Intel AMT IDE-R issue with UEFI

There are two issues that may be encountered when trying to perform an IDE-R Boot on UEFI systems depending on the disk image being booted. The first is Secure Boot and the second is UEFI boot mode.

Secure Boot is a UEFI feature that enforces signature checks as components are loaded during boot. Microsoft requires Secure Boot be enabled on Windows 8 systems. The allowed signature authorities are determined by the OEM and built into the system during manufacture. IDE-R boot images that do not have components signed by the trusted authority for a platform will be blocked from loading when Secure Boot is enabled. Secure Boot can be disabled in most BIOS/Firmware settings menus. To disable Secure Boot you should refer to vendor documentation for your system and can see general information here:

UEFI requires boot disks with an EFI System Partition (ESP) which includes the boot loader for the operating systems on the disk. IDER disk images that are built without an ESP will not boot on UEFI systems unless the system is configured to allow legacy compatible boot mode. The boot mode can be configured in most BIOS/Firmware settings menus to allow legacy BIOS disk images to boot. Please refer to vendor documentation for your system and additional information here:

A work-around to these issues is as follows: Use Intel AMT SOL/KVM to first change the BIOS settings to disable secure mode and allow CSM (legacy compatible mode) to use IDE-R with non-UEFI images.

Note that Windows 8 does not require secure boot to run.  In order for OEMs to get the Win 8 logo, they must turn it on by default. Secure boot allows the OEM BIOS to validate the OS boot loader, thus preventing booting rogue images if they are not properly signed. In addition, OEMs sign the default OS image on the platform and can also limit which trusted authorities are allowed to sign the images.

Einzelheiten zur Compiler-Optimierung finden Sie in unserem Optimierungshinweis.