UEFI Boot Conversion Lab
UEFI Boot Conversion Lab - 6/17/2025
What originally started as an in-place upgrade to Windows 11, quickly turned into a troubleshooting session where I got to put the skills gained in my Chapter 5 reading to use, as well as go beyond the scope of my reading.
I decided that continuing to use Windows 10 would only set me back in my ability to properly learn. In my reading, I’ve already seen a few things about Windows 10 that were removed, or refactored in both Windows 10 and 11. Having an up-to-date environment is the best way for me to future proof my learning. So, I downloaded Microsoft’s PC Health Check app…and your device does not met the minimum requirements. TPM 2.0 and Secure Boot were not supported by my device. Troubleshooting time!
Step-by-Step Troubleshooting and Fixes
The first thing I did was research my motherboard. I knew already that my CPU supported TPM 2.0. I looked up the steps for enabling TPM and Secure Boot, and followed them in my BIOS Setup Utility.
Motherboard & BIOS Research
Disabled CSM
Enabled TTP (TPM)
Secure Boot was not listed in my BIOS Setup Utility
Reboot, BSoD, Reverted changes
BIOS Firmware Update
Secure Boot was available only after a firmware update. I created a FAT32-formatted USB and downloaded the update. Lessons I learned:
Firmware must exactly match your motherboard model (I almost bricked it with the Pro version)
Thankfully, my BIOS blocked the wrong file (both in the GUI utility and from the motherboards command-line)
I should’ve backed up the firmware (learned this from Chapter 5)
After flashing the correct BIOS:
Enabled TPM
Disabled CSM
Enabled Secure Boot
- Reboot, BSoD again: 0×000000da SYSTEM_PTE_MISUSE
MBR to GPT Conversion
The problem: Windows 10 was installed on an MBR disk, incompatible with Secure Boot
Verified MBR via Disk Management
Used
mbr2gpt:Ran mbr2gpt /validate /allowFullOS (to validate the disk) Ran mbr2gpt /convert /allowFullOS (to convert the partition)Successful conversion, but ReAgent.xml failed to update
Fixing ReAgent & Recovery Issues
- Assigned a letter to the hidden recovery partition using DiskPart:
diskpart
select volume X (in my case 5)
assign letter=Y (in my case I actually went with Y:)
- Pointed ReAgent to the recovery image:
reagentc /setreimage /path Y:\Recovery\WindowsRE (operation successful)
reagent /enable (Unable to update Boot Configuration Data)
At this point, I would have needed recovery media. Since the goal was to upgrade to Windows 11, I moved forward.
Windows 11 Installation
- Created a bootable USB (later found out this was unnecessary for in-place upgrades)
Re-entered BIOS:
Enabled TPM
Disabled CSM
Enabled Secure Boot
Booted into Windows 10
PC Health Check passed
Mounted the Windows 11 ISO and ran setup
Stalled at “Checking for updates: 46%”
Researched and restarted the Windows Update service
- Install resumed and completed
Post-Upgrade Cleanup
USB Wi-Fi adapter driver errors (no Windows 11 version)
Installed Windows 10 drivers manually (without MediaTek Network Utility)
Recovery partition still had a drive letter, removed it in Disk Management
Corrected shifted drive letters on external hard drive
Final Thoughts
There’s valid criticism about how quickly Windows 10 support is ending given the strict hardware requirements of Windows 11 (TPM 2.0, Secure Boot, UEFI). While I was able to research and troubleshoot my way through this, most non-technical users would likely have failed, potentially ending up with a system that wouldn’t even boot. This was unnecessarily complex and risky for general consumers. The whole process reinforced the growing gap between real-world IT skills and “normal user” knowledge.