I did my first test install of Window 8.1 Enterprise on a Dell T7600 Professional Workstation.   I installed in a legacy BIOS environment because Dell's UEFI implementation looks horrible:  buggy, missing features, loaded with misfeatures.   Nevertheless, I want to try out UEFI Secure Boot and see how that works.  

My questions:

1) Once I create a bootable OS partition under legacy BIOS, is there any way to migrate that to UEFI Secure Boot?  What is the procedure?   This would be if - for example - I had a backup of my boot partition I wanted to restore, or if I had already configured and installed applications that I didn't want to lose with a new UEFI install.  For example, could I do a new install using UEFI, then copy over an image of the original bootable OS to the UEFI partition?

2) Once I start booting under UEFI, how can I safely make image backups of that partition and restore them?

3) Once I start booting under UEFI, how can I migrate a UEFI Safe Boot partition to a new device?

Dell's UEFI implementation seems to have no support for these issues a

UEFI will require imaging programs that are GPT aware, especially for partition copying etc

Your machine came with Windows 7, so check with Dell to see if they are supporting Windows 8.1

UEFI requires a GPT boot disk?   Why is that?

Assuming I convert my MBR boot disk to GPT, all of my original questions still apply.

I do use partition utilities for image copying that support both conversion of MBR to GPT and also disk and partition level copying of GPT.

UEFI machines can use MBR partitioned and formatted disks fine. Its only needed when the disk is larger than 2TB.

As for partition copying, make sure the program is GPT aware if you have disks partitioned that way.

I'm not clear at this point why you introduced GPT into this discussion?   It's not related to any of the specific UEFI questions I started with.  What I am focused on is how do I get MBR boot partitions that were created in a legacy BIOS environment to work within a UEFI environment.   That cannot be as simple as just copying over some legacy boot partition.

My M5A99FX board is UEFI, my older 2010 rig does not.

No big deal as both rigs have 8.1 Pro on them, so they can read anything as a data disk

UEFI is mainly to boot the bigger 3TB to 6TB disks that are currently available, however Seagate may have some bigger disks later this year to counter price rot.

If you have a boot disk over 2TB then that is one case, but that does not describe very many people.

The reason to use UEFI for everyone else is to get the benefit of the Secure Boot feature, to make it nearly impossible for a bootkit trojan to take control of your computer.   That feature is not available with Windows 8.1 booted from a legacy BIOS.

So, back to my original questions, still not addressed....

Noel, you will appreciate my concern that when I call up Dell with these questions they act like I am the first person in the human race who ever asked them about UEFI.  Their techs don't understand it at all.   They put you on hold to go research documentation and find none.

The truth appears to be that Dell wanted to check off UEFI on the features list to get some certification, and they made no serious attempt to implement it.   They are leaving it to end users to go the rough road of finding the misfeatures in their implementation and develop workarounds.   

I won't commit to UEFI unless I have a proven, repeatable method for backing up the system partition and later restoring it to different hardware.   Otherwise the computer becomes a data prison.   It seems to me that Microsoft should be able to document some failsafe procedure for moving boot images into and out of the UEFI environment.

secure boot usually entails having one of those trusted platform chips along with the UEFI BIOS to provide the secure boot that is possible with Windows 8.1

My M5A99FX has a socket, so does my older M4A77D but I have not purchased one due to cost

Usually secure boot etc. are needed with spookshop types who think everyone is a double agent

NSA no such agency :)

My Dell T7600 has an option in BIOS to Enable TPM Security.  Should I assume it has the required chip already installed?  I cleared the existing configuration just in case there was some other key stored there.   

I still don't understand how to use this together with UEFI.   It just gets used transparently when installing Windows 8.1 to a computer when UEFI is enabled?  All pretty confusing for lack of clear documentation....

I have read that as many as 30% of all consumer computers are compromised now by trojans.  I think it is big business for the intruders, not at all the 1% lunatic fringe.

I have security options on my M5A99FX too, they are presented even without the TPM module.

I have not fiddled with it as its not documented in the manual properly.

I have read that as many as 30% of all consumer computers are compromised now by trojans.  I think it is big business for the intruders, not at all the 1% lunatic f

Might help to read a little bit more about the topic:

http://en.wikipedia.org/wiki/Unified_Extensible_Firmware_Interface
http://technet.microsoft.com/en-US/windows/dn168167.asp
http://technet.microsoft.com/en-us/library/hh824898.as

That matches my experience with friends' and relatives' computers as well as many corporations I have visited.  It's a cess pool out there.

UEFI Secure Boot makes complete sense to me as a way to virtually prohibit one class of trojan.  But if the cost of that is to make the computer unusable when the boot partition needs to be migrated, it will be creating one problem in order to solve another.

Lenovo has some uppity portables with UEFI

Asus M5A97 is a low end desktop motherboard with UEFI, much cheaper but get a Phenom CPU or FX so that it runs fast

RAM prices are still away from the price deflator

Not until 2015 when the next release of Windows is out, then machines will be shipping with a TPM 2.0 or better on them.

Vegan, are you saying Windows 8.1 doesn't support TPM in the hard

My Dell T7600 has an option in BIOS to Enable TPM Security.  Should I assume it has the required chip already installed?  I cleared the existing configuration just in case there was some other key stored there.   

I still don't understand how to use this together with UEFI.   It just gets used transparently when installing Windows 8.1 to a computer when UEFI is enabled?  All pretty confusing for lack of clear documentation....

I have read that as many as 30% of all consumer computers are compromised now by trojans.  I think it is big business for the intruders, not at all the 1% lunatic f

Not until 2015 when the next release of Windows is out, then machines will be shipping with a TPM 2.0 or better on them.

Vegan, are you saying Windows 8.1 doesn't support TPM in the hardware

I have seen lots of users of Bitlocker with files that they cannot recover

Best is to use a swarm of servers with AD for that

Could a possibility be that UEFI may be needed to support GPT partitioning to allow a greater than 2 TB boot volume?  I don't know this for sure, as I have never actually tried to make a greater than 2 TB boot volume, but I've heard those acronyms used together in descriptions of how to do it.

to boot a disk > 2TB you need a UEFI capable motherboard and Windows 7 x64 or better.

Yes, a BIOS/MBR installation can be converted to UEFI/GPT. There is a guide to converting posted on the TechNet Wiki.

Windows System Image Backup is fully capable of backing up and restoring on UEFI, but bear in mind that images cannot be restored across firmware platforms.

To deploy a UEFI enabled Windows image to multiple systems, you should look into the Microsoft Deployment Toolkit (MDT) detailed in the Windows 8.1 Deployment Jump Start.

To restore on another system, no additional steps are required. Secure Boot runs in the firmware itself and checks the operating system and hardware against a trusted list. It does not lock an operating system to a specific computer. You will be able to restore to a system without Secure Boot or with.

Lastly, UEFI is a requirement to boot a GPT boot disk, and GPT is required to partition disks over 2TB in size. UEFI also brings many new enhancements detailed here.

Brandon
Windows Outreach Team- IT Pro
The Springboard Series on TechNet

• Edited by Brandon RecordsModerator 19 hours 31 minutes ago Corrected Spacing

I suggest that everyone read my page on disk limits

Brandon when you say "...bear in mind that images cannot be restored across firmware platforms" do you mean that once you move a UEFI boot to a new computer, and it is booting without using Secure Boot, that there is no way to then get UEFI working on that boot configuration?

Maybe you could elaborate your point there.

Brandon when you say "...bear in mind that images cannot be restored across firmware platforms" do you mean that once you move a UEFI boot to a new computer, and it is booting without using Secure Boot, that there is no way to then get UEFI working on that boot configuration?

Maybe you could elaborate your point