Legacy BIOS to UEFI, then Windows 11 25H2, without nuking the disk.

Windows 10 is out of support and you have a PC still booting in CSM mode (Compatibility Support Module, the legacy BIOS setting that Windows 11 will not accept). You do not need a fresh install to fix it. Here is the path that keeps your data, apps, and user profile in place: convert the disk format, switch one firmware setting, then upgrade to Windows 11 25H2. Plus the steps you cannot skip if you want the machine to actually boot afterwards.

why this matters

Windows 11 has three minimum requirements that are not negotiable:

• UEFI firmware. The modern way a PC starts up. UEFI replaced the older Legacy BIOS approach.
• Secure Boot capable. A firmware feature that blocks unauthorised boot code from loading. The PC just needs to support it, you do not have to enable it for the upgrade to pass.
• TPM 2.0. A small hardware chip that stores encryption keys, used by features like BitLocker and Windows Hello.

A PC that was set up in Legacy BIOS mode boots from a disk formatted as MBR (Master Boot Record), the old partition layout. Windows 11 needs the modern GPT (GUID Partition Table) format instead. The upgrade check refuses MBR disks even when the hardware is otherwise perfectly capable.

The good news: most PCs from around 2016 onwards already have hardware that supports both modes. Nothing physical needs replacing. Two things need changing: the disk format (MBR to GPT) and one firmware setting (Legacy BIOS to UEFI). That is the whole job. No reinstall, no rebuilding the user profile.

before you touch anything

• Take a full image backup. This procedure is reversible in theory and unforgiving in practice.
• Confirm the hardware actually supports UEFI and TPM 2.0. Run tpm.msc and check the firmware setup. If TPM is "discrete" and disabled, enable it. On Intel, look for PTT; on AMD, fTPM.
• Note the current boot drive layout. MBR2GPT needs the OS disk to be MBR with at most three primary partitions, the system partition active, and no dynamic disk.
• Suspend BitLocker first. Conversion will trip the recovery prompt on next boot otherwise. manage-bde -protectors -disable C: -RebootCount 2 buys you two reboots.

step 1 · validate the disk

Open an elevated PowerShell. MBR2GPT ships in-box; you don't need to download anything. The validate flag is read-only and will tell you exactly why a disk isn't eligible.

mbr2gpt /validate /allowFullOS

  MBR2GPT: Attempting to validate disk 0
  MBR2GPT: Retrieving layout of disk
  MBR2GPT: Validating layout, disk sector size is: 512 bytes
  MBR2GPT: Validation completed successfully

If you see Disk layout validation failed, three causes account for almost all failures. None of them needs a wipe and reinstall.

• Cause: too many partitions. MBR2GPT only converts disks with three or fewer primary partitions. OEM recovery and vendor utility partitions often push you to four or five. Fix: delete one of the partitions you do not need (check what is on it first; safe deletion candidates are listed in the gotchas section).
• Cause: BitLocker is still active. MBR2GPT refuses to run on an encrypted disk. Fix: suspend BitLocker as shown in the prereqs above. Suspending is enough, you do not have to fully decrypt.
• Cause: the system reserved partition is missing. Rare, mostly happens on PCs built from custom images. Fix: re-create it with bcdboot, or take the image-and-restore route to a fresh layout.

step 2 · convert MBR to GPT

Same command, swap /validate for /convert. The tool shrinks the existing system partition, carves out a 100 MB EFI System Partition, drops a UEFI boot loader into it, and rewrites the partition table. It takes under a minute on SSD and the OS keeps running.

mbr2gpt /convert /allowFullOS

  MBR2GPT will now attempt to convert disk 0
  Creating the EFI system partition
  Installing the new boot files
  Performing the layout conversion
  Migrating default boot entry
  Conversion completed successfully

step 3 · flip the firmware

Reboot into the firmware setup (usually F2, F10, Del, or hold Shift while clicking Restart and choose UEFI Firmware Settings). What you're looking for varies by vendor, but the three settings to change are consistent:

• Boot mode: Legacy / CSM → UEFI.
• Secure Boot: Enabled. If it's greyed out, save UEFI mode first, reboot back in, then enable.
• TPM: Enabled. PTT on Intel, fTPM on AMD, or a discrete header if it's a desktop board.

Save and exit. Windows boots normally, BitLocker resumes itself on the second boot if you used -RebootCount 2, and the upgrade gates are now open.

step 4 · verify before you upgrade

Two quick checks confirm the conversion stuck:

Confirm-SecureBootUEFI
Get-Disk | Select Number, FriendlyName, PartitionStyle

  True

  Number  FriendlyName                  PartitionStyle
  ------  ------------                  --------------
  0       Samsung SSD 870 EVO 500GB     GPT

If both come back clean, run the PC Health Check app once. It should now report the machine eligible for Windows 11. If it still complains about the CPU, that's a different conversation, and the answer is rarely "buy a new PC" if the box is on the supported list.

step 5 · upgrade to 25H2

Windows 11 25H2 ships as a small enablement package layered on top of 24H2. In plain terms: 24H2 and 25H2 share the same underlying code. The 25H2 install just flips a switch to turn on the new features. If the PC is already on a current 24H2 build, the upgrade takes minutes instead of an hour.

1. Patch fully on the existing OS first. Settings → Windows Update → Check for updates, install everything, reboot.
2. If the device is on Windows 10, run the Installation Assistant or mount the 25H2 ISO and run setup.exe with /Compat IgnoreWarning only if you've already validated the hardware.
3. If the device is already on Windows 11 24H2, Settings → Windows Update will offer 25H2 as an enablement package. One reboot.
4. After the upgrade, re-enable BitLocker if it didn't resume itself: manage-bde -protectors -enable C:.

common gotchas

• Four primary partitions on a prebuilt PC. Most OEM images have System, OS, Recovery, and a vendor utility partition. That is one too many for MBR2GPT. Fix: delete the vendor utility partition, or the OEM recovery if you have install media to fall back on, before running mbr2gpt.
• Third-party disk encryption. Symantec PGP, McAfee Drive Encryption, and similar products do not survive a partition table change. Fix: fully decrypt the drive first, then convert.
• Dynamic disks. The old Windows feature for software RAID and spanned volumes. MBR2GPT does not support them. Fix: convert the disk back to basic, or take the image-and-restore path to a fresh layout.
• Secure Boot will not enable, even with the right firmware setting. Usually caused by a stale Platform Key (a stored security key from a previous setup) or a graphics card with an old VBIOS (the firmware on the GPU itself). Fix: in the firmware setup, reset Secure Boot keys to factory defaults, then enable Secure Boot again.
• Virtual machines on Hyper-V Gen 1 or VMware BIOS firmware. The firmware type is set when the VM is created and cannot be changed afterwards. Fix: rebuild the VM as Hyper-V Gen 2 or VMware EFI. If neither is an option, stay on Windows 10 with Extended Security Updates (ESU) until the VM is retired.

when to skip this and just rebuild

If the device is older than a 2017 chipset, has a failing disk, or carries seven years of accumulated user-installed software cruft, an in-place upgrade is technically possible and operationally a bad idea. A clean Autopilot enrolment with OneDrive Known Folder Move is faster end-to-end and leaves you with a device you can actually support. The conversion procedure is for fleets where the configuration is worth preserving and the hardware has plenty of life left.