Say goodbye BIOS, hello UEFI; your hardware will be more secure for it
- By John Breeden II
- Oct 31, 2012
PCs have changed a lot in the past four decades, but one constant has been the Basic Input/Output System, BIOS, which handles the initialization process at startup and hands off control to the operating system. Pretty much every user is familiar with the BIOS acronym, even if they long ago forgot what the letters stood for. That’s about to change. There’s a new acronym on the block, UEFI, and it’s worth getting to know.
What it is: The Unified Extensible Firmware Interface or UEFI, is a boot-level program that will replace BIOS on just about every new system from now on.
Unlike BIOS, which is a set of commands stored inside the firmware of a computer’s motherboard, UEFI is actually a program that can reside in non-volatile memory on a motherboard, or a hard drive, or even on a shared network drive.
The UEFI sets up a computer to run, but in a lot of ways it’s like an operating system itself. It has a graphical interface that is accessed via the mouse, can run programs from within a shell, and even allows surfing of the Internet if you really want it. UEFI gives a lot of freedom for developers and system designers to perform different tasks at boot up, such as backing up hard drives, running utility programs or even automatically logging into secure government networks. Only after UEFI has completed all of its assigned tasks will it transfer control of a system to the actual OS that will run everything else.
Examples: The reason most people are hearing about UEFI now is that it’s a key component to Microsoft Windows 8 and Windows Server 2012. What Microsoft has done with its version of UEFI is to have it reach out to the master boot record on a machine to check if everything is in a pristine state. If any rootkits or malware have messed with the boot drivers, the UEFI will refuse to hand off control to the Windows 8 operating system. So the computer won’t fully boot if it’s been compromised. Any system that is certified for use with Windows 8 will need to have this feature. Some hardware manufacturers may allow users to disable secure boot as part of the UEFI interface, but it’s going to be turned on by default.
Bottom Line: BIOS was great for its day, but not many programs invented the 1970’s are still in common use today. It also was unsecured and unchanging, and a favorite target for hackers. UEFI will help to lock systems down while at the same time giving developers and users more control over their computers. And like it or not, it’s here now in increasing numbers, and likely to stay for a long time.
John Breeden II directs the GCN Lab.