Solved If I cannot enable Secure Boot, then why use UEFI instead of BIOS?

Stardance

New member
Local time
1:43 AM
Messages
2
For what it may be worth, I have decided to do a "clean install" that overwrites the existing Windows 7 Pro SP1 (fully updated) installation on my computer system, after (a) installing a new and different ASUS 970 Pro Gaming/Aura motherboard which supports UEFI, and (b) installing a new AMD Phenom II X4 960T 3.0/3.4 GHz CPU instead of continuing to run the 6 y.o. CPU currently installed.

My primary reason for re-installing Windows 7 is to use the motherboard's UEFI feature instead of BIOS. I have assumed that, by using UEFI, I can configure the system for Secure Boot. However, according to all that I have read about using UEFI with Windows 7 on this website, I must disable Secure Boot because the OS is Windows 7. Three pages of instructions concern the subject:

How to Do a Clean Installation with Windows 7
https://www.sevenforums.com/tutorials/1649-clean-install-windows-7-a.html?filter[2]=General Tips

This tutorial begins describing the installation process with:
warnsmall.png
Warning
If you want to install Windows 7 using UEFI instead of BIOS, then see this below first.

How to Install Windows 7 Using "Unified Extensible Firmware Interface" (UEFI)
https://www.sevenforums.com/tutoria...e-firmware-interface-install-windows-7-a.html
The introduction for the referenced instructions (above) ends with the following:
warnsmall.png
Warning

  • Disabling UEFI will make the system unbootable as there is no MBR on the disks.
  • You CANNOT make a sector-by-sector copy of GPT disks. The Disk and Partition GUIDs will no longer be unique. This must never happen. You can make a sector-by-sector copy of the contents of ESP or basic data partitions.
  • Disable secure boot before installing Windows 7.
_______________

Note: the second line above mystifies me. If making a sector-by-sector copy of the "GPT disk" on which Windows 7 is installed "must never happen", then what software can I run to make a backup-copy of the Windows 7 installation on that drive? Be aware that the Windows 7 partition will include all software installed that requires access to the Windows Registry.

Nonetheless, it is the third line which gives me pause. The instructions which follow the above warning never mention whether Secure Boot can be re-enabled after Windows 7 is installed.
But keep reading, the hyperlink in the last line above is for the page:

How to Enable or Disable Secure Boot in UEFI
https://www.eightforums.com/tutorials/17058-secure-boot-enable-disable-uefi.html

The introduction on the above page ends with the following:
warnsmall.png
Warning
Arm based Windows RT PCs and devices will have a locked boot loader, so you will not be able to disabled secure boot on them.

If you have a Windows 8.1 device that has the device encryption feature turned on and disable secure boot, then you may not be able to access the data on the disk until you enable secure boot again.

Do not enable secure boot with Windows 7, Vista, or XP installed. If you do, these OSs will not boot until secure boot is disabled.
_______________
So, if I cannot enable Secure Boot, then what benefit would there be to install Windows 7 with UEFI instead of BIOS?


For your information:

The motherboard manual BIOS Information - Boot Menu section does not disclose any limitation as to the version of Windows. It presents two options from which I can select one, to quote:

Secure Boot
This item allows you to configure the Windows Secure Boot settings and manage its keys to protect the system from unauthorized access and malwares during POST.
OS Type [Windows UEFI Mode] /* the choice in the brackets signifies the default */

[Windows UEFI Mode]
This item allows you to select your installed operating system. Execute the Microsoft Secure Boot check. Only select this option when booting on Windows UEFI mode or other Microsoft Secure Boot compliant OS.
[Other OS]
Get the optimized function when booting on Windows non-UEFI mode. Microsoft Secure Boot only supports Windows UEFI mode.
_______________

Note: If I do not choose to use UEFI, then I expect to simply prepare Windows 7 for the motherboard change with the SYSPREP method described by another tutorial of this forum. If I recall correctly, its instructions mention that, if the motherboard supports Secure Boot, then I must disable it in the BIOS before booting Windows 7. So I have anticipated selecting the [Other OS] option above before booting Windows (after it has been "prepped") from the drive on which it is currently installed.

Thank you for your time and attention to this inquiry. I am looking forward to your answer and any additional advice you might offer.
 

My Computer My Computer

At a glance

64-bit Windows 7 Professional SP1AMD Phenom II X4 960T16 GB Kingston Hyper-Fury 4 x 4 GB HX313C9FBK2/8PNY XLR8 GeForce GTX 460 PCIe 2.0
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Do-It-Yourself
OS
64-bit Windows 7 Professional SP1
CPU
AMD Phenom II X4 960T
Motherboard
ASUS 970 Pro Gaming/Aura
Memory
16 GB Kingston Hyper-Fury 4 x 4 GB HX313C9FBK2/8
Graphics Card(s)
PNY XLR8 GeForce GTX 460 PCIe 2.0
Monitor(s) Displays
Samsung Series 4 LED TV 24"
Screen Resolution
1366 x 768 60Hz
Hard Drives
PNY CS1311 SSD 240 GB SATA III 6 Gb/s
WD Blue SSD WDS250G1B0A-00H9H0 250 GB SATA III 6 Gb/s
Western Digital Blue WD10EZRZ-00HTXB0 SATA /64 MB Cache 1TB
PSU
Thermaltake TR2-600NL2NC (600W ATX 12V 2.3)
Keyboard
Coolermaster Quick Fire TK (model SGK-4020-GKCM2-US)
Mouse
Logitech G502 Proteus Core (model M-U0042)
Internet Speed
Downstream 15 GB/s
Antivirus
Microsoft Security Essentials
Browser
Firefox 54.0.1 (32-bit)
Other Info
The motherboard & CPU are new as of 2017-11-23
Secure boot is a safety boot check that verify is the OS you're booting is digitally signed. It was introduced on win 8 and now it is on Win 8, 8.1 and 10. Linux also is compatible with safety boot.
Secure Boot Overview

Win 7 isn't compatible with secure boot. That doesn't mean that you cant use UEFI BIOS mode. Just disable secure boot and enable the other UEFI functions.
Boot the installation disk as UEFI mode, delete all partitions and create new. It will create 3 partitions on a GPT disk:
- 100M Fat32 UEFI
- 120M RAW MS reserved
- Large NTFS

The main differences between Legacy-MBR and UEFI-GPT
MBR disk has a partition size limit of 2.2T. On GPT the limit is sky high 16x 10^18 (16 exabytes).
On the GPT disk you don't have a MBR. UEFI BIOS takes the booting process to the 100M Fat32 UEFI partition where you can have more than one boot loader. That is very convenient if you have a multi boot system with the OS's on different partitions. My 128G SSD is GPT and has Win 7 64 and Lubuntu 64.
Some add on cards, like modern graphics, work better on a UEFI mode.

Only Win 7 64 can boot a GPT disk with a UEFI BIOS, but you can have a GPT disk on a Legacy or UEFI BIOS for data.

MBR vs. GPT Guide: What's The Difference and Which One Is Better
 

My Computers My Computers

  • At a glance

    Windows 7 HP 64i5 6600K - 800MHz to 4200MHz4+4G GSkill DDR4 3000IG - Intel 530
    Computer type
    PC/Desktop
    Computer Manufacturer/Model Number
    custom build
    OS
    Windows 7 HP 64
    CPU
    i5 6600K - 800MHz to 4200MHz
    Motherboard
    GA-Z170-HD3P
    Memory
    4+4G GSkill DDR4 3000
    Graphics Card(s)
    IG - Intel 530
    Monitor(s) Displays
    Samsung 226BW
    Screen Resolution
    1680x1050
    Hard Drives
    (1) -1 SM951 – 128GB M.2 AHCI PCIe SSD drive for Windows 7 and Lubuntu
    (2) -1 WD SATA 3 - 1T for Data
    (3) -1 WD SATA 3 - 1T for backup
    PSU
    Thermaltake 450W TR2 gold
    Keyboard
    Old and good Chicony mechanical keyboard
    Mouse
    Logitech mX performance - 9 buttons (had to disable some)
    Internet Speed
    500Mb/s
    Browser
    Firefox 64
    Other Info
    TinyWall firewall
  • At a glance

    Windows 7 Proi7-4500U 800MHz to 3.0GHz(4+4)G DDR3 1600IG intel 4400 + NVIDIA GeForce GT 745M
    Computer type
    Laptop
    System Manufacturer/Model Number
    Asus Q550LF
    OS
    Windows 7 Pro
    CPU
    i7-4500U 800MHz to 3.0GHz
    Motherboard
    Asus Q550LF
    Memory
    (4+4)G DDR3 1600
    Graphics Card(s)
    IG intel 4400 + NVIDIA GeForce GT 745M
    Sound Card
    Realtek
    Monitor(s) Displays
    LG Display LP156WF4-SPH1
    Screen Resolution
    1920 x 1080
    Hard Drives
    BX500 120G SSD for Windows and programs +
    1T HDD for data
    Internet Speed
    500 Mb/s
    Browser
    Firefox
    Other Info
    TinyWall firewall
....

Win 7 isn't compatible with secure boot. That doesn't mean that you cant use UEFI BIOS mode. Just disable secure boot and enable the other UEFI functions.
Boot the installation disk as UEFI mode, delete all partitions and create new. It will create 3 partitions on a GPT disk:
- 100M Fat32 UEFI
- 120M RAW MS reserved
- Large NTFS

....

Only Win 7 64 can boot a GPT disk with a UEFI BIOS, but you can have a GPT disk on a Legacy or UEFI BIOS for data.

MBR vs. GPT Guide: What's The Difference and Which One Is Better

Evidently, I must use the [Other OS] option to disable Secure Boot: https://www.asus.com/us/support/FAQ/1016356

Apparently, ASUS did not anticipate that anyone would run Windows 7 with their 970 Gaming Pro/Aura motherboard, insofar as Windows 8 (if not also 8.1) was the successor version at the time. So I have posted an inquiry to ASUS Support to clarify whether the ASUS motherboard UEFI will support Windows 7 installed on a GPT disk.

It seems to me that your last remark states that only 64-bit Windows 7 can boot from a GPT disk with a UEFI BIOS, i.e., 32-bit Windows 7 cannot do so. 64-bit Windows 7 Professional SP1 is installed on the existing 64-bit hardware and the new ASUS motherboard is also 64-bit. So 32-bit Windows 7 is not an issue. The boot disk is the only GPT disk which I expect to use, the other drives have NTFS partitions.

Which reminds me that I must check with Paragon Software as to whether Hard Disk Manager Suite 15 can create partition images for a GPT disk, i.e., ones which I use for backup.

Thank-you for your reply and the information you offered.
____________________

UPDATE: An ASUS online tech support has confirmed that the ASUS UEFI will boot 64-bit Windows 7 from a UEFI GPT disk drive after Secure Boot is disabled by using the [Other OS] configuration option.

Again, thank-you for all of the information and assistance that you have provided.
 
Last edited:

My Computer My Computer

At a glance

64-bit Windows 7 Professional SP1AMD Phenom II X4 960T16 GB Kingston Hyper-Fury 4 x 4 GB HX313C9FBK2/8PNY XLR8 GeForce GTX 460 PCIe 2.0
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Do-It-Yourself
OS
64-bit Windows 7 Professional SP1
CPU
AMD Phenom II X4 960T
Motherboard
ASUS 970 Pro Gaming/Aura
Memory
16 GB Kingston Hyper-Fury 4 x 4 GB HX313C9FBK2/8
Graphics Card(s)
PNY XLR8 GeForce GTX 460 PCIe 2.0
Monitor(s) Displays
Samsung Series 4 LED TV 24"
Screen Resolution
1366 x 768 60Hz
Hard Drives
PNY CS1311 SSD 240 GB SATA III 6 Gb/s
WD Blue SSD WDS250G1B0A-00H9H0 250 GB SATA III 6 Gb/s
Western Digital Blue WD10EZRZ-00HTXB0 SATA /64 MB Cache 1TB
PSU
Thermaltake TR2-600NL2NC (600W ATX 12V 2.3)
Keyboard
Coolermaster Quick Fire TK (model SGK-4020-GKCM2-US)
Mouse
Logitech G502 Proteus Core (model M-U0042)
Internet Speed
Downstream 15 GB/s
Antivirus
Microsoft Security Essentials
Browser
Firefox 54.0.1 (32-bit)
Other Info
The motherboard & CPU are new as of 2017-11-23
Back
Top