support UEFI (see System.Client.SystemConfiguration.Windows8RequiredComponents in Windows Hardware Certification Requirements for Client and Server Systems. Note that UEFI v2.3.1 Errata C or later is required to support Secure Boot.
- The system must support the vendor-specific firmware configuration tools. Not all models manufactured by a vendor will support that vendor's configuration tool and some models may require a specific version (or later) of the tool. Not all vendors support the same configuration options. Refer to the following for vendor-specific details.
- The system firmware must support the configuration options used by the vendor-specific tools. In some cases it may be necessary to upgrade the firmware on a device before the vendor-specific tools will work.
- The system must support Windows 10 (i.e. the vendor has confirmed that it has been tested with Windows 10).