Goodbye BIOS, hello UEFI
Your computer's basic input/output system (BIOS) is about to become history and be replaced by Unified Extensible Firmware Interface (UEFI) -- and that brings both advantages and problems.
When you turn on your computer, a primitive system that dates back more than 30 years, the basic input/output system (BIOS), turns your cold hardware into a functioning system that your operating system can then boot from. Alas, it's sadly out of date. PC makers have slowly been replacing BIOS with the Unified Extensible Firmware Interface (UEFI). That's all well and good, but one UEFI feature, Secure Boot, could be used to lock PCs into being only able to boot one operating system: Windows 8.
So, what's really going on here? Is UEFI just a way for Microsoft and its most loyal original equipment manufacturers (OEMs) to keep Linux and other alternative operating systems out or is it more than that? To answer that, let's take a look at what's what with UEFI.
What is UEFI
If you're in the computer hardware business, you know that BIOS has been terribly outdated for decades. For example, a BIOS only has 1,024KB (kilobytes) of executable space. That, in turn means, a BIOS has trouble starting up the multiple peripheral interfaces (USB, eSATA, ThunderBolt, etc.) devices, ports, and controllers on a modern PC. Just as annoying, the BIOS was never meant to initialize more than a handful of devices so even if you can get all devices ready to go it will take up to 30 seconds after you turn the switch on before your PC is ready to start booting.
The computer companies aren't dumb. They knew that BIOS was obsolete even before the 21st century dawned. But, until recently they couldn't agree on how to replace it.
In 1998, Intel started work on the “Intel Boot Initiative” (IBI), later known as Extensible Firmware Interface (EFI). While Apple, in its Intel-based Macs, and HP, with its Itanium 2 servers, used it, the other OEMs and, needless to say, Intel's rival chip vendors, weren't initially keen on adopting EFI. In 2007, Intel, along with AMD, AMI, Apple, Dell, HP, IBM, Lenovo, Microsoft, and Phoenix Technologies, finally agreed to use UEFI (the re-branded EFI) as the universal replacement for BIOS.
Don't mistake UEFI as being purely a BIOS replacement. It's not.
UEFI is a mini-operating system that sits on top of a computer's hardware and firmware. Instead of being stored in firmware, as is the BIOS, the UEFI code is stored in the /EFI/ directory in non-volatile memory. Thus, UEFI can be in NAND flash memory on the motherboard or it can reside on a hard drive, or even on a network share.
Even in a UEFI system there will still be a little bit of the BIOS in the firmware to enable UEFI itself to "boot" up.
The UEFI advantage
The first thing you'll notice about UEFI systems is that they boot faster and you can have even larger primary drives. The BIOS is unable to boot from hard disks with more than 2.2TB (terabytes). That's a hard limit set in the Master Boot Record (MBR) that you can't fix. In the BIOS MBR, the maximum space for a drive is determined by the formula: 2 to the 32nd times 512 bits. This is an old hard drive addressing scheme. What it means in practice is that all but the most up-to-date computers can't boot with hard drives that are larger than 2.2TB. With 3TB drives now becoming common, OEMs have no choice but to move to UEFI on high-end PCs.
UEFI uses the GUID (Globally Unique ID) Partition Table, both to replace the MBR and address partitions. With GUID, you'll be able to boot from hard disks as large as 9.4ZB (zetabytes). How big is that? Well, everything -- and I mean everything -- on the Internet is believed to be just over 3ZBs. I don't think we have to worry about UEFI not being able to manage any drive it's likely to run into anytime soon.
From a business standpoint, BIOS has long been totally inadequate for PC repair and maintenance. Today, if a PC can't be booted, a technician has to be onsite to fix the PC. BIOS simply doesn't support networking, never mind basic, remote troubleshooting and maintenance tools. With UEFI, an OEM can built in networking functionality and basic repair tools. For business use, a properly featured UEFI PC will be far cheaper to support over its lifespan than its older BIOS brother.
Exactly what else you'll get from UEFI depends on how your chip vendor, PC OEM, and operating system vendors implement it. At the least, though, you can expect to see secure boot systems, easier network booting, and instant-on access to all your hardware. It's also possible that some vendors will implement basic operating system interoperability, such as access to a Web browser, without ever needing to actually "boot" the computer into an operating system.
What's the problem?
If UEFI is so great, why hadn't you heard about it until the recent fuss over Microsoft trying to use its secure boot feature to keep Linux off PCs? Ironically enough, one reason is that for a long time Microsoft didn't support UEFI. Even now, 32-bit Windows doesn't support booting from a UEFI system. Without Microsoft's full support, OEMs were reluctant to commit to UEFI.
In addition, UEFI is just a framework. If an OEM wants to offer full support for all the possible hardware that might be available on a given motherboard and offer diagnostic tools, it has to create them. That's not cheap. Apple, HP, and IBM have made the commitment, but other vendors have been biding their time.
A UEFI-based system doesn't require that its designer provide diagnostic tools and system controls in a GUI, but some OEMs, like Asus, are providing that kind of functionality.
Now that Microsoft is insisting that Windows 8 PCs must support UEFI-secure boot -- a sub-system designed to make sure that a PC only boots a legitimate operating system -- you can be sure almost all 2012/13 PCs will be using UEFI as at least a basic BIOS replacement.
Contrary to popular opinion, Linux developers have no problem with secure boot. Indeed, as The Linux Foundation white paper, Making UEFI Secure Boot Work With Open Platforms (PDF), states, "Linux and other open operating systems will be able to take advantage of secure boot if it is implemented properly in the hardware."
The key is that Microsoft continues to dodge the question of how they'll implement secure boot. Eventually, I suspect Microsoft will quietly back down from their "our way or the highway" approach to secure boot and you'll be able to both use secure boot and run any UEFI-compatible operating system you want on a Windows 8 approved PC.
That said, don't think that UEFI will turn out to be some kind of panacea for rootkits and other low-level malware. It's not.
Indeed, it's entirely possible that the UEFI itself, since it is both software and mimics an operating system, could itself be attacked. The latest UEFI specification, 2.3.1 (PDF) includes some malware defensive measures such as driver signing and hash-protected authentication. But, while UEFI will bring us faster boots, more storage access, better support options, it won't bring us the end of malware. UEFI secure boot computers will be great, but they won't be miracle workers!