Howtos

Creating a Secure Boot UEFI compatible Windows USB Key

by Ryan Dorman

Background

  • Creating a USB bootable Windows key with Rufus results in a system that can’t startup with Secure Boot which is required for proper BitLocker activation.
  • UEFI/Secure Boot USB sticks must be FAT32 not NTFS formatted.
  • FAT32 volumes have a limit of 32GB. You must partition the device with a volume smaller than 32GB to proceed.
  • FAT32 volumes have a file size limit of 4GB. One of the Windows installer files is over 4GB and must be split to copy to the USB stick.

Partition the USB Key

  • Connect the USB key to your Windows machine or VM
  • Right click on the start menu and select Disk Management
  • Right click on the volume on your USB key and select Delete Volume…
  • Say yes to the warning (s)
  • Right click on the now Unallocated space and select New Simple Volume…
  • Click Next
  • Set the volume size to 16000
  • Click Next
  • Assign a drive letter
  • Click next
  • Format the drive with FAT32 and check the box for quick format (or you will be here for days). You can name it whatever you want.

Split the WIM File

  • Mount the ISO for the latest version of Windows 10 (20H2 at this writing)
  • Create a folder on your desktop called wim
  • Open the sources folder in the root of the ISO
  • Copy the install.wim file to your wim desktop folder
  • Open an Administrator command prompt or PowerShell session
  • Navigate to the wim folder on your desktop
  • Run the command dism /Split-Image /ImageFile:install.wim /SWMFile:install.swm /FileSize:4000

Create the USB Key

  • Select all of the file and folder in the root of the ISO and copy them to the USB key FAT32 partition you created above.
  • You will receive an error saying that install.wim is too big. Click skip.
  • Copy the .swm files that are in the wim folder on your desktop to the sources folder on the USB key (there should be 2)

Leave a Reply

Your email address will not be published. Required fields are marked *