UEFI and Secure Boot

Summary: Windows 8 introduces a new requirement for personal computer manufacturers (OEMs) that may require modifications to your OS deployment infrastructure.

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Symptoms

Windows 8 introduces a new requirement for personal computer manufacturers (OEMs) that may require modifications to your OS deployment infrastructure. That requirement ensures that all Windows 8 systems are shipped with their BIOS in UEFI Mode and Secure Boot enabled. 
 

Note: For a background on UEFI, read this whitepaper-UEFI on Dell BizClient Platforms.
 
Note: For specific information about deploying UEFI systems with Configuration Manager 2012 SP1, read the "Imaging the Latitude 10 with Windows 8 using Configuration Manager 2012".


This is a good thing, as UEFI mode removes hardware limitations that were present with Legacy Mode and adds greater functionality, while Secure Boot ensures that the boot loader is verified and not impacted by malware or rootkits. 

Most customers are using Legacy mode on their client systems even if UEFI mode is available so here are some steps to prepare for UEFI and Secure Boot enabled Windows 8 systems.

1. Evaluate- The following areas of your infrastructure could be impacted by UEFI/Secure boot-enabled Windows 8 systems. Review your current environment and evaluate whether UEFI/Secure boot-enabled systems require a change to your:

  • BIOS configuration
    • CCTK and OMCI can configure both UEFI and Legacy modes, but you should test against a UEFI/Secure Boot enabled system to validate your current BIOS configuration.
  • HDD configuration
    • UEFI Mode requires GPT partitions which are different from Legacy Mode/MBR partitions.
  • Security tools
    • Review your HDD encryption and other security tools for compatibility
  • OS Deployment Tools
    • KACE, MDT, and ConfigMgr supports Windows 8 but may require you to install the latest version (ConfigMgr 2012 SP1 for example) to be able to deploy Windows 8 on a UEFI/Secure Boot enabled system.
  • Boot methods
    • WinPE 4.0 (available in the ADK) is required to deploy to UEFI enabled systems. The latest Mass Storage controller drivers may be required.
    • UEFI PXE is also required and is different from Legacy PXE.

2. Plan - After identifying areas of your infrastructure that require changes to support UEFI/Secure Boot enabled systems, create a plan to make those modification and identify steps to continue using your current environment until those modifications are made.

3. Test and Implement - Test the required modifications in your lab environment to ensure that they meet your requirements before deploying into production. Once your infrastructure is ready to deploy Windows 8 on UEFI/Secure Boot enabled systems, then you are ready to take delivery of OEM delivered Windows 8 systems.

 

Note: Bookmark this page as it is being updated with additional information as it becomes available.

Cause

See above

Resolution

See above
Article Properties
Article Number: 000146404
Article Type: Solution
Last Modified: 20 Feb 2026
Version:  4
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.