There is no reason to left out the login from https. Quite the opposite.
If the login page use https but the form has an http target, even if that target redirects to https, it's insecure and the browser will probably display a warning. There is no reason to not change the target to directly use https.
And, the only secure configuration is to use https on all the webpages, with HSTS. Any other configuration makes https webpages vulnerable to MitM/SSLStrip attacks.