In this article, we’ll explain how to switch a Windows computer from BIOS (Legacy) boot mode to UEFI with Secure Boot without reinstalling the operating system or losing any data. Since systems in Legacy mode (including virtual machines) can only boot from disks with an MBR partition table, switching to UEFI boot mode requires the hard disk to be converted to GPT (GUID Partition Table) format.
Before you start converting Windows installed on a legacy BIOS device to UEFI mode, make sure that your environment meets the following requirements:
- UEFI boot mode is supported by the firmware on your computer’s motherboard. Legacy BIOS (compatibility) mode is currently enabled (check the BIOS/UEFI settings on the device and the motherboard specification)
- The computer is running an x64 version of Windows (at least Windows 10 1703 or Windows Server 2016)
- Dual-boot mode is not used.
- BitLocker encryption for the system partition is not enabled
- The system drive is formatted with the MBR partition table (the number of partitions is not more than three)
- There is enough free space on the hard disk to create an EFI system partition (default size is 100MB).
Open a PowerShell prompt and check that the computer is booting in BIOS (Legacy) mode:
$env:firmware_type
Use PowerShell to check the disk partition style. It should be an MBR with no more than 3 primary partitions:
Get-Disk
Get-Disk |Get-Partition
Starting with Windows 10 version 1703, Microsoft introduced the built-in mbr2gpt tool, which can convert a disk’s partition table from MBR to GPT without data loss.
First, check if the MBR partition table on a system drive can be safely converted to GPT:
mbr2gpt /validate /allowfullos
If the MBR to GPT conversion is possible, the tool will return:
MBR2GPT: Validation completed successfully
If an Disk layout validation failed for disk 0 error occurs:
- Make sure that your MBR drive has no more than 3 primary partitions
- There must be no extended, logical, or dynamic partitions
- There is at least 500MB of free disk space to create system partitions and to store the primary and backup GUID partition tables
Another possible error, ‘Cannot find OS partition(s) for disk 0‘ indicates that the BCD bootloader configuration is missing an entry for booting to the Windows Recovery Environment. Check this out:
reagentc /info
Windows RE status: Disabled
Once all the checks have been passed, start the online MBR to GPT conversion directly from running Windows:
MBR2GPT.EXE /convert /allowfullos
Confirm that the partition table has been successfully converted to GPT after the command has finished:
Get-Disk
Then you need to restart the computer, enter the BIOS/UEFI Settings menu, disable Legacy BIOS mode, and change to UEFI+Secure Boot mode.
On a physical computer, to enter the UEFI settings, press the F2, Delete, or F1 key during boot-up. The name and location of the option that enables Legacy BIOS boot mode may vary depending on the motherboard’s firmware and version. This firmware option may appear under various names, such as Compatibility Support Mode, Legacy Mode, CSM Boot, Legacy OS, etc. Change it to UEFI.
If this is a VMware virtual machine, go to the VM settings, change the boot options to EFI firmware mode, and enable the Secure Boot option.
Once you have successfully booted Windows, check that UEFI+ Secure Boot mode is being used:
Confirm-SecureBootUEFI
If Secure Boot mode is disabled, use the command to check that UEFI boot mode is used:
$env:firmware_type
