HP Mini 8300 tower SATA2, Figure, Hard Drive, USB Floppy/CD, USB Floppy/CD, USB Floppy/CD, USB Hard Drive, USB Hard Drive, USB Hard Drive, UEFI Boot Sources, ►SATA0 : Disabled

Technical white paper UEFI Secure Boot on HP business notebooks, desktops, and workstations

On desktops and workstations, the Boot Order menu displays all of the available boot sources in a categorized hierarchy. Each available boot source is presented (as shown below in Figure 11) for one of two primary categories: UEFI Boot Sources or Legacy Boot Sources. Additionally, the Legacy Boot Sources category has a “Hard Drive” sub-category that lists the connection point for each physically-attached, hard-drive-like device. The user may move an entry up or down within any category or sub-category by positioning the cursor next to the desired entry, pressing the ENTER key to select it, using the up and down arrows to reposition the selected entry, and pressing the ENTER key again to accept the new order. The user may also disable any device or category heading in the boot order by using the up and down cursor keys to select the desired entry and pressing the F5 key to change the entry’s state. When disabled, boot order entries are shown in grey, and the text “ : Disabled” is appended to the entry’s descriptive string.

The content of the Boot Order menu can be affected by several other F10 settings.

When Legacy Support is disabled in the Secure Boot Configuration Menu, the Legacy Boot Sources category in the Boot Order menu is automatically disabled. Similarly, the Legacy Boot Sources category is automatically enabled when Legacy Support is changed from disabled to enabled.

The Option ROM Launch Policy menu allows the user to control whether only legacy option ROMs, only UEFI option ROMs, or no option ROMs are to control video, mass storage, or network controllers that are detected in the system. The option ROM launch policy for a given controller dictates whether its associated boot sources are shown in the Boot Order menu under UEFI Boot Sources, Legacy Boot Sources, or neither category. Note that all “Legacy-only” option ROM launch policies are automatically switched to “UEFI-only” when Legacy Support is disabled. Likewise, all “UEFI-only” option ROM launch policies are automatically switched to “Legacy-only” when Legacy Support is enabled.

Figure 11. F10 Boot Order when Legacy Support is enabled and disabled (desktops and workstations)

Windows Vista, Windows 7, and some Linux systems don’t support UEFI Secure Boot. For these systems, enable Legacy Support and disable Secure Boot. With Secure Boot disabled and Legacy Support enabled, note that both UEFI and legacy boot sources are available for boot. This configuration allows for the most flexibility in booting from various devices, but at the cost of not having Secure Boot.

The BIOS will base the boot sequence from the boot order list. If the first device on the boot order list is not bootable, then BIOS will try the next device. The user can permanently change the boot order by changing the F10 Boot Order. For a onetime boot order change, the user can use the Windows 8 interface to set Next Boot to a certain device. This will only be effective at the next boot.

16