With the release of ConfigMgr 1610 came the ability to transition from MBR (legacy) to UEFI in a single task sequence. This is an awesome feature and it is outlined nicely here. And, it works great. 🙂
Let’s dig into each of these steps:
BIOS to UEFI (group)
This group has conditional logic to ensure that the device is not already in UEFI mode. It evaluates the _SMSTSBootUEFI variable. If this is true the device is already in UEFI, no conversion is needed and this group is skipped.
Restart to PE
This conversion can only happen in windows PE because it has to change the partition type on the disk and format it. All data on the disk is lost at this point. If you are doing this during an in place upgrade be sure you have the data secured first via USMT or some other method. Also of note, once you are in windows PE you can no longer use applications or packages and programs, you must use “Run Command Line” task sequence steps.
OEM Conversion Tool
This is purposely vague in the Microsoft documentation because it is very vendor specific. This step you have to convert the device from BIOS to UEFI. Before 1610 this wasn’t possible in a single run of a task sequence. Here is also a good place to configure or verify any other firmware configurations you want in your environment. Password, SATA Operation, WOL, PXE, etc.
Each vendor has their own set of tools and documentation you can use to accomplish this. Dell and HP have their own executables. Lenovo you can modify directly via WMI. Each major vendor (Dell, HP and Lenovo) has good documentation and there are literally hundreds of blog posts on how to use the tools.
This part of the task sequence may be one step (as shown in the graphic above) or this could be many steps. The process is the most important part. The number of steps is irrelevant. You just need to convert from BIOS (legacy) to UEFI. This means disabling legacy boot, disabling legacy roms (if enabled) and enabling secure boot.
Command | Monitor, specifically cctk.exe. Be sure you are using the 64 bit version of the executable in 64 bit Windows PE. WinPE is very unforgiving about architecture types.
Example conversion script –
BiosConfigUtility64.exe – downloaded the latest package here, be sure to use the 64 bit exes. If you have a bios password set (you should) then you will also need HPQpswd64.exe to create and use password (.bin) files.
Each HP model may have different settings per model, but in general your command line will look like this –
BiosConfigUtility64.exe /setconfig:”EnableUEFI.txt” /cpwdfile:”password.bin”
With Lenovo, all BIOS / Firmware configuration can be done directly from WMI. Lenovo has also provided a bunch of really nice vbs wrapper scripts to help configure your Firmware / BIOS.
I haven’t tried scripting UEFI and SecureBoot conversion with Lenovo. There are issues with this especially if you want to set a BIOS password. Generally I find it easier to do it manually in the BIOS since you are forced to go in there and set the initial password since Lenovo won’t let you do this via script. I am sure setting this device to UEFI with SecureBoot is possible and is probably referenced in the user guide above.
I select the “OS Optimized Defaults” and move on. This sets the device to UEFI and enables SecureBoot.
Format and Partition Disk
Up until this point we haven’t done anything new and exciting and the new exciting stuff that happens in this step is oh so subtle. Once you convert from Legacy to UEFI, the partition tables required to boot the device change. A GPT formatted disk is required once you switch to UEFI. Before ConfigMgr 1610 there was no supported way to handle a reboot after changing the partition table, the boot image would stage as it it was still in Legacy mode causing the next reboot fail.
Enter the TSUEFIDrive variable. If this gets assigned to a partition, this is now where the boot image will stage itself before a reboot. After making the conversion in the OEM Conversion Tools step(s), you format the drive with a GPT partition table and assign the first FAT32 partition the TSUEFIDrive variable.
(screen shots stolen from MSFT)
Reboot To Windows PE
Nothing special here, just a simple reboot. However since we assigned that TSUEFIDrive variable, the boot image will now stage in a way that is usable by the device and the task sequence can continue forward.
That is all there is to it for a fairly straight forward conversion process. The hardest part is figuring out the vendor tools that actually modify the BIOS and convert it to UEFI. Once you get that hammered out, the rest is easy.