If I cannot enable Secure Boot, then why use UEFI instead of BIOS?

For what it may be worth, I have decided to do a "clean install" that overwrites the existing Windows 7 Pro SP1 (fully updated) installation on my computer system, after (a) installing a new and different ASUS 970 Pro Gaming/Aura motherboard which supports UEFI, and (b) installing a new AMD Phenom II X4 960T 3.0/3.4 GHz CPU instead of continuing to run the 6 y.o. CPU currently installed.

My primary reason for re-installing Windows 7 is to use the motherboard's UEFI feature instead of BIOS. I have assumed that, by using UEFI, I can configure the system for Secure Boot. However, according to all that I have read about using UEFI with Windows 7 on this website, I must disable Secure Boot because the OS is Windows 7. Three pages of instructions concern the subject:

How to Do a Clean Installation with Windows 7
Clean Install Windows 7

This tutorial begins describing the installation process with:

Warning
If you want to install Windows 7 using UEFI instead of BIOS, then see this below first.

How to Install Windows 7 Using "Unified Extensible Firmware Interface" (UEFI)
UEFI (Unified Extensible Firmware Interface) - Install Windows 7 with

The introduction for the referenced instructions (above) ends with the following:

Warning

• Disabling UEFI will make the system unbootable as there is no MBR on the disks.
• You CANNOT make a sector-by-sector copy of GPT disks. The Disk and Partition GUIDs will no longer be unique. This must never happen. You can make a sector-by-sector copy of the contents of ESP or basic data partitions.
• Disable secure boot before installing Windows 7.

_______________

Note: the second line above mystifies me. If making a sector-by-sector copy of the "GPT disk" on which Windows 7 is installed "must never happen", then what software can I run to make a backup-copy of the Windows 7 installation on that drive? Be aware that the Windows 7 partition will include all software installed that requires access to the Windows Registry.

Nonetheless, it is the third line which gives me pause. The instructions which follow the above warning never mention whether Secure Boot can be re-enabled after Windows 7 is installed.

But keep reading, the hyperlink in the last line above is for the page:

How to Enable or Disable Secure Boot in UEFI
https://www.eightforums.com/tutorial...able-uefi.html

The introduction on the above page ends with the following:

Warning
Arm based Windows RT PCs and devices will have a locked boot loader, so you will not be able to disabled secure boot on them.

If you have a Windows 8.1 device that has the device encryption feature turned on and disable secure boot, then you may not be able to access the data on the disk until you enable secure boot again.

Do not enable secure boot with Windows 7, Vista, or XP installed. If you do, these OSs will not boot until secure boot is disabled.

_______________

So, if I cannot enable Secure Boot, then what benefit would there be to install Windows 7 with UEFI instead of BIOS?


For your information:

The motherboard manual BIOS Information - Boot Menu section does not disclose any limitation as to the version of Windows. It presents two options from which I can select one, to quote:

Secure Boot
This item allows you to configure the Windows Secure Boot settings and manage its keys to protect the system from unauthorized access and malwares during POST.

OS Type [Windows UEFI Mode] /* the choice in the brackets signifies the default */

[Windows UEFI Mode]

This item allows you to select your installed operating system. Execute the Microsoft Secure Boot check. Only select this option when booting on Windows UEFI mode or other Microsoft Secure Boot compliant OS.

[Other OS]

Get the optimized function when booting on Windows non-UEFI mode. Microsoft Secure Boot only supports Windows UEFI mode.

_______________

Note: If I do not choose to use UEFI, then I expect to simply prepare Windows 7 for the motherboard change with the SYSPREP method described by another tutorial of this forum. If I recall correctly, its instructions mention that, if the motherboard supports Secure Boot, then I must disable it in the BIOS before booting Windows 7. So I have anticipated selecting the [Other OS] option above before booting Windows (after it has been "prepped") from the drive on which it is currently installed.

Thank you for your time and attention to this inquiry. I am looking forward to your answer and any additional advice you might offer.

Secure boot is a safety boot check that verify is the OS you're booting is digitally signed. It was introduced on win 8 and now it is on Win 8, 8.1 and 10. Linux also is compatible with safety boot.
Secure Boot Overview

Win 7 isn't compatible with secure boot. That doesn't mean that you cant use UEFI BIOS mode. Just disable secure boot and enable the other UEFI functions.
Boot the installation disk as UEFI mode, delete all partitions and create new. It will create 3 partitions on a GPT disk:
- 100M Fat32 UEFI
- 120M RAW MS reserved
- Large NTFS

The main differences between Legacy-MBR and UEFI-GPT
MBR disk has a partition size limit of 2.2T. On GPT the limit is sky high 16x 10^18 (16 exabytes).
On the GPT disk you don't have a MBR. UEFI BIOS takes the booting process to the 100M Fat32 UEFI partition where you can have more than one boot loader. That is very convenient if you have a multi boot system with the OS's on different partitions. My 128G SSD is GPT and has Win 7 64 and Lubuntu 64.
Some add on cards, like modern graphics, work better on a UEFI mode.

Only Win 7 64 can boot a GPT disk with a UEFI BIOS, but you can have a GPT disk on a Legacy or UEFI BIOS for data.

MBR vs. GPT Guide: What's The Difference and Which One Is Better