From BIOS to UEFI

What do you have and what do you want?

Moderators: b1o, jkerr82508

User avatar
viking60
Über-Berserk
Posts: 9302
Joined: 14 Mar 2010, 16:34

From BIOS to UEFI

Postby viking60 » 13 Jun 2014, 13:23

I was in doubt whether this should be written under Hardware, but UEFI is in fact software so here we are.
The old BIOS had firmware that controlled the processor mainly provided by Intel but also Microsoft can write to the processor after an agreement with Intel. This bit would probably belong under Hardware. There is no open source about flashing (updating) the BIOS; this firmware has always been closed.

The BIOS aka Basic Input and Output System is more than 30 years old and Intel started to play with the alternative - EFI - in 1998.due to BIOS limitations. Originally this was called the "Intel Boot Initiative" and later EFI.
In the interest of standardization there was a need to get a unified version so EFI was handed over to a consortium in 2005. This consortium had AMD, Apple, IBM, Intel, and Microsoft as members and has been extended since as you can see here
Since then it is called UEFI.

The goal is to replace the BIOS that is a solid piece of firmware, with UEFI that is a programmable software interface that sits on top of a computer’s hardware and firmware.

UEFI is a piece of software that lays on top of the BIOS and this software does control the BIOS + a lot more.
Rather than all of the boot code being stored in the motherboard’s BIOS: UEFI is stored in a directory on the HD or in the NAND on the motherboard.
The directory is called /EFI/

Intel and Microsoft present it like this:
Image

UEFI is pretty much a light weight OS (Operating System) that loads a set of drivers and the real OS:

A computer boots into UEFI, a set of actions are carried out, and then it triggers the loading of an operating system. Further reinforcing its "OSness", the UEFI spec defines boot and runtime services, protocols for communication between services, device drivers (UEFI is designed to work across all platforms - in theory), extensions, and even an EFI shell, where you can run EFI applications. On top of all this is the boot loader, which executes an operating system’s boot loader.

UEFI can access all the hardware on your computer.
And you can perform "OS tasks" like surfing the Internet or backup your hard disk. it even has a mouse driven GUI:
Image

Via the /EFI/directory on your NAND flash memory or on your HD the Computer maker can control every aspect of the PC including only loading Windows 8. It is not possible to run Linux under UEFI secure boot even if the UEFI consortium does claim this:
UEFI specifications enable cross-functionality between devices, software and systems. By design, UEFI technology lends itself to utility and applicability across a range of platforms. Including UEFI Secure Boot in Linux-based distributions allows users to boot alternate operating systems without disabling UEFI Secure Boot. It also allows users to run the software they choose in the most secure and efficient way possible, promoting interoperability and technical innovation.


I dare them to go into a computer shop - any computer shop - and buy a laptop with UEFI secure boot and install Linux on it.
They will not find any computer that can do it - without deactivating UEFI secure boot.
And that is the great downside to UEFI - Microsoft is the most important partner for any OEM and demands that they put MS code in there. In fact they demand that they put Windows 8 on every computer too.

MS code that does exclude Linux or forces Linux to buy MS certificates.

And that is where all security is gone - when you have to trust a third competing party.

Anyway let us do some quick Q&A on what UEFI can do:

    Can UEFI update my "BIOS" online?
    Yes
    Can Microsoft update my BIOS online?
    Yes
    Can Intel update my BIOS online?
    Yes
    Can the maintainers of my Linux distro update my BIOS online?
    No
    Can UEFI detect and prevent malware?
    Yes
    Can UEFI be used to exclude any software?
    Yes

    Can an UEFI update place an undetectable keylogger on my system?
    Yes

So basically you need to trust the guys that can access it 100%
Image

Those guys are Intel and Microsoft
Intel has encrypted all updates and refuses to answer if they have shared encryption keys with the NSA

In many ways the old method of downloading a file and flashing your BIOS was safer, but UEFI offers a lot of protection against "third party" malware.
Sadly it is not so much the third parties we worry about these days.
Manjaro 64bit on the main box -Intel(R) Core(TM) i7 CPU 920 @ 2.67GHz and nVidia Corporation GT200b [GeForce GTX 275] (rev a1. + Centos on the server - Arch on the laptop.
"There are no stupid questions - Only stupid answers!"

Panther96
Posts: 88
Joined: 25 Feb 2014, 07:19

Re: From BIOS to UEFI

Postby Panther96 » 13 Jun 2014, 22:23

A long overdue overview. It seems like articles on the internet never want to actually explain what UEFI's purpose is (unless you read a techy's too-much-jargon post), only what it does. Was even discussing UEFI earlier with someone today, trying to understand why UEFI even exists in the first place other then to possibily block out Linux users by a coalition of Microsoft and Intel.

Thats one fancy UEFI overlay. Mine is barely more graphical than any typical BIOS (though apparently the OEM with my system left UEFI Legacy Mode (MBR boot) by default, which may be a factor of why I don't even need to worry about whether any distro supports UEFI or not)

User avatar
Snorkasaurus
Berserk
Posts: 587
Joined: 30 Dec 2013, 19:19
Contact:

Re: From BIOS to UEFI

Postby Snorkasaurus » 14 Jun 2014, 17:45

Hey v60,

I typically do not buy "current" hardware so UEFI hasn't been a problem for me yet... but I guess the day will come. I seem to remember you mentioning in a previous post that an easy way to tell if an UEFI based computer will be capable of running Linux (or other OS's) is to boot them from a LiveCD. Is that still the best way you would recommend checking a PC before buying it? Or do you know of any better way to determine if a PC will be locked to some OS and software I don't want?

S.

User avatar
viking60
Über-Berserk
Posts: 9302
Joined: 14 Mar 2010, 16:34

Re: From BIOS to UEFI

Postby viking60 » 14 Jun 2014, 20:58

It is a good way.
I bought one after having asked if I could have one without Windows 8 - which was impossible of course. So I demanded to enter the Bios and see if I could turn off UEFI and turn off secure boot.

He clearly understood that it would be bad for business to deny me that so that was OK.

I had forgotten my live CD, but since it was possible; I bought it and turned off UEFI all together and installed Linux after having erased all traces of Windows 8.
:A
viewtopic.php?f=22&t=3253&view=unread#unread
Manjaro 64bit on the main box -Intel(R) Core(TM) i7 CPU 920 @ 2.67GHz and nVidia Corporation GT200b [GeForce GTX 275] (rev a1. + Centos on the server - Arch on the laptop.
"There are no stupid questions - Only stupid answers!"

User avatar
Snorkasaurus
Berserk
Posts: 587
Joined: 30 Dec 2013, 19:19
Contact:

Re: From BIOS to UEFI

Postby Snorkasaurus » 14 Jun 2014, 21:03

viking60 wrote:I bought one after having asked if I could have one without Windows 8 - which was impossible of course. So I demanded to enter the Bios and see if I could turn off UEFI and turn off secure boot.

Strange that Microsoft would be leg-humped by the DOJ about making it hard to install a different browser, but is seemingly left alone when they make it hard (much harder) to install a different OS. Thanks for the tips on UEFI based machines, much appreciated!
:berserk2

S.

User avatar
viking60
Über-Berserk
Posts: 9302
Joined: 14 Mar 2010, 16:34

Re: From BIOS to UEFI

Postby viking60 » 17 Jul 2014, 01:37

Here is a description on how you can dualboot Windows 8 and Linux
Manjaro 64bit on the main box -Intel(R) Core(TM) i7 CPU 920 @ 2.67GHz and nVidia Corporation GT200b [GeForce GTX 275] (rev a1. + Centos on the server - Arch on the laptop.
"There are no stupid questions - Only stupid answers!"


Return to “Software”