One of the many restrictions of the Windows 10 inplace-upgrade process is that it doesn’t support changing BIOS to EUFI (see my Windows 10 Upgrade Limitations post for complete listing). So, do you really need UEFI to deploy Windows 10? The answer is no, Windows 10 can absolutely be deployed to BIOS-based machines, but some of it’s features does require UEFI. Here is the (current)list:
Note: If you have a BIOS-Based machine, and want to "convert" it to UEFI-based (assuming the hardware supports it), the currently most practical way is to have a task sequence use the MBR2GPT.exe tool together with BIOS configuration tools from the vendor. Then either deploy this task sequence after the upgrade/servicing, or as part of the upgrade/servicing process.
List of Windows 10 features that requires UEFI:
- Secure Boot. Protects the Windows 10 pre-startup process against bootkit/rootkit attacks. Basically making sure no malicious operating system can start before Windows.
- Early Launch Anti-malware (ELAM) driver. Loaded by Secure boot, this driver starts before other non-Microsoft drivers to evaluate them.
- Windows Trusted Boot. Protects the kernel and privileged drivers during early launch. Note: The MS15-111 security update released on October 13, 2015 fixes a security issue with this feature.
- Measured Boot. Measures components all the way from firmware up through the boot start drivers, and then stores those measurements in the TPM chip on the machine. this info, stored in a log, can be tested remotely to verify the boot state of the client.
- Device Guard. Uses CPU virtualization and TPM support to support Device Guard with AppLocker, and Device Guard with Credential Guard.
- Credential Guard. Belongs with Device Guard, also uses CPU virtualization and TPM support, but to protect security info like NTLM hashes etc.
- BitLocker Network Unlock. Automatic unlocks Windows 10 at reboot when connected to a wired corporate network.
- GUID Partition Table (GPT) disk partitioning. Enables larger boot disks.
- Additional speed. In general, UEFI-based/enabled machines have faster boot/shutdown/hibernate/resume compared with BIOS-based machines.
Just an update, since 1703 there is a tiny tool that can be used to convert partition from MBR to GPT in order to be able to boot in UEFI Mode instead of Legacy BIOS.
From a PE or on LiveOS mode you can use MBR2GPT.exe. In a bitlocked scenario on LiveOS you will need to suspend Bitlocker. And in order to resume Bitlocker after first UEFI boot you'll need first to delete/rename \Windows\Sytem32\Recovery\ReAgent.xml file
Thanks, I have updated the post to reflect that. MBR2GPT wasn't available when I wrote the post in 2015 🙂