UEFI (Unified Extensible Firmware Interface) is a set of
specifications
A specification often refers to a set of documented requirements to be satisfied by a material, design, product, or service. A specification is often a type of technical standard.
There are different types of technical or engineering specificati ...
written by the
UEFI Forum
UEFI Forum, Inc. is an alliance between technology companies to coordinate the development of the UEFI specifications. The board of directors includes representatives from twelve ''promoter'' companies: AMD, American Megatrends, ARM, Apple, Del ...
. They define the
architecture
Architecture is the art and technique of designing and building, as distinguished from the skills associated with construction. It is both the process and the product of sketching, conceiving, planning, designing, and constructing building ...
of the platform
firmware
In computing, firmware is a specific class of computer software that provides the low-level control for a device's specific hardware. Firmware, such as the BIOS of a personal computer, may contain basic functions of a device, and may provide h ...
used for
booting
In computing, booting is the process of starting a computer as initiated via hardware such as a button or by a software command. After it is switched on, a computer's central processing unit (CPU) has no software in its main memory, so som ...
and its
interface
Interface or interfacing may refer to:
Academic journals
* ''Interface'' (journal), by the Electrochemical Society
* '' Interface, Journal of Applied Linguistics'', now merged with ''ITL International Journal of Applied Linguistics''
* '' Int ...
for interaction with the
operating system
An operating system (OS) is system software that manages computer hardware, software resources, and provides common services for computer programs.
Time-sharing operating systems schedule tasks for efficient use of the system and may also in ...
. Examples of firmware that implement these specifications are
AMI Aptio
AMI (American Megatrends International LLC, formerly American Megatrends Inc.) is an international hardware and software company, specializing in PC hardware and firmware. The company was founded in 1985 by Pat Sarma and Subramonian Shankar. I ...
TianoCore EDK II
TianoCore EDK II (formerly Tiano) is the reference implementation of UEFI by Intel. EDK is the abbreviation for EFI Development Kit and is developed by the TianoCore community. TianoCore EDK II is the de facto standard generic UEFI services imple ...
and
InsydeH2O
Insyde Software () is a company that specializes in UEFI system firmware and engineering support services, primarily for OEM and ODM computer and component device manufacturers. They are listed on the Gre Tai Market of Taiwan and headquartered ...
.
UEFI replaces the
BIOS
In computing, BIOS (, ; Basic Input/Output System, also known as the System BIOS, ROM BIOS, BIOS ROM or PC BIOS) is firmware used to provide runtime services for operating systems and programs and to perform hardware initialization during the ...
which was present in the
boot ROM
The boot ROM is a type of ROM that is used for booting a computer system. There are two types: a mask boot ROM that cannot be changed afterwards and a boot EEPROM, which can contain an UEFI implementation.
Purpose
Upon power up, hardware usuall ...
of all
personal computers
A personal computer (PC) is a multi-purpose microcomputer whose size, capabilities, and price make it feasible for individual use. Personal computers are intended to be operated directly by an end user, rather than by a computer expert or techn ...
that are
IBM PC-compatible
IBM PC compatible computers are similar to the original IBM PC, XT, and AT, all from computer giant IBM, that are able to use the same software and expansion cards. Such computers were referred to as PC clones, IBM clones or IBM PC clones. ...
, although it can provide
backwards compatibility
Backward compatibility (sometimes known as backwards compatibility) is a property of an operating system, product, or technology that allows for interoperability with an older legacy system, or with input designed for such a system, especially in ...
Intel
Intel Corporation is an American multinational corporation and technology company headquartered in Santa Clara, California. It is the world's largest semiconductor chip manufacturer by revenue, and is one of the developers of the x86 seri ...
developed the original ''Extensible Firmware Interface'' (''EFI'') specifications. Some of the EFI's practices and data formats mirror those of
Microsoft Windows
Windows is a group of several proprietary graphical operating system families developed and marketed by Microsoft. Each family caters to a certain sector of the computing industry. For example, Windows NT for consumers, Windows Server for serv ...
. In 2005, UEFI deprecated EFI 1.10 (the final release of EFI).
UEFI is independent of platform and programming language, but C is used for the reference implementation TianoCore EDKII.
History
The original motivation for EFI came during early development of the first Intel–HP
Itanium
Itanium ( ) is a discontinued family of 64-bit Intel microprocessors that implement the Intel Itanium architecture (formerly called IA-64). Launched in June 2001, Intel marketed the processors for enterprise servers and high-performance computin ...
systems in the mid-1990s.
BIOS
In computing, BIOS (, ; Basic Input/Output System, also known as the System BIOS, ROM BIOS, BIOS ROM or PC BIOS) is firmware used to provide runtime services for operating systems and programs and to perform hardware initialization during the ...
limitations (such as 16-bit
real mode
Real mode, also called real address mode, is an operating mode of all x86-compatible CPUs. The mode gets its name from the fact that addresses in real mode always correspond to real locations in memory. Real mode is characterized by a 20-bit seg ...
, 1MB addressable memory space,
assembly language
In computer programming, assembly language (or assembler language, or symbolic machine code), often referred to simply as Assembly and commonly abbreviated as ASM or asm, is any low-level programming language with a very strong correspondence be ...
programming, and
PC AT
The IBM Personal Computer/AT (model 5170, abbreviated as IBM AT or PC/AT) was released in 1984 as the fourth model in the IBM Personal Computer line, following the IBM PC/XT and its IBM Portable PC variant. It was designed around the Intel 80 ...
hardware) had become too restrictive for the larger server platforms Itanium was targeting. The effort to address these concerns began in 1998 and was initially called ''Intel Boot Initiative''. It was later renamed to ''Extensible Firmware Interface'' (EFI).
In July 2005, Intel ceased its development of the EFI specification at version 1.10, and contributed it to the
Unified EFI Forum
UEFI Forum, Inc. is an alliance between technology companies to coordinate the development of the UEFI specifications. The board of directors includes representatives from twelve ''promoter'' companies: AMD, American Megatrends, ARM, Apple, Del ...
, which has developed the specification as the ''Unified Extensible Firmware Interface'' (UEFI). The original EFI specification remains owned by Intel, which exclusively provides licenses for EFI-based products, but the UEFI specification is owned by the UEFI Forum.
Version 2.0 of the UEFI specification was released on 31 January 2006. It added
cryptography
Cryptography, or cryptology (from grc, , translit=kryptós "hidden, secret"; and ''graphein'', "to write", or ''-logia'', "study", respectively), is the practice and study of techniques for secure communication in the presence of adver ...
and security.
Version 2.1 of the UEFI specification was released on 7 January 2007. It added network authentication and the
user interface
In the industrial design field of human–computer interaction, a user interface (UI) is the space where interactions between humans and machines occur. The goal of this interaction is to allow effective operation and control of the machine f ...
architecture ('Human Interface Infrastructure' in UEFI).
The latest UEFI specification, version 2.9, was published in March 2021.
The first
open source
Open source is source code that is made freely available for possible modification and redistribution. Products include permission to use the source code, design documents, or content of the product. The open-source model is a decentralized sof ...
UEFI implementation, Tiano, was released by Intel in 2004. Tiano has since then been superseded by EDK and EDK2 and is now maintained by the TianoCore community.
In December 2018,
Microsoft
Microsoft Corporation is an American multinational technology corporation producing computer software, consumer electronics, personal computers, and related services headquartered at the Microsoft Redmond campus located in Redmond, Washing ...
announced Project Mu, a fork of TianoCore EDK2 used in
Microsoft Surface
Microsoft Surface is a series of touchscreen-based personal computers, tablets and interactive whiteboards designed and developed by Microsoft, running the Microsoft Windows operating system, apart from the Surface Duo, which runs on Andro ...
and
Hyper-V
Microsoft Hyper-V, codenamed Viridian, and briefly known before its release as Windows Server Virtualization, is a native hypervisor; it can create virtual machines on x86-64 systems running Windows. Starting with Windows 8, Hyper-V superseded W ...
products. The project promotes the idea of
Firmware as a Service
TianoCore EDK II (formerly Tiano) is the reference implementation of UEFI by Intel. EDK is the abbreviation for EFI Development Kit and is developed by the TianoCore community. TianoCore EDK II is the de facto standard generic UEFI services implem ...
.
In October 2018, Arm announce Arm ServerReady a compliance certification program for landing the generic off-the-shelf operating systems and
hypervisor
A hypervisor (also known as a virtual machine monitor, VMM, or virtualizer) is a type of computer software, firmware or hardware that creates and runs virtual machines. A computer on which a hypervisor runs one or more virtual machines is calle ...
s on Arm-based servers. The program requires the system firmware to comply with Server Base Boot Requirements (SBBR). SBBR requires UEFI,
ACPI
Advanced Configuration and Power Interface (ACPI) is an open standard that operating systems can use to discover and configure computer hardware components, to perform power management (e.g. putting unused hardware components to sleep), auto c ...
and
SMBIOS
In computing, the System Management BIOS (SMBIOS) specification defines data structures (and access methods) that can be used to read management information produced by the BIOS of a computer. This eliminates the need for the operating system to ...
compliance. In October 2020, Arm announced the extension of the program to the
edge
Edge or EDGE may refer to:
Technology Computing
* Edge computing, a network load-balancing system
* Edge device, an entry point to a computer network
* Adobe Edge, a graphical development application
* Microsoft Edge, a web browser developed by ...
and IoT market. The new program name i Arm SystemReady Arm SystemReady defined the Base Boot Requirements BBR specification that currently provides three recipes, two of which are related to UEFI: 1) SBBR: which requires UEFI, ACPI and SMBIOS compliance suitable for enterprise level operating environments such as Windows, Red Hat Enterprise Linux, and VMware ESXi; and 2) EBBR: which requires compliance to a set of UEFI interfaces as defined in the Embedded Base Boot Requirements EBBR suitable for embedded environments such as Yocto. Many Linux and BSD distros can support both recipes.
Advantages
The interface defined by the EFI specification includes data tables that contain platform information, and boot and runtime services that are available to the OS loader and OS. UEFI firmware provides several technical advantages over a traditional BIOS system:
* Ability to boot a disk containing large partitions (over 2 TB) with a
GUID Partition Table
The GUID Partition Table (GPT) is a standard for the layout of partition tables of a physical computer storage device, such as a hard disk drive or solid-state drive, using universally unique identifiers, which are also known as globally unique i ...
(GPT)
* Flexible pre-OS environment, including network capability, GUI, multi language
* 32-bit (for example
IA-32
IA-32 (short for "Intel Architecture, 32-bit", commonly called i386) is the 32-bit version of the x86 instruction set architecture, designed by Intel and first implemented in the 80386 microprocessor in 1985. IA-32 is the first incarnation of ...
,
ARM32
ARM (stylised in lowercase as arm, formerly an acronym for Advanced RISC Machines and originally Acorn RISC Machine) is a family of reduced instruction set computer (RISC) instruction set architectures for computer processors, configured ...
) or 64-bit (for example
x64
x86-64 (also known as x64, x86_64, AMD64, and Intel 64) is a 64-bit version of the x86 instruction set, first released in 1999. It introduced two new modes of operation, 64-bit mode and compatibility mode, along with a new 4-level paging mo ...
,
AArch64
AArch64 or ARM64 is the 64-bit extension of the ARM architecture family.
It was first introduced with the Armv8-A architecture. Arm releases a new extension every year.
ARMv8.x and ARMv9.x extensions and features
Announced in October 2011, AR ...
) pre-OS environment
*
C language
C (''pronounced like the letter c'') is a general-purpose computer programming language. It was created in the 1970s by Dennis Ritchie, and remains very widely used and influential. By design, C's features cleanly reflect the capabilities o ...
programming
* Modular design
* Backward and forward compatibility
Compatibility
Processor compatibility
As of version 2.5, processor bindings exist for Itanium, x86, x86-64,
ARM
In human anatomy, the arm refers to the upper limb in common usage, although academically the term specifically means the upper arm between the glenohumeral joint (shoulder joint) and the elbow joint. The distal part of the upper limb between th ...
(AArch32) and
ARM64
AArch64 or ARM64 is the 64-bit extension of the ARM architecture family.
It was first introduced with the Armv8-A architecture. Arm releases a new extension every year.
ARMv8.x and ARMv9.x extensions and features
Announced in October 2011, AR ...
(AArch64). Only
little-endian
In computing, endianness, also known as byte sex, is the order or sequence of bytes of a word of digital data in computer memory. Endianness is primarily expressed as big-endian (BE) or little-endian (LE). A big-endian system stores the most si ...
processors can be supported. Unofficial UEFI support is under development for POWERPC64 by implementing
TianoCore
TianoCore EDK II (formerly Tiano) is the reference implementation of UEFI by Intel. EDK is the abbreviation for EFI Development Kit and is developed by the TianoCore community. TianoCore EDK II is the de facto standard generic UEFI services implem ...
on top of OPAL, the OpenPOWER abstraction layer, running in little-endian mode. Similar projects exist for MIPS and
RISC-V
RISC-V (pronounced "risk-five" where five refers to the number of generations of RISC architecture that were developed at the University of California, Berkeley since 1981) is an open standard instruction set architecture (ISA) based on estab ...
. As of UEFI 2.7, RISC-V processor bindings have been officially established for 32-, 64- and 128-bit modes.
Standard PC BIOS is limited to a 16-bit processor mode and 1 MB of addressable memory space, resulting from the design based on the IBM 5150 that used a 16-bit
Intel 8088
The Intel 8088 ("''eighty-eighty-eight''", also called iAPX 88) microprocessor is a variant of the Intel 8086. Introduced on June 1, 1979, the 8088 has an eight-bit external data bus instead of the 16-bit bus of the 8086. The 16-bit registers an ...
processor. In comparison, the processor mode in a UEFI environment can be either 32-bit (
x86-32
IA-32 (short for "Intel Architecture, 32-bit", commonly called i386) is the 32-bit version of the x86 instruction set architecture, designed by Intel and first implemented in the 80386 microprocessor in 1985. IA-32 is the first incarnation o ...
, AArch32) or 64-bit (
x86-64
x86-64 (also known as x64, x86_64, AMD64, and Intel 64) is a 64-bit version of the x86 instruction set, first released in 1999. It introduced two new modes of operation, 64-bit mode and compatibility mode, along with a new 4-level paging mod ...
, Itanium, and AArch64). 64-bit UEFI firmware implementations support long mode, which allows applications in the preboot environment to use 64-bit addressing to get direct access to all of the machine's memory.
UEFI requires the firmware and operating system loader (or kernel) to be size-matched; that is, a 64-bit UEFI firmware implementation can load only a 64-bit operating system (OS) boot loader or kernel (unless the CSM-based Legacy boot is used) and the same applies to 32-bit. After the system transitions from "Boot Services" to "Runtime Services", the operating system kernel takes over. At this point, the kernel can change processor modes if it desires, but this bars usage of the runtime services (unless the kernel switches back again). As of version 3.15, the
Linux kernel
The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel. It was originally authored in 1991 by Linus Torvalds for his i386-based PC, and it was soon adopted as the kernel for the GNU ope ...
supports 64-bit kernels to be booted on 32-bit UEFI firmware implementations running on
x86-64
x86-64 (also known as x64, x86_64, AMD64, and Intel 64) is a 64-bit version of the x86 instruction set, first released in 1999. It introduced two new modes of operation, 64-bit mode and compatibility mode, along with a new 4-level paging mod ...
CPUs, with ''UEFI handover'' support from a UEFI boot loader as the requirement. UEFI handover protocol deduplicates the UEFI initialization code between the kernel and UEFI boot loaders, leaving the initialization to be performed only by the Linux kernel's ''UEFI boot stub''.
Disk device compatibility
In addition to the standard PC disk partition scheme that uses a master boot record (MBR), UEFI also works with the
GUID Partition Table
The GUID Partition Table (GPT) is a standard for the layout of partition tables of a physical computer storage device, such as a hard disk drive or solid-state drive, using universally unique identifiers, which are also known as globally unique i ...
(GPT) partitioning scheme, which is free from many of the limitations of MBR. In particular, the MBR limits on the number and size of disk partitions (up to four
primary partition
Disk partitioning or disk slicing is the creation of one or more regions on secondary storage, so that each region can be managed separately. These regions are called partitions. It is typically the first step of preparing a newly installed disk, ...
s per disk, and up to 2 TB per disk) are relaxed. More specifically, GPT allows for a maximum disk and partition size of 8 ZB .
Linux
Support for GPT in
Linux
Linux ( or ) is a family of open-source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991, by Linus Torvalds. Linux is typically packaged as a Linux distribution, which ...
is enabled by turning on the option CONFIG_EFI_PARTITION (EFI GUID Partition Support) during kernel configuration. This option allows Linux to recognize and use GPT disks after the system firmware passes control over the system to Linux.
For reverse compatibility, Linux can use GPT disks in BIOS-based systems for both data storage and booting, as both
GRUB 2
GNU GRUB (short for GNU GRand Unified Bootloader, commonly referred to as GRUB) is a boot loader package from the GNU Project. GRUB is the reference implementation of the Free Software Foundation's Multiboot Specification, which provides a u ...
and Linux are GPT-aware. Such a setup is usually referred to as ''BIOS-GPT''. As GPT incorporates the protective MBR, a BIOS-based computer can boot from a GPT disk using a GPT-aware boot loader stored in the protective MBR's bootstrap code area. In the case of GRUB, such a configuration requires a
BIOS boot partition
The BIOS boot partition is a partition on a data storage device that GNU GRUB uses on legacy BIOS-based personal computers in order to boot an operating system, when the actual boot device contains a GUID Partition Table (GPT). Such a layo ...
for GRUB to embed its second-stage code due to absence of the post-MBR gap in GPT partitioned disks (which is taken over by the GPT's ''Primary Header'' and ''Primary Partition Table''). Commonly 1 MB in size, this partition's
Globally Unique Identifier
A universally unique identifier (UUID) is a 128-bit label used for information in computer systems. The term globally unique identifier (GUID) is also used.
When generated according to the standard methods, UUIDs are, for practical purposes, un ...
(GUID) in GPT scheme is and is used by GRUB only in BIOS-GPT setups. From GRUB's perspective, no such partition type exists in case of MBR partitioning. This partition is not required if the system is UEFI-based because no embedding of the second-stage code is needed in that case.
UEFI systems can access GPT disks and boot directly from them, which allows Linux to use UEFI boot methods. Booting Linux from GPT disks on UEFI systems involves creation of an EFI system partition (ESP), which contains UEFI applications such as bootloaders, operating system kernels, and utility software. Such a setup is usually referred to as ''UEFI-GPT'', while ESP is recommended to be at least 512 MB in size and formatted with a FAT32 filesystem for maximum compatibility.
For
backward compatibility
Backward compatibility (sometimes known as backwards compatibility) is a property of an operating system, product, or technology that allows for interoperability with an older legacy system, or with input designed for such a system, especially i ...
, some UEFI implementations also support booting from MBR-partitioned disks through the Compatibility Support Module (CSM) that provides legacy BIOS compatibility. In that case, booting Linux on UEFI systems is the same as on legacy BIOS-based systems.
Microsoft Windows
The 64-bit versions of
Windows Vista
Windows Vista is a major release of the Windows NT operating system developed by Microsoft. It was the direct successor to Windows XP, which was released five years before, at the time being the longest time span between successive releases of ...
SP1 and later and 32-bit versions of
Windows 8
Windows 8 is a major release of the Windows NT operating system developed by Microsoft. It was Software release life cycle#Release to manufacturing (RTM), released to manufacturing on August 1, 2012; it was subsequently made available for downl ...
,
8.1
Windows 8.1 is a release of the Windows NT operating system developed by Microsoft. It was released to manufacturing on August 27, 2013, and broadly released for retail sale on October 17, 2013, about a year after the retail release of its pre ...
, and 10 can boot from a GPT disk that is larger than 2 TB.
Features
Services
EFI defines two types of services: ''boot services'' and ''runtime services''. Boot services are available only while the firmware owns the platform (i.e., before the ExitBootServices() call), and they include text and graphical consoles on various devices, and bus, block and file services. Runtime services are still accessible while the operating system is running; they include services such as date, time and
NVRAM
Non-volatile random-access memory (NVRAM) is random-access memory that retains data without applied power. This is in contrast to dynamic random-access memory (DRAM) and static random-access memory (SRAM), which both maintain data only for as lon ...
access.
; Graphics Output Protocol (GOP) services
: The ''Graphics Output Protocol'' (GOP) provides runtime services; see also Graphics features section below. The operating system is permitted to directly write to the framebuffer provided by GOP during runtime mode.
; UEFI
Memory map
In computer science, a memory map is a structure of data (which usually resides in memory itself) that indicates how memory is laid out. The term "memory map" can have different meanings in different contexts.
*It is the fastest and most flexible ...
ACPI
Advanced Configuration and Power Interface (ACPI) is an open standard that operating systems can use to discover and configure computer hardware components, to perform power management (e.g. putting unused hardware components to sleep), auto c ...
services
;
SMBIOS
In computing, the System Management BIOS (SMBIOS) specification defines data structures (and access methods) that can be used to read management information produced by the BIOS of a computer. This eliminates the need for the operating system to ...
services
;
Device tree
In computing, a devicetree (also written device tree) is a data structure describing the hardware components of a particular computer so that the operating system's kernel can use and manage those components, including the CPU or CPUs, the memor ...
services (for RISC processors)
; Variable services
: UEFI variables provide a way to store data, in particular non-volatile data. Some UEFI variables are shared between platform firmware and operating systems. Variable namespaces are identified by GUIDs, and variables are key/value pairs. For example, UEFI variables can be used to keep crash messages in
NVRAM
Non-volatile random-access memory (NVRAM) is random-access memory that retains data without applied power. This is in contrast to dynamic random-access memory (DRAM) and static random-access memory (SRAM), which both maintain data only for as lon ...
after a crash for the operating system to retrieve after a reboot.
; Time services
: UEFI provides time services. Time services include support for time zone and daylight saving fields, which allow the hardware
real-time clock
A real-time clock (RTC) is an electronic device (most often in the form of an integrated circuit) that measures the passage of time.
Although the term often refers to the devices in personal computers, servers and embedded systems, RTCs are pr ...
to be set to local time or UTC. On machines using a PC-AT real-time clock, by default the hardware clock still has to be set to local time for compatibility with BIOS-based Windows, unless using recent versions and an entry in the
Windows registry
The Windows Registry is a hierarchical database that stores low-level settings for the Microsoft Windows operating system and for applications that opt to use the registry. The kernel, device drivers, services, Security Accounts Manager, and use ...
is set to indicate the use of UTC.
Applications
Beyond loading an OS, UEFI can run ''UEFI applications'', which reside as files on the EFI System Partition. They can be executed from the UEFI Shell, by the firmware's
boot manager
A bootloader, also spelled as boot loader or called boot manager and bootstrap loader, is a computer program that is responsible for booting a computer.
When a computer is turned off, its softwareincluding operating systems, application code, a ...
, or by other UEFI applications. ''UEFI applications'' can be developed and installed independently of the
original equipment manufacturer
An original equipment manufacturer (OEM) is generally perceived as a company that produces non-aftermarket parts and equipment that may be marketed by another manufacturer. It is a common industry term recognized and used by many professional or ...
s (OEMs).
A type of UEFI application is an OS boot loader such as
GRUB
Grub can refer to Grub (larva), of the beetle superfamily Scarabaeoidea, or as a slang term for food. It can also refer to:
Places
* Grub, Appenzell Ausserrhoden, Switzerland
* Grub, St. Gallen, Switzerland
* Grub (Amerang), a hamlet in Bavaria, ...
,
rEFInd
rEFInd is a boot manager for Unified Extensible Firmware Interface, UEFI and EFI-based machines. It can be used to boot multiple operating systems that are installed on a single non-volatile device. It also provides a way to launch UEFI applicat ...
Windows Boot Manager
The booting process of Windows Vista and later versions differ from the startup process part of previous versions of Windows.
In this article, unless otherwise specified, what is said about Windows Vista also applies to all later NT operatin ...
; which loads some OS files into memory and executes them. Also, an OS boot loader can provide a user interface to allow the selection of another UEFI application to run. Utilities like the UEFI Shell are also UEFI applications.
Protocols
EFI defines protocols as a set of software interfaces used for communication between two binary modules. All EFI drivers must provide services to others via protocols. The EFI Protocols are similar to the
BIOS interrupt calls
BIOS interrupt calls are a facility that operating systems and application programs use to invoke the facilities of the Basic Input/Output System firmware on IBM PC compatible computers. Traditionally, BIOS calls are mainly used by DOS programs a ...
.
Device drivers
In addition to standard
instruction set architecture
In computer science, an instruction set architecture (ISA), also called computer architecture, is an abstract model of a computer. A device that executes instructions described by that ISA, such as a central processing unit (CPU), is called an ' ...
-specific device drivers, EFI provides for a ISA-independent
device driver
In computing, a device driver is a computer program that operates or controls a particular type of device that is attached to a computer or automaton. A driver provides a software interface to hardware devices, enabling operating systems and ot ...
stored in
non-volatile memory
Non-volatile memory (NVM) or non-volatile storage is a type of computer memory that can retain stored information even after power is removed. In contrast, volatile memory needs constant power in order to retain data.
Non-volatile memory typic ...
as ''EFI byte code'' or ''EBC''. System firmware has an interpreter for EBC images. In that sense, EBC is analogous to
Open Firmware
Open Firmware is a standard defining the interfaces of a computer firmware system, formerly endorsed by the Institute of Electrical and Electronics Engineers (IEEE). It originated at Sun Microsystems, where it was known as OpenBoot, and has bee ...
, the ISA-independent firmware used in
PowerPC
PowerPC (with the backronym Performance Optimization With Enhanced RISC – Performance Computing, sometimes abbreviated as PPC) is a reduced instruction set computer (RISC) instruction set architecture (ISA) created by the 1991 Apple Inc., App ...
-based
Apple Macintosh
The Mac (known as Macintosh until 1999) is a family of personal computers designed and marketed by Apple Inc. Macs are known for their ease of use and minimalist designs, and are popular among students, creative professionals, and software en ...
and
Sun Microsystems
Sun Microsystems, Inc. (Sun for short) was an American technology company that sold computers, computer components, software, and information technology services and created the Java programming language, the Solaris operating system, ZFS, the ...
SPARC
SPARC (Scalable Processor Architecture) is a reduced instruction set computer (RISC) instruction set architecture originally developed by Sun Microsystems. Its design was strongly influenced by the experimental Berkeley RISC system developed ...
computers, among others.
Some architecture-specific (non-EFI Byte Code) EFI drivers for some device types can have interfaces for use by the OS. This allows the OS to rely on EFI for drivers to perform basic graphics and network functions before, and if, operating-system-specific drivers are loaded.
In other cases, the EFI driver can be filesystem drivers that allow for booting from other types of disk volumes. Examples include ''efifs'' for 37 file systems (based on
GRUB2
GNU GRUB (short for GNU GRand Unified Bootloader, commonly referred to as GRUB) is a boot loader package from the GNU Project. GRUB is the reference implementation of the Free Software Foundation's Multiboot Specification, which provides a us ...
code), used by
Rufus
Rufus is a masculine given name, a surname, an Ancient Roman cognomen and a nickname (from Latin ''rufus'', "red"). Notable people with the name include:
Given name
Politicians
* Rufus Ada George (born 1940), Nigerian politician
* Rufus Al ...
for chain-loading NTFS ESPs.
Graphics features
The EFI 1.0 specification defined a UGA (Universal Graphic Adapter) protocol as a way to support graphics features. UEFI did not include UGA and replaced it with GOP (Graphics Output Protocol).
UEFI 2.1 defined a "Human Interface Infrastructure" (HII) to manage user input, localized strings, fonts, and forms (in the
HTML
The HyperText Markup Language or HTML is the standard markup language for documents designed to be displayed in a web browser. It can be assisted by technologies such as Cascading Style Sheets (CSS) and scripting languages such as JavaScri ...
sense). These enable
original equipment manufacturer
An original equipment manufacturer (OEM) is generally perceived as a company that produces non-aftermarket parts and equipment that may be marketed by another manufacturer. It is a common industry term recognized and used by many professional or ...
s (OEMs) or independent BIOS vendors (IBVs) to design graphical interfaces for pre-boot configuration.
Most early UEFI firmware implementations were console-based. Today many UEFI firmware implementations are GUI-based.
EFI system partition
An EFI system partition, often abbreviated to ESP, is a
data storage device
Data storage is the recording (storing) of information (data) in a storage medium. Handwriting, phonographic recording, magnetic tape, and optical discs are all examples of storage media. Biological molecules such as RNA and DNA are conside ...
partition that is used in computers adhering to the UEFI specification. Accessed by the UEFI firmware when a computer is powered up, it stores UEFI applications and the files these applications need to run, including operating system
boot loader
A bootloader, also spelled as boot loader or called boot manager and bootstrap loader, is a computer program that is responsible for booting a computer.
When a computer is turned off, its softwareincluding operating systems, application code, a ...
s. Supported
partition table
Disk partitioning or disk slicing is the creation of one or more regions on secondary storage, so that each region can be managed separately. These regions are called partitions. It is typically the first step of preparing a newly installed disk, ...
El Torito
El Torito (Spanish for "the little bull") is an American chain that serves Mexican food. El Torito operates 69 restaurants primarily in California. For use on ESPs, UEFI defines a specific version of the
FAT file system
File Allocation Table (FAT) is a file system developed for personal computers. Originally developed in 1977 for use on floppy disks, it was adapted for use on Hard disk drive, hard disks and other devices. It is often supported for compatibi ...
, which is maintained as part of the UEFI specification and independently from the original FAT specification, encompassing the
FAT32
File Allocation Table (FAT) is a file system developed for personal computers. Originally developed in 1977 for use on floppy disks, it was adapted for use on hard disks and other devices. It is often supported for compatibility reasons by c ...
,
FAT16
File Allocation Table (FAT) is a file system developed for personal computers. Originally developed in 1977 for use on floppy disks, it was adapted for use on Hard disk drive, hard disks and other devices. It is often supported for compatibi ...
and
FAT12
File Allocation Table (FAT) is a file system developed for personal computers. Originally developed in 1977 for use on floppy disks, it was adapted for use on hard disks and other devices. It is often supported for compatibility reasons by ...
file systems. The ESP also provides space for a boot sector as part of the backward BIOS compatibility.
Booting
UEFI booting
Unlike the legacy PC BIOS, UEFI does not rely on boot sectors, defining instead a boot manager as part of the UEFI specification. When a computer is powered on, the boot manager checks the boot configuration and, based on its settings, then executes the specified OS
boot loader
A bootloader, also spelled as boot loader or called boot manager and bootstrap loader, is a computer program that is responsible for booting a computer.
When a computer is turned off, its softwareincluding operating systems, application code, a ...
or
operating system kernel
The kernel is a computer program at the core of a computer's operating system and generally has complete control over everything in the system. It is the portion of the operating system code that is always resident in memory and facilitates in ...
(usually boot loader). The boot configuration is defined by variables stored in
NVRAM
Non-volatile random-access memory (NVRAM) is random-access memory that retains data without applied power. This is in contrast to dynamic random-access memory (DRAM) and static random-access memory (SRAM), which both maintain data only for as lon ...
, including variables that indicate the file system paths to OS loaders or OS kernels.
OS boot loaders can be automatically detected by UEFI, which enables easy
booting
In computing, booting is the process of starting a computer as initiated via hardware such as a button or by a software command. After it is switched on, a computer's central processing unit (CPU) has no software in its main memory, so som ...
from removable devices such as
USB flash drive
A USB flash drive (also called a thumb drive) is a data storage device that includes flash memory with an integrated USB interface. It is typically removable, rewritable and much smaller than an optical disc. Most weigh less than . Since firs ...
s. This automated detection relies on standardized file paths to the OS boot loader, with the path varying depending on the
computer architecture
In computer engineering, computer architecture is a description of the structure of a computer system made from component parts. It can sometimes be a high-level description that ignores details of the implementation. At a more detailed level, t ...
. The format of the file path is defined as ; for example, the file path to the OS loader on an
x86-64
x86-64 (also known as x64, x86_64, AMD64, and Intel 64) is a 64-bit version of the x86 instruction set, first released in 1999. It introduced two new modes of operation, 64-bit mode and compatibility mode, along with a new 4-level paging mod ...
system is , and on ARM64 architecture.
Booting UEFI systems from GPT-partitioned disks is commonly called ''UEFI-GPT booting''. Despite the fact that the UEFI specification requires MBR partition tables to be fully supported, some UEFI firmware implementations immediately switch to the BIOS-based CSM booting depending on the type of boot disk's partition table, effectively preventing UEFI booting to be performed from EFI System Partition on MBR-partitioned disks. Such a boot scheme is commonly called ''UEFI-MBR''.
It is also common for a boot manager to have a textual user interface so the user can select the desired OS (or setup utility) from a list of available boot options.
CSM booting
To ensure backward compatibility, UEFI firmware implementations on PC-class machines could support booting in legacy BIOS mode from MBR-partitioned disks through the ''Compatibility Support Module (CSM)'' that provides legacy BIOS compatibility. In this scenario, booting is performed in the same way as on legacy BIOS-based systems, by ignoring the partition table and relying on the content of a boot sector.
BIOS-style booting from MBR-partitioned disks is commonly called ''BIOS-MBR'', regardless of it being performed on UEFI or legacy BIOS-based systems. Furthermore, booting legacy BIOS-based systems from GPT disks is also possible, and such a boot scheme is commonly called ''BIOS-GPT''.
The ''Compatibility Support Module'' allows legacy operating systems and some legacy
option ROM
An Option ROM for the PC platform (i.e. the IBM PC and derived successor computer systems) is a piece of firmware that resides in ROM on an expansion card (or stored along with the main system BIOS), which gets executed to initialize the device and ...
s that do not support UEFI to still be used. It also provides required legacy
System Management Mode
System Management Mode (SMM, sometimes called ring −2 in reference to protection rings) is an operating mode of x86 central processor units (CPUs) in which all normal execution, including the operating system, is suspended. An alternate ...
(SMM) functionality, called ''CompatibilitySmm'', as an addition to features provided by the UEFI SMM. An example of such a legacy SMM functionality is providing USB legacy support for keyboard and mouse, by emulating their classic PS/2 counterparts.
In November 2017, Intel announced that it planned to phase out support for CSM by 2020.
In July, of 2022, Kaspersky Labs published information regarding a Rootkit designed to chain boot malicious code on machines using Intel's H81 chipset and the Compatibility Support module of affected motherboards.
Network booting
The UEFI specification includes support for booting over network via the
Preboot eXecution Environment
In computing, the Preboot eXecution Environment, PXE (most often pronounced as ''pixie'', often called PXE Boot/''pixie boot''.) specification describes a standardized client–server environment that boots a software assembly, retrieved from ...
(PXE). PXE booting
network protocol
A communication protocol is a system of rules that allows two or more entities of a communications system to transmit information via any kind of variation of a physical quantity. The protocol defines the rules, syntax, semantics and synchroniza ...
s include
Internet Protocol
The Internet Protocol (IP) is the network layer communications protocol in the Internet protocol suite for relaying datagrams across network boundaries. Its routing function enables internetworking, and essentially establishes the Internet.
IP h ...
(
IPv4
Internet Protocol version 4 (IPv4) is the fourth version of the Internet Protocol (IP). It is one of the core protocols of standards-based internetworking methods in the Internet and other packet-switched networks. IPv4 was the first version de ...
and
IPv6
Internet Protocol version 6 (IPv6) is the most recent version of the Internet Protocol (IP), the communication protocol, communications protocol that provides an identification and location system for computers on networks and routes traffic ...
),
User Datagram Protocol
In computer networking, the User Datagram Protocol (UDP) is one of the core communication protocols of the Internet protocol suite used to send messages (transported as datagrams in packets) to other hosts on an Internet Protocol (IP) network. ...
(UDP),
Dynamic Host Configuration Protocol
The Dynamic Host Configuration Protocol (DHCP) is a network management protocol used on Internet Protocol (IP) networks for automatically assigning IP addresses and other communication parameters to devices connected to the network using a cli ...
(DHCP),
Trivial File Transfer Protocol
Trivial File Transfer Protocol (TFTP) is a simple lockstep File Transfer Protocol which allows a client to get a file from or put a file onto a remote host. One of its primary uses is in the early stages of nodes booting from a local area networ ...
(TFTP) and
iSCSI
Internet Small Computer Systems Interface or iSCSI ( ) is an Internet Protocol-based storage networking standard for linking data storage facilities. iSCSI provides block-level access to storage devices by carrying SCSI commands over a TCP/IP ...
.
OS images can be remotely stored on
storage area network
A storage area network (SAN) or storage network is a computer network which provides access to consolidated, block-level data storage. SANs are primarily used to access data storage devices, such as disk arrays and tape libraries from serve ...
Fibre Channel over Ethernet
Fibre Channel over Ethernet (FCoE) is a computer network technology that encapsulates Fibre Channel frames over Ethernet networks. This allows Fibre Channel to use 10 Gigabit Ethernet networks (or higher speeds) while preserving the Fibre Channel ...
(FCoE) as supported protocols for accessing the SANs.
Version 2.5 of the UEFI specification adds support for accessing boot images over the
HTTP
The Hypertext Transfer Protocol (HTTP) is an application layer protocol in the Internet protocol suite model for distributed, collaborative, hypermedia information systems. HTTP is the foundation of data communication for the World Wide Web, ...
protocol.
Secure Boot
The UEFI 2.3.1 Errata C specification (or higher) defines a protocol known as ''Secure Boot'', which can secure the boot process by preventing the loading of UEFI drivers or OS boot loaders that are not signed with an acceptable
digital signature
A digital signature is a mathematical scheme for verifying the authenticity of digital messages or documents. A valid digital signature, where the prerequisites are satisfied, gives a recipient very high confidence that the message was created b ...
. The mechanical details of how precisely these drivers are to be signed are not specified. When Secure Boot is enabled, it is initially placed in "setup" mode, which allows a public key known as the "platform key" (PK) to be written to the firmware. Once the key is written, Secure Boot enters "User" mode, where only UEFI drivers and OS boot loaders signed with the platform key can be loaded by the firmware. Additional "key exchange keys" (KEK) can be added to a database stored in memory to allow other certificates to be used, but they must still have a connection to the private portion of the platform key. Secure Boot can also be placed in "Custom" mode, where additional public keys can be added to the system that do not match the private key.
Secure Boot is supported by
Windows 8
Windows 8 is a major release of the Windows NT operating system developed by Microsoft. It was Software release life cycle#Release to manufacturing (RTM), released to manufacturing on August 1, 2012; it was subsequently made available for downl ...
and
8.1
Windows 8.1 is a release of the Windows NT operating system developed by Microsoft. It was released to manufacturing on August 27, 2013, and broadly released for retail sale on October 17, 2013, about a year after the retail release of its pre ...
,
Windows Server 2012
Windows Server 2012, codenamed "Windows Server 8", is the sixth version of the Windows Server operating system by Microsoft, as part of the Windows NT family of operating systems. It is the server version of Windows based on Windows 8 and succe ...
and 2012 R2,
Windows 10
Windows 10 is a major release of Microsoft's Windows NT operating system. It is the direct successor to Windows 8.1, which was released nearly two years earlier. It was released to manufacturing on July 15, 2015, and later to retail on J ...
,
Windows Server 2016
Windows Server 2016 is the eighth release of the Windows Server server operating system developed by Microsoft as part of the Windows NT family of operating systems. It was developed concurrently with Windows 10 and is the successor to the Wind ...
,
2019
File:2019 collage v1.png, From top left, clockwise: Hong Kong protests turn to widespread riots and civil disobedience; House of Representatives votes to adopt articles of impeachment against Donald Trump; CRISPR gene editing first used to experim ...
, and
2022
File:2022 collage V1.png, Clockwise, from top left: Road junction at Yamato-Saidaiji Station several hours after the assassination of Shinzo Abe; 2022 Sri Lankan protests, Anti-government protest in Sri Lanka in front of the Presidential Secretari ...
, and
Windows 11
Windows 11 is the latest major release of Microsoft's Windows NT operating system, released in October 2021. It is a free upgrade to its predecessor, Windows 10 (2015), and is available for any Windows 10 devices that meet the new Windows 11 ...
, VMware vSphere 6.5 and a number of
Linux distribution
A Linux distribution (often abbreviated as distro) is an operating system made from a software collection that includes the Linux kernel and, often, a package management system. Linux users usually obtain their operating system by downloading one ...
s including
Fedora
A fedora () is a hat with a soft brim and indented crown.Kilgour, Ruth Edwards (1958). ''A Pageant of Hats Ancient and Modern''. R. M. McBride Company. It is typically creased lengthwise down the crown and "pinched" near the front on both sides ...
(since version 18),
openSUSE
openSUSE () is a free and open-source software, free and open source RPM Package Manager, RPM-based Linux distribution developed by the openSUSE project.
The initial release of the community project was a beta version of SUSE Linux 10.0.
Addi ...
(since version 12.3), RHEL (since version 7), CentOS (since version 7), Debian (since version 10), and
Ubuntu
Ubuntu ( ) is a Linux distribution based on Debian and composed mostly of free and open-source software. Ubuntu is officially released in three editions: '' Desktop'', ''Server'', and ''Core'' for Internet of things devices and robots. All ...
(since version 12.04.2). ,
FreeBSD
FreeBSD is a free and open-source Unix-like operating system descended from the Berkeley Software Distribution (BSD), which was based on Research Unix. The first version of FreeBSD was released in 1993. In 2005, FreeBSD was the most popular ...
support is in a planning stage.
UEFI shell
UEFI provides a shell environment, which can be used to execute other UEFI applications, including UEFI
boot loader
A bootloader, also spelled as boot loader or called boot manager and bootstrap loader, is a computer program that is responsible for booting a computer.
When a computer is turned off, its softwareincluding operating systems, application code, a ...
s. Apart from that, commands available in the UEFI shell can be used for obtaining various other information about the system or the firmware, including getting the memory map (memmap), modifying boot manager variables (bcfg), running partitioning programs (diskpart), loading UEFI drivers, and editing text files (edit).
Source code for a UEFI shell can be downloaded from the
Intel
Intel Corporation is an American multinational corporation and technology company headquartered in Santa Clara, California. It is the world's largest semiconductor chip manufacturer by revenue, and is one of the developers of the x86 seri ...
's
TianoCore
TianoCore EDK II (formerly Tiano) is the reference implementation of UEFI by Intel. EDK is the abbreviation for EFI Development Kit and is developed by the TianoCore community. TianoCore EDK II is the de facto standard generic UEFI services implem ...
UDK/EDK2 project. A pre-built ShellBinPkg is also available. Shell v2 works best in UEFI 2.3+ systems and is recommended over Shell v1 in those systems. Shell v1 should work in all UEFI systems.
Methods used for launching UEFI shell depend on the manufacturer and model of the system
motherboard
A motherboard (also called mainboard, main circuit board, mb, mboard, backplane board, base board, system board, logic board (only in Apple computers) or mobo) is the main printed circuit board (PCB) in general-purpose computers and other expand ...
. Some of them already provide a direct option in firmware setup for launching, e.g. compiled x86-64 version of the shell needs to be made available as /SHELLX64.EFI. Some other systems have an already embedded UEFI shell which can be launched by appropriate key press combinations. For other systems, the solution is either creating an appropriate USB flash drive or adding manually (bcfg) a boot option associated with the compiled version of shell.
Commands
The following is a list of commands supported by the EFI shell.
*
alias
Alias may refer to:
* Pseudonym
* Pen name
* Nickname
Arts and entertainment Film and television
* ''Alias'' (2013 film), a 2013 Canadian documentary film
* ''Alias'' (TV series), an American action thriller series 2001–2006
* ''Alias the ...
comp
Comp, COMP or Comps may refer to:
Places
In England:
* Comp, Kent
In France:
* Comps, Drôme
* Comps, Gard
* Comps, Gironde
* Comps-la-Grand-Ville
* Comps-sur-Artuby
Arts, entertainment, and media
;Music
*Accompaniment, especially in jazz ...
date
Date or dates may refer to:
*Date (fruit), the fruit of the date palm (''Phoenix dactylifera'')
Social activity
*Dating, a form of courtship involving social activity, with the aim of assessing a potential partner
** Group dating
*Play date, a ...
* dblk
* dh
* dmpstore
*
echo
In audio signal processing and acoustics, an echo is a reflection of sound that arrives at the listener with a delay after the direct sound. The delay is directly proportional to the distance of the reflecting surface from the source and the lis ...
* Edd30
* EddDebug
* edit
* err
* guid
*
help
Help is a word meaning to give aid or signal distress.
Help may refer to:
Arts, entertainment, and media
Films
* ''Help'' (2010 film), a Bollywood horror film
* ''Help'' (2021 theatrical film), a British psychological thriller film
* '' ...
mkdir
The mkdir (make directory) command in the Unix, DOS, DR FlexOS, IBM OS/2, Microsoft Windows, and ReactOS operating systems is used to make a new directory. It is also available in the EFI shell and in the PHP scripting language. In DOS, OS/2, ...
* mm
* mode
* mount
* pause
* pci
* reset
* rm
* set
* stall
*
time
Time is the continued sequence of existence and events that occurs in an apparently irreversible succession from the past, through the present, into the future. It is a component quantity of various measurements used to sequence events, to ...
ver Ver or VER may refer to:
* Voluntary Export Restraints, in international trade
* VER, the IATA airport code for General Heriberto Jara International Airport
* Volk's Electric Railway, Brighton, England
* VerPublishing, of the German group VDM P ...
*
vol
Vol or Vols may refer to:
* Vol (command), a computer operating system command
* Vol (heraldry), a heraldic charge
* Volatility (finance)
* Volume (disambiguation)
* Volunteer (Irish republican)
* Nashville Vols, an American minor league baseball t ...
Extensions
Extensions to UEFI can be loaded from virtually any non-volatile storage device attached to the computer. For example, an
original equipment manufacturer
An original equipment manufacturer (OEM) is generally perceived as a company that produces non-aftermarket parts and equipment that may be marketed by another manufacturer. It is a common industry term recognized and used by many professional or ...
(OEM) can distribute systems with an EFI system partition on the hard drive, which would add additional functions to the standard UEFI firmware stored on the motherboard's
ROM
Rom, or ROM may refer to:
Biomechanics and medicine
* Risk of mortality, a medical classification to estimate the likelihood of death for a patient
* Rupture of membranes, a term used during pregnancy to describe a rupture of the amniotic sac
* ...
.
UEFI Capsule
UEFI Capsule defines a Firmware-to-OS firmware update interface, marketed as modern and secure.
Windows 8
Windows 8 is a major release of the Windows NT operating system developed by Microsoft. It was Software release life cycle#Release to manufacturing (RTM), released to manufacturing on August 1, 2012; it was subsequently made available for downl ...
,
Windows 8.1
Windows 8.1 is a release of the Windows NT operating system developed by Microsoft. It was released to manufacturing on August 27, 2013, and broadly released for retail sale on October 17, 2013, about a year after the retail release of its pre ...
,
Windows 10
Windows 10 is a major release of Microsoft's Windows NT operating system. It is the direct successor to Windows 8.1, which was released nearly two years earlier. It was released to manufacturing on July 15, 2015, and later to retail on J ...
, and
Fwupd
fwupd is an open-source daemon for managing the installation of firmware updates on Linux-based systems, developed by GNOME maintainer Richard Hughes. It is designed primarily for servicing the Unified Extensible Firmware Interface (UEFI) firmwa ...
for Linux each support the UEFI Capsule.
Hardware
Like
BIOS
In computing, BIOS (, ; Basic Input/Output System, also known as the System BIOS, ROM BIOS, BIOS ROM or PC BIOS) is firmware used to provide runtime services for operating systems and programs and to perform hardware initialization during the ...
, UEFI initializes and tests system hardware components (e.g. Memory training, PCIe link training, USB link training), and then loads the
boot loader
A bootloader, also spelled as boot loader or called boot manager and bootstrap loader, is a computer program that is responsible for booting a computer.
When a computer is turned off, its softwareincluding operating systems, application code, a ...
from a
mass storage device
In computing, mass storage refers to the storage of large amounts of data in a persisting and machine-readable fashion. In general, the term is used as large in relation to contemporaneous hard disk drives, but it has been used large in relati ...
x86
x86 (also known as 80x86 or the 8086 family) is a family of complex instruction set computer (CISC) instruction set architectures initially developed by Intel based on the Intel 8086 microprocessor and its 8088 variant. The 8086 was introd ...
systems, the UEFI firmware is usually stored in the NOR flash chip of the motherboard.
UEFI classes
UEFI machines can have one of the following "classes", which were used to help ease the transition to UEFI. Starting from the 10th Gen Intel Core, Intel no longer provides Legacy
Video BIOS
Video BIOS is the BIOS of a graphics card in a (usually IBM PC-derived) computer. It initializes the graphics card at the computer's boot time. It also implements INT 10h interrupt and VESA BIOS Extensions (VBE) for basic text and videomode output ...
for the iGPU (
Intel Graphics Technology
Intel Graphics Technology (GT) is the collective name for a series of integrated graphics processors (IGPs) produced by Intel that are manufactured on the same package or die as the central processing unit (CPU). It was first introduced in 20 ...
). Legacy boot with those CPUs requires a Legacy Video BIOS, which can still be provided by a video card.
* Class 0: Legacy BIOS
* Class 1: UEFI with a CSM interface and no external UEFI interface. The only UEFI interfaces are internal to the firmware.
* Class 2: UEFI with CSM and external UEFI interfaces
* Class 3: UEFI without a CSM interface and with an external UEFI interface
* Class 3+: UEFI class 3 that has Secure Boot enabled
Boot stages
SEC – Security Phase
This is the first stage of the UEFI boot but may have platform specific binary code that precedes it. (e.g., Intel ME,
AMD PSP
The AMD Platform Security Processor (PSP), officially known as AMD Secure Technology, is a trusted execution environment subsystem incorporated since about 2013 into AMD microprocessors. According to an AMD developer's guide, the subsystem is "r ...
, CPU
microcode
In processor design, microcode (μcode) is a technique that interposes a layer of computer organization between the central processing unit (CPU) hardware and the programmer-visible instruction set architecture of a computer. Microcode is a laye ...
). It consists of minimal code written in
assembly language
In computer programming, assembly language (or assembler language, or symbolic machine code), often referred to simply as Assembly and commonly abbreviated as ASM or asm, is any low-level programming language with a very strong correspondence be ...
for the specific architecture. It initializes a temporary memory (often CPU cache as RAM) and serves as the system's software root of trust with the option of verifying PEI before hand-off.
PEI – Pre-EFI Initialization
The second stage of UEFI boot consists of a dependency-aware dispatcher that loads and runs PEI modules (PEIMs) to handle early hardware initialization tasks such as
main memory
Computer data storage is a technology consisting of computer components and recording media that are used to retain digital data. It is a core function and fundamental component of computers.
The central processing unit (CPU) of a computer ...
initialization and firmware recovery operations. Additionally, it is responsible for discovery of the current boot mode and handling many ACPI S0ix/ACPI S3 operations. In the case of ACPI S0ix/ACPI S3 resume, it is responsible for restoring many hardware registers to a pre-sleep state. PEI also uses CPU cache as RAM.
DXE – Driver Execution Environment
This stage consist of C modules and a dependency-aware dispatcher. With main memory now available, CPU, chipset, mainboard and boot devices are initialized in DXE and BDS.
BDS – Boot Device Select
BDS is a part of the DXE. In this stage, boot devices are initialized, UEFI drivers or
Option ROM
An Option ROM for the PC platform (i.e. the IBM PC and derived successor computer systems) is a piece of firmware that resides in ROM on an expansion card (or stored along with the main system BIOS), which gets executed to initialize the device and ...
s of PCI devices are executed according to system configuration, and boot options are processed.
TSL – Transient System Load
This is the stage between boot device selection and hand-off to the OS. At this point one may enter UEFI shell, or execute an UEFI application such as the OS boot loader.
RT – Runtime
The UEFI hands off to the
operating system
An operating system (OS) is system software that manages computer hardware, software resources, and provides common services for computer programs.
Time-sharing operating systems schedule tasks for efficient use of the system and may also in ...
(OS) after is executed. A UEFI compatible OS is now responsible for exiting boot services triggering the firmware to unload all no longer needed code and data, leaving only runtime services code/data, e.g. SMM and
ACPI
Advanced Configuration and Power Interface (ACPI) is an open standard that operating systems can use to discover and configure computer hardware components, to perform power management (e.g. putting unused hardware components to sleep), auto c ...
. A typical modern OS will prefer to use its own programs (such as
kernel driver
In computing, a device driver is a computer program that operates or controls a particular type of device that is attached to a computer or automaton. A driver provides a software interface to hardware devices, enabling operating systems and ot ...
s) to control hardware devices.
When a legacy OS is used, CSM will handle this call ensuring the system is compatible with legacy BIOS expectations.
Usage
Implementations
Intel's implementation of EFI is the ''Intel Platform Innovation Framework'', codenamed ''Tiano''. Tiano runs on Intel's
XScale
XScale is a microarchitecture for central processing units initially designed by Intel implementing the ARM architecture (version 5) instruction set. XScale comprises several distinct families: IXP, IXC, IOP, PXA and CE (see more below), with some ...
,
Itanium
Itanium ( ) is a discontinued family of 64-bit Intel microprocessors that implement the Intel Itanium architecture (formerly called IA-64). Launched in June 2001, Intel marketed the processors for enterprise servers and high-performance computin ...
,
x86-32
IA-32 (short for "Intel Architecture, 32-bit", commonly called i386) is the 32-bit version of the x86 instruction set architecture, designed by Intel and first implemented in the 80386 microprocessor in 1985. IA-32 is the first incarnation o ...
and
x86-64
x86-64 (also known as x64, x86_64, AMD64, and Intel 64) is a 64-bit version of the x86 instruction set, first released in 1999. It introduced two new modes of operation, 64-bit mode and compatibility mode, along with a new 4-level paging mod ...
processors, and is proprietary software, although a portion of the code has been released under the
BSD license
BSD licenses are a family of permissive free software licenses, imposing minimal restrictions on the use and distribution of covered software. This is in contrast to copyleft licenses, which have share-alike requirements. The original BSD lic ...
or
Eclipse Public License
The Eclipse Public License (EPL) is a free and open source software license most notably used for the Eclipse IDE and other projects by the Eclipse Foundation. It replaces the Common Public License (CPL) and removes certain terms relating to ...
(EPL) as
TianoCore EDK II
TianoCore EDK II (formerly Tiano) is the reference implementation of UEFI by Intel. EDK is the abbreviation for EFI Development Kit and is developed by the TianoCore community. TianoCore EDK II is the de facto standard generic UEFI services imple ...
. TianoCore can be used as a payload for
coreboot
coreboot, formerly known as LinuxBIOS, is a software project aimed at replacing proprietary firmware (BIOS or UEFI) found in most computers with a lightweight firmware designed to perform only the minimum number of tasks necessary to load and r ...
.
Phoenix Technologies
Phoenix Technologies Ltd is an American company that designs, develops and supports core system software for personal computers and other computing devices. The company's products commonly referred to as BIOS (Basic Input/Output System) or fir ...
' implementation of UEFI is branded as SecureCore Technology (SCT).American Megatrends offers its own UEFI firmware implementation known as Aptio, while
Insyde Software
Insyde Software () is a company that specializes in UEFI system firmware and engineering support services, primarily for OEM and ODM computer and component device manufacturers. They are listed on the Gre Tai Market of Taiwan and headquartered ...
offers InsydeH2O.
In December 2018,
Microsoft
Microsoft Corporation is an American multinational technology corporation producing computer software, consumer electronics, personal computers, and related services headquartered at the Microsoft Redmond campus located in Redmond, Washing ...
released an open source version of its TianoCore EDK2-based UEFI implementation from the
Surface
A surface, as the term is most generally used, is the outermost or uppermost layer of a physical object or space. It is the portion or region of the object that can first be perceived by an observer using the senses of sight and touch, and is ...
line, Project Mu.
An implementation of the UEFI API was introduced into the Universal Boot Loader (
Das U-Boot
Das U-Boot (subtitled "the Universal Boot Loader" and often shortened to U-Boot; see ''History'' for more about the name) is an open-source, primary boot loader used in embedded devices to package the instructions to boot the device's operating ...
) in 2017. On the
ARMv8
ARM (stylised in lowercase as arm, formerly an acronym for Advanced RISC Machines and originally Acorn RISC Machine) is a family of reduced instruction set computer (RISC) instruction set architectures for computer processors, configured ...
architecture
Linux
Linux ( or ) is a family of open-source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991, by Linus Torvalds. Linux is typically packaged as a Linux distribution, which ...
distributions use the U-Boot UEFI implementation in conjunction with
GNU GRUB
GNU GRUB (short for GNU GRand Unified Bootloader, commonly referred to as GRUB) is a boot loader package from the GNU Project. GRUB is the reference implementation of the Free Software Foundation's Multiboot Specification, which provides a use ...
for booting (e.g. SUSE Linux), the same holds true for OpenBSD. For booting from iSCSI
iPXE
iPXE is an open-source implementation of the Preboot eXecution Environment (PXE) client software and bootloader, created in 2010 as a fork of gPXE (gPXE was named Etherboot until 2008).
Platforms
Intel
Intel Corporation is an American multinational corporation and technology company headquartered in Santa Clara, California. It is the world's largest semiconductor chip manufacturer by revenue, and is one of the developers of the x86 seri ...
's first
Itanium
Itanium ( ) is a discontinued family of 64-bit Intel microprocessors that implement the Intel Itanium architecture (formerly called IA-64). Launched in June 2001, Intel marketed the processors for enterprise servers and high-performance computin ...
workstations and servers, released in 2000, implemented EFI 1.02.
Hewlett-Packard
The Hewlett-Packard Company, commonly shortened to Hewlett-Packard ( ) or HP, was an American multinational information technology company headquartered in Palo Alto, California. HP developed and provided a wide variety of hardware components ...
's first Itanium 2 systems, released in 2002, implemented EFI 1.10; they were able to boot
Windows
Windows is a group of several proprietary graphical operating system families developed and marketed by Microsoft. Each family caters to a certain sector of the computing industry. For example, Windows NT for consumers, Windows Server for serv ...
,
Linux
Linux ( or ) is a family of open-source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991, by Linus Torvalds. Linux is typically packaged as a Linux distribution, which ...
,
FreeBSD
FreeBSD is a free and open-source Unix-like operating system descended from the Berkeley Software Distribution (BSD), which was based on Research Unix. The first version of FreeBSD was released in 1993. In 2005, FreeBSD was the most popular ...
and
HP-UX
HP-UX (from "Hewlett Packard Unix") is Hewlett Packard Enterprise's proprietary implementation of the Unix operating system, based on Unix System V (initially System III) and first released in 1984. Current versions support HPE Integrity Ser ...
;
OpenVMS
OpenVMS, often referred to as just VMS, is a multi-user, multiprocessing and virtual memory-based operating system. It is designed to support time-sharing, batch processing, transaction processing and workstation applications. Customers using Ope ...
added UEFI capability in June 2003.
In January 2006,
Apple Inc.
Apple Inc. is an American multinational technology company headquartered in Cupertino, California, United States. Apple is the largest technology company by revenue (totaling in 2021) and, as of June 2022, is the world's biggest company ...
Open Firmware
Open Firmware is a standard defining the interfaces of a computer firmware system, formerly endorsed by the Institute of Electrical and Electronics Engineers (IEEE). It originated at Sun Microsystems, where it was known as OpenBoot, and has bee ...
, which had been used on its previous PowerPC-based systems. On 5 April 2006, Apple first released Boot Camp, which produces a Windows drivers disk and a non-destructive partitioning tool to allow the installation of Windows XP or Vista without requiring a reinstallation of Mac OS X. A firmware update was also released that added BIOS compatibility to its EFI implementation. Subsequent Macintosh models shipped with the newer firmware.
During 2005, more than one million Intel systems shipped with Intel's implementation of UEFI. New mobile, desktop and server products, using Intel's implementation of UEFI, started shipping in 2006. For instance, boards that use the Intel 945 chipset series use Intel's UEFI firmware implementation.
Since 2005, EFI has also been implemented on non-PC architectures, such as
embedded system
An embedded system is a computer system—a combination of a computer processor, computer memory, and input/output peripheral devices—that has a dedicated function within a larger mechanical or electronic system. It is ''embedded'' as ...
s based on
XScale
XScale is a microarchitecture for central processing units initially designed by Intel implementing the ARM architecture (version 5) instruction set. XScale comprises several distinct families: IXP, IXC, IOP, PXA and CE (see more below), with some ...
cores.
The EDK (EFI Developer Kit) includes an NT32 target, which allows EFI firmware and EFI applications to run within a
Windows
Windows is a group of several proprietary graphical operating system families developed and marketed by Microsoft. Each family caters to a certain sector of the computing industry. For example, Windows NT for consumers, Windows Server for serv ...
application. But no direct hardware access is allowed by EDK NT32. This means only a subset of EFI application and drivers can be executed by the EDK NT32 target.
In 2008, more x86-64 systems adopted UEFI. While many of these systems still allow booting only the BIOS-based OSes via the Compatibility Support Module (CSM) (thus not appearing to the user to be UEFI-based), other systems started to allow booting UEFI-based OSes. For example, IBM x3450 server, MSI motherboards with ClickBIOS, HP EliteBook Notebook PCs.
In 2009, IBM shipped System x machines (x3550 M2, x3650 M2, iDataPlex dx360 M2) and
BladeCenter
The IBM BladeCenter was IBM's blade server architecture, until it was replaced by Flex System in 2012. The x86 division was later sold to Lenovo in 2014.
History
Introduced in 2002, based on engineering work started in 1999, the IBM eSe ...
HS22 with UEFI capability. Dell shipped PowerEdge T610, R610, R710, M610 and M710 servers with UEFI capability. More commercially available systems are mentioned in a UEFI whitepaper.
In 2011, major vendors (such as
ASRock
ASRock Inc. is a Taiwanese manufacturer of motherboards, industrial PCs and home theater PCs (HTPC). Founded by Ted Hsu, it was founded in 2002 and is currently owned by Taiwanese electronics company Pegatron.
History
ASRock was originally sp ...
Gigabyte
The gigabyte () is a multiple of the unit byte for digital information. The prefix ''giga'' means 109 in the International System of Units (SI). Therefore, one gigabyte is one billion bytes. The unit symbol for the gigabyte is GB.
This defini ...
, and MSI) launched several consumer-oriented motherboards using the Intel 6-series
LGA 1155
LGA 1155, also called Socket H2, is a zero insertion force flip-chip land grid array (LGA) CPU socket designed by Intel for their CPUs based on the Sandy Bridge (2nd Gen) and Ivy Bridge (3rd Gen) microarchitectures.
It is the successor of L ...
chipset and AMD 9 Series AM3+ chipsets with UEFI.Asus P67 Motherboard Preview
With the release of Windows 8 in October 2012, Microsoft's certification requirements now require that computers include firmware that implements the UEFI specification. Furthermore, if the computer supports the "
Connected Standby
InstantGo or Modern Standby (formerly Connected Standby) is a Microsoft specification for Windows 8 (and later) hardware and software that aims to bring smartphone-type power management capabilities to the PC platform, as well as increasing physic ...
" feature of Windows 8 (which allows devices to have power management comparable to
smartphone
A smartphone is a portable computer device that combines mobile telephone and computing functions into one unit. They are distinguished from feature phones by their stronger hardware capabilities and extensive mobile operating systems, whic ...
s, with an almost instantaneous return from standby mode), then the firmware is not permitted to contain a Compatibility Support Module (CSM). As such, systems that support Connected Standby are incapable of booting Legacy BIOS operating systems.
In October 2017, Intel announced that it would remove legacy PC BIOS support from all its products by 2020, in favor of UEFI Class 3.
Operating systems
An operating system that can be booted from a (U)EFI is called a (U)EFI-aware operating system, defined by (U)EFI specification. Here the term ''booted from a (U)EFI'' means directly booting the system using a (U)EFI operating system loader stored on any storage device. The default location for the operating system loader is /BOOT/BOOT.EFI, where short name of the machine type can be IA32, X64, IA64, ARM or AA64. Some operating systems vendors may have their own boot loaders. They may also change the default boot location.
* The
Linux kernel
The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel. It was originally authored in 1991 by Linus Torvalds for his i386-based PC, and it was soon adopted as the kernel for the GNU ope ...
has been able to use EFI at boot time since early 2000s, using the
elilo
LILO (Linux Loader) is a boot loader for Linux and was the default boot loader for most Linux distributions in the years after the popularity of loadlin. Today, many distributions use GRUB as the default boot loader, but LILO and its variant ELI ...
EFI boot loader or, more recently, EFI versions of
GRUB
Grub can refer to Grub (larva), of the beetle superfamily Scarabaeoidea, or as a slang term for food. It can also refer to:
Places
* Grub, Appenzell Ausserrhoden, Switzerland
* Grub, St. Gallen, Switzerland
* Grub (Amerang), a hamlet in Bavaria, ...
. Grub+Linux also supports booting from a GUID partition table without UEFI. The distribution
Ubuntu
Ubuntu ( ) is a Linux distribution based on Debian and composed mostly of free and open-source software. Ubuntu is officially released in three editions: '' Desktop'', ''Server'', and ''Core'' for Internet of things devices and robots. All ...
added support for UEFI Secure Boot as of version 12.10. Furthermore, the Linux kernel can be compiled with the option to run as an EFI bootloader on its own through the EFI bootstub feature.
*
HP-UX
HP-UX (from "Hewlett Packard Unix") is Hewlett Packard Enterprise's proprietary implementation of the Unix operating system, based on Unix System V (initially System III) and first released in 1984. Current versions support HPE Integrity Ser ...
has used (U)EFI as its boot mechanism on
IA-64
IA-64 (Intel Itanium architecture) is the instruction set architecture (ISA) of the Itanium family of 64-bit Intel microprocessors. The basic ISA specification originated at Hewlett-Packard (HP), and was subsequently implemented by Intel in coll ...
systems since 2002.
*
OpenVMS
OpenVMS, often referred to as just VMS, is a multi-user, multiprocessing and virtual memory-based operating system. It is designed to support time-sharing, batch processing, transaction processing and workstation applications. Customers using Ope ...
has used EFI on IA-64 since its initial evaluation release in December 2003, and for production releases since January 2005. The x86-64 port of OpenVMS also uses UEFI to boot the operating system.
*
Apple
An apple is an edible fruit produced by an apple tree (''Malus domestica''). Apple fruit tree, trees are agriculture, cultivated worldwide and are the most widely grown species in the genus ''Malus''. The tree originated in Central Asia, wh ...
Mac OS X v10.4
Mac OS X Tiger (version 10.4) is the 5th major release of macOS, Apple's desktop and server operating system for Mac computers. Tiger was released to the public on April 29, 2005 for US$129.95 as the successor to Mac OS X 10.3 Panther. Som ...
Tiger and
Mac OS X v10.5
Mac OS X Leopard (version 10.5) is the sixth major release of macOS, Apple's desktop and server operating system for Macintosh computers. Leopard was released on October 26, 2007 as the successor of Mac OS X 10.4 Tiger, and is available in t ...
Leopard implement EFI v1.10 in 32-bit mode even on newer 64-bit CPUs, but full support arrived with OS X v10.8 Mountain Lion.
* The
Itanium
Itanium ( ) is a discontinued family of 64-bit Intel microprocessors that implement the Intel Itanium architecture (formerly called IA-64). Launched in June 2001, Intel marketed the processors for enterprise servers and high-performance computin ...
versions of
Windows 2000
Windows 2000 is a major release of the Windows NT operating system developed by Microsoft and oriented towards businesses. It was the direct successor to Windows NT 4.0, and was Software release life cycle#Release to manufacturing (RTM), releas ...
(Advanced Server Limited Edition and Datacenter Server Limited Edition) implemented EFI 1.10 in 2002. MS
Windows Server 2003
Windows Server 2003 is the sixth version of Windows Server operating system produced by Microsoft. It is part of the Windows NT family of operating systems and was released to manufacturing on March 28, 2003 and generally available on April 24, 2 ...
for
IA-64
IA-64 (Intel Itanium architecture) is the instruction set architecture (ISA) of the Itanium family of 64-bit Intel microprocessors. The basic ISA specification originated at Hewlett-Packard (HP), and was subsequently implemented by Intel in coll ...
, MS
Windows XP 64-bit Edition
Windows XP, which is the next version of Windows NT after Windows 2000 and the successor to the consumer-oriented Windows Me, has been released in several editions since its original release in 2001.
Windows XP is available in many languages. In ...
and
Windows 2000
Windows 2000 is a major release of the Windows NT operating system developed by Microsoft and oriented towards businesses. It was the direct successor to Windows NT 4.0, and was Software release life cycle#Release to manufacturing (RTM), releas ...
Advanced Server Limited Edition, all of which are for the Intel
Itanium
Itanium ( ) is a discontinued family of 64-bit Intel microprocessors that implement the Intel Itanium architecture (formerly called IA-64). Launched in June 2001, Intel marketed the processors for enterprise servers and high-performance computin ...
family of processors, implement EFI, a requirement of the platform through the
DIG64
DIG64 or Developers' Interface Guide for 64-bit Intel Architecture Servers was an alliance between several leading technology companies including Groupe Bull, Fujitsu Siemens, Hitachi, Ltd., Hitachi, Hewlett-Packard, HP, Intel, NEC, and Unisys.
T ...
specification.
* Microsoft introduced UEFI for x64 Windows operating systems with
Windows Vista SP1
Windows Vista is a major release of the Windows NT operating system developed by Microsoft. It was the direct successor to Windows XP, which was released five years before, at the time being the longest time span between successive releases of ...
and
Windows Server 2008
Windows Server 2008 is the fourth release of the Windows Server operating system produced by Microsoft as part of the Windows NT family of the operating systems. It was released to manufacturing on February 4, 2008, and generally to retail on Fe ...
however only UGA (Universal Graphic Adapter) 1.1 or Legacy BIOS
INT 10h
INT 10h, INT 10H or INT 16 is shorthand for BIOS interrupt call 10 hex, the 17th interrupt vector in an x86-based computer system. The BIOS typically sets up a real mode interrupt handler at this vector that provides video services. Such services ...
is supported; Graphics Output Protocol (GOP) is not supported. Therefore, PCs running 64-bit versions of
Windows Vista SP1
Windows Vista is a major release of the Windows NT operating system developed by Microsoft. It was the direct successor to Windows XP, which was released five years before, at the time being the longest time span between successive releases of ...
,
Windows Vista SP2
Windows Vista is a major release of the Windows NT operating system developed by Microsoft. It was the direct successor to Windows XP, which was released five years before, at the time being the longest time span between successive releases of ...
,
Windows 7
Windows 7 is a major release of the Windows NT operating system developed by Microsoft. It was released to manufacturing on July 22, 2009, and became generally available on October 22, 2009. It is the successor to Windows Vista, released nearly ...
,
Windows Server 2008
Windows Server 2008 is the fourth release of the Windows Server operating system produced by Microsoft as part of the Windows NT family of the operating systems. It was released to manufacturing on February 4, 2008, and generally to retail on Fe ...
and
Windows Server 2008 R2
Windows Server 2008 R2 is the fifth version of the Windows Server operating system produced by Microsoft and released as part of the Windows NT family of operating systems. It was released to manufacturing on July 22, 2009, and became General av ...
are compatible with UEFI Class 2. 32-bit UEFI was originally not supported since vendors did not have any interest in producing native 32-bit UEFI firmware because of the mainstream status of
64-bit computing
In computer architecture, 64-bit integers, memory addresses, or other data units are those that are 64 bits wide. Also, 64-bit CPUs and ALUs are those that are based on processor registers, address buses, or data buses of that size. A compute ...
.
Windows 8
Windows 8 is a major release of the Windows NT operating system developed by Microsoft. It was Software release life cycle#Release to manufacturing (RTM), released to manufacturing on August 1, 2012; it was subsequently made available for downl ...
finally introduced further optimizations for UEFI systems, including Graphics Output Protocol (GOP) support, a faster startup, 32-bit UEFI support, and Secure Boot support. Microsoft began requiring UEFI to run Windows with
Windows 11
Windows 11 is the latest major release of Microsoft's Windows NT operating system, released in October 2021. It is a free upgrade to its predecessor, Windows 10 (2015), and is available for any Windows 10 devices that meet the new Windows 11 ...
.
* On 5 March 2013, the
FreeBSD Foundation
The FreeBSD Foundation is a United States-based 501(c)(3) registered non-profit organization dedicated to supporting the FreeBSD project, its development and its community. Funding comes from individual and corporate donations, and is used to sp ...
awarded a grant to a developer seeking to add UEFI support to the
FreeBSD
FreeBSD is a free and open-source Unix-like operating system descended from the Berkeley Software Distribution (BSD), which was based on Research Unix. The first version of FreeBSD was released in 1993. In 2005, FreeBSD was the most popular ...
kernel and bootloader. The changes were initially stored in a discrete branch of the FreeBSD source code, but were merged into the mainline source on 4 April 2014 (revision 264095); the changes include support in the installer as well. UEFI boot support for amd64 first appeared in FreeBSD 10.1 and for arm64 in FreeBSD 11.0.
* Oracle
Solaris
Solaris may refer to:
Arts and entertainment Literature, television and film
* ''Solaris'' (novel), a 1961 science fiction novel by Stanisław Lem
** ''Solaris'' (1968 film), directed by Boris Nirenburg
** ''Solaris'' (1972 film), directed by ...
11.1 and later support UEFI boot for x86 systems with UEFI firmware version 2.1 or later.
GRUB
Grub can refer to Grub (larva), of the beetle superfamily Scarabaeoidea, or as a slang term for food. It can also refer to:
Places
* Grub, Appenzell Ausserrhoden, Switzerland
* Grub, St. Gallen, Switzerland
* Grub (Amerang), a hamlet in Bavaria, ...
2 is used as the boot loader on x86.
*
OpenBSD
OpenBSD is a security-focused, free and open-source, Unix-like operating system based on the Berkeley Software Distribution (BSD). Theo de Raadt created OpenBSD in 1995 by forking NetBSD 1.0. According to the website, the OpenBSD project em ...
5.9 introduced UEFI boot support for 64-bit x86 systems using its own custom loader, OpenBSD 6.0 extended that support to include ARMv7.
Use of UEFI with virtualization
*
HP Integrity Virtual Machines
Integrity Virtual Machines is software from Hewlett-Packard that allows multiple virtual machines to run concurrently on any Itanium server running HP-UX, notably the HPE Integrity Servers line. It is part of HP's Virtual Server Environment suite ...
provides UEFI boot on HP Integrity Servers. It also provides a virtualized UEFI environment for the guest UEFI-aware OSes.
* Intel hosts an Open Virtual Machine Firmware project on SourceForge.
*
VMware Fusion
VMware Fusion is a software hypervisor developed by VMware for Mac computers. VMware Fusion allows Macs with Intel or the Apple M series of chips to run virtual machines with guest operating systems, such as Microsoft Windows, Linux, or macOS, ...
3 software for Mac OS X can boot Mac OS X Server virtual machines using UEFI.
*
VMware Workstation
VMware Workstation Pro (known as VMware Workstation until release of VMware Workstation 12 in 2015) is a hosted (Type 2) hypervisor that runs on x64 versions of Windows and Linux operating systemshttps://kb.vmware.com/selfservice/microsites/sear ...
prior to version 11 unofficially supports UEFI, but is manually enabled by editing the .vmx file.
VMware Workstation
VMware Workstation Pro (known as VMware Workstation until release of VMware Workstation 12 in 2015) is a hosted (Type 2) hypervisor that runs on x64 versions of Windows and Linux operating systemshttps://kb.vmware.com/selfservice/microsites/sear ...
version 11 and above supports UEFI, independently of whether the physical host system is UEFI-based. VMware Workstation 14 (and accordingly, Fusion 10) adds support for the
Secure Boot
UEFI (Unified Extensible Firmware Interface) is a set of specifications written by the UEFI Forum. They define the architecture of the platform firmware used for booting and its interface for interaction with the operating system. Examples of ...
feature of UEFI.
* The
vSphere
VMware vSphere (formerly VMware Infrastructure 4) is VMware's cloud computing virtualization platform.
It includes an updated vCenter Configuration Manager, as well as vCenter Application Discovery Manager, and the ability of vMotion to move m ...
ESXi
VMware ESXi (formerly ESX) is an enterprise-class, type-1 hypervisor developed by VMware for deploying and serving virtual computers. As a type-1 hypervisor, ESXi is not a software application that is installed on an operating system (OS); ...
5.0 hypervisor officially support UEFI. Version 6.5 adds support for Secure Boot.
*
VirtualBox
Oracle VM VirtualBox (formerly Sun VirtualBox, Sun xVM VirtualBox and Innotek VirtualBox) is a type-2 hypervisor for x86 virtualization developed by Oracle Corporation.
VirtualBox was originally created by Innotek GmbH, which was acquired by ...
has implemented UEFI since 3.1, but limited to Unix/Linux operating systems and Windows 8 and later (does not work with Windows Vista x64 and Windows 7 x64).
*
QEMU
QEMU is a free and open-source emulator (Quick EMUlator). It emulates the machine's processor through dynamic binary translation and provides a set of different hardware and device models for the machine, enabling it to run a variety of guest ...
/ KVM can be used with the Open Virtual Machine Firmware (OVMF) provided by
TianoCore
TianoCore EDK II (formerly Tiano) is the reference implementation of UEFI by Intel. EDK is the abbreviation for EFI Development Kit and is developed by the TianoCore community. TianoCore EDK II is the de facto standard generic UEFI services implem ...
.
* The VMware ESXi version 5 hypervisor, part of
VMware
VMware, Inc. is an American cloud computing and virtualization technology company with headquarters in Palo Alto, California. VMware was the first commercially successful company to virtualize the x86 architecture.
VMware's desktop software ru ...
vSphere, supports virtualized UEFI as an alternative to the legacy PC BIOS inside a virtual machine.
* The second generation of the Microsoft
Hyper-V
Microsoft Hyper-V, codenamed Viridian, and briefly known before its release as Windows Server Virtualization, is a native hypervisor; it can create virtual machines on x86-64 systems running Windows. Starting with Windows 8, Hyper-V superseded W ...
virtual machine supports virtualized UEFI.
*
Google Cloud Platform
Google Cloud Platform (GCP), offered by Google, is a suite of cloud computing services that runs on the same infrastructure that Google uses internally for its end-user products, such as Google Search, Gmail, Google Drive, and YouTube. Alongside ...
Shielded VMs support virtualized UEFI to enable Secure Boot.
Applications development
''EDK2 Application Development Kit'' (EADK) makes it possible to use
standard C library
The C standard library or libc is the standard library for the C (programming language), C programming language, as specified in the ISO C standard.International Organization for Standardization, ISO/International Electrotechnical Commission, IEC ...
functions in UEFI applications. EADK can be freely downloaded from the
Intel
Intel Corporation is an American multinational corporation and technology company headquartered in Santa Clara, California. It is the world's largest semiconductor chip manufacturer by revenue, and is one of the developers of the x86 seri ...
's TianoCore UDK / EDK2
SourceForge
SourceForge is a web service that offers software consumers a centralized online location to control and manage open-source software projects and research business software. It provides source code repository hosting, bug tracking, mirrorin ...
project. As an example, a port of the
Python
Python may refer to:
Snakes
* Pythonidae, a family of nonvenomous snakes found in Africa, Asia, and Australia
** ''Python'' (genus), a genus of Pythonidae found in Africa and Asia
* Python (mythology), a mythical serpent
Computing
* Python (pro ...
interpreter is made available as a UEFI application by using the EADK. The development has moved to GitHub since UDK2015.
A minimalistic " hello, world" C program written using EADK looks similar to its usual C counterpart:
#include
#include
#include
EFI_STATUS EFIAPI ShellAppMain(IN UINTN Argc, IN CHAR16 **Argv)
Criticism
Numerous digital rights activists have protested against UEFI.
Ronald G. Minnich, a co-author of
coreboot
coreboot, formerly known as LinuxBIOS, is a software project aimed at replacing proprietary firmware (BIOS or UEFI) found in most computers with a lightweight firmware designed to perform only the minimum number of tasks necessary to load and r ...
, and
Cory Doctorow
Cory Efram Doctorow (; born July 17, 1971) is a Canadian-British blogger, journalist, and science fiction author who served as co-editor of the blog ''Boing Boing''. He is an activist in favour of liberalising copyright laws and a proponent of ...
, a digital rights activist, have criticized UEFI as an attempt to remove the ability of the user to truly control the computer. It does not solve the BIOS's long-standing problems of requiring two different drivers—one for the firmware and one for the operating system—for most hardware.
Open-source project TianoCore also provides UEFI interfaces. TianoCore lacks the specialized drivers that initialize chipset functions, which are instead provided by
coreboot
coreboot, formerly known as LinuxBIOS, is a software project aimed at replacing proprietary firmware (BIOS or UEFI) found in most computers with a lightweight firmware designed to perform only the minimum number of tasks necessary to load and r ...
, of which TianoCore is one of many payload options. The development of coreboot requires cooperation from chipset manufacturers to provide the specifications needed to develop initialization drivers.
Secure Boot
In 2011, Microsoft announced that computers certified to run its
Windows 8
Windows 8 is a major release of the Windows NT operating system developed by Microsoft. It was Software release life cycle#Release to manufacturing (RTM), released to manufacturing on August 1, 2012; it was subsequently made available for downl ...
operating system had to ship with Microsoft's public key enrolled and Secure Boot enabled. Following the announcement, the company was accused by critics and free software/open source advocates (including the
Free Software Foundation
The Free Software Foundation (FSF) is a 501(c)#501(c)(3), 501(c)(3) non-profit organization founded by Richard Stallman on October 4, 1985, to support the free software movement, with the organization's preference for software being distributed ...
) of trying to use the Secure Boot functionality of UEFI to hinder or outright prevent the installation of alternative operating systems such as
Linux
Linux ( or ) is a family of open-source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991, by Linus Torvalds. Linux is typically packaged as a Linux distribution, which ...
. Microsoft denied that the Secure Boot requirement was intended to serve as a form of lock-in, and clarified its requirements by stating that x86-based systems certified for Windows 8 must allow Secure Boot to enter custom mode or be disabled, but not on systems using the
ARM architecture
ARM (stylised in lowercase as arm, formerly an acronym for Advanced RISC Machines and originally Acorn RISC Machine) is a family of reduced instruction set computer (RISC) instruction set architectures for computer processors, configured ...
.
Windows 10
Windows 10 is a major release of Microsoft's Windows NT operating system. It is the direct successor to Windows 8.1, which was released nearly two years earlier. It was released to manufacturing on July 15, 2015, and later to retail on J ...
allows
OEM
An original equipment manufacturer (OEM) is generally perceived as a company that produces non-aftermarket parts and equipment that may be marketed by another manufacturer. It is a common industry term recognized and used by many professional or ...
s to decide whether or not Secure Boot can be managed by users of their x86 systems.
Other developers raised concerns about the legal and practical issues of implementing support for Secure Boot on Linux systems in general. Former
Red Hat
Red Hat, Inc. is an American software company that provides open source software products to enterprises. Founded in 1993, Red Hat has its corporate headquarters in Raleigh, North Carolina, with other offices worldwide.
Red Hat has become ass ...
developer
Matthew Garrett
Matthew Garrett is an Irish technologist, programmer, and free software activist who is a major contributor to a series of free software projects including Linux, GNOME, Debian, Ubuntu, and Red Hat. He has received the Free Software Award ...
noted that conditions in the
GNU General Public License version 3
The GNU General Public License (GNU GPL or simply GPL) is a series of widely used free software licenses that guarantee end users the four freedoms to run, study, share, and modify the software. The license was the first copyleft for general u ...
may prevent the use of the GNU GRand Unified Bootloader without a distribution's developer disclosing the private key (however, the
Free Software Foundation
The Free Software Foundation (FSF) is a 501(c)#501(c)(3), 501(c)(3) non-profit organization founded by Richard Stallman on October 4, 1985, to support the free software movement, with the organization's preference for software being distributed ...
has since clarified its position, assuring that the responsibility to make keys available was held by the hardware manufacturer), and that it would also be difficult for advanced users to build custom
kernel
Kernel may refer to:
Computing
* Kernel (operating system), the central component of most operating systems
* Kernel (image processing), a matrix used for image convolution
* Compute kernel, in GPGPU programming
* Kernel method, in machine learnin ...
s that could function with Secure Boot enabled without self-signing them. Other developers suggested that signed builds of Linux with another key could be provided, but noted that it would be difficult to persuade OEMs to ship their computers with the required key alongside the Microsoft key.
Several major Linux distributions have developed different implementations for Secure Boot. Garrett himself developed a minimal bootloader known as a shim, which is a precompiled, signed bootloader that allows the user to individually trust keys provided by Linux distributions. Ubuntu 12.10 uses an older version of shim pre-configured for use with
Canonical
The adjective canonical is applied in many contexts to mean "according to the canon" the standard, rule or primary source that is accepted as authoritative for the body of knowledge or literature in that context. In mathematics, "canonical example ...
's own key that verifies only the bootloader and allows unsigned kernels to be loaded; developers believed that the practice of signing only the bootloader is more feasible, since a trusted kernel is effective at securing only the
user space
A modern computer operating system usually segregates virtual memory into user space and kernel space. Primarily, this separation serves to provide memory protection and hardware protection from malicious or errant software behaviour.
Kernel ...
, and not the pre-boot state for which Secure Boot is designed to add protection. That also allows users to build their own kernels and use custom
kernel module
In computing, a loadable kernel module (LKM) is an object file that contains code to extend the running kernel, or so-called ''base kernel'', of an operating system. LKMs are typically used to add support for new hardware (as device drivers) and/o ...
s as well, without the need to reconfigure the system. Canonical also maintains its own private key to sign installations of Ubuntu pre-loaded on certified OEM computers that run the operating system, and also plans to enforce a Secure Boot requirement as wellrequiring both a Canonical key and a Microsoft key (for compatibility reasons) to be included in their firmware.
Fedora
A fedora () is a hat with a soft brim and indented crown.Kilgour, Ruth Edwards (1958). ''A Pageant of Hats Ancient and Modern''. R. M. McBride Company. It is typically creased lengthwise down the crown and "pinched" near the front on both sides ...
also uses shim, but requires that both the kernel and its modules be signed as well.
It has been disputed whether the operating system kernel and its modules must be signed as well; while the UEFI specifications do not require it, Microsoft has asserted that their contractual requirements do, and that it reserves the right to revoke any certificates used to sign code that can be used to compromise the security of the system. In Windows, only WHQL kernel driver is allowed if Secure Boot enabled. In February 2013, another Red Hat developer attempted to submit a patch to the Linux kernel that would allow it to parse Microsoft's authenticode signing using a master
X.509
In cryptography, X.509 is an International Telecommunication Union (ITU) standard defining the format of public key certificates. X.509 certificates are used in many Internet protocols, including TLS/SSL, which is the basis for HTTPS, the secu ...
key embedded in PE files signed by Microsoft. However, the proposal was criticized by Linux creator
Linus Torvalds
Linus Benedict Torvalds ( , ; born 28 December 1969) is a Finnish software engineer who is the creator and, historically, the lead developer of the Linux kernel, used by Linux distributions and other operating systems such as Android. He also c ...
, who attacked Red Hat for supporting Microsoft's control over the Secure Boot infrastructure.
On 26 March 2013, the
Spanish
Spanish might refer to:
* Items from or related to Spain:
**Spaniards are a nation and ethnic group indigenous to Spain
**Spanish language, spoken in Spain and many Latin American countries
**Spanish cuisine
Other places
* Spanish, Ontario, Can ...
free software development group Hispalinux filed a formal complaint with the
European Commission
The European Commission (EC) is the executive of the European Union (EU). It operates as a cabinet government, with 27 members of the Commission (informally known as "Commissioners") headed by a President. It includes an administrative body o ...
, contending that Microsoft's Secure Boot requirements on OEM systems were "obstructive" and
anti-competitive
Anti-competitive practices are business or government practices that prevent or reduce competition in a market. Antitrust laws differ among state and federal laws to ensure businesses do not engage in competitive practices that harm other, usuall ...
.
At the
Black Hat conference
Black Hat Briefings (commonly referred to as Black Hat) is a computer security conference that provides security consulting, training, and briefings to hackers, corporations, and government agencies around the world. Black Hat brings together a ...
in August 2013, a group of security researchers presented a series of exploits in specific vendor implementations of UEFI that could be used to exploit Secure Boot.
In August 2016 it was reported that two security researchers had found the "golden key" security key Microsoft uses in signing operating systems. Technically, no key was exposed, however, an exploitable binary signed by the key was. This allows any software to run as though it was genuinely signed by Microsoft and exposes the possibility of
rootkit
A rootkit is a collection of computer software, typically malicious, designed to enable access to a computer or an area of its software that is not otherwise allowed (for example, to an unauthorized user) and often masks its existence or the exis ...
and
bootkit
A rootkit is a collection of computer software, typically malicious, designed to enable access to a computer or an area of its software that is not otherwise allowed (for example, to an unauthorized user) and often masks its existence or the exis ...
attacks. This also makes patching the fault impossible, since any patch can be replaced (downgraded) by the (signed) exploitable binary. Microsoft responded in a statement that the vulnerability only exists in
ARM architecture
ARM (stylised in lowercase as arm, formerly an acronym for Advanced RISC Machines and originally Acorn RISC Machine) is a family of reduced instruction set computer (RISC) instruction set architectures for computer processors, configured ...
and
Windows RT
Windows RT is a mobile operating system developed by Microsoft. It is a version of Windows 8 or Windows 8.1 built for the 32-bit ARM architecture (ARMv7). First unveiled in January 2011 at Consumer Electronics Show, the Windows RT 8 operat ...
devices, and has released two patches; however, the patches do not (and cannot) remove the vulnerability, which would require key replacements in end user firmware to fix.
Many
Linux distributions
A Linux distribution (often abbreviated as distro) is an operating system made from a software collection that includes the Linux kernel and, often, a package management system. Linux users usually obtain their operating system by downloading one ...
support UEFI Secure Boot now, such as
RHEL
Red Hat Enterprise Linux (RHEL) is a commercial open-source Linux distribution developed by Red Hat for the commercial market. Red Hat Enterprise Linux is released in server versions for x86-64, Power ISA, ARM64, and IBM Z and a desktop versio ...
(RHEL 7 and later),
CentOS
CentOS (, from Community Enterprise Operating System; also known as CentOS Linux) is a Linux distribution that provides a free and open-source community-supported computing platform, functionally compatible with its upstream source, Red Hat En ...
(CentOS 7 and later),
Ubuntu
Ubuntu ( ) is a Linux distribution based on Debian and composed mostly of free and open-source software. Ubuntu is officially released in three editions: '' Desktop'', ''Server'', and ''Core'' for Internet of things devices and robots. All ...
,
Fedora
A fedora () is a hat with a soft brim and indented crown.Kilgour, Ruth Edwards (1958). ''A Pageant of Hats Ancient and Modern''. R. M. McBride Company. It is typically creased lengthwise down the crown and "pinched" near the front on both sides ...
,
Debian
Debian (), also known as Debian GNU/Linux, is a Linux distribution composed of free and open-source software, developed by the community-supported Debian Project, which was established by Ian Murdock on August 16, 1993. The first version of D ...
(Debian 10 and later),
OpenSUSE
openSUSE () is a free and open-source software, free and open source RPM Package Manager, RPM-based Linux distribution developed by the openSUSE project.
The initial release of the community project was a beta version of SUSE Linux 10.0.
Addi ...
The increased prominence of UEFI firmware in devices has also led to a number of technical problems blamed on their respective implementations.
Following the release of Windows 8 in late 2012, it was discovered that certain
Lenovo
Lenovo Group Limited, often shortened to Lenovo ( , ), is a Chinese Multinational corporation, multinational technology company specializing in designing, manufacturing, and marketing consumer electronics, Personal computer, personal computers, ...
computer models with Secure Boot had firmware that was hardcoded to allow only executables named "
Windows Boot Manager
The booting process of Windows Vista and later versions differ from the startup process part of previous versions of Windows.
In this article, unless otherwise specified, what is said about Windows Vista also applies to all later NT operatin ...
" or "
Red Hat Enterprise Linux
Red Hat Enterprise Linux (RHEL) is a commercial open-source Linux distribution developed by Red Hat for the commercial market. Red Hat Enterprise Linux is released in server versions for x86-64, Power ISA, ARM64, and IBM Z and a desktop version ...
" to load, regardless of any other setting. Other problems were encountered by several
Toshiba
, commonly known as Toshiba and stylized as TOSHIBA, is a Japanese multinational conglomerate corporation headquartered in Minato, Tokyo, Japan. Its diversified products and services include power, industrial and social infrastructure system ...
laptop models with Secure Boot that were missing certain certificates required for its proper operation.
In January 2013, a bug surrounding the UEFI implementation on some
Samsung
The Samsung Group (or simply Samsung) ( ko, 삼성 ) is a South Korean multinational manufacturing conglomerate headquartered in Samsung Town, Seoul, South Korea. It comprises numerous affiliated businesses, most of them united under the ...
laptops was publicized, which caused them to be
bricked
A brick (or bricked device) is a mobile device, game console, router (computing), router or other consumer electronics, consumer electronic device that is no longer functional due to corrupted firmware, a computer hardware, hardware problem, or ...
after installing a Linux distribution in UEFI mode. While potential conflicts with a kernel module designed to access system features on Samsung laptops were initially blamed (also prompting kernel maintainers to disable the module on UEFI systems as a safety measure), Matthew Garrett discovered that the bug was actually triggered by storing too many UEFI variables to memory, and that the bug could also be triggered under Windows under certain conditions. In conclusion, he determined that the offending kernel module had caused kernel message dumps to be written to the firmware, thus triggering the bug.
See also
*
OpenBIOS
OpenBIOS is a project aiming to provide free and open source implementations of Open Firmware. It is also the name of such an implementation.
Most of the implementations provided by OpenBIOS rely on additional lower-level firmware for hardware i ...
*
UEFI Platform Initialization
The Platform Initialization Specification (PI Specification) is a specification published by the Unified EFI Forum that describes the internal interfaces between different parts of computer platform firmware. This allows for more interoperability ...
(UEFI PI)
*
Advanced Configuration and Power Interface
Advanced Configuration and Power Interface (ACPI) is an open standard that operating systems can use to discover and configure computer hardware components, to perform power management (e.g. putting unused hardware components to sleep), auto c ...
Trusted Platform Module
Trusted Platform Module (TPM, also known as ISO/IEC 11889) is an international standard for a secure cryptoprocessor, a dedicated microcontroller designed to secure hardware through integrated cryptographic keys. The term can also refer to a ch ...
(TPM)
*
UEFITool
UEFITool is a software program for reading and modifying EEPROM images that contain an UEFI firmware. Features include the ability to view the flash regions and to extract and import them.
References
External links
UEFITool GitHub repositor ...