EFI Preboot Guidelines and Windows 8 UEFI Secure Boot for HP Business Notebooks and Desktops PPS Business Notebook and Desktop - Technical White Paper
Technical white paper | UEFI Secure Boot on HP business notebooks, desktops, and workstations
14
BitLocker
Systems which support TPM and wired LAN networking must support the UEFI_DHCP4_protocol, the
UEFI_DHCP4_SERVICE_BINDING_PROTOCOL, the UEFI_DHCP6_protocol, and the
UEFI_DHCP6_SERVICE_BINDING_PROTOCOL for wired LAN as defined in UEFI 2.3.1.
At pre-boot, BitLocker must be able to discover its Network Unlock provider on a Windows Deployment Server (WDS) via
DHCP, and unlock the OS volume after retrieving information from WDS.
Boot order
In UEFI design, the Boot Order variable contains an array of UINT16’s that makes up an ordered list of the Boot
XXXX
variables (each defining one boot option). The first element in the array is the value for the first logical boot option, the
second element is the value for the second logical boot option, etc. The
Boot Order list is used by the firmware’s boot
manager as the default boot order. Both the OS and the BIOS can add/remove Boot numbers. This is different than the boot
options provided in the legacy F10 boot order menu.
Boot Order for notebooks
On notebooks, HP suggests that the user create two separate Boot Orders in the BIOS:
• The legacy Boot Order, as it exists when Legacy Support is enabled.
• A UEFI Boot Order list when Legacy Support is disabled.
For the UEFI F10 Static Boot Order, the BIOS assigns certain Boot numbers for the fixed devices in the system. For example,
Boot 0000 can be OS Boot Manager for a hard drive, Boot0001 can be PXE IPV4, and Boot0002 can be for a built-in DVD.
Certain HP-supported UEFI apps should also be listed, such as HP UEFI diagnostics. Windows 8 will add Boot numbers for
“Windows Boot Manager,” for the hard drive, and “Windows to go” for the USB disk.
When Legacy Support is disabled, the BIOS is in native UEFI mode and POST time is critical. If the generic USB device or USB
hard drive is not listed first in the Boot Order and the next boot is not set to “USB Hard Drive“ or “generic USB device” by the
OS, the BIOS will not enumerate USB. Thus any removable USB devices attached to the system will not be enumerated and
Boot Order will not show the detailed USB device information. The only entry will be the generic USB device, and there be no
external USB optical drive or external USB disk devices in the F10 Boot Order.
When no button is pressed during POST, the BIOS will pass this static Boot Order list to the OS. In turn, the OS will display it
in its Advanced Options.
Figure 9. F10 Boot Order when Legacy Support is enabled and disabled (notebooks)
F10 Boot Order when Legacy Support Is enabled. Both
UEFI and legacy Boot options are shown. Notebook
Ethernet IPV4 and IPV6 boot options are disabled by
default due to long delays.
[
✔
] Legacy Support
[ ] Secure Boot
Boot Options
[
✔
] Legacy PXE Internal NIC boot
[ ] UEFI PXE IPV4 NIC boot
[ ] UEFI PXE IPV6 NIC boot
UEFI Boot Order
OS Boot Manager
USB Hard Drive
Notebook Ethernet IPV4
Notebook Ethernet IPV6
Notebook Upgrade Bay
eSata Drive
SD Card
HP Hypervisor
Generic USB Device
Customized Boot
Delete Add
F10 Boot Order when Legacy Support is disabled. All
legacy boot order items are dynamically removed.
Notebook Ethernet IPV4 and IPV6 boot options are
enabled by default.
[ ] Legacy support
[
✔
] Secure Boot
Boot Options
[
✔
] UEFI PXE IPV4 NIC boot
[
✔
] UEFI PXE IPV6 NIC boot
[
✔
] USB
UEFI Boot Order
OS Boot Manager
USB Hard Drive
Notebook Ethernet IPV4
Notebook Ethernet IPV6
Notebook Upgrade Bay
eSata Drive
SD Card
HP Hypervisor
Generic USB Device
Customized Boot