为LD的thinkpad e450更换了SSD 500GB,之后重装windows 10 home。利用微软的Media Creation Tool灌了一支安装U盘,不过一开始怎么都没法找到这个U盘。
上网查了之后得知这是由于BIOS里设定了Secure Boot和UEFI mode only,于是禁用,遂成功找到U盘,并顺利安装了系统。
不过发现Legacy Mode下启动的速度还是较慢,于是想要恢复到UEFI和Secure Boot,没料到这么一改居然又进不了系统了!!!
继续学习,较老的帖子是为了从Win8降级到Win7,他们本来就不要用UEFI。而有的帖子建议用PE重建启动分区,感觉还是很麻烦。
好在,最后[这个帖子的回答](https://www.dell.com/community/Inspiron/Used-Legacy-Boot-can-t-get-UEFI-w-Sec-Boot-back/m-p/5807869#M8113)让我发现微软非常非常非常好心的在win10内建了一个工具 [mbr2gpt](https://docs.microsoft.com/en-us/windows/deployment/mbr-to-gpt),只要进入windows 10系统就可以直接帮助切割一个EFI System Partition,所有的文件系统基本上都不会受到影响。
这篇回答非常精彩,摘抄如下:
> Windows installs itself differently depending on whether it will be booted in Legacy or UEFI. The way that you booted the Windows installation media itself depends on how the OS that gets installed is set up. So it sounds like you booted your install media in Legacy mode, in which case Windows set up your disk in MBR partition layout intended for Legacy booting. You can't just switch your boot mode to UEFI and have that environment continue to boot, because the setup for UEFI booting looks completely different. However, if you're running the latest release of Windows 10, there is an MBR2GPT utility you can run within Windows that can often perform an in-place conversion of the disk to support UEFI. You can Google that name for details, but basically you run that utility, then Windows won't boot AGAIN until you go into your BIOS and switch to UEFI booting. But if the tool won't run on your system, unless you want to jump through a fair number of hoops with an imaging solution, some custom restore work, and some command-line work, getting to UEFI would basically require performing a clean install, making sure to boot your installation media in UEFI mode.
>
> In terms of whether it's worth it, systems that boot in UEFI mode often boot a bit faster, and you get the option to enable Secure Boot, which is only available for UEFI. That's a nice additional security measure because it basically prevents the system from loading any bootloader that isn't signed by a trusted authority (by default Microsoft, although that includes some third-party bootloaders they've signed). That makes it much more difficult for threats that hide from the OS by compromising the bootloader, like rootkits, to load. Like any security measure, it's not completely foolproof, but it's better than nothing and doesn't have any performance impact once the system starts. Honestly one of the biggest weak points of the system is the user, i.e. if a user's bootloader gets infected, they'll see an error that their system won't boot because the bootloader isn't trusted and Secure Boot is enabled -- so they decide to "fix" it by disabling Secure Boot. Then their system boots, and they're happy, except of course they're now loading a malicious piece of code.
醍醐灌顶,剩下的就分分钟搞定,重启一下修改BIOS设定enable Secure Boot还有UEFI only,光速进系统。这两年微软的开放和进步真是令人刮目相看啊~
评论