Slashdot Mirror
Demystifying UEFI, the Overdue BIOS Replacement
An anonymous reader writes "After more than 30 years of unerring and yet surprising supremacy, BIOS is taking its final bows. Taking its place is UEFI, a specification that begun its life as the Intel Boot Initiative way back in 1998 when BIOS's antiquated limitations were hampering systems built with Intel's Itanium processors. UEFI, as the article explains, is a complete re-imagining of a computer boot environment, and as such it has almost no similarities to the PC BIOS that it replaces."
Article was a little too light on technical details for me. This article read like something you might find in an “intro to computers” textbook. Vague somewhat-technical description of what it does and a few somewhat unclearly described differences.
Not necessarily a bad article, just wasn't what I was hoping for :(
It's not UEFI as bad as much as the possibility that Microsoft will require OEMs to use the secure boot feature of UEFI to lock out the owner of a PC from installing a competing operating system as a condition of shipping the PC with Windows 8.
What the point was of this article? There is no meat at all in there. I expected a complete deep technical overview of UEFI, not something you can summarize as "It's a little operating system providing services to the actual operating system".
Ahhh...the great dumpster continuum. Many a free computer will be found there. -- sowth (748135)
There's nothing wrong with Slashdot "articles" contradicting themselves, because they are not articles written by Slashdot staff. They are stories submitted by users and there's nothing wrong in contradiction arising out of two stories (which are basically opinions based on some facts) submitted by two different people.
What is wrong with the BIOS anyway? Why does the boot process need to be all flashy? It seems like adding complexity there will just end up causing problems...
Maybe I'm just a relic...a lot of people don't even know how to get into their BIOS anymore, let alone what the POST and such is afterwards.
The plural is viruses. Also, the boot sector is on your disk. There have been attacks that hit the firmware/bios for a long time. Someone doesn't remember CIH/Chernobyl.
You seem to be missing the difference between UEFI and UEFI systems defaulting to only running signed boot loaders (possibly without a way for the end user to change the setting, though if I had to guess that won't be happening in anything but some tablets from companies like say Sony). As to EUFI being a complete re-imagining, not really. It's more of a proprietary implementation of the ideas from Sun's OpenBoot.
There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
It seems that EFI may not be the brilliant thing that it is supposed to be. Somebody doing a lot of work involving it blogs here - http://mjg59.dreamwidth.org/ - and there are lots of depressing things to read there. To quote from the page:
> It's an awful thing and I've lost far too much of my life to it. It complicates the process of booting for no real benefit to the OS. The only real advantage we've seen so far is that we can configure boot devices in a vaguely vendor-neutral manner without having to care about BIOS drive numbers. Woo.
They are just that, article about what is going in in the industry. There isn't a 'Side' to be pushed.
And no, it's not lost on me that someone with the UID of 'North Korea' thinks that a news site should only push one side of a discussion.
That said, the issues wasn't Win 8 using UEFI, there in a position to abuse UEFI by buying the OEMs.
The Kruger Dunning explains most post on
I'm not so much worried about MSFT requiring OEMs to use the secure boot feature to lock out the owner, but instead I am worried that the oem's will drop UEFI on the hard disk in a hidden partition, instead of storing it on the motherboard in a non-volitaile state. Wiping your hard disk when installing a new OS, or re-imaging a computer could have disastrous effects.
I am sure this will happen with several vendors. And then watch the resurgence of the whitebox. Also, a huge new swath of BIOS hacking forums. Not to mention eBay auctions for "Unlocked Dell Deminsion!"
From a screenshot in the ExtremeTech article: "Never run downloaded programs that are unknown to SmartScreen". So how does a software developer make a program "known to SmartScreen" for the first time other than by selling it on the Windows Store?
From the same article:
if you try to boot while an infected USB memory stick is plugged in, Windows 8 will warn you and refuse to load.
So how do I tell Windows that a USB mass storage device containing an Ubuntu install image is not "an infected USB memory stick"?
Microsoft wants you to hibernate Windows 8 rather than shut it down
So will we finally have the ability to come out of hibernate without that one peripheral not responding?
Reset restores Windows 8 to its base, just-like-new state. Refresh is similar, but it preserves all of your documents.
So now "reformat and reinstall" is becoming institutionalized.
The article links to an article about the Windows Store. It claims that "the process for getting an app certified and listed in the Windows Store will be as painless as possible." Does this include applications developed by high school students who aren't 18 yet? Or college students who don't want to spend $99 per year? It also mentions "content compliance checks", and if "content compliance checks" are anything like the ones that Microsoft uses for Xbox Live Indie Games, this could shut out entire genres of applications. It says "you won't be able to download a Metro app from Download.com", but wouldn't one just be able to load an app into Visual Studio Express and run it that way?
Secure boot is bad. What is mysterious about that? If you want to understand more, related to booting Linux, read these. UEFI secure booting x86 EFI boot stub
Having to work for a living is the root of all evil.
Fuck everybody who uses that word. It belongs in the marketing buzzword incinerator with "thought-shower", "synergy", "pro-active", and anything "in the cloud".
Finally had enough. Come see us over at https://soylentnews.org/
Yes, I recognize that MS can abuse UEFI. Given that my work machines are WinXXXXX I don't have a choice about that, and I would assume that at some point there will be mobos that aren't controlled by M$.
My question is ten times simpler: If this thing is flashable memory, etc., doesn't it open the doors to way more cracking by folks I'd really rather avoid, that is, identity thieves et. al? How is going away from silicon going to affect this?
...Open Source isn't the only answer -- but it's almost always a better value than the alternatives...
I read the articles attached to this Slashdot story, and my impression was that Microsoft could use UEFI secure booting to make it much harder for PC owners to install Linux alongside or in place of Windows. Red Hat develoer Matthew Garrett explains: "Microsoft requires that machines conforming to the Windows 8 logo program and running a client version of Windows 8 ship with secure boot enabled. [...] A system that ships with only OEM and Microsoft keys will not boot a generic copy of Linux."
Right - and Apple's MacOS X always has required EFI or UEFI and not BIOS on Intel processors (and even have their own proprietary partition map rather than MBR or GPT), so it's not like the tech itself is the problem, it's the vendor lockout possibility that Microsoft may use that is the problem. Even then it doesn't stop you from running Linux in a virtual machine, but the fact that you can't install Linux as the primary boot or set up a dual boot system on Windows preloaded PCs is what people are complaining about.
While Linux supports UEFI, I have never known anyone to install with it, but I know of at least one person that could - me. From what I remember, Windows 64 bit (Vista or 7 I think - I don't think XP 64 bit supported it) needs to be installed with UEFI/GPT partitioning or BIOS/MBR partitioning and it defaults to the latter, but it can be changed. I thought that maybe setting it up with UEFI I could make it dual boot MacOS X on non-mac hardware but I never got that working (I did manage to get it working in a VM on my laptop, however - on my desktop I believe my hardware got invalidated for not supporting Vx instructions, whereas on my laptop I have hardware essentially identical to a machine Apple ships). As far as Apple's legal requirements go, I own a real mac too, and I think their EULA is on shaky ground because copyright law allows me to back up licensed software on any hardware I want.
YOU-fee?
YOU-fi?
you-EF-ee?
load "linux",8,1
(Dos) BIOS aint done 'till (Lotus) Linux won't run.
"I've got more toys than Teruhisa Kitahara."
So it's the Ourobios?
My first Journal Entry ever, in 8 years! http://slashdot.org/journal/365947/aphelion-scifi-fantasy-horror-poetry-webzine
The only reason UEFI is overdue is not because they are slow in development. It's simply the fact that UEFI isn't an open standard. If UEFI was made an open standard every new computer in a month would all have UEFI.
The main issue for me is that BIOS is just SLOW.
There are limits to how fast any BIOS or BIOS replacement can proceed to reading and executing the bootloader. How long does it take to write to every page of RAM and read back from it? How long does it take for a hard drive to spin up?
if it allows me to have that instant-on computer that Intel has been promising us for the last decade or two
The only instant-on computers are computers with the operating system in solid-state memory. This can be an SSD. Or it can be RAM, which means the computer has been put to sleep and the hard drive spins up while the user is entering his password.
There isn't a 'Side' to be pushed.
But there is a side to be pushed. The side that says that UEFI is a good idea at all. It isn't.
It's an awful thing and I've lost far too much of my life to it. It complicates the process of booting for no real benefit to the OS. The only real advantage we've seen so far is that we can configure boot devices in a vaguely vendor-neutral manner without having to care about BIOS drive numbers. Woo.
That quote is spot on. UEFI is a giant stack of unnecessary abstraction that doesn't "fix" anything. Everyone who has to work with it at any scale despises it.
Samsung took back my unlocked bootloader because Google wants me to rent movies. They're both evil.
Try to boot to a partition greater than 2TB on Bios.
Try using a mouse in BIOS (Hint, if you're using a mouse, you are not in BIOS)
Additionally, EFI doesn't have to do sanity checks on the HW every boot like BIOS, doesn't require reboot when changing RAM like BIOS. It is superior to BIOS in almost all ways because it has more features and can boot much faster.
The benefit is beyond the OS, it goes to whole system management. But the average Joe won't care about most of these things because they don't ever go to BIOS.
Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
What are the chances that the secure boot is a simple switch that we can change?
Slim. Otherwise, trojan horse programs that claim to "make Windows faster" would ask the user to turn off secure boot and restart so that they can "do their job" (actually install malware).
Needs a marketing department.
OSX uses GPT partition maps on x86 machines, they only had their own partition map on PPC systems. Current OSX running on x86 macs can still read disks which use the PPC partition map (as can linux), but can't boot from them.
Linux has supported EFI for a long time, and Intel have been pushing EFI for a long time.... We would have had EFI many years ago, only MS never bothered to support it until very recently.
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
I've been dealing with UEFI-based servers for the past couple of years - IBM System x specifically - and while I see the potential for UEFI, it's still got a lot of teething pains in the Enterprise space as far as I am concerned. IBM was the first to basically put their entire x86 product line on UEFI-only hardware.
However, I have actually encountered machine configurations that BIOS was unable to deal with (add-in PCIe cards utilizing all of the ROM memory space and bringing the machine to a halt, amount of RAM beyond what BIOS can handle natively, etc...) so I can see the requirement for a BIOS replacement.
In its current incarnation in the servers I deal with, the architecture is essentially booting two full-blown microprocessors running code *BEFORE* the machine will even attempt to POST. The service processors in the current IBM machines (IMM - Integrated Management Module) are the first thing to fire up when power is applied to the server - since IMMs are small microprocessors in their own right (can't remember the make, but I remember hearing 100MHz speeds) loading what I believe is a micro-Linux kernel it takes time for these things to fire up. This process can take up to two (sometimes more) minutes before the power button stops blinking rapidly and goes to a normal "power off" blink. At this point you can turn the server on, which is when it will fire up the UEFI microprocessor and begin to load all of that code into the system. UEFI goes and "talks" to all of the internal hardware, loads profiles for devices, etc... during this phase. That can take up to another four minutes or so (it has gotten faster over the last two years) at which point the actual POST screen will display and you can either enter SETUP or allow the server to boot - note that add-in cards will have to load their own ROM as normal (if in Legacy Mode, which most of our server are due to OS limitations). Note that the more cards you put in a machine and more boot options you leave enabled, the longer this pre-POST initialization takes. I've seen reboot cycle times of over ten minutes in some instances, whereas the BIOS-based systems would complete that cycle in under two minutes.
So here's a brief summary of the current state-of-the-art in server UEFI:
PROS:
* Allows configuration of peripheral devices from the SETUP screen.
* Allows up to 1TB (much smaller in practive) of Option ROM space for add-in cards.
* Allows for huge amounts of memory, and very large disk sizes.
* In theory, allows for additional software to execute before the primary OS kicks in. Not really utilized in these machines.
CONS:
* Horribly slow boot cycles. Length of boot cycle dependent on amount of hardware in server. Had an IBM ATS Engineer tell me they had a machine in the lab that they plugged so much stuff into that it took 23 hours to POST.
* Corrupt firmware or firmware updates is the kiss of death for many of these machines. While there are backup firmware spaces and the appropriate jumpers to recover, this does not always work as intended. We've had quite a few brand-new systems that had to have complete system planar replacements because the code wasn't executing right.
* As these are actual mini-OSes running there are all kinds of strange quirks and odd behavior from the servers. Lots of troubleshooting involves resetting the service processors and praying they reboot properly in order to just get the server to POST normally.
* Speaking of quirks, there are lots of situations where hardware failures are either false-positive failures or not indicated as an issue when they actually have faults. Troubleshooting on these machines becomes guesswork based on intuition rather than having a solid grip on what component is doing what.
* Example: As the UEFI handles all of the components on the server, we have run into issues where bad code for the UEFI causes the Operating Systems to malfunction in strange ways, only to find the OS was reacting to thousands of repeated error messages being
Some old P90s that I worked on had an Award or American Megatrends BIOS, which had a graphical (640x480x16) environment and supported a PS/2 mouse. I like UEFI, especially for the ability to boot external software directly (such as bios updaters or OS installers), but the bells and whistles could be done in BIOS, at least to a certain extent.
"UEFI, being a pseudo-operating system, can access all of the hardware on the computer — you can surf the internet from the UEFI interface, or backup your hard drives — and it even has a full, mouse-driven GUI"
Why do we need that? Why we can't have a "BIOS" that just boots the bootloader or the system itself and nothing else. Maybe an option from where it should boot (from harddisk, CDROM, network, etc). Just a thing, that don't have the limitations of the old BIOS, but with the sole purpose to boot the system/bootloader as fast as possible and then just go out of the way.
"The fact that all of this boot data is stored on NAND flash or on a hard drive means that there’s a lot more space for things like language localization, boot-time diagnostics (begone meaningless POST beeps!), utilities (backup, restore, malware scanners), and so on."
If the graphic card or the motherboard is broken, all the computer can do is to beep, with UEFI or without. If I need diagnostics and utilities I just use my Linux live-CD or live-USB-stick (like Knoppix or SystemRescueCD). They are easy to use and much more sophisticated.
UEFI sounds like the shiny new GUI interface that nobody will use, but it was developed because the old boring program was too old fashion. Like Nero, with was 50MB and then later became a 1GB full blown suite.
http://www.mueller-public.de - My site http://www.anr-institute.com/ - Advanced Natural Research Institute
I'm sure the parent meant "severe vendors."
.sig withheld by request
...BIOS’s antiquated limitations were hampering systems...
What exactly are these limitations, in real-world terms? My systems all seem to boot & run fast right now...
If the BIOS has limitations, why not just flash an updated BIOS? All of my machines have had at least one BIOS update since manufacture. No problem.
As for the mini-OS-before-boot concept...I already have a bunch of Linux "Live CDs" that I use to partition drives, image & restore partitions, scan for viruses, etc without having to boot Windows. Why would I want to put a "pre-boot" OS on my hard drive, where it can be hacked and infected?
Someone please enlighten me if UEFI has any real-world benefits to outweigh its costs.
Does it still throw the CPU into busy loops and leave the CPU too overheated to boot an OS that bothers to check the temp sensors after less than 1 minute of configuring? Yes, my BIOS does that.
Someone had to do it.
I used a BIOS setup WITH mouse pointer support around before year 2000
blog.sam.liddicott.com
Newer Dell BIOS allows you to use a mouse.
"But this one goes to 11!"
Okay, I'm going to be a dick and say that UEFI is a load of crap. It has its own cute little platform-independent bytecode, which I suppose would come in real handy if you're in the business of selling motherboards that support more than one CPU architecture... wait, what ? And then manufacturers love to store a bunch of extensions on the hard drive, like in the Asus screenshot - but let's not call it an operating system okay ? Hell, Gigabyte even ships a few crappy games as EFI extensions on the motherboard CD.
UEFI is an overdesigned solution to a non-problem. Intel has basically given everyone carte-blanche to bloat up the pre-boot experience. We already had gimmicky mouse-driven BIOSes back in the day, I remember one as far back as the 286, where AMI had replicated a Windows 2.0 style GUI. Pointless, slow, but hey it's shiny right ? :P
What the BIOS needed was an update from its 35 year old roots - a little less 16-bit legacy cruft, a little more forward compatibility for the 64-bit era. What we got instead was a reinvention of the wheel that doesn't actually solve much. It simply replaces one simple interface with another. Instead of VESA VBE, we now use GOP, which provides (dun dun dun!) a linear frame buffer. Instead of calling interrupt 13h for disk access, we now call a C++ object. Nothing has really changed, except for the bloat.
-Billco, Fnarg.com
Like movie DVD players there are bound to be one or two manufactures who will leave in a back door to allow install of any OS. Also, any lock in specifically designed to only allow Windows to work will either be worked around or will result in another anti-trust lawsuit for MS.
Another scenario is that Linux users will buy Macs to run Linux, since Macs already support EFI. Then seeing the impact of this other companies will try to add ways of installing Linux.
I think in the long run we have nothing to worry about, though we should be careful about the hardware we buy.
Jumpstart the tartan drive.