My buddy Michael Steineke @msteineke pinged me yesterday with a problem that he was having doing a clean install of Windows 8 Enterprise on his new ThinkPad Helix. He only got a few seconds into the explanation of the problem he was having when I told him the problem was his USB was not formatted as FAT32 and if he re-formatted the USB it would solve his problem. I know this because I had a similar experience last months when I was doing a clean install on my ThinkPad Carbon Touch. Mike and I both agreed that we should document the problem and solution in case someone else runs into it.

In order to enable secure boot on a Windows 8 Machine, you must have UEFI and Secure Boot enabled when you install and if you use USB Media to install, it must be formatted as FAT32. Many USB drives are formatted as NTFS and many utilities that create bootable media for install will format the drives as NTFS (like the Windows 7 USB Utility). Windows 8 can install from this media (if you disable secure boot), but that is a feature you want. Instructions on how to create a FAT32 bootable drive are included at the bottom of this post.

UEFI Secure Boot is a great thing….

Unified Extensible Firmware Interface (UEFI) is the modern firmware for operating systems to control the underlying hardware. You can think of it as the new version of the BIOS. UEFI is not a Windows-only technology, but a standard that is used by most operating systems. One of the new benefits is the ability to have a digitally signed and verified boot path (or secure boot). This all but eliminates attack vectors that load early in the boot processes (think root kits). With secure boot, you know that the entire code path has been digitally signed and that it has not been changed or tampered with.

A few notes

  • Even though both Mike and I were running Lenovo Ultrabooks, this is not limited to those devices. This applies equally to all non-legacy devices (Dell, ASUS, ACER, HP, etc.)
  • If you are loading from a DVD, you should not run into this problem
  • I have run into one device, the Samsung Build PC, that in addition to needing to be FAT32 the USB needed to be less than 4GB in order to boot
  • This has been documented elsewhere on the internet (see this the Windows IT Pro Article), but it seems like you can’t find it when you need it 🙂

Create a Fat32 Bootable USB

Be very careful when using the following commands, as selecting the wrong device could lead to data loss or other heart break. When in doubt, ask someone to double check your assumptions.

Launch an elevated command prompt and run the diskpart command:


  C:>diskpart

Select your USB device by listing the devices on your computer and then selecting it by number. Make sure that you select the correct device as future commands will wipe the device:


  DISKPART>list disk




  DISKPART>select disk <disk#>

Remove all current partitions from the device and create a new primary partition. This command will use all available space on the USB drive:


  DISKPART>clean




  DISKPART>create partition primary

Select the Partition and make it active:


  DISKPART>select partition 1




  DISKPART>active

Format the partition and assign a drive letter:


  DISKPART>format quick fs=fat32




  DISKPART>assign

Exit the DISKPART Utility:


  DISKPART>exit

Now you can copy the contents of the Windows 8 ISO onto the drive via Explorer, XCOPY or your favorite utility that copies files. Be sure to enable secure boot and boot from the USB drive to install.

Hope this helps…..