Slashdot Mirror
Demystifying UEFI, the Overdue BIOS Replacement
An anonymous reader writes "After more than 30 years of unerring and yet surprising supremacy, BIOS is taking its final bows. Taking its place is UEFI, a specification that begun its life as the Intel Boot Initiative way back in 1998 when BIOS's antiquated limitations were hampering systems built with Intel's Itanium processors. UEFI, as the article explains, is a complete re-imagining of a computer boot environment, and as such it has almost no similarities to the PC BIOS that it replaces."
Article was a little too light on technical details for me. This article read like something you might find in an “intro to computers” textbook. Vague somewhat-technical description of what it does and a few somewhat unclearly described differences.
Not necessarily a bad article, just wasn't what I was hoping for :(
It's not UEFI as bad as much as the possibility that Microsoft will require OEMs to use the secure boot feature of UEFI to lock out the owner of a PC from installing a competing operating system as a condition of shipping the PC with Windows 8.
What the point was of this article? There is no meat at all in there. I expected a complete deep technical overview of UEFI, not something you can summarize as "It's a little operating system providing services to the actual operating system".
Ahhh...the great dumpster continuum. Many a free computer will be found there. -- sowth (748135)
There's nothing wrong with Slashdot "articles" contradicting themselves, because they are not articles written by Slashdot staff. They are stories submitted by users and there's nothing wrong in contradiction arising out of two stories (which are basically opinions based on some facts) submitted by two different people.
What is wrong with the BIOS anyway? Why does the boot process need to be all flashy? It seems like adding complexity there will just end up causing problems...
Maybe I'm just a relic...a lot of people don't even know how to get into their BIOS anymore, let alone what the POST and such is afterwards.
The plural is viruses. Also, the boot sector is on your disk. There have been attacks that hit the firmware/bios for a long time. Someone doesn't remember CIH/Chernobyl.
You seem to be missing the difference between UEFI and UEFI systems defaulting to only running signed boot loaders (possibly without a way for the end user to change the setting, though if I had to guess that won't be happening in anything but some tablets from companies like say Sony). As to EUFI being a complete re-imagining, not really. It's more of a proprietary implementation of the ideas from Sun's OpenBoot.
There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
It seems that EFI may not be the brilliant thing that it is supposed to be. Somebody doing a lot of work involving it blogs here - http://mjg59.dreamwidth.org/ - and there are lots of depressing things to read there. To quote from the page:
> It's an awful thing and I've lost far too much of my life to it. It complicates the process of booting for no real benefit to the OS. The only real advantage we've seen so far is that we can configure boot devices in a vaguely vendor-neutral manner without having to care about BIOS drive numbers. Woo.
I'm not so much worried about MSFT requiring OEMs to use the secure boot feature to lock out the owner, but instead I am worried that the oem's will drop UEFI on the hard disk in a hidden partition, instead of storing it on the motherboard in a non-volitaile state. Wiping your hard disk when installing a new OS, or re-imaging a computer could have disastrous effects.
I am sure this will happen with several vendors. And then watch the resurgence of the whitebox. Also, a huge new swath of BIOS hacking forums. Not to mention eBay auctions for "Unlocked Dell Deminsion!"
Secure boot is bad. What is mysterious about that? If you want to understand more, related to booting Linux, read these. UEFI secure booting x86 EFI boot stub
Having to work for a living is the root of all evil.
Fuck everybody who uses that word. It belongs in the marketing buzzword incinerator with "thought-shower", "synergy", "pro-active", and anything "in the cloud".
Finally had enough. Come see us over at https://soylentnews.org/
I read the articles attached to this Slashdot story, and my impression was that Microsoft could use UEFI secure booting to make it much harder for PC owners to install Linux alongside or in place of Windows. Red Hat develoer Matthew Garrett explains: "Microsoft requires that machines conforming to the Windows 8 logo program and running a client version of Windows 8 ship with secure boot enabled. [...] A system that ships with only OEM and Microsoft keys will not boot a generic copy of Linux."
Right - and Apple's MacOS X always has required EFI or UEFI and not BIOS on Intel processors (and even have their own proprietary partition map rather than MBR or GPT), so it's not like the tech itself is the problem, it's the vendor lockout possibility that Microsoft may use that is the problem. Even then it doesn't stop you from running Linux in a virtual machine, but the fact that you can't install Linux as the primary boot or set up a dual boot system on Windows preloaded PCs is what people are complaining about.
While Linux supports UEFI, I have never known anyone to install with it, but I know of at least one person that could - me. From what I remember, Windows 64 bit (Vista or 7 I think - I don't think XP 64 bit supported it) needs to be installed with UEFI/GPT partitioning or BIOS/MBR partitioning and it defaults to the latter, but it can be changed. I thought that maybe setting it up with UEFI I could make it dual boot MacOS X on non-mac hardware but I never got that working (I did manage to get it working in a VM on my laptop, however - on my desktop I believe my hardware got invalidated for not supporting Vx instructions, whereas on my laptop I have hardware essentially identical to a machine Apple ships). As far as Apple's legal requirements go, I own a real mac too, and I think their EULA is on shaky ground because copyright law allows me to back up licensed software on any hardware I want.
(Dos) BIOS aint done 'till (Lotus) Linux won't run.
"I've got more toys than Teruhisa Kitahara."
So it's the Ourobios?
My first Journal Entry ever, in 8 years! http://slashdot.org/journal/365947/aphelion-scifi-fantasy-horror-poetry-webzine
What are the chances that the secure boot is a simple switch that we can change?
Slim. Otherwise, trojan horse programs that claim to "make Windows faster" would ask the user to turn off secure boot and restart so that they can "do their job" (actually install malware).
OSX uses GPT partition maps on x86 machines, they only had their own partition map on PPC systems. Current OSX running on x86 macs can still read disks which use the PPC partition map (as can linux), but can't boot from them.
Linux has supported EFI for a long time, and Intel have been pushing EFI for a long time.... We would have had EFI many years ago, only MS never bothered to support it until very recently.
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
I've been dealing with UEFI-based servers for the past couple of years - IBM System x specifically - and while I see the potential for UEFI, it's still got a lot of teething pains in the Enterprise space as far as I am concerned. IBM was the first to basically put their entire x86 product line on UEFI-only hardware.
However, I have actually encountered machine configurations that BIOS was unable to deal with (add-in PCIe cards utilizing all of the ROM memory space and bringing the machine to a halt, amount of RAM beyond what BIOS can handle natively, etc...) so I can see the requirement for a BIOS replacement.
In its current incarnation in the servers I deal with, the architecture is essentially booting two full-blown microprocessors running code *BEFORE* the machine will even attempt to POST. The service processors in the current IBM machines (IMM - Integrated Management Module) are the first thing to fire up when power is applied to the server - since IMMs are small microprocessors in their own right (can't remember the make, but I remember hearing 100MHz speeds) loading what I believe is a micro-Linux kernel it takes time for these things to fire up. This process can take up to two (sometimes more) minutes before the power button stops blinking rapidly and goes to a normal "power off" blink. At this point you can turn the server on, which is when it will fire up the UEFI microprocessor and begin to load all of that code into the system. UEFI goes and "talks" to all of the internal hardware, loads profiles for devices, etc... during this phase. That can take up to another four minutes or so (it has gotten faster over the last two years) at which point the actual POST screen will display and you can either enter SETUP or allow the server to boot - note that add-in cards will have to load their own ROM as normal (if in Legacy Mode, which most of our server are due to OS limitations). Note that the more cards you put in a machine and more boot options you leave enabled, the longer this pre-POST initialization takes. I've seen reboot cycle times of over ten minutes in some instances, whereas the BIOS-based systems would complete that cycle in under two minutes.
So here's a brief summary of the current state-of-the-art in server UEFI:
PROS:
* Allows configuration of peripheral devices from the SETUP screen.
* Allows up to 1TB (much smaller in practive) of Option ROM space for add-in cards.
* Allows for huge amounts of memory, and very large disk sizes.
* In theory, allows for additional software to execute before the primary OS kicks in. Not really utilized in these machines.
CONS:
* Horribly slow boot cycles. Length of boot cycle dependent on amount of hardware in server. Had an IBM ATS Engineer tell me they had a machine in the lab that they plugged so much stuff into that it took 23 hours to POST.
* Corrupt firmware or firmware updates is the kiss of death for many of these machines. While there are backup firmware spaces and the appropriate jumpers to recover, this does not always work as intended. We've had quite a few brand-new systems that had to have complete system planar replacements because the code wasn't executing right.
* As these are actual mini-OSes running there are all kinds of strange quirks and odd behavior from the servers. Lots of troubleshooting involves resetting the service processors and praying they reboot properly in order to just get the server to POST normally.
* Speaking of quirks, there are lots of situations where hardware failures are either false-positive failures or not indicated as an issue when they actually have faults. Troubleshooting on these machines becomes guesswork based on intuition rather than having a solid grip on what component is doing what.
* Example: As the UEFI handles all of the components on the server, we have run into issues where bad code for the UEFI causes the Operating Systems to malfunction in strange ways, only to find the OS was reacting to thousands of repeated error messages being
Some old P90s that I worked on had an Award or American Megatrends BIOS, which had a graphical (640x480x16) environment and supported a PS/2 mouse. I like UEFI, especially for the ability to boot external software directly (such as bios updaters or OS installers), but the bells and whistles could be done in BIOS, at least to a certain extent.
...BIOS’s antiquated limitations were hampering systems...
What exactly are these limitations, in real-world terms? My systems all seem to boot & run fast right now...
If the BIOS has limitations, why not just flash an updated BIOS? All of my machines have had at least one BIOS update since manufacture. No problem.
As for the mini-OS-before-boot concept...I already have a bunch of Linux "Live CDs" that I use to partition drives, image & restore partitions, scan for viruses, etc without having to boot Windows. Why would I want to put a "pre-boot" OS on my hard drive, where it can be hacked and infected?
Someone please enlighten me if UEFI has any real-world benefits to outweigh its costs.
Other unavoidable delays:
- Memory test. Well, you could avoid it, but you shouldn't.
- Hard drive spin-up. You can detect the drives before this, but you can't read the partition table.
- USB device detection. You need this for keyboards and bootable USB devices. And with the increasing use of tablet form factors, possibly in future for touchscreens.
- Storage peripherals. A lot of storage controllers, espicially those of a RAIDy or networky nature (hardware-supported iSCSI, fibre channel) will need their own time to ready themselves and check connectivity and device integrity.
Add all those together, and you're up to about what it takes for the BIOS today to run POST and hand over to the bootloader.