The Unified Extensible Firmware Interface (say each letter: U, E, F, I; some people pronounce it oo-fee or you-fee but that’s technically incorrect), UEFI for short, is the new and better BIOS. It’s the interface between the hardware and operating system.
If your computer was built after 2009, has the new Windows 8 logo sticker on it or shipped with Windows 8 installed by the original equipment manufacturer (OEM) then you have UEFI.
UEFI is an open standard developed by Intel that was designed to make your BIOS more secure. And that’s a good thing! The BIOS (Basic Input/Output System) hasn’t changed much since its inception in 1979. Most computers are using archaic technology that’s over three decades old which means it’s susceptible to vulnerabilities.
The BIOS is a little chip that is permanently soldered to your motherboard and really has one simple purpose in life: initialize all system hardware and pass full control to the operating system. Although it usually does this with finesse there are at least five issues with the way it was designed:
Operating Systems are no longer vulnerable to the attack vectors that once debilitated them five to ten years ago. As a result, malicious hackers are creatively looking for vulnerabilities to exploit and BIOS is an attractive target. There are at least two reasons for this:
First, it’s easier than ever to write malware that turns your computer into a inert mass of silicon and plastic. This technique, colloquially known as bricking a PC, renders your computer no more useful than a dried block of clay. Sure, you could build houses with a stack of bricked laptops but you’re certainly not checking your email with one.
And what happens if your computer get’s bricked? The BIOS is physically soldered into the motherboard; therefore, you’ll usually need to buy a new motherboard or in some cases, a completely new computer.
Second, there are insidious programs designed to hook themselves into your computer before the OS boots so that some lonely loser sequestered to his grandmothers basement can get his jollies off ruining your PC. These programs, known as Rootkits in geek vernacular, are specifically designed to surreptitiously wreak havok on your system before your Antivirus program even has a chance to load.
2. The BIOS was designed for one core
Most PCs have dual and quad core processors but the legacy BIOS can’t take advantage of these performance improvements; UEFI can.
3. Takes a while to boot
Modern computers have multiple ports like USB2.0, USB3.0, eSata, and integrated controllers. The poor BIOS has to sequentially initialize each component before it sends the command to the OS that says, “Hey Windows, I’ve got all the hardware you need loaded up”.
4. Ignores large drives
The BIOS doesn’t understand hard disks with more that 2.1 Terabytes (TB) of storage because of an antiquated partition table called the MBR (Master Boot Record).
5. Difficult to manage
You usually have to physically sit at the keyboard of each computer with a BIOS problem.
Conversely, UEFI saves the day and addresses each of the above concerns.
1. Tighter Security
UEFI prevents bricking.
The UEFI specification was designed by AMD, American Megatrends, Apple, Dell, HP, IBM, Insyde, Intel, Lenovo, Microsoft, and Phoenix Technologies to be secure. Security was paramount in the specification. It’s called Secure Boot.
Secure Boot achieves security by granting certain operating systems the ability to boot while denying others. For example, if the OS doesn’t have a valid digital signature, UEFI thwarts the OS because it thinks it could damage your computer. This is similar to what happens when you visit an e-commerce site that doesn’t have a valid signature and then receive a warning box that shows the connection is untrusted. This isn’t a perfect analogy, but roughly speaking, UEFI sees the unauthenticated OS in the same way your browser sees a secure https:// site without a valid certificate.
UEFI scans your hardware and assigns a unique public key known as a Platform key to your computer. Then, it acts like a gatekeeper only allowing operating systems with matching private keys to start up.
Some people complained that this gatekeeper functionality prevented them from booting various Linux distros. Also, because of the way the public keys are created, any significant changes to the hardware or OS could break the system because the Platform key is generated based off your hardware.
But is this concern really valid?
On most systems you can disable Secure Boot before making the hardware change. Then just renable it which forces UEFI to enumerate your system and build a new Platform key.
So the entire “UEFI blocks Linux argument” is kind of moot. Just disable Secure Boot.
In short, UEFI is a first responder. It intercepts Rootkits before the OS loads.
2. Faster Bootup
UEFI offers faster startup and resume times than the BIOS. On some systems the BIOS can take up to 30 seconds to initialize your hardware, UEFI slices that time to just a few seconds and even faster with Solid State Drives.
3. Support for large drives
The Master Boot Record (MBR) has been supplanted by the GUID Partition Table (GPT). Now you can boot from hard drives larger than 2.1TBs. In fact, GPT affords the use of hard disks that are 8ZBs.
That’s eight Zetabytes.
1 Zetta byte is a 1 followed by 21 zeros. In contrast, a TB is a 1 followed by 12 zeros. Since each zero is a power of 10 there’s an obscene amount of space that UEFI recognizes. To put this into perspective, in 2006 it was estimated that the aggregate storage of every single hard drive in the world was 160 exabytes.
One Exabyte is a one followed by just 18 zeros.
4. Flexible Architecture
The open framework means the UEFI specification is modular, CPU independent, and flexible when it comes to designing the pre-OS environment. Each hardware vendors has the liberty to choose the start-up options and the user interface is highly customizable.
5. Remote Administration
UEFI saves IT staff time because they can administer PCs remotely over the network. They can restore, troubleshoot, and reboot most UEFI machines without having to physically be there in front of the PC.
The Bottom Line
In conclusion, UEFI will one day be as ubiquitous as the old DOS BIOS we grew up loving. The working group behind the UEFI specification designed it so that it would one day replace the BIOS. And when you look at everything it offers, like greater security, faster bootup, support for large drives, a flexible architecture, and remote administration, why wouldn’t you want it?
Unfortunately you can’t upgrade your PC to UEFI because that would physically require removing the BIOS chip from the motherboard and doing crazy things like soldering electrical components and modifying assembly code… UEFI is a completely new hardware component that’s baked into the very fabric of new systems. In fact, most new Windows 8 computers have native support for it so check it out and enjoy.