With the release of SCCM Current branch 1610, one of the interesting new feature is the ability to do a BIOS to UEFI conversion in a task sequence. This would also allow to use Secure Boot with Windows 10 for strengthen security.
In this blog, we’ll explain how to convert BIOS to UEFI with a task sequence on HP computers. This solution can also be applied for Dell and Lenovo computers.
SCCM BIOS UEFI Conversion Prerequisites
Before starting, you need 3 things :
- SCCM Current Branch 1610 or higher
- The computer manufacturer must provide a tool for BIOS configuration
- Package for Bios Configuration Utility and configuration file must be created (procedure included in this post)
Create BIOS and UEFI Configuration File
First, we need to create a configuration file that will be used in our task sequence. A configuration file, is basically a text file that will be used to change an option in the BIOS of the targeted computer. We’ll use an HP computer for our example.
You don’t have to create multiple files for each models, the same BIOS configuration file should apply to all HP models. The only settings included in the BIOS configuration file will be those required to change to UEFI. If needed, additional or model specific BIOS configuration could be apply at a later time in the task sequence.
Here’s an example of a configuration file that will :
- Disable legacy boot option (BIOS)
- Enable UEFI boot options
- Enable Secure Boot
Legacy Boot Options
Legacy Boot Order
<no legacy boot options available>
UEFI Boot Options
UEFI Boot Order
Configure Legacy Support and Secure Boot
Legacy Support Enable and Secure Boot Disable
*Legacy Support Disable and Secure Boot Enable
Legacy Support Disable and Secure Boot Disable
Clear Secure Boot keys
Reset Secure Boot keys to factory defaults
Enable MS UEFI CA key
Package Creation of BIOS Configuration Utility and Configuration
We will now create a standard program that contain all the source file. The content directory must contain the BIOS configuration utility, the configuration file and the password file.
- No program is needed, as we will use Run Command Line in the task sequence
SCCM BIOS to UEFI Conversion in Task Sequence
We will now create or edit an exiting task sequence to include the step to convert the BIOS to UEFI.
- Add a new group before the Install Operating System section
- In the Option tab, set the condition for task sequence variable _SMSTSBootUEFI not equals true. This variable is needed to check if UEFI is already enabled on the group
- You could also add another condition for computer manufacturer or model if you have older PC that don’t support UEFI
- Add a Restart Computer task, in the Option tab, set the validation for task sequence variable _SMSTSInWinPE equals False
[su_box title=”Bitlocker consideration” style=”glass” box_color=”#000000″ title_color=”#F0F0F0″]
If the drive, before starting the task sequence, as BitLocker enabled, adding a standard Partition Disk for BIOS is required.
The Partition Disk 0 – BIOS can be copied before the Convert BIOS to UEFI.
This is needed because when BitLocker is enabled, the disk cannot be accessed in WinPE. Therefore the Convert BIOS to UEFI task will fail execute the script from _SMSTaskSequence local path.[/su_box]
- Add a Run Command Line to run the HP BIOS config Utility
- Command Line : BiosConfigUtility64.exe /setconfig:UEFI.txt /cspwdfile:current.bin
- Package : Bios configuration utility with configuration files (Created in previous step)
- This must be a Run Command Line and not a program. Program are not allowed to run under WinPE
- Add a Format and Partition Disk task and configure as following :
- Disk type : GPT
- First partition :
- Fat32 and Quick format
- Variable : TSUEFIDrive
- First partition :
- Second Partition default 100% of remaining space
- Add a Restart computer task. Make sure to select The boot image assigned to this task sequence
- After the restart, the BIOS will be configured with UEFI and Secure boot Only. It will partition and format the disk.
That’s it, you can now do the same tasks for your other manufacturer. Leave your comments and experience in the comment section bellow.
Contributor of System Center Dudes. Based in Montreal, Canada, Senior Microsoft SCCM consultant, working in the industry for more than 10 years. He developed a strong knowledge of SCCM and MDT to build automated OS deployment solution for clients, managed large and complexe environment, including Point of Sale (POS) related projects.