Secure Boot and UEFI boot are two technologies that go hand in hand to enhance the security and capabilities of a modern PC system.
Secure Boot uses a signature to ensure that the operating system loader is trusted. In other words, if the operating system loader is damaged by a malicious attack, such as by a virus or malware, the system can detect this and prevent the system from booting. This gives the system administrator awareness of a problem; the system can be cleaned and then restored to normal service, protecting the users data.
UEFI boot is an alternative to the legacy method of booting an operating system, known as the "BIOS". The way the system firmware interacts with the operating system is different and more flexible. For example, bootable devices greater than 2TB in size are supported. However, the operating system has to be UEFI aware - for example, Windows XP cannot boot if UEFI is enabled in the BIOS - and the disk needs to be partitioned using a newer method known as GPT, as opposed to the older MBR (master boot record) method.
Additionally, you will usually need to reinstall or redeploy a system if you change to UEFI mode after original installation. If you are using Windows images, you may need to build a new image.
Generally, most 7 or 8 series chipset based systems have BIOSes that have been developed with UEFI support and secure boot support in mind.
Some 6 series based systems have a mixture of capabilities:
Older systems, such as those based on the 4 or 5 series chipsets do not generally have UEFI or secure boot capabilities.
Windows 8 / Windows 8.1
Generally secure boot should be ENABLED. For secure boot to operate, UEFI boot must also be enabled.
Secure boot is not supported by Windows 7. UEFI boot is supported but many IT departments prefer to leave UEFI boot disabled to preserve compatibility with operating system images.
Windows 7 and Windows 8 Dual boot
As secure boot is not supported by Windows 7, this will need to be disabled. Leave UEFI boot disabled if you prefer to maintain compatibility with non-UEFI software images.
Windows Vista does not support Secure boot or UEFI boot. These need to be disabled for Windows Vista.
In this situation, it is best to configure the BIOS to the recommended secure boot and UEFI settings depending on the operating system that is installed on the machine.
If you want to boot from a hard disk larger than 2TB, you need the following: