Skip to main content
Start a Conversation

Unsolved

This post is more than 5 years old

P

pettittsa

1 Message

15770

November 23rd, 2016 06:00

Dell Command|Configure bootable devices with UEFI

Hello,


We will shortly be migrating to Windows 10.  The third-party company who are putting together the build on a new installation of SCCM have recommended that we switch to UEFI with Secure Boot switched on.  To this end I have been trying to come up with a series of CCTK tasks which set the options we need. This will be added to the task sequence.


Essentially, what we want to do is the following:

  • Regardless of the Dell model, update the BIOS to the latest version and, at the same time, reset all settings back to the factory defaults. This we can do already using standard switches for the BIOS update packages.
  • Using CCTK switch over to UEFI with Secure Boot and allow booting from USB and PXE.

The series of steps I have so far looks like this:-

  1. InstallHAPI
  2. cctk.exe bootorder --bootlisttype=uefi --sequence=hdd,usbdev,cdrom,embnic --enabledevice=hdd,usbdev,cdrom,embnic
  3. cctk.exe --legacyorom=disable
  4. cctk.exe --secureboot=enable
  5. cctk.exe --wakeonlan
  6. cctk.exe --wakeonlan=enable
  7. cctk.exe --uefinwstack=enable
  8. cctk.exe --embsataraid=ahci
  9. cctk.exe --forcepxeonnextboot=disable

However, although most of the settings work, after running these steps the only options available in the F12 boot menu are the Onboard NIC (IPv4) and Onboard NIC (IPv6).  The option to boot from USB is, for example missing.

In effect I want to, more-or-less, reproduce the items that appear in the "Legacy" boot menu in the UEFI equivalent.

Is this all possible?  What I am missing here?

Any assistance would be appreciated.

Regards,

Stephen.

 

ersatyle

1 Rookie

 • 

13 Posts

November 23rd, 2016 19:00

Hi, I'm currently doing the exact same thing.

just a thought, you know that your boot image must match the computer architecture?

is your boot media working on BIOS or legacy boot at all?

And if you configure the boot list manually is it working?

I'll try your steps tomorrow to see how it goes.

good luck

Chiners68

1 Message

September 11th, 2017 05:00

With secure boot enabled it will prevent you from booting to USB, Part of Secure boot. You will likely only be able to boot to USB if you format it with GPT not MBR which USB's get formatted as.

gary07

7 Posts

July 17th, 2018 13:00

I have a 7040 with secure boot enabled and it appears there is ZERO way to set it up so that it only boots from the internal hard drive. Any UEFI bootable drive I plugin become bootable when the user goes to / Settings / Update & Security / Recovery / Advanced Startup. 

What am I missing. UEFI - Secure Boot Mode enabled & Enabled - prompt for password for all except internal hard drive. & deselected every boot option except one I created for the internal drive. 

Nothing in the UEFI can stop this  / Settings / Update & Security / Recovery / Advanced Startup. 

It's like admins are no longer admins and nothing set in the UEFI means anything??? Maddening

What am I missing???

 

aggravating4fun

1 Message

May 25th, 2021 07:00

Set a password, then 

cctk.exe -UEfiBootPathSecurity=AlwaysExceptInternalHdd

View More

View All

No Events found!

Top