You are here:   Research
  |  Login

Welcome to my blog, quickest way to find articles is usually to search for them.

Minimize
Search in All Title Contents
 
     

List of Windows 10 features that requires UEFI

Oct 15 2015

One of the many restrictions of the Windows 10 inplace-upgrade process is that it doesn’t support changing BIOS to EUFI (see my Windows 10 Upgrade Limitations post for complete listing). So, do you really need UEFI to deploy Windows 10?  The answer is no, Windows 10 can absolutely be deployed to BIOS-based machines, but some of it’s features does require UEFI. Here is the (current)list:

Note: If you have a BIOS-Based machine, and want to “convert” it to UEFI-based (assuming the hardware supports it), the currently most practical way is currently to use the Computer replace scenario, but on the same machine. E.g. run a task sequence that backs up the data, and possible configure the BIOS too. Then reboot, and do a normal bare metal deployment that restores the backup in the end. Both MDT and ConfigMgr has support for this. Pretty much the same solution as when dealing with third party disk encryption.

BIOS servise and repair concept

The List

List of Windows 10 features that requires UEFI:

  • Secure Boot. Protects the Windows 10 pre-startup process against bootkit/rootkit attacks. Basically making sure no malicious operating system can start before Windows.
  • Early Launch Anti-malware (ELAM) driver. Loaded by Secure boot,  this driver starts before other non-Microsoft drivers to evaluate them.
  • Windows Trusted Boot. Protects the kernel and privileged drivers during early launch. Note: The MS15-111 security update released on October 13, 2015 fixes a security issue with this feature.
  • Measured Boot. Measures components all the way from firmware up through the boot start drivers, and then stores those measurements in the TPM chip on the machine. this info, stored in a log, can be tested remotely to verify the boot state of the client.
  • Device Guard. Uses CPU virtualization and TPM support to support Device Guard with AppLocker, and Device Guard with Credential Guard.
  • Credential Guard. Belongs with Device Guard, also uses CPU virtualization and TPM support, but to protect security info like NTLM hashes etc.
  • BitLocker Network Unlock. Automatic unlocks Windows 10 at reboot when connected to a wired corporate network.
  • GUID Partition Table (GPT) disk partitioning. Enables larger boot disks.
  • Additional speed. In general, UEFI-based/enabled machines have faster boot/shutdown/hibernate/resume compared with BIOS-based machines.









Deployment News


Happy deployment, and thanks for reading!


What our lawyers makes us say:

This information is provided "AS IS" with no warranties, confers no rights and is not supported by the authors or Deployment Artist.

Copyright © 2017 by Deployment Artist (the company behind deployment research). All rights reserved. No part of the information on this web site may be reproduced or posted in any form or by any means without the prior written permission of the publisher.

Shorthand: Don't pass off our work as yours, it's not nice.

Blog Archive

Minimize