The 1E BIOS to UEFI feature is implemented through five custom task sequence steps:
1E BIOS to UEFI – This Task Sequence action allows the firmware changes to be made, and the device rebooted into Windows PE while preserving the task sequence environment. It is included in the task sequence twice. The first instance sets up the process before the firmware changes are made; the second runs after the changes have been made and restores the task sequence environment and allows it to continue.
1E BIOS to UEFI OEM – This Task Sequence action uses OEM-specific tools or WMI methods to make the necessary firmware configuration updates. The task has the following properties:
Property Description UEFI configuration Enable this in order to use one of the three available UEFI states. UEFI native with Secure Boot
The preferred option to enable native UEFI support and Secure Boot. Required if Device Guard or Credential Guard are to be used once the device is migrated to Windows 10.
UEFI Native without Secure Boot
Can be used if there are issues with drivers etc. that prevent the device from booting with Secure Boot. This should only be used as a temporary measure while driver/boot issues are investigated, as enabling UEFI without Secure Boot exposes the device to UEFI boot-kit malware.
UEFI Hybrid with CSM
Can be used in a task sequence that deploys a Windows 7 x64 image. Windows 7 x64 supports UEFI in hybrid mode with the Compatibility Support Modules (CSM) and a GUID Partition Table (GPT) disk. It enables the device to be upgraded to Windows 10 using an in-place upgrade.
Enable UEFI PXE
Enables the UEFI network boot stack in the firmware and is required to enable the device to boot from the network (PXE) after the firmware UEFI mode has been enabled.
Enables the Wake-on-LAN feature in the firmware.
OEM Toolkit Package Select the OEM Toolkit package created by the Create 1E OEM Toolkit Package wizard.
- 1E BIOS to UEFI Boot Order – used to reorder the boot options.
- 1E BIOS to UEFI Advanced Settings – used to enable TPM and virtualization.
- This step would only be required when you want to enable/activate the TPM.
- 1E BIOS to UEFI Password Setup – enables you to whitelist admin passwords when changing settings in BIOS. This step must be used if the BIOS already has a password set, but can also be used to set a new password.
For details on how to use these steps in a Task Sequence, refer to Adding 1E BIOS to UEFI functions to a task sequence.