EFI Preboot Guidelines and Windows 8 UEFI Secure Boot for HP Business Notebooks and Desktops PPS Business Notebook and Desktop - Technical White Paper
Technical white paper | UEFI Secure Boot on HP business notebooks, desktops, and workstations
16
Boot order for desktops and workstations
On desktops and workstations, the Boot Order menu displays all of the available boot sources in a categorized hierarchy.
Each available boot source is presented (as shown below in Figure 11) for one of two primary categories: UEFI Boot Sources
or Legacy Boot Sources. Additionally, the Legacy Boot Sources category has a “Hard Drive” sub-category that lists the
connection point for each physically-attached, hard-drive-like device. The user may move an entry up or down within any
category or sub-category by positioning the cursor next to the desired entry, pressing the ENTER key to select it, using the
up and down arrows to reposition the selected entry, and pressing the ENTER key again to accept the new order. The user
may also disable any device or category heading in the boot order by using the up and down cursor keys to select the
desired entry and pressing the F5 key to change the entry’s state. When disabled, boot order entries are shown in grey, and
the text “ : Disabled” is appended to the entry’s descriptive string.
The content of the Boot Order menu can be affected by several other F10 settings.
Legacy Support is automatically disabled when Secure Boot is enabled.
When Legacy Support is disabled in the Secure Boot Configuration Menu, the Legacy Boot Sources category in the Boot
Order menu is automatically disabled. Similarly, the Legacy Boot Sources category is automatically enabled when Legacy
Support is changed from disabled to enabled.
The Option ROM Launch Policy menu allows the user to control whether only legacy option ROMs, only UEFI option ROMs, or
no option ROMs are to control video, mass storage, or network controllers that are detected in the system. The option ROM
launch policy for a given controller dictates whether its associated boot sources are shown in the Boot Order menu under
UEFI Boot Sources, Legacy Boot Sources, or neither category. Note that all “Legacy-only” option ROM launch policies are
automatically switched to “UEFI-only” when Legacy Support is disabled. Likewise, all “UEFI-only” option ROM launch policies
are automatically switched to “Legacy-only” when Legacy Support is enabled.
Figure 11. F10 Boot Order when Legacy Support is enabled and disabled (desktops and workstations)
F10 Boot Order when Secure Boot is disabled, Legacy
Support is enabled, and all option ROM launch policies
are “Legacy-only”. In this example, the SATA0 hard
drive legacy boot source has been disabled using the F5
key.
UEFI Boot Sources
USB Floppy/CD
USB Hard Drive
Windows Boot Manager
Legacy Boot Sources
USB Floppy/CD
Hard Drive
USB Hard Drive
►SATA0 : Disabled
SATA2
Network Controller
F10 Boot Order when Legacy Support is disabled and all
option ROM launch policies are “UEFI-only”. In this
example, all legacy boot sources have been disabled
because Legacy Support is disabled. Also, the IP4 and IP6
UEFI boot sources have replaced the Network Controller
legacy boot source because the PXE option ROM launch
policy has been forced to change from “Legacy-only” to
“UEFI-only”.
►UEFI Boot Sources
USB Floppy/CD
USB Hard Drive
Windows Boot Manager
IP4 Intel® Ethernet Connection I217-LM
IP6 Intel® Ethernet Connection I217-LM
Legacy Boot Sources: Disabled
Windows Vista, Windows 7, and some Linux systems don’t support UEFI Secure Boot. For these systems, enable Legacy
Support and disable Secure Boot. With Secure Boot disabled and Legacy Support enabled, note that both UEFI and legacy
boot sources are available for boot. This configuration allows for the most flexibility in booting from various devices, but at
the cost of not having Secure Boot.
The BIOS will base the boot sequence from the boot order list. If the first device on the boot order list is not bootable, then
BIOS will try the next device. The user can permanently change the boot order by changing the F10 Boot Order. For a one-
time boot order change, the user can use the Windows 8 interface to set Next Boot to a certain device. This will only be
effective at the next boot.