Doing a full UEFI mode install on Windows 8/8.1/10

[Master Disaster]

UEFI Explained

UEFI stands for Unified Extensive Firmware Interface, its an outright replacement for the old 16 bit BIOS interface hence why saying UEFI BIOS is incorrect. Without going into to much detail UEFI allows external hardware and software much more access to UEFI features like temperatures and other various sensors and much greater control over hardware by allowing UEFI applications which are built into UEFI compatible hardware to seamlessly plug into the UEFI (instead of the old BIOS OP ROM method). The best example of this would be IRST which when changed to RAID mode in a UEFI plugs in a new option into the existing UEFI menu allowing control over RAID arrays, this process can be used to allow any external hardware connected to the board to plug into the UEFI to allow hardware control. Basically no more Press CTRL+F To Enter RAID OP ROM.

UEFI Benefits

Doing a UEFI install of Windows allows to OS to access hardware sensor information from the motherboard at a low level providing more accurate information, its also possible to reboot straight into UEFI directly from Windows with no user intervention required. Finally UEFI offers some pretty cool features like Fast Boot and Secure Boot.

Fast Boot means if you do a soft reset from Windows, lets say for an update, the UEFI will skip the full POST cycle and instead just run a quick POST which allows Windows to begin booting much faster (UEFI install with no RAID and fast boot enabled will start booting Windows in around 1 second), a full POST cycle will only be run after a hard shutdown or hard reboot (IE you pressed the reset button on your case) but even then its still much quicker than without Fast Boot.

Secure Boot is a technology which secures the data kept in the drives bootloader so that it can't be changed, manipulated or exploited by any form of bootloader or malware. Secure Boot is an OEM certification requirement for all handheld and portable devices however for OEMs who sell desktops it is optional.

What you'll need

1) A computer with a UEFI, any Intel P67 or newer board has UEFI.
2) A GPU with a UEFI GOP capable BIOS.
3) A full, untouched ISO of either Win 8, 8.1 or 10, both X86 & X64 are compatible.

@GoodBytes has notified me that there may be a bug with Windows 7 when installing in UEFI mode from anything other than DVD which prevents the install from completing. I have encountered a bug in Windows 7 where it refused to see the HDD was converted to GPT and refused to install. At this time I'm saying UEFI mode doesn't work with Windows 7. I can confirm that for Windows 8, 8.1 and 10TP everything is fine.

As Windows in UEFI mode requires a HDD formatted in GPT its likely you'll need to do a fresh install from scratch, be prepared to start again however once you've set everything up for the first time it becomes much easier on every subsequent reinstall/upgrade you might do. MBR is old now and is slowly being replaced by GPT, once you've followed this guide and converted your drive to GPT there is no reason you'll ever need to go back again.

Its nice to have a board which has the Compatible With Windows 8 sticker on it, that way you can be sure everything will work as it should.

Before we begin

I;m assuming a certain level of user competence here, read through this guide and if you don't understand something then you should be questioning your own suitability to complete this task, nothing here is that advanced and I should not be needing to explain anything outside of the instructions. Remember its not my fault or the fault of LTT or LMG if you follow this guide and break something, this shit is really simple.

Its vital we know if your GPU supports UEFI GOP (UEFI Graphics Output Protocol), if it doesn't then its not possible to install Windows in full UEFI mode, you can do a partial UEFI install but its not really worth it, it doesn't bring any benefits over a normal legacy install.

If your GPU is Nvidia 700 series or higher or AMD R series then you should be fine, older cards can also support UEFI but may require a BIOS flash, if in doubt contact your card manufacturer via their support system and ask if your card supports UEFI GOP.

Please note most graphics cards will have a BIOS toggle switch built into them, on AMD cards particularly the card will have one legacy BIOS and one UEFI GOP BIOS so if you try these steps and it fails please try and toggle the switch, consult your cards manual for more information.

1) Enter UEFI
2) Locate UEFI Profiles and save a copy of your current profile to easily revert changes when we are done
3) Locate the settings and change them to the following (they may be named slightly differently)
3a) Full Screen Logo - On
3b Full Screen Logo Size - Automatic
3c) CSM or Compatibility Support Module - Off or Never
4) Press F10 or go to Save & Exit and click OK

Your system should now reboot and display a logo of your board manufacturer in the middle of the screen, you'll notice that without the logo changing to the usual Windows boot logo the spinning circles will appear below indicating that Windows is loading. If this happens then your good to go, its likely your system will BSOD during this boot so press reset, re enter UEFI and reload the profile you created earlier to restore your settings back (or leave them be if your gonna continue to follow this guide).

If you get a message saying something similar to

You GPU is not compatible and UEFI has re enabled the CSM to allow legacy ROM boot

then your GPU is not compatible. As i said earlier, if your card has a BIOS toggle now is the time to power off your system and toggle the switch then try again. If you card doesn't have a switch or you've tried both and neither work then all you can do is contact your card manufacturer and ask them if they have a UEFI GOP BIOS for your card. Do not continue on because this guide won't work for you, instead enter UEFI and re load the profile you made earlier to reset your settings back.

Setting up UEFI

Please note i am using a Gigabyte board so your options might be named slightly different but they'll be close enough for you to find them.

The following changes must be made to enable UEFI Installation of Windows

CSM or Compatibility Support Module - Off or Never
Secure Boot - On or Windows
Secure Boot Mode - Normal or Default (I think this option might be Gigabyte exclusive?)
Fast Boot - On or Normal (Ultra Fast mode means you'll only be able to enter UEFI from Windows)

These are optional and don't affect UEFI booting but I will list my recommended settings

Full Screen Logo - On (if off then default windows logo will show)
Full Screen Logo Size - Auto (Only if FSL is enabled otherwise does nothing)
USB Support - Partial (Only initialises ports with connected devices during POST)
PS/2 Support - Disabled (Unless you really want PS/2 support enabled, skips PS/2 init during POST)
Optional ROM Support - Force BIOS

Once these settings are changed press F10 or save and exit UEFI.

Installing Windows

Once everything is set up as above insert your Windows disc or USB device into your machine, reboot it then bring up the UEFI boot menu (F8 or F12 on most boards), this is a one time step to ensure UEFI is properly configured, once you know it works you can allow your machine to auto boot if you wish. What you should see is your boot menu containing only one boot option which will be listed as Windows Boot Manager (UEFI). If you see anything other than that one boot option something is not setup properly in UEFI as a proper UEFI setup can only boot from UEFI compatible devices and will not list any other options (so it won't list HDDs, RAID arrays, Optical Drives or USB devices which don't contain UEFI boot information).

Similarly if your device is not showing at all then its likely you've got a modified ISO which has had the UEFI information stripped out of it, most AIO type discs have this done as UEFI booting an AIO disc causes all sorts of issues. Try and get an original MSDN ISO, to make sure open the ISO, open the boot folder and check for the file call boot.efi, if its not there your disc won't work.

For the first install I strongly recommend that you unplug all your other HDDs and only leave your boot drive connected, this way your guaranteed that the boot information will be installed to the boot drive, this is vital for secure boot to function properly. Once you've been through this guide you can leave them in on any subsequent installs.

DO NOT TRY AND UPGRADE FROM INSIDE ANOTHER INSTALL, THAT JUST WONT WORK AND WILL LIKELY FUCK UP YOUR OLD INSTALL TOO.

1) Boot from the disc/usb device
2) Continue through setup as usual until you reach the partition screen
3) MAKE SURE YOU TOTALLY DELETE EVERY PARTITION ON YOUR BOOT DRIVE THEN PRESS INSTALL
3a) If setup continues then skip to step 4 otherwise carry on with these steps
3b If you get an error then do the following - press CTRL + F10
3c) type in "diskpart" and press enter
3d) type "list disk" and press enter
3e) find your boot disk in the list and get its ID number
3f) type "select disk idnumber" then press enter (example "select disk 1" or "select disk 5")
3g) type "clean" and press enter
3h) type "convert gpt" and press enter
3i) type "exit" then close the cmd window.
3j) Select your boot disc and click Install
4) Carry on through installation as usual

Assuming everything went OK then your now the proud owner of a PC with a fully fledged UEFI Mode install of Windows.

Congratulations

To confirm its worked in Windows Press WinKey+R and type in "diskmgmt.msc" then press enter

Look at your boot drive and you'll notice its split into 3 partitions, one called Recovery Partition, one called EFI System Partition and the last one called whatever your C drive is labelled as. These 2 hidden partitions are part of the GPT filesystem and are required for Windows to operate on a GPT drive.

So what about next time i format my system

Next time you need to reformat your system its as simple as it always was, as I said at the start of this guide most of this is a one time configuration deal, once its done it won't change back. Basically boot from your device, kill the partitions, reinstall Windows and your away. Windows will even detect GPT for any future upgrades you might undertake so once your system is running GPT everything really is as simple as ever.

Precautions

There are a few precautions you should be aware of

If your planning to dual boot Windows with Windows or Windows with Linux then keep Secure Boot disabled otherwise it will stop any bootloader changes made by any second OS which can be very problematic. Its not a big deal, you can even disable it on an OS which is already installed without to much trouble, you will get a watermark on the desktop telling you SB is disabled but nothing else.

Having your CSM disabled causes your board to run in full UEFI mode, this means it will ignore any legacy OP ROMs and boot devices which are not compatible. If you have any older hardware in your system which requires the use of an OP ROM (things like RAID or SCSI adapters with optional hardware control) then they will not work with the CSM disabled, also any boot devices which do not support the UEFI protocol will not show and will not be bootable, luckily most of the major boot tools (things like memtest86) now have UEFI compliant versions but be aware that older boot utilities or discs will not work with the CSM disabled.

Thanks for reading guys, hope this helps people out

[Speedbird]

Nice work! I should probably mention that Secure Boot wasn't developed by MS, it was created by the UEFI Forum, the same people who are behind UEFI itself.

[Master Disaster]

Nice work! I should probably mention that Secure Boot wasn't developed by MS, it was created by the UEFI Forum, the same people who are behind UEFI itself.

 

OK, my mistake, will make that change now. Thanks bud

[RedRound2]

Thanks you so much Master Disaster.

 

This is so far the first guide I found on the internet that actually made any sense. Now all I need is to somehow make my HD 7950 UEFI compatible....

[GoodBytes]

If I am not mistaken, I heard that there is a bug in Windows 7, where if you don't boot from the original disk (or downloaded ISO), you can't set it up on UEFI system. So no USB boot for Windows 7 when you do this. Windows 8 has this fixed. I am not sure if Win7 SP1 disk has it fixed.

With Windows 8, expect 6 to 8 sec from the "click" sound of your power button to your desktop full loaded boot times. Really impressive. If you want to see how fast that is in person. Go to a store, and shutdown a Surface Pro device, and turn it back on. Or do that on a high-end laptop or ultrabook (basically any system with a nice SSD and RAM).

Here is ASUS demoing this feature:

[Master Disaster]

If I am not mistaken, I heard that there is a bug in Windows 7, where if you don't boot from the original disk (or downloaded ISO), you can't set it up on UEFI system. So no USB boot for Windows 7 when you do this. Windows 8 has this fixed. I am not sure if Win7 SP1 disk has it fixed.

With Windows 8, expect 6 to 8 sec from the "click" sound of your power button to your desktop full loaded boot times. Really impressive. If you want to see how fast that is in person. Go to a store, and shutdown a Surface Pro device, and turn it back on. Or do that on a high-end laptop or ultrabook (basically any system with a nice SSD and RAM).

Here is ASUS demoing this feature:

 

With one proviso, if you have RAID enabled then boot time is hugely increased, i have no idea why it does it but on my system with a single SSD i can go from the click to desktop in about 5 seconds (one rotation of the circle), with both SSDs in RAID 0 it increase to around 10 seconds (or 2 1/2 rotations).

 

And the Windows 7 bug is one i have encountered myself but never realised the cause, thanks, will update the guide to include it

[Tam3n]

Nice guide.

 

Here's also JJ's video explanation from Asus:

[GoodBytes]

I am surprised that Linus never did a tutorial on this. I did once ask him ages ago, back when the forum was using the awful vbulletin, but got ignored. Maybe it got lost in between his many messages at the time. Anyway.

I just find it strange that he does this build guides (which are awesome, by the way), and not cover this important part. It's like "yay, you just spent 3000$ on his fancy computer, but that 400$ laptop boots faster." Anyway, it is not the end of the world, but would be nice to have it covered.

[RedRound2]

I am surprised that Linus never did a tutorial on this. I did once ask him ages ago, back when the forum was using the awful vbulletin, but got ignored. Maybe it got lost in between his many messages at the time. Anyway.

I just find it strange that he does this build guides (which are awesome, by the way), and not cover this important part. It's like "yay, you just spent 3000$ on his fancy computer, but that 400$ laptop boots faster." Anyway, it is not the end of the world.

 

Yeah, even I was surprised to find myself not knowing about any of this. Linus needs to spread the word

[mc141]

i tried this with a windows 7 oem 64bit disk dont work on my maximus vii formula

 

is it because of my 2tb raid 1 setup using the onboard intel chipset

also i dont have 3 keyboards atached just one

[Prolesious]

you could have 3.  mine shows two due to my Razor naga.  It appears as a keyboard and mouse to windows, and I'm sure bios counts it too.  (sorry, uefi) 

[GoodBytes]

you could have 3.  mine shows two due to my Razor naga.  It appears as a keyboard and mouse to windows, and I'm sure bios counts it too.  (sorry, uefi)

That would also explain the 2 mouses.

[Master Disaster]

i tried this with a windows 7 oem 64bit disk dont work on my maximus vii formula

is it because of my 2tb raid 1 setup using the onboard intel chipset

also i dont have 3 keyboards atached just one

20150201_192840.jpg

That would mean your GPU does not support UEFI GOP. Sorry bud.

Any functions native to your board are always gonna be compatible, that message means something external to the UEFI is not compatible.

As for kB & M, my board says I have 2 of each when I clearly don't, can't really say why.

[mc141]

That would mean your GPU does not support UEFI GOP. Sorry bud.

Any functions native to your board are always gonna be compatible, that message means something external to the UEFI is not compatible.

As for kB & M, my board says I have 2 of each when I clearly don't, can't really say why.

so a r9 290x isn't uefi compatable?????

[Master Disaster]

so a r9 290x isn't uefi compatable?????

 

On the card there will be a BIOS toggle switch, power down your system and toggle the switch. Most AMD cards have one legacy BIOS and one UEFI GOP BIOS, chances are you've got the wrong BIOS selected.

 

[mc141]

On the card there will be a BIOS toggle switch, power down your system and toggle the switch. Most AMD cards have one legacy BIOS and one UEFI GOP BIOS, chances are you've got the wrong BIOS selected.

 

 

I have an Asus 290x direct cu ii and it only has a performance/silent mode switch no bios switch

 

is it possible raid 1 mode is causing the issue??

 

on.my maximus vi formula I had uefi mode on the card now this board windows will only install in bios mode same video card

[Master Disaster]

I cant see it being your RAID if its a native function to the board but it cant hurt to disable it and see if the message goes away. I'm currently using IRST in RAID 0 on my Gigabyte with zero issues in UEFI. Did you set your raid array up in UEFI or did you use an OP ROM?

 

What else do you have plugged in to the board?

[mc141]

i tried my kids windows 8.1 64bit install dvd and works fine in full uefi mode with bios mode off but windows 7 will install in uefi mode with gpt partion with csm on but not off

 

im guessing windows 7 installer requires legacy mode i cant disable legacy mode after install either. im guessing is it possible windows 7 requires legacy mode for certain parts of windows 7 to function even though installed using uefi install??????

[Master Disaster]

i tried my kids windows 8.1 64bit install dvd and works fine in full uefi mode with bios mode off but windows 7 will install in uefi mode with gpt partion with csm on but not off

 

im guessing windows 7 installer requires legacy mode i cant disable legacy mode after install either. im guessing is it possible windows 7 requires legacy mode for certain parts of windows 7 to function even though installed using uefi install??????

TBH I'm thinking of removing 7 from the thread cause I'm pretty sure 7 doesn't work. Its a bug with the OS itself AFAIK.

[RedRound2]

snip

 

Would I be able to restore all my setting, programs, etc with System Image backup after converting it to GPT? Or should I actually start from scratch

[bcredeur97]

I never cared for this. Not using secure boot and using a legacy BIOS makes it a whole lot easier to setup a dual boot system. It also lets you boot from USB sticks easily when something goes terribly wrong.

 

the extra time you have to wait isnt that bad... and im never worried about someone coming insert a rogue USB flash drive into my destop at home.

 

BUT it is very elegant. I give it that.

[Master Disaster]

Nope, you'll need to convert to GPT first then create a new backup from scratch for future use.

You can't restore an MBR backup to a GPT drive.

[GoodBytes]

I never cared for this. Not using secure boot and using a legacy BIOS makes it a whole lot easier to setup a dual boot system. It also lets you boot from USB sticks easily when something goes terribly wrong.

 

the extra time you have to wait isnt that bad... and im never worried about someone coming insert a rogue USB flash drive into my destop at home.

 

BUT it is very elegant. I give it that.

It's more a virus within the OS that changes the boot process of Windows, to load itself first, to gain supervisor mode of the CPU, and then runs Windows. This makes the virus invisible to anti-virus and anti-malware programs, and can do what it wants when it wants, and you won't know about it, and won't show in Task Manager. So it can know that you started your web browser, know which website you go to, detect a password field, and start key logging you (as it has full memory access, as it is in supervisor mode at the CPU level), bypass Windows firewall, or any firewall software you have (again, as it is the real OS), and send all that. And can have a party, like format your HDD/SSD while using the system deleting many of your files if it wants. Pretty scary. The good news is such sophisticated virus is not common, and in fact rare. But with secure boot, you are protected against that, in the case you have incredible back luck, or becomes common.

It always used to be a big concern. That is why UEFI implement secure boot, which Microsoft was quick to support with Windows 8.

[jkraghify]

It's more a virus within the OS that changes the boot process of Windows, to load itself first, to gain supervisor mode of the CPU, and then runs Windows. This makes the virus invisible to anti-virus and anti-malware programs, and can do what it wants when it wants, and you won't know about it, and won't show in Task Manager. So it can know that you started your web browser, know which website you go to, detect a password field, and start key logging you (as it has full memory access, as it is in supervisor mode at the CPU level), bypass Windows firewall, or any firewall software you have (again, as it is the real OS), as IT is the real OS now, and send all that. And can have a party, like format your HDD/SSD while using the system deleting many of your files if it wants. Pretty scary. The good news is such sophisticated virus is not common, and in fact rare. But with secure boot, you are protected against that, in the case you have incredible back luck, or becomes common.

It always used to be a big concern. That is why UEFI implement secure boot, which Microsoft was quick to support with Windows 8.

 

TL;DR--Viruses are way ahead of antivirus today. You will get them, no matter what.

 

That's how viruses used to work back in the XP days. I interned with NSA two summers ago and worked on hacking into their computers (to see if there was a possible security breach).

 

All I can say is that it is A LOT easier than you might think to code a virus that hides from TM, obtains System privileges, becomes "System Critical" (if the virus is not running, Windows crashes) than you might think

 

Actually that internship made me realize how far behind our antivirus systems are. There are viruses I saw that summer that are still completely undetectable to modern antivirus. I got to write a virus that commandeered a (dummy) NSA server to mine bitcoin, just to prove a point, lol. (the code was maybe a page long too)

 

*Disclaimer* In the US, it is punishable by a fine exceeding $100,000 to write and/or distribute malware of any kind, unless you get a permit to research malware for antivirus development.

[bcredeur97]

It's more a virus within the OS that changes the boot process of Windows, to load itself first, to gain supervisor mode of the CPU, and then runs Windows. This makes the virus invisible to anti-virus and anti-malware programs, and can do what it wants when it wants, and you won't know about it, and won't show in Task Manager. So it can know that you started your web browser, know which website you go to, detect a password field, and start key logging you (as it has full memory access, as it is in supervisor mode at the CPU level), bypass Windows firewall, or any firewall software you have (again, as it is the real OS), as IT is the real OS now, and send all that. And can have a party, like format your HDD/SSD while using the system deleting many of your files if it wants. Pretty scary. The good news is such sophisticated virus is not common, and in fact rare. But with secure boot, you are protected against that, in the case you have incredible back luck, or becomes common.

It always used to be a big concern. That is why UEFI implement secure boot, which Microsoft was quick to support with Windows 8.

makes sense. i guess if i had data that was sensitive enough I would use it... but as of now I dont care for it