UEFI

BIOS limitations (such as 16-bit real mode, 1 MB addressable memory space,[7] assembly language programming, and PC AT hardware) had become too restrictive for the larger server platforms Itanium was targeting.

[28] Unofficial UEFI support is under development for POWERPC64 by implementing TianoCore on top of OPAL,[29] the OpenPOWER abstraction layer, running in little-endian mode.

[8][35] 64-bit UEFI firmware implementations support long mode, which allows applications in the preboot environment to use 64-bit addressing to get direct access to all of the machine's memory.

Commonly 1 MB in size, this partition's Globally Unique Identifier (GUID) in GPT scheme is 21686148-6449-6E6F-744E-656564454649 and is used by GRUB only in BIOS-GPT setups.

Such a setup is usually referred to as UEFI-GPT, while ESP is recommended to be at least 512 MB in size and formatted with a FAT32 filesystem for maximum compatibility.

Also, an OS boot loader can provide a user interface to allow the selection of another UEFI application to run.

[58] UEFI 2.1 defined a "Human Interface Infrastructure" (HII) to manage user input, localized strings, fonts, and forms (in the HTML sense).

These enable original equipment manufacturers (OEMs) or independent BIOS vendors (IBVs) to design graphical interfaces for pre-boot configuration.

Supported partition table schemes include MBR and GPT, as well as El Torito volumes on optical discs.

[50] BIOS-style booting from MBR-partitioned disks is commonly called BIOS-MBR, regardless of it being performed on UEFI or legacy BIOS-based systems.

[64] In July, of 2022, Kaspersky Labs published information regarding a Rootkit designed to chain boot malicious code on machines using Intel's H81 chipset and the Compatibility Support module of affected motherboards.

[citation needed] The UEFI specification includes support for booting over network via the Preboot eXecution Environment (PXE).

[48] Apart from that, commands available in the UEFI shell can be used for obtaining various other information about the system or the firmware, including getting the memory map (memmap), modifying boot manager variables (bcfg), running partitioning programs (diskpart), loading UEFI drivers, and editing text files (edit).

][89] For other systems, the solution is either creating an appropriate USB flash drive or adding manually (bcfg) a boot option associated with the compiled version of shell.

[94][95] In some ARM-based Android and Windows Phone devices, the UEFI boot loader is stored in the eMMC or eUFS flash memory.

It initializes a temporary memory (often CPU cache-as-RAM (CAR), or SoC on-chip SRAM) and serves as the system's software root of trust with the option of verifying PEI before hand-off.

[102][failed verification] A typical modern OS will prefer to use its own programs (such as kernel drivers) to control hardware devices.

In December 2018, Microsoft released an open source version of its TianoCore EDK2-based UEFI implementation from the Surface line, Project Mu.

Hewlett-Packard's first Itanium 2 systems, released in 2002, implemented EFI 1.10; they were able to boot Windows, Linux, FreeBSD and HP-UX; OpenVMS added UEFI capability in June 2003.

[117][118] In October 2017, Intel announced that it would remove legacy PC BIOS support from all its products by 2020, in favor of UEFI Class 3.

[159] A minimalistic "hello, world" C program written using EADK looks similar to its usual C counterpart: Numerous digital rights activists have protested UEFI.

Ronald G. Minnich, a co-author of coreboot, and Cory Doctorow, a digital rights activist, have criticized UEFI as an attempt to remove the ability of the user to truly control the computer.

[167] Other developers raised concerns about the legal and practical issues of implementing support for Secure Boot on Linux systems in general.

Former Red Hat developer Matthew Garrett noted that conditions in the GNU General Public License version 3 may prevent the use of the GNU GRand Unified Bootloader without a distribution's developer disclosing the private key (however, the Free Software Foundation has since clarified its position, assuring that the responsibility to make keys available was held by the hardware manufacturer),[168][122] and that it would also be difficult for advanced users to build custom kernels that could function with Secure Boot enabled without self-signing them.

pre-configured for use with Canonical's own key that verifies only the bootloader and allows unsigned kernels to be loaded; developers believed that the practice of signing only the bootloader is more feasible, since a trusted kernel is effective at securing only the user space, and not the pre-boot state for which Secure Boot is designed to add protection.

However, the proposal was criticized by Linux creator Linus Torvalds, who attacked Red Hat for supporting Microsoft's control over the Secure Boot infrastructure.

[173] On 26 March 2013, the Spanish free software development group Hispalinux filed a formal complaint with the European Commission, contending that Microsoft's Secure Boot requirements on OEM systems were "obstructive" and anti-competitive.

[182] The increased prominence of UEFI firmware in devices has also led to a number of technical problems blamed on their respective implementations.

[184] Other problems were encountered by several Toshiba laptop models with Secure Boot that were missing certain certificates required for its proper operation.

While potential conflicts with a kernel module designed to access system features on Samsung laptops were initially blamed (also prompting kernel maintainers to disable the module on UEFI systems as a safety measure), Matthew Garrett discovered that the bug was actually triggered by storing too many UEFI variables to memory, and that the bug could also be triggered under Windows under certain conditions.

Boot order selection menu on a Lenovo ThinkPad T470 with both UEFI and BIOS support.
The UEFI implementation is usually stored on NOR -based flash memory [ 2 ] [ 3 ] [ 4 ] located on the motherboard . Various I/O protocols can be used, SPI being the most common.
Example of UEFI variables
Interaction between the EFI boot manager and EFI drivers
Boot process
Example of an active Secure Boot as detected by rEFInd boot manager
Example of an UEFI shell 2.2 session
Microsoft Surface UEFI, the UEFI used on all Surface models made after 2015
Examples of custom Secure Boot public keys
MokManager, a part of shim bootloader used to enroll Machine Owner Key (MOK) to UEFI system