UEFI stands for Unified Extensible Firmware Interface. UEFI represents a significant shift in the PC market from an outdated technology to a new modern one. With a few exceptions, computer operating systems rely on the computer’s BIOS (Basic Input/output System) to communicate with hardware device firmware during the boot process (Boot Services) and after the system is booted (Runtime Services). UEFI replaces the traditional BIOS with a new and enhanced interface between operating systems and firmware platforms.
Like BIOS, UEFI is installed at the time of manufacturing and is the first program that runs when a computer is turned on. It checks to see what hardware components are installed in the computer, initialises the components and then hands control over to the operating system. The new specification addresses several limitations of BIOS, including restrictions on hard disk partition size and the amount of time BIOS takes to perform its tasks.
Because UEFI is programmable, original equipment manufacturer (OEM) developers can add applications and drivers, allowing UEFI to function as a lightweight operating system.
UEFI vs Bios or legacy
Both UEFI and BIOS are low-level software that starts when PC boots before the operating system loads. UEFI is the modern solution and replacement for BIOS. UEFI supports larger hard drives, faster boot times, has more security features, and a graphical user interface.
This new standard avoids the limitations that exist with BIOS. UEFI firmware can boot from drives of 2.2 TB or larger—theoretically the limit is in excess of 9 zettabytes. This is because UEFI uses the GUID Partition Table (GPT) instead of the Master Boot Record (MBR). It also boots in a more standardized way, launching EFI executables rather than running code from a drive’s master boot record.
UEFI runs in both 32 or 64-bit mode, provides more addressable space than BIOS, hence faster boot times.
Why replace Bios?
BIOS has been around since the 1980s. In that time it has evolved but these improvements have been limited.
Some extensions have been developed, including ACPI, the Advanced Configuration and Power Interface. This allows the BIOS to more easily configure devices and perform advanced power management functions, like sleep. But the BIOS hasn’t advanced and improved nearly as much as other PC technology has since the days of MS-DOS.
The traditional BIOS still has serious limitations. It can only boot from drives of 2.1 TB or less. Larger drives are now far more common, and a computer with a BIOS can’t boot from them due to the way the BIOS’s Master Boot Record system works.
The BIOS must run in 16-bit processor mode, and only has 1 MB of space to execute in. It has trouble initializing multiple hardware devices at once, which leads to a slower boot process when initializing all the hardware interfaces and devices on a modern PC.
UEFI and Windows
Microsoft introduced UEFI for x86-64 Windows operating systems with Windows Server 2008 R2 and Windows 7. The 64-bit versions of Windows 7 are compatible and can be installed on a UEFI based PC. 32-bit version of Windows 7 were not supported due to the lack of native 32-bit UEFI firmware, caused by the mainstream status of 64-bit computing.
Windows 8 and above have included further optimisations and improvements for UEFI systems, including a faster boot times, 32-bit UEFI support, and support for secure boot.
UEFI and Linux
PCs that come with Windows 8 and above include UEFI firmware instead of the traditional BIOS. By default, Secure Boot will be enabled, therefore only software with an embedded Microsoft signed key will run. On older PCs without this security feature, a rootkit, containing viruses or spyware, could install itself and become the boot loader. The rootkit would then be loaded every time the PC is started.
On an Intel x86 PC (not ARM PCs), it is possible to disable secure boot or a signing key. Organisations can use their own keys to ensure only approved Linux operating systems could boot.
Options for Installing Linux include:
- Use a Linux Distribution that supports Secure Boot
- Disable Secure Boot
- Add a Signing Key to the UEFI Firmware
What is Secure boot and what are the benefits?
If a PC manufacturer wants to place a “Windows 10” or “Windows 8” logo sticker to their PC, it is a Microsoft requirement that Secure Boot is enabled.
A traditional BIOS will boot any software. When you boot your PC, it checks the hardware devices according to the configured boot order, and attempts to boot from them. Typical PCs will normally find and boot the full Windows operating system
However, it’s possible for malware, such as a rootkit, to replace a boot loader. The rootkit could load the normal operating system with no indication anything was wrong, staying completely invisible and undetectable on a system. The BIOS doesn’t know the difference between malware and a trusted boot loader–it just boots whatever it finds.
This is what Secure Boot is designed to stop. Windows 8 and 10 PCs ship with Microsoft’s certificate stored in UEFI. UEFI will check the boot loader before launching it and ensure it’s signed by Microsoft. If a rootkit or another piece of malware does replace the boot loader or tamper with it, UEFI won’t allow it to boot. This prevents malware from hijacking the boot process and concealing itself from the operating system.
Our Diagonstic Products:
TRUSTED BY THOUSANDS OF COMPANIES AND SUPPORT TECHNICIANS INCLUDING