Both of these programs are examples of low-level software that runs when the computer starts up before the operating system loads. UEFI is a newer solution, it supports larger hard drives, it boots faster, it's more secure - and, very conveniently, it has a graphical interface and mouse support.
Some newer computers shipped with UEFI still refer to it as "BIOS" so as not to confuse a user accustomed to traditional PC BIOSes. But even if you see it mentioned, know that your new computer will most likely be equipped with UEFI, not BIOS.
What is a BIOS?
BIOS is Basic Input-Output system, basic input-output system. This is a low-level program stored on a chip in your computer's motherboard. The BIOS is loaded when the computer is turned on and is responsible for waking up its hardware components, making sure that they are working correctly, and then launching the bootloader that starts the Windows operating system or any other operating system you have installed.
On the BIOS setup screen, you can change many options. Computer hardware configuration, system time, boot order. This screen can be called up at the beginning of the computer boot by pressing a certain key - it is different on different computers, but Esc, F2, F10, Delete keys are often used. When you save a setting, you store it in the motherboard's memory. When the computer boots up, the BIOS will set it up as specified in the saved settings.
Before loading the operating system, the BIOS goes through POST, or Power-On Self Test, after power-on. It checks that the hardware is configured correctly and that it works. If something is wrong, you will see a series of error messages on the screen or hear a mysterious squeak from the system unit. What exactly the beeps mean is described in the instructions for the computer.
When the computer boots, at the end of POST, the BIOS looks for the Master Boot Record, or MBR - Master Boot Record. It is stored on the boot device and is used to start the OS bootloader.
You may also have seen the abbreviation CMOS, which stands for Complementary Metal-Oxide-Semiconductor - a complementary metal-oxide-semiconductor structure. It refers to the memory where the BIOS stores various settings. Its use has become obsolete, since this method has already been replaced by flash memory (also called EEPROM).
Why is the BIOS outdated?
The BIOS has been around for a long time and has evolved little. Even MS-DOS computers released in the 1980s had a BIOS.Of course, over time, the BIOS still changed and improved. Its extensions were developed, in particular, ACPI, Advanced Configuration and Power Interface (Advanced Configuration and Power Management Interface). This allowed the BIOS to more easily configure devices and more advanced power management, such as hibernation. But the BIOS hasn't evolved as much as other computer technologies since MS-DOS.
The traditional BIOS still has serious limitations. It can only boot from hard drives with a maximum capacity of 2.1 TB. Now 3 TB disks are already ubiquitous, and a computer with a BIOS will not boot from them. This is a BIOS MBR limitation.
The BIOS must work in 16-bit processor mode and only 1 MB of memory is available to it. It has problems initializing multiple devices at the same time, which leads to a slow boot process, during which all hardware interfaces and devices are initialized.
The BIOS is long overdue for a replacement. Intel began work on the Extensible Firmware Interface (EFI) back in 1998. Apple chose EFI when it switched to the Intel architecture on its Macs in 2006, but other manufacturers didn't follow suit.
In 2007, Intel, AMD, Microsoft, and PC manufacturers agreed on a new Unified Extensible Firmware Interface (UEFI) specification, a unified extensible firmware interface. This is an industry standard maintained by the UEFI forum and is not just Intel-specific. UEFI support in Windows was introduced with Windows Vista Service Pack 1 and Windows 7. Most computers you can buy today use UEFI instead of BIOS.
How UEFI Replaces and Improves the BIOS
UEFI replaces the traditional BIOS on PCs. There is no way to change the BIOS to UEFI on an existing PC. You need to buy hardware that supports UEFI. Most versions of UEFI support BIOS emulation so you can install and run a legacy OS that expects a BIOS instead of UEFI - so they are backwards compatible.
The new standard bypasses BIOS restrictions. UEFI firmware can boot from drives larger than 2.2 TB - the theoretical limit for them is 9.4 zettabytes. That's about three times the amount of data on the Internet today. UEFI supports such volumes due to the use of GPT partitioning instead of MBR. It also has a standardized boot process and runs EFI executables instead of MBR code.
UEFI can run in 32-bit or 64-bit modes, and its address space is larger than that of the BIOS, which means it boots faster. It also means that the UEFI setup screens can be made prettier than the BIOS, including graphics and mouse support. But this is optional. Many computers still run text-mode UEFI, which looks and works just like the old BIOS screens.
There are many other features built into UEFI. It supports Secure Boot, in which you can check that no malware has changed the boot of the OS. It can support network operation, which allows remote configuration and debugging. In the case of the traditional BIOS, you had to sit right in front of the computer to set up the computer.
And it's not just a BIOS replacement. UEFI is a small operating system that runs on top of PC firmware, so it's capable of much more than BIOS. It can be stored in flash memory on the motherboard or loaded from a hard drive or network.
Different computers have different interface and UEFI properties. It all depends on the manufacturer of the computer, but the basic features are the same for everyone.
How to Access UEFI Settings on a Modern PC
If you are a regular user, you will not notice the transition to a computer with UEFI. Booting and shutting down your computer will be faster, and you will also have access to drives larger than 2.2 TB.But the procedure for accessing the settings will be slightly different. You may need the Windows boot menu to access the UEFI settings screen. PC manufacturers did not want to slow down the fast boot of the computer by waiting for a keystroke. But we also met such UEFIs in which manufacturers left the ability to enter the settings in the same way as in the BIOS - by pressing a key during boot.
UEFI is a big update, but it happened quietly. Most PC users won't notice it and don't need to worry about their new PC using UEFI instead of the regular BIOS. PCs will simply perform better and support more modern hardware and features.
A more detailed explanation of the differences in the UEFI boot process can be found in
Today we will talk about the new interface BIOS UEFI, which today replaces the regular BIOS quite well. This technology is increasingly appearing in new computers and laptops. But there is one small snag. If your computer or laptop is on a UEFI BIOS, then you cannot install anything other than Windows 8 on it. But still there are ways to install, for example, Windows 7. And now we will talk about the advantage over the usual BIOS.
BIOS UEFI is a new interface that controls the low-level functions of the hardware. It was developed by Intel.
What is the BIOS in general, probably everyone knows. This is firmware built into the motherboard. This technology tells the system how to use the internal components of the computer: processor, video card, etc. The BIOS starts before Windows and checks all internal components. If a device is faulty, the BIOS should emit a signal through the built-in speaker.
But at the moment, the BIOS has been replaced by a more advanced technology. UEFI.
So, what are the advantages of a UEFI BIOS over a regular BIOS. Well, firstly, a completely redesigned mechanism. Secondly, UEFI took a lot from its predecessor. It also checks the components of the computer, and then the operating system is loaded.
- Convenient graphical interface. Supports mouse control. Also, there is support for the Russian language.
- Works with hard drives that have a GPT partition table. These hard drives can be divided into 128 partitions. And in the MBR it was possible to create only 4 partitions.
- Since the regular BIOS did not see disks larger than 2 TB, UEFI fixed this problem. UEFI supports 18 exabytes.
- MBR hard drives worked with the old CHS addressing, now GPT hard drives work with LBA addressing.
- On GPT hard drives, it is easier to recover deleted data.
- The UEFI BIOS has its own boot manager, which is handy if you use multiple operating systems.
- Easy to update unlike regular BIOS.
There is another feature in the UEFI BIOS. Because of it, it is impossible to install other operating systems other than Windows 8.
This technology is called Secure Boot - secure boot protocol. It is based on certified keys, which are available only in Windows 8. Older operating systems, including , do not have such keys, and you will not be able to install them.
Of course, there is a way out, you can disable Secure Boot, but then windows will be installed on the MBR disk, and many advantages are lost.
In the following article, we will analyze how to disable this feature - Secure Boot. And secondly, how to install other operating systems besides Windows 8.
1. What is UEFI?
UEFI (Unified Extensible Firmware Interface) is a BIOS replacement that better meets the requirements of today's diverse hardware. At its core, UEFI is an interface that is responsible for the pre-boot environment of the operating system.
2. What are the advantages of UEFI over BIOS?
- Media support >2TB
- Easier boot media preparation, no need to write different boot sectors
- Having your own download manager. Now it is not necessary to start a multi-level leapfrog of bootloaders in order to organize a multiboot environment, all records about the available bootloaders are regularly stored in EFI NVRAM, and switching between bootable operating systems is carried out in the same way as between bootable media.
- More secure boot environment
- UEFI graphics configuration mode, with graphics and mouse support
3. Can I update my BIOS to UEFI?
Not really. UEFI cannot be flashed instead of BIOS because it takes up much more memory. But there is such a thing as DUET. This is a UEFI bootable from the BIOS via a separate boot partition which can be useful if you are going to use >2TB drives on your older BIOS hardware.
4. Is it possible to boot from UEFI, as before, through boot sectors and MBR disks?
Yes, if Legacy Boot support is enabled in the UEFI configuration
5. What is GPT?
GUID Partition Table, GPT is a format standard for placing partition tables on a hard disk. It is part of the EFI interface. EFI uses GPT where BIOS uses MBR.
6. What are the advantages of GPT over MBR?
- Media support >2.2TB
- No limitation on 4 main partitions, and as a result, no need for logical partitions
- Enhanced security - GPT stores a backup copy of the partition table at the end of the disk, so in case of problems, it is possible to restore the layout using a spare table.
- Protection against damage by outdated programs through Protective MBR
- It is possible to use old boot sectors.
7. Where are GPT analogues of boot sectors stored?
EFI uses the EFI/boot folder at the root of a FAT32 partition to store boot loaders. The /EFI/boot/bootx64.efi file should be loaded by default
If the bootable disk is marked in the MBR style, then the presence of the FAT32 file system on the first partition (if there are several of them) and the file with the bootloader located on the default path are the only conditions for booting from this medium (CD / DVD are also supported). If the disk is marked in the GPT style, the partition does not have to be the first one, but it must have the boot flag (you can check and set it via gparted)
8. Is it possible to convert a disk from MBR to GPT and vice versa without data loss?
Yes. To do this, you need a boot disk / flash drive with Gparted. After booting from the boot media, a gparted window will open showing the scratch drive (usually /dev/sda) in the upper right corner. You need to remember the name of the disk you want to convert, open a terminal, and type sudo gdisk /dev/sda there, where instead of sda, if necessary, you need to substitute the name of your disk. Then you need to enter the w command and confirm the write of the GPT table to disk. Everything, the disk is converted to a GPT table. To convert back to MBR, you need to open gdisk for your disk in the same way, and type r, then g in sequence, and then confirm the new table entry with the w command.
9. What is UEFI Shell?
This is an EFI (terminal-like) environment that allows you to run efi-compatible boot loaders on the go, perform basic file operations, and operate the built-in boot manager.
10. How to edit/remove/add boot items to the UEFI boot menu?
Download the UEFI Shell, copy it to the /EFI/boot/bootx64.efi file on the FAT32 flash drive, and boot from it. After successfully loading the shell, a command line prompt should appear
shell>
Above the prompt, a list of available drives (fs0:, fs1:, BLK0, etc.) should be displayed. To call this list again if necessary, use the command
map fs*
From the full name of the drive, you can get some information about the drive. For example:
PciRoot(0x0)/Pci(0x1,0x1)/Ata(0x0)/HD(1,MBR,0x27212721,0x3F,0x13FA6D9)
from here
Ata(0x0) - disk connection interface, as well as controller port
HD is a hard drive
1 - number of partitions on the disk
MBR layout
Having found the necessary disk in this way, you need to go to it
fs0:
then, using the good old DOS commands dir and cd, you need to find and change to the directory with the efi boot files. This is usually /EFI/boot/. Then, being in this directory, you can, by entering the name of the bootloader file, immediately boot into it. To add the desired file to the list of boot entries, it is advisable to first read the existing entries using the command
bcfg boot dump
Then, to add the boot file to this list, type
bcfg boot add N filename.efi "label"
Where N is the serial number of the entry (if there was something in its place, this item will be overwritten)
filename.efi - name of the file with the loader
label-name under which this entry will be displayed in the list
You can view the list of boot entries again via
bcfg boot dump
and make sure everything is in place. You can reboot and check.
To remove an entry from the list, use the command
bcfg boot rm N
where N is the record number
11. What is Secure Boot?
The Secure Boot specification was developed by Microsoft as part of the UEFI project and allows you to protect the boot environment from interference in boot files by controlling the signatures of downloaded files for their compliance with the white list of keys hardwired into uefi as trusted. A "side effect" of such protection against rootkits is the inability to install an OS other than Windows 8 (currently it only supports Secure Boot), and it also excludes the possibility of starting from old mbr disks and bootable CDs/flash drives.
12. How to disable Secure Boot?
13. How to make a UEFI compatible flash drive with an OS distribution?
In most cases, everything is very simple:
- Format the flash drive to the FAT32 file system
- Copy all the contents of the distribution iso image to it
But in the case of Windows Vista / 7, you will need to prepare the distribution kit first, because. they don't natively contain EFI files in the right places. Just a small caveat - windows only supports uefi in 64-bit editions.
14. How do I know that the bootable flash drive is made correctly and will boot in UEFI mode?
If everything is done correctly, then two devices with the same name but different prefixes should appear in the list of bootable media, UEFI: And USB:. Through the first boot in UEFI mode, through the second-Legacy boot from the boot sector. 
15. What is Fast Boot Mode?
Fast boot mode, in which control is almost immediately transferred to the operating system, even before the equipment is ready for operation, the initialization of which is carried out by the OS itself. Fast Boot eliminates delays caused by double initialization of devices. In "classic" mode, after receiving control, the operating system re-initializes devices already previously initialized by the BIOS. Given that the initialization of some types of devices is a rather lengthy process, the gain in speed is obvious. When Fast Boot is enabled, control is transferred to the system before USB initialization is performed, which leads to the inaccessibility of USB drives and the keyboard before the start installed on the system disk. Since Microsoft imposes rather strict requirements on the time that the firmware must meet when Fast Boot mode is enabled, and the initialization of USB devices can take seconds, USB devices remain uninitialized by the time the system starts. In this case, the reverse side of the coin appears - the user of a computer with a USB keyboard cannot interrupt the boot process and initiate the installation of another system, since the keyboard remains inoperative until the OS starts. Moreover, the initialization of the i8042 chip also takes time, and on some laptops, firmware manufacturers leave the built-in PS / 2 keyboard uninitialized.
The main differences between UEFI and BIOS:
- GPT (GUID Partition Table) support
- Service support
- Modular architecture
UEFI also supports networking, so if you find a UEFI driver for your network card, or if it's enabled by your motherboard manufacturer, you can ping 8.8.8.8 from Shell.
In general, the UEFI specification provides for the interaction of UEFI drivers from the OS, i.e. if your OS does not have a driver for a network card, and it is loaded into UEFI, then the OS will be able to use the network card through UEFI, but I have not seen such implementations.
- Built-in download manager
How does UEFI boot work?
From a GPT partition with ID EF00 and FAT32 file system, the file \efi\boot\boot[architecture name].efi is loaded and launched by default, for example \efi\boot\bootx64.efiThose. to, for example, create a bootable USB flash drive with Windows, you just need to mark the USB flash drive in GPT, create a FAT32 partition on it and simply copy all the files from the ISO image. There are no more boot sectors, forget about them.
Booting into UEFI is much faster, for example my ArchLinux laptop booting from the power button to a fully functional state takes only 30 seconds. As far as I know, Windows 8 also has very good boot speed optimizations in UEFI mode.
secure boot
I have seen a lot of questions on the internet, like:“I heard that Microsoft is implementing Secure Boot in Windows 8. This technology prevents unauthorized code from executing, such as bootloaders, to protect the user from malware. And there is a campaign from the Free Software Foundation against Secure Boot, and a lot of people were against it. If I buy a computer with Windows 8, can I install Linux or another OS? Or does this technology only allow you to run Windows?
Let's start with the fact that this technology was not invented by Microsoft, but it is included in the UEFI 2.2 specification. Having Secure Boot enabled doesn't mean you won't be able to run a non-Windows OS. In fact, computers and laptops certified to run Windows 8 obliged have the ability to disable Secure Boot and the ability to manage keys, so there's nothing to worry about. Unswitchable Secure Boot is available only on ARM tablets with Windows preinstalled!
What gives Secure Boot? It protects against the execution of unsigned code not only at the boot stage, but also at the OS execution stage, for example, both Windows and Linux check driver/kernel module signatures, so malicious code cannot be executed in kernel mode. But this is only true if there is no physical access to the computer, because, in most cases, during physical access, the keys can be replaced with your own.
There are 2 modes in Secure Boot: Setup and User. The first mode is for configuration, from which you can replace PK (Platform Key, by default it is from OEM), KEK (Key Exchange Keys), db (allowed key database) and dbx (revoked key database). There may not be a KEK, and everything may be signed by PK, but no one does that, sort of. PK is the master key by which KEK is signed, in turn, db and dbx are signed by keys from KEK (there may be several of them). In order to be able to run some signed .efi file from under User mode, it must be signed with a key that is in db and not in dbx.
For Linux, there are 2 pre-loaders that support Secure Boot: Shim and PRELoader. They are similar, but there are small nuances.
There are 3 types of keys in Shim: Secure Boot keys (those in UEFI), Shim keys (which you can generate yourself and specify when compiling), and MOKs (Machine Owner Key, stored in NVRAM). Shim does not use a UEFI boot mechanism, so a bootloader that does not support Shim and knows nothing about MOK will not be able to execute the code (thus the gummiboot bootloader will not work). PRELoader, on the contrary, builds its authentication mechanisms into UEFI, and there are no problems.
Shim depends on the MOK, i.e. binaries must be modified (signed) before they can be executed. PRELoader “remembers” the correct binaries, you tell it whether you trust them or not.
Both pre-loaders are compiled with a valid signature from Microsoft, so changing UEFI keys is not necessary.
Secure Boot is designed to protect against bootkits, from attacks like Evil Maid, and in my opinion it does it effectively.
Thanks for attention!
As soon as we turn on the computer, it immediately starts running a miniature operating system, which we know as the BIOS. It deals with testing devices, memory, loading operating systems, and allocating hardware resources. Many of the features in this suite of programs (usually around 256-512 KB in size) make it possible to support older operating systems like MS-DOS, giving them a lot of options. Since the days of the PC/AT-8086, the BIOS has changed very little, and by the time the first Pentiums were launched, its development had almost stopped. Actually, there was nothing to change in it, except for the dual BIOS, support for network facilities and the possibility of flashing. But there were a lot of minuses: the starting entry into the real mode of the processor, 16-bit addressing and 1 MB of available memory, the inability to have a "repair" console. And, of course, the eternal problem of supporting hard drives. Even now, drives up to 2.2 TB are guaranteed to be supported, no more.
Back in 2005, Intel decided to change the BIOS to EFI / UEFI (Unified Extensible Firmware Interface). The EFI system is a more advanced base operating system. On some Unix and Windows platforms, UEFI has been around for a long time, but the mass transition has not yet taken place, despite good intentions. And they are:
- The presence of the notorious console for repairing system parameters and installing the OS;
- The EFI section makes it possible to perform some actions without loading the OS (watching movies, starting music);
- Internet access and, therefore, the presence of installed network drivers, TCP / IP stack, etc.);
- The presence of a graphical mode and user scripts;
- Support for giant disks;
- UEFI storage on new format partitions (GPT);
- Full support for all hardware from launch.
UEFI can use a generic executing machine like the JVM to consume hardware-independent code, and this opens up vast possibilities for creating "bootable" software.
There is also criticism of this technology. In particular, its implementation can lead to cutting off new players from the operating system market: there will always be some technological loophole in the code for this. Like, for example, the inability to boot Windows 98 from modern BIOSes. But, worse, you will have to forget about the millions of MS-DOS programs and other systems that relied on BIOS functions to work. Perhaps they will still be emulated, but there are doubts about this. And among them, there are probably important programs that there will be no one to rewrite. However, all these issues are solvable - at least through virtual operating systems. But the fact that new types of viruses will appear is certain, and we will be able to see this pretty soon.
