Blog: UEFI

A system was running GUID partition tables (GPT) in place of MBR and UEFI instead of BIOS. After a restor from backup, when trying to enable BitLocker, I got an error saying, “Element not found”. This vague error message did not provide any helpful results on Google, so I tried running BitLocker from the command line. Running the command “manage-bde –on C: -tpmandpin” gave me an error code (0x80070490) to go with the vague message. A Google search for the error code yielded this link to TechNet that says this is a known issue when moving hard drives between systems using the UEFI boot firmware and that running “bcdboot %systemdrive%\Windows” command will fix it. The command did not fix the problem, but it pointed me in the right direction. Some more searching led me to this link that talks about how to manually delete the “bootmgfw.efi” file in the UEFI boot partition. After deleting the file and then running the “bcdboot” command from the TechNet article, BitLocker encrypted the drive.


 

UEFI problems:  I have found that Bitlocker will not be able to use the enhanced PIN as specified in our GPO on the Thinkpad T420 when using UEFI.  The problem lies in the BIOS (yes, it is still called the BIOS, even though it is UFEI) and it requires an updated version so that the keyboard keys are represented properly (alpha characters) during the boot phase of the startup. My T420 had version 1.24 of the BIOS, and version 1.25 seems to fix this issue. Here is a snippet of the Release Notes for 1.25: [more]

CHANGES IN THIS RELEASE

  Version 1.25

[Important updates]

  Nothing.

[New functions or enhancements]

- Added support for the Password Beep function.

- Increased the number of configurable boot devices by BootOrder option of

  Windows WMI script.

[Problem fixes]

- Fixed an issue where the BitLocker function could not be enabled on Windows

  64-bit.

- Fixed an issue where PXE boot might fail.

- Fixed an issue where the fingerprint authentication associated with some

  password strings might fail.

- Fixed an issue where the Intel TXT feature might not be enabled when the

  Security Chip was activated and the Intel TXT feature was enabled at the same

  time by ThinkPad BIOS Settings Windows program.

- Fixed an issue where the Bluetooth wireless status indicator might be changed

  after running Windows WMI script.


 

The newer machines have a replacement for the traditional BIOS called UEFI. You can run the (GPT) GUID Partition Tables (replacement for MBR- Master Boot Record) independently of UEFI, but they are all a part of the same technology advancement to replace the MBR and BIOS technologies.  UEFI is required only if you have a disk larger than 2T.  UEFI provides a power-on shell similar to the BIOS power on shell but with more options.

An advantage of UEFI is boot times. My boot time on my laptop is consistently under 30 seconds from power on to logon. However, that's with out whole disk encryption setup.

Additional information can be found at : http://en.wikipedia.org/wiki/UEFI