I've been running Win 7 & 10 on the same hardware (not dual-booting - I select my O/S via BIOS, and my Win 7 system can't see my Win 10 drive). I'm worried the next time I run my Win 10 system it will download a BIOS update that breaks my Win 7 system? Is there a streamlined way of working around this dilemma? Do I simply have to skip BIOS updates to keep my Win 7 system working?
For a while now, Windows Update doesn't simply just download and install BIOS updates automatically, unless maybe there's some sort of circumstance that mandates it. Also, if the system itself is old enough, there's simply no way for there to be a BIOS update for it on the WU server. So no, you're safe.
I would mention that if its works, its works. You should avoid updating BIOS blindly from within Windows 10. Only upgrade the bios if you have specific reason for it if you have instability or if you upgrade the CPU. And if you ever update it, and keep win7 you should re enable CSM and legacy settings.
Thanks, I thought the hardware certificates were being replaced. The reason I asked is that when I used Win 10 more I thought Dell was pushing out BIOS updates frequently. That was when there were some publicized fumbles by the OEMs, so the spate of BIOS updates back then was necessary for security. Win 10 allowed less control over updates than Win 7 did, but I guess if I'm disciplined enough I can keep telling Win 10 to delay updates. So I guess I can just say no to BIOS updates, but I've never had to do that before, so it's going to be a new routine for me.
@Muffin Top No BIOS update will ever come automatically, at least not on Dell, and they are not updated by Microsoft, but by Dell itself. Also, no BIOS update will change your Windows or BIOS settings. The BIOS only determines which Basic Input Output Settings (that's what BIOS is) are available at all.
Some firmware updates are offered and can be installed through WU, but they are optional, not forced.
Thanks, my internet reading tells me I can't accept any more BIOS updates if I want to continue secure-booting Win 7. The internet is telling me that updating the BIOS for the latest Win 10 secure-boot methodology will break Win 7's secure boot. Fork in the road. I like Win 7, so I'll continue this way for awhile. Maybe in the future I'll decide to give up on Win 7, and then I can get the BIOS update for my Win 10 system.
Windows 7 does not support SecureBoot, natively. I guess you use a bootloader from Windows 8 or beyond to kinda emulate it. That old bootloader will only support the 2011 CA, not the 2023 one. So, yes, you should avoid such an update that revokes 2011 CA. Depending on the UEFI implementation, with controls in the BIOS Setup, it might theoretically be possible to just wipe the 2023 CA and revive the 2011 one (or a custom one altogether).
Thanks, there was a secure boot ESU for Win 7 (obtainable via Simplix), but it doesn't accommodate the new secure boot certificates.
Windows 7 never did and does not support Secureboot natively. Not to be confused with that it can boot natively in UEFI mode, if the UEFI is class 2 and CSM is enabled. All other scenarios require third-party tools.
I'm remembering now, way back to a year ago when I set this up. I anticipated this question. So I tried to get secure boot working before downloading the secure-boot ESU. That's how I know what it looks like when I can't secure-boot. Then I followed the exact same steps after downloading the secure-boot ESU. That's what I meant in my earlier post about remembering evidence that secure-boot is functioning properly. As I indicated before, I think Simplix is now the only way to get the secure-boot ESU. Is Simplix safe? A couple years ago, it was possible to get the secure-boot ESU directly from Microsoft, and there were youtube videos about it. Microsoft took away availability of this because too many people were trying to stay on Windows 7.
Thanks, it seems the command line msinfo32.exe looks a bit different. I searched for everything I could think of, such as secure, boot, uefi, etc. Everything makes sense, but I didn't see anything about UEFI (which I know I have) and secure boot (which I know I haven't failed because of my indirect test described above). Is your picture from HWINFO?
Ah true, then I don't know if HWiNFO will display the correct information on W7 (AIDA64 doesn't, shows SecureBoot as unsupported, even in a VM where it is activated)