The Complete Guide to UEFI

Posted on by vonnie 2 Comments ↓

The Unified Extensible Firmware Interface (say each letter: U, E, F, I; some people pronounce it oo-fee or you-fee but that’s technically incorrect), UEFI for short, is the new and better BIOS. It’s the interface between the hardware and operating system.

If your computer was built after 2009, has the new Windows 8 logo sticker on it or shipped with Windows 8 installed by the original equipment manufacturer (OEM) then you have UEFI.

UEFI is an open standard developed by Intel that was designed to make your BIOS more secure.  And that’s a good thing!  The BIOS (Basic Input/Output System) hasn’t changed much since its inception in 1979.  Most computers are using archaic technology that’s over three decades old which means it’s susceptible to vulnerabilities.

The BIOS is a little chip that is permanently soldered to your motherboard and really has one simple purpose in life: initialize all system hardware and pass full control to the operating system.  Although it usually does this with finesse there are at least five issues with the way it was designed:

1. Insecure

Operating Systems are no longer vulnerable to the attack vectors that once debilitated them five to ten years ago.  As a result, malicious hackers are creatively looking for vulnerabilities to exploit and BIOS is an attractive target.  There are at least two reasons for this:

First, it’s easier than ever to write malware that turns your computer into a inert mass of silicon and plastic.  This technique, colloquially known as bricking a PC, renders your computer no more useful than a dried block of clay.  Sure, you could build houses with a stack of bricked laptops but you’re certainly not checking your email with one.

And what happens if your computer get’s bricked?  The BIOS is physically soldered into the motherboard; therefore, you’ll usually need to buy a new motherboard or in some cases, a completely new computer.

Second, there are insidious programs designed to hook themselves into your computer before the OS boots so that some lonely loser sequestered to his grandmothers basement can get his jollies off ruining your PC.  These programs, known as Rootkits in geek vernacular, are specifically designed to surreptitiously wreak havok on your system before your Antivirus program even has a chance to load.

2. The BIOS was designed for one core

Most PCs have dual and quad core processors but the legacy BIOS can’t take advantage of these performance improvements; UEFI can.

3. Takes a while to boot

Modern computers have multiple ports like USB2.0, USB3.0, eSata, and integrated controllers.  The poor BIOS has to sequentially initialize each component before it sends the command to the OS that says, “Hey Windows, I’ve got all the hardware you need loaded up”.

4. Ignores large drives

The BIOS doesn’t understand hard disks with more that 2.1 Terabytes (TB) of storage because of an antiquated partition table called the MBR (Master Boot Record).

5. Difficult to manage

You usually have to physically sit at the keyboard of each computer with a BIOS problem.

Conversely, UEFI saves the day and addresses each of the above concerns.

1. Tighter Security

UEFI prevents bricking.

The UEFI specification was designed by AMD, American Megatrends, Apple, Dell, HP, IBM, Insyde, Intel, Lenovo, Microsoft, and Phoenix Technologies to be secure. Security was paramount in the specification. It’s called Secure Boot.

Secure Boot achieves security by granting certain operating systems the ability to boot while denying others.  For example, if the OS doesn’t have a valid digital signature, UEFI thwarts the OS because it thinks it could damage your computer.  This is similar to what happens when you visit an e-commerce site that doesn’t have a valid signature and then receive a warning box that shows the connection is untrusted. This isn’t a perfect analogy, but roughly speaking, UEFI sees the unauthenticated OS in the same way your browser sees a secure https:// site without a valid certificate.

UEFI scans your hardware and assigns a unique public key known as a Platform key to your computer.  Then, it acts like a gatekeeper only allowing operating systems with matching private keys to start up.

Some people complained that this gatekeeper functionality prevented them from booting various Linux distros.  Also, because of the way the public keys are created, any significant changes to the hardware or OS could break the system because the Platform key is generated based off your hardware.

But is this concern really valid?

On most systems you can disable Secure Boot before making the hardware change.  Then just renable it which forces UEFI to enumerate your system and build a new Platform key.

So the entire “UEFI blocks Linux argument” is kind of moot.  Just disable Secure Boot.

In short, UEFI is a first responder.  It intercepts Rootkits before the OS loads.

2. Faster Bootup

UEFI offers faster startup and resume times than the BIOS.  On some systems the BIOS can take up to 30 seconds to initialize your hardware, UEFI slices that time to just a few seconds and even faster with Solid State Drives.

3. Support for large drives

The Master Boot Record (MBR) has been supplanted by the GUID Partition Table (GPT). Now you can boot from hard drives larger than 2.1TBs. In fact, GPT affords the use of hard disks that are 8ZBs.

That’s eight Zetabytes.

1 Zetta byte is a 1 followed by 21 zeros.  In contrast, a TB is a 1 followed by 12 zeros. Since each zero is a power of 10 there’s an obscene amount of space that UEFI recognizes.  To put this into perspective, in 2006 it was estimated that the aggregate storage of every single hard drive in the world was 160 exabytes.

One Exabyte is a one followed by just 18 zeros.

4. Flexible Architecture

The open framework means the UEFI specification is modular, CPU independent, and flexible when it comes to designing the pre-OS environment.  Each hardware vendors has the liberty to choose the start-up options and the user interface is highly customizable.

5. Remote Administration

UEFI saves IT staff time because they can administer PCs remotely over the network.  They can restore, troubleshoot, and reboot most UEFI machines without having to physically be there in front of the PC.

The Bottom Line

In conclusion, UEFI will one day be as ubiquitous as the old DOS BIOS we grew up loving.  The working group behind the UEFI specification designed it so that it would one day replace the BIOS.  And when you look at everything it offers, like greater security, faster bootup, support for large drives, a flexible architecture, and remote administration, why wouldn’t you want it?

Unfortunately you can’t upgrade your PC to UEFI because that would physically require removing the BIOS chip from the motherboard and doing crazy things like soldering electrical components and modifying assembly code…  UEFI is a completely new hardware component that’s baked into the very fabric of new systems. In fact, most new Windows 8 computers have native support for it so check it out and enjoy.

About

Connect with Vonnie on Twitter

Posted in Hardware, Windows Tagged with:

  • Pingback: How to downgrade Windows 8 to 7 | fixedByVonnie()

  • dsatfire

    UEFI is a framework for building a platform BIOS. This means that it provides a clear and precise guideline for BIOS vendors to build their implementation of firmware so that, regardless of the hardware’s implementation, any OS (conforming to the UEFI standard) can run gracefully on that machine. UEFI is not a hardware component and it’s implementations can be flashed onto a machine’s NVRAM without removing the chipset. However, to upgrade would require that a BIOS vendor had already built a UEFI implementation conforming to specifics of your motherboard. (This is very unlikely, since most BIOS is developed for newer boards and it would be a waste of developers’ resources to attempt to build a UEFI complaint BIOS for every older motherboard.) Another thing is that boot time is faster only because (if fast boot is enabled) the BIOS is selective on what hardware is initialized prior to the BIOS hand-off to the OS. It only initializes hardware and drivers necessary for booting the OS and allows the OS to do the other initialization after the hand-off. Also Secure-Boot does more than just keep bad OS images from loading. Secure-Boot requires that all drivers be digitally signed with a valid vendor key. Before starting the driver image the Secure-Boot functionality, checks the validity of this signature and drops driver images in which this test fails. UEFI does nothing to protect against root kits, but does provide framework for BIOS vendors (and OS vendors) to mitigate such risks. IT admins can’t necessarily administer a machine remotely, however, the PXEBOOT functionality allows the machine to boot an OS image over an network. There’s more knowledge i could share, but I have to get back to work now. L8r

    • Wow, thanks for the thoughtful reply. You accentuated that the BIOS is a platform, Fast Boot works because the BIOS only loads essential drivers and Secure Boot requires digitally signed drivers. Incidentally, I didn’t know IT admins don’t necessarily have remote administration rights. Share more when you can! I love it.

  • Pingback: How to turn on Windows Defender in Windows 8 - fixedByVonnie()

  • Pingback: Debunking the top two myths about UEFI - fixedByVonnie()

  • Pingback: ACPI and UEFI forum join forces: here's why it matters | fixedByVonnie()

  • Pingback: How to enable Fast Startup in Windows 8.1 | fixedByVonnie()

  • Pingback: endable fast startup fixed | pdasite()