Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: If I cannot enable Secure Boot, then why use UEFI instead of BIOS?

22 Nov 2017   #1
Stardance

64-bit Windows 7 Professional SP1
 
 
If I cannot enable Secure Boot, then why use UEFI instead of BIOS?

For what it may be worth, I have decided to do a "clean install" that overwrites the existing Windows 7 Pro SP1 (fully updated) installation on my computer system, after (a) installing a new and different ASUS 970 Pro Gaming/Aura motherboard which supports UEFI, and (b) installing a new AMD Phenom II X4 960T 3.0/3.4 GHz CPU instead of continuing to run the 6 y.o. CPU currently installed.

My primary reason for re-installing Windows 7 is to use the motherboard's UEFI feature instead of BIOS. I have assumed that, by using UEFI, I can configure the system for Secure Boot. However, according to all that I have read about using UEFI with Windows 7 on this website, I must disable Secure Boot because the OS is Windows 7. Three pages of instructions concern the subject:

How to Do a Clean Installation with Windows 7
Clean Install Windows 7

This tutorial begins describing the installation process with:
Warning
If you want to install Windows 7 using UEFI instead of BIOS, then see this below first.

How to Install Windows 7 Using "Unified Extensible Firmware Interface" (UEFI)
UEFI (Unified Extensible Firmware Interface) - Install Windows 7 with
The introduction for the referenced instructions (above) ends with the following:
Warning
  • Disabling UEFI will make the system unbootable as there is no MBR on the disks.
  • You CANNOT make a sector-by-sector copy of GPT disks. The Disk and Partition GUIDs will no longer be unique. This must never happen. You can make a sector-by-sector copy of the contents of ESP or basic data partitions.
  • Disable secure boot before installing Windows 7.
_______________

Note: the second line above mystifies me. If making a sector-by-sector copy of the "GPT disk" on which Windows 7 is installed "must never happen", then what software can I run to make a backup-copy of the Windows 7 installation on that drive? Be aware that the Windows 7 partition will include all software installed that requires access to the Windows Registry.

Nonetheless, it is the third line which gives me pause. The instructions which follow the above warning never mention whether Secure Boot can be re-enabled after Windows 7 is installed.
But keep reading, the hyperlink in the last line above is for the page:

How to Enable or Disable Secure Boot in UEFI
https://www.eightforums.com/tutorial...able-uefi.html

The introduction on the above page ends with the following:
Warning
Arm based Windows RT PCs and devices will have a locked boot loader, so you will not be able to disabled secure boot on them.

If you have a Windows 8.1 device that has the device encryption feature turned on and disable secure boot, then you may not be able to access the data on the disk until you enable secure boot again.

Do not enable secure boot with Windows 7, Vista, or XP installed. If you do, these OSs will not boot until secure boot is disabled.
_______________
So, if I cannot enable Secure Boot, then what benefit would there be to install Windows 7 with UEFI instead of BIOS?


For your information:

The motherboard manual BIOS Information - Boot Menu section does not disclose any limitation as to the version of Windows. It presents two options from which I can select one, to quote:

Secure Boot
This item allows you to configure the Windows Secure Boot settings and manage its keys to protect the system from unauthorized access and malwares during POST.
OS Type [Windows UEFI Mode] /* the choice in the brackets signifies the default */

[Windows UEFI Mode]
This item allows you to select your installed operating system. Execute the Microsoft Secure Boot check. Only select this option when booting on Windows UEFI mode or other Microsoft Secure Boot compliant OS.
[Other OS]
Get the optimized function when booting on Windows non-UEFI mode. Microsoft Secure Boot only supports Windows UEFI mode.
_______________

Note: If I do not choose to use UEFI, then I expect to simply prepare Windows 7 for the motherboard change with the SYSPREP method described by another tutorial of this forum. If I recall correctly, its instructions mention that, if the motherboard supports Secure Boot, then I must disable it in the BIOS before booting Windows 7. So I have anticipated selecting the [Other OS] option above before booting Windows (after it has been "prepped") from the drive on which it is currently installed.

Thank you for your time and attention to this inquiry. I am looking forward to your answer and any additional advice you might offer.


My System SpecsSystem Spec
.
22 Nov 2017   #2
Megahertz07

Windows 7 HP 64
 
 

Secure boot is a safety boot check that verify is the OS you're booting is digitally signed. It was introduced on win 8 and now it is on Win 8, 8.1 and 10. Linux also is compatible with safety boot.
Secure Boot Overview

Win 7 isn't compatible with secure boot. That doesn't mean that you cant use UEFI BIOS mode. Just disable secure boot and enable the other UEFI functions.
Boot the installation disk as UEFI mode, delete all partitions and create new. It will create 3 partitions on a GPT disk:
- 100M Fat32 UEFI
- 120M RAW MS reserved
- Large NTFS

The main differences between Legacy-MBR and UEFI-GPT
MBR disk has a partition size limit of 2.2T. On GPT the limit is sky high 16x 10^18 (16 exabytes).
On the GPT disk you don't have a MBR. UEFI BIOS takes the booting process to the 100M Fat32 UEFI partition where you can have more than one boot loader. That is very convenient if you have a multi boot system with the OS's on different partitions. My 128G SSD is GPT and has Win 7 64 and Lubuntu 64.
Some add on cards, like modern graphics, work better on a UEFI mode.

Only Win 7 64 can boot a GPT disk with a UEFI BIOS, but you can have a GPT disk on a Legacy or UEFI BIOS for data.

MBR vs. GPT Guide: What's The Difference and Which One Is Better
My System SpecsSystem Spec
22 Nov 2017   #3
Stardance

64-bit Windows 7 Professional SP1
 
 

Quote   Quote: Originally Posted by Megahertz07 View Post
....

Win 7 isn't compatible with secure boot. That doesn't mean that you cant use UEFI BIOS mode. Just disable secure boot and enable the other UEFI functions.
Boot the installation disk as UEFI mode, delete all partitions and create new. It will create 3 partitions on a GPT disk:
- 100M Fat32 UEFI
- 120M RAW MS reserved
- Large NTFS

....

Only Win 7 64 can boot a GPT disk with a UEFI BIOS, but you can have a GPT disk on a Legacy or UEFI BIOS for data.

MBR vs. GPT Guide: What's The Difference and Which One Is Better
Evidently, I must use the [Other OS] option to disable Secure Boot: https://www.asus.com/us/support/FAQ/1016356

Apparently, ASUS did not anticipate that anyone would run Windows 7 with their 970 Gaming Pro/Aura motherboard, insofar as Windows 8 (if not also 8.1) was the successor version at the time. So I have posted an inquiry to ASUS Support to clarify whether the ASUS motherboard UEFI will support Windows 7 installed on a GPT disk.

It seems to me that your last remark states that only 64-bit Windows 7 can boot from a GPT disk with a UEFI BIOS, i.e., 32-bit Windows 7 cannot do so. 64-bit Windows 7 Professional SP1 is installed on the existing 64-bit hardware and the new ASUS motherboard is also 64-bit. So 32-bit Windows 7 is not an issue. The boot disk is the only GPT disk which I expect to use, the other drives have NTFS partitions.

Which reminds me that I must check with Paragon Software as to whether Hard Disk Manager Suite 15 can create partition images for a GPT disk, i.e., ones which I use for backup.

Thank-you for your reply and the information you offered.
____________________

UPDATE: An ASUS online tech support has confirmed that the ASUS UEFI will boot 64-bit Windows 7 from a UEFI GPT disk drive after Secure Boot is disabled by using the [Other OS] configuration option.

Again, thank-you for all of the information and assistance that you have provided.
My System SpecsSystem Spec
.

Reply

 If I cannot enable Secure Boot, then why use UEFI instead of BIOS?




Thread Tools




Similar help and support threads
Thread Forum
UEFI bios, CSM boot option needed for PCIe SSD?
I am interested in buying a Plextor PCIe SSD M6e(A) Black for a performance upgrade. Plextor SSD Storage Solutions | Products | M6e(A) Black Edition I emailed Plextor support with a system compatibility question & they replied within 20 minutes. He stated: "Check your boards bios to see if...
Hardware & Devices
HELP!! Windows 7 on SSD failed to boot, goes into UEFI BIOS.
Hi all, I have just recently installed Windows 7 on the Plextor M6 Pro 128GB SSD. Everything went fine for the first few boots, and Windows will not boot up after that. The computer automatically goes into UEFI BIOS as if there is no Windows installed on any of the hard disks. I removed the...
Installation & Setup
Trying to Secure Erase SSD, bios won't boot from CD/DVD drive?
I've tried changing boot priority multiple times to have my CD/DVD drive boot first & the SSD second & 3rd disabled. But it doesn't ever seem to save the settings and does NOT boot from the CD/DVD and instead goes directly to the SSD, either my Ubuntu or my Win7 SSD, whichever one I happen to...
General Discussion
if UEFI mode on Bios, Cannot boot from CD... :(
I just bought sony vaio S Series, with original Win 7 home basic 64 bit. But, many of my device such as printers, network wifi and etc not support for win 7 64 bit. Now, I want to install win 7 32-bit on my laptop. But, My CD Win 7 bootable won't boot at my laptop. After i check bios, i found...
Installation & Setup


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 16:33.
Twitter Facebook Google+