UEFI / Legacy ( Relevance Need)

vikki · December 20, 2016, 1:15pm

Dear Team,

How to find out Which boot method is enable UEFI / Legacy through analysis ( Relevance needed ).

strawgate · December 20, 2016, 3:41pm

Hi.

C3 Inventory contains an analysis for this: https://bigfix.me/analysis/details/2998369 (or on Github https://github.com/strawgate/C3-Inventory/blob/master/Analyses/UEFI%20-%20Windows.bes)

Bill

Entaille · December 20, 2016, 5:15pm

thanks, that’s helpful.

I forgot where I found this from, but someone else had shared pulling this status from setupact.log - I think I prefer that WMI method though, and secure boot is a helpful addition.

(following text of last ", " of it | it) of concatenations ", " of following texts of firsts "Detected boot environment: " of lines containing "Detected boot environment: " of files "setupact.log" of folders "Panther" of windows folders

I actually ran into my first batch of computers that are classic BIOS but GPT partition style. This was really puzzling, I’ve never seen a machine that wasn’t MBR if it was classic BIOS. I couldn’t figure out why our crappy encryption solution couldn’t install for a little bit (current version only supports BIOS/MBR).

strawgate · December 20, 2016, 5:19pm

Yeah, it’s definitely not perfect – The issue with this:

(following text of last ", " of it | it) of concatenations ", " of following texts of firsts "Detected boot environment: " of lines containing "Detected boot environment: " of files "setupact.log" of folders "Panther" of windows folders

Is that setupact.log can be HUGE on some systems. We were seeing it take upwards of an hour to scan on some machines.

vikki · December 21, 2016, 4:26am

Dear @strawgate

The following C3 Inventory analysis code shown the result like True / False like below

Q: exists Selects "* from Win32_DiskPartition Where Type = 'GPT: System'" of wmi
A: False

Q: if (value "UEFISecureBootEnabled" of keys "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecureBoot\State" of native registry = 1) then "Enabled" else "Disabled"
E: Singular expression refers to nonexistent object.

can you modify this one result look like below
Legacy = Enable
UEFI = Disable

Regards
Vicky

strawgate · December 21, 2016, 4:39am

Hi,

The specific property is called, “UEFI - Windows” so true/false makes more sense here. If it’s true the system is UEFI if it’s false the system is Legacy.

You can achieve what you’re looking for with a simple if then else statement…

if (exists Selects "* from Win32_DiskPartition Where Type = 'GPT: System'" of wmi) then ("whatever") else ("whateverelse")

cmbc · August 31, 2022, 5:44am

the simpliest way is to read environnement variables:

(it as lowercase = “legacy”) of value of variable “FIRMWARE_TYPE” of environment
(it as lowercase = “uefi”) of value of variable “FIRMWARE_TYPE” of environment

Because an EFI partition could exist without booting it in UEFI mode…