Turning on the computer via uefi bios. Facts about Secure Boot

Specification UEFI(Unified Extensible Firmware Interface, Unified Extensible Firmware Interface, or Extensible Firmware Interface), formerly known as Extensible Firmware Interface (EFI), defines the interface between operating system and microcode (firmware) that controls the equipment. In other words, UEFI is an interface that sits “on top” of the computer’s hardware components, which, in turn, operate on their own firmware (microcode).

In the name UEFI itself, the definition of “extensible interface” suggests that it is a modular system that can be functionally easily expanded and upgraded.

For more understanding, UEFI Compared to BIOS, this is, roughly speaking, a new type or the next generation of firmware, and it is no longer limited only to x86 personal computers (IBM PCs), but also claims to be an all-platform standard. However, unlike BIOS, UEFI is based on a fundamentally new code topology called “driver-based”.

• The main purpose of EFI is to replace the aging (losing relevance) BIOS technology and the limitations associated with it.
• The main goal of UEFI development is to standardize the interaction of the operating system with platform firmware during the boot process. In the classic BIOS, software interrupts and I/O ports were the main mechanism for interacting with hardware during the boot phase, but modern systems are able to provide more efficient I/O operations between hardware and software.
• The main task of EFI is to correctly initialize the hardware and transfer control to the operating system loader. In this regard, the task is not very different from the task of a traditional BIOS, but the algorithms are fundamentally different.

UEFI can be safely called an independent miniature operating system, which is an interface between the main user operating system running on the computer and the hardware microcode.

Let's now take a short excursion into history personal computers, in order to understand the reasons that led to attempts to replace the standard BIOS with something fundamentally new.

Good old BIOS

The basic principles of the functioning of the BIOS (basic input-output system) for personal computers were defined back in the late 70s of the last century. Over a fairly long period of time that has passed since then, the computer industry has developed rapidly, which led to the fact that at certain stages the BIOS capabilities were not enough, since the devices produced by manufacturers had new technologies on board, often incompatible with current BIOS versions. To avoid such problems, developers sometimes had to significantly modify the BIOS code, but a number of restrictions have remained unchanged to this day. And, if initially the BIOS architecture was quite simple, then over time it became more complex, adapting to more and more new technologies, therefore, at a certain point it began to resemble a pile of various kinds of outdated and poorly interacting code. The limitations that can still be found in BIOS code today are explained by the need to maintain compatibility with basic functions, necessary for the functioning of the old software. All this has led to the fact that the BIOS has essentially become the most outdated component of modern PCs. At the moment, the BIOS does not meet the requirements of the latest equipment and has the following disadvantages:

1. 16-bit code, real mode. The BIOS is written in assembly language and operates on 16-bit code in real mode of the processor with its inherent limitations, the most significant of which is the limitation of the memory address space of 1 Megabyte.
2. Lack of access to 64-bit hardware. The BIOS is not capable of directly interacting with the 64-bit hardware that currently dominates the market.
3. Lack of a uniform standard. There is no single specification for BIOS - each manufacturer offers its own implementation variations.
4. Complexity of development. The problem is that for almost every new motherboard model, the manufacturer develops its own BIOS version, which implements unique technical features of this device: interaction with chipset modules, peripheral equipment, etc. BIOS development can be divided into two stages. At the first stage, it is created basic version microprogram that implements those functions that do not depend on the specifics of the equipment. The developers of such code are well known, these are companies such as American Megatrends(AMIBIOS), Phoenix Technologies (+ the legendary Award Software (AwardBIOS) acquired by it) and some others. At the second stage, programmers from the motherboard manufacturer are involved in BIOS development. Here the basic assembly is modified to suit the specifics of each specific board model, its features are taken into account. After the motherboard enters the market, work on the firmware continues, updates are regularly released that fix errors, add support for new hardware (for example, processors) and sometimes even expand functionality firmware.

All these, as well as some others, shortcomings of the traditional BIOS model led to the fact that a coalition of hardware and software manufacturers began working on the creation of the UEFI specification. Starting, according to my own observations, around 2010, the UEFI specification began to be massively introduced into all newly released motherboards from leading manufacturers, so at the moment it is almost impossible to find a new computer with a traditional BIOS. However, you shouldn’t be too upset about this, since many manufacturers maintain compatibility with the functionality of traditional BIOS in their motherboards. For example, a very important point is support for traditional boot mode when MBR help. For this purpose, a UEFI BIOS emulation mode module was developed, which is called Compatibility Support Module (CSM). True, I believe that over time, fewer and fewer manufacturers will support in their firmware this mode.

Benefits of UEFI

Here I would like to define the advantages of the UEFI interface:

1. Support for large storage media (disks). UEFI owes its support for large disks to a new partition table standard called GPT (GUID Partition Table). The traditional BIOS boot method used the Master Boot Record (MBR) boot sector, which contained a partition table that described the placement of disk partitions. Partition table entries in the MBR have one significant drawback: the number of the first sector of the beginning of the partition in LBA format (offset 08h from the beginning of the partition entry) has a width of only 4 bytes (32 bits), respectively, only 4 billion sectors can be addressed. And this, with the “classic” sector size of 512 bytes, is only ~2 terabytes of disk space. UEFI, using GPT, makes it possible to address disks up to 18 exabytes.
2. Direct support for file systems and partition tables. UEFI has modules for supporting file systems and partition tables, that is, it can work with both partition tables and file systems directly. The specification implies support for the GPT partition table, FAT12, FAT16, FAT32 file systems on hard drives and the ISO9660 file system on CD/DVD drives. This saves us from having to write bootstrap code (similar to MBR), which will load bootloaders of various stages in a chain.
3. No other traditional MBR restrictions. For example, you no longer need to squeeze bootstrap code into a tiny 512-byte sector. You can focus on writing a single loading module that will combine all the necessary stages.
4. Platform-independent hardware drivers. UEFI has access to the computer's hardware through platform-independent drivers. The device manufacturer only needs to write one version of the driver for all platforms (x86, ARM, Itanium, Alpha), and this greatly simplifies development and speeds up the process of identifying errors. The UEFI specification describes the interaction of UEFI drivers with the operating system, thus, in the case when the OS does not have a driver, for example, a video card, but in UEFI it is present, loaded and functioning, the OS has the ability to output data to the monitor using standard UEFI interfaces.
5. Support for TCP protocol stack: IPv4/IPv6. Allows you to use rich networking capabilities directly from the UEFI interface. Now you can develop various downloads via http/ftp protocols, a download immediately comes to mind indicating the URL where the regular EFI module or a full-fledged ISO image is located. It has become possible to bypass what has already become the only possible option, loading over the network using PXE/TFTP. Some, especially advanced implementations, may implement support for PXE over IPv6.
6. Support for traditional BIOS model. UEFI does not require a classic BIOS, but many manufacturers embed BIOS emulation code to support older operating systems. This module is called the Compatibility Support Module (CSM). The CSM includes a 16-bit module (CSM16) implemented by the BIOS manufacturer and a layer that links the CSM16 to the instrumentation (interface and hardware). Compatibility implies support for booting via MBR and support at the code level for software interrupts (int 10h - video service, int 13h - disk service, int 15h - service functions, int 16h - keyboard service, int 18h - ROM-BASIC service, int 19h - bootstrap loader service). Therefore, those OS and software that needed the good old BIOS to work like air can easily work on machines with UEFI.
7. Intuitive UEFI interface. The so-called “ease of control”. This is a rather controversial point; it is impossible to unequivocally classify it as a plus or a minus. It is stated that BIOS management was not intuitive, presenting a poorly documented, ascetic text interface that only a computer-savvy user could understand. In contrast, many UEFI shells support a graphical interface and a mouse, which are simply not implemented in most BIOSes. However, if my memory serves me correctly, back in the 90s I observed attempts to implement mouse support in the BIOS from (I think) Phoenix. The interface itself can be graphical, in the opinion of some - more friendly and intuitive for the majority, but it can also be traditional, that is, similar to a classic text one, it all depends on the preferences of the developer and the positioning of the equipment. It is possible to support multiple languages.
8. UEFI speed. It is claimed that the UEFI code runs faster than the traditional BIOS code (although it is written in C), due to the fact that it is written entirely from scratch, without the need to “drag” a train of outdated code to support various non-standard hardware and various logical anachronisms.
9. OS loading speed. It is claimed that booting with UEFI is significantly faster. This is achieved by parallelizing the initialization of devices, as opposed to the BIOS, which initialized the equipment sequentially, as well as reducing startup time due to the absence of the need to search for the bootloader by enumerating all devices (the bootloader is specified in UEFI and called directly). I am inclined to believe it, since I cannot confirm or deny it at the moment. However, if you measure how much time it takes on my old machine on a Celeron 450/GA-G31M-ES2L with an SSD from the moment it is turned on until the authorization window for the optimized Windows XP appears, it will only be 23 seconds. This will probably not be enough for certain categories of devices.
10. UEFI is a mini OS. You can, of course, call UEFI a miniature operating system, and this, in part, will be fair, but it would be more correct to consider it virtual platform, which provides interfaces to the equipment. You can only work in the console, or you can write a full-fledged graphical interface. UEFI, if there are modules of the necessary functionality, can, for example, help understand problems loading the main OS, or perform other service functions.
11. Additional software modules. Immediately before loading the operating system from the UEFI media, it allows you to launch your own UEFI modules and drivers for general purposes: for working with the network, disk (archiving/backup/antivirus), configuring parameters, testing equipment. Obviously, with the popularization of the standard, the list of UEFI applications will only expand. Nowadays you can even write a full-fledged game, develop your own console for service needs in the form of a separate UEFI module (example: shell.efi), an Internet browser, provide work with media data (watching movies, listening to music), and organize disk backups.
12. UEFI contains a built-in download manager. That is, it implements its own OS code loader, which is very functional and can act as an analogue of the multi-loaders of several operating systems familiar to us from the not so distant past.
13. I/O block size. In UEFI, when reading, a special EFI I/O block size is used, which allows reading 1 MB of data (in the BIOS the limit is 64 KB).
14. Safety. Supposedly UEFI is protected from malicious code loading stage. It is alleged that the malicious code cannot load itself before the operating system boots, thereby taking over control. This is achieved both by signing everything in the firmware itself and by having a secure boot procedure called “Secure Boot”.
15. Easy to scale functionality. UEFI firmware can be easily expanded - just insert a supported drive (for example, a USB flash drive). After this, you can connect additional drivers and UEFI applications from an external device. If you think about it, this opens up great opportunities for expanding functionality that could not be obtained using a traditional BIOS, since it was limited solely by the code hardwired into the ROM. In UEFI, you can “slip” the driver of a new piece of hardware directly at the UEFI operating stage, that is, before the operating system starts loading, and gain access to the functionality of this device.
16. The UEFI code operates in 32/64-bit mode. With all the ensuing... advantages. To be completely honest, UEFI still uses real mode at the very beginning to perform some platform initialization tasks, but very quickly goes into protected/long mode.
17. Support for alternative input means. UEFI provides support for alternative input means such as virtual keyboards and touch displays. This is quite relevant in our era of various mobile gadgets.

Disadvantages of UEFI

And now I would like to highlight the disadvantages of UEFI technology:

1. Increasing complexity of architecture. All the advantages of EFI are not so significant compared to its main disadvantage - the complication of the code structure. A significant increase in the volume of code and its logical complication do not in any way contribute to making development easier, quite the contrary. But before and in parallel with UEFI, there were open implementations as an alternative to the outdated BIOS model, for example OpenBIOS, which were rejected.
2. Secure Boot. Here, operating system developers solved several problems at once: partly the problem of piracy, eliminating the bypass of activation by introducing activators into the boot stages, the problem of malicious code (viruses) of the boot stage, and the problem of outdated operating systems that remain popular, which users do not want to leave :) In fact, it turned out that in some especially smart devices, due to the presence of the “Secure Boot” option that cannot be disabled, it is often impossible to install any OS other than Windows version 8+ systems, since only the latter have certified bootloaders at the moment. Agree, it looks like a rather clumsy way of dealing with stingy users and competitors, although Microsoft itself strongly denies such a situation. In a word, the technology can cause a lot of inconvenience, but at least most vendors have this option (for now) disabled in the settings.
3. Inability to install older operating systems (in some cases). It is not possible to install older systems without Compatibility Mode (CSM).
4. Deviation from the standard. Each hardware component manufacturer modifies the UEFI at its own discretion, thereby creating additional difficulties for the user, essentially returning us to BIOS chaos? For example, on various devices The boot manager can be implemented in different ways, while having quite significant deviations from the recommendations of the UEFI specification. In practice, sometimes I came across buggy UEFIs that ignored the NVRAM boot list parameters and simply loaded code from \EFI\Microsoft\Boot\bootmgfw.efi or EFI/BOOT/bootx64.efi . Or the boot manager in some implementations may contain a combined list of MBR and GPT devices, while in others there are different boot lists, which introduces some confusion.
5. Implementation of content control tools. The UEFI standard provides for the presence of certain drivers that will intercept calls to the operating system, so DRM (Digital Restrictions Management, technical means of copyright protection) can be implemented. The essence of the algorithm is as follows: a person for whom everything works is offered, at his own expense, to install such software or equipment so that part of the functions in his working playback systems digital content(computers, multimedia players, etc.) no longer worked in the usual way. There are reasonable fears that the creation of UEFI is a veiled way of introducing functions unwanted for the end user into a PC.
6. Possibility of introducing unwanted modules. It is impossible to guarantee that the operating system has 100% control of the computer if it boots using UEFI!

UEFI operation algorithm

During the development of UEFI, the developer, from the very beginning, established strict boundaries for each process involved in execution. The first three phases (SEC, PEI, DXE) prepare the platform for the OS bootloader, the fourth phase (BDS) directly loads the OS bootloader. Let's try to analyze the UEFI operating algorithm and take a closer look at all its phases.

• SEC phase. (Security, Safety). Security phase. Everything must be signed and verified otherwise it will not run!
  • Clearing CPU cache.
  • Running the main initialization procedure in ROM.
  • Switching to protected mode of processor operation.
  • The MTRRs (Memory Type Range Registers) for the BSP are initialized.
  • Run microcode patches for all installed processors.
  • Getting started with BSP/AP. BSP = Board Support Package. AP = Application Processor. Each core can be represented as a BSP + AP. IIPI (Init Inter-processor Interrupt) is sent to all APs, then SIPI (Start-up Inter-processor Interrupt).
  • Transfer of data and control to the PEI phase.
• PEI phase. (Pre-EFI Initialization, Pre-EFI Initialization). Prepare the platform (memory and discovered devices) for the main system initialization procedure in the DXE phase.
  • Transferring data from ROM to cache.
  • Initialization of CRTM (Core Root for Trust of Measurement). This is a set of instructions that is executed by the platform during RTM operations.
  • The PEI manager is loading. The dispatcher loads a series of modules (PEIMs) that vary depending on the platform. These modules complete the remaining PEI tasks. The stage ends when all modules are loaded.
  • PEIM: Processor initialization modules are loaded and launched. (example: processor cache module, processor frequency selection module). Processors are initialized.
  • PEIM: Platform built-in interfaces are initialized (SMBus). MCH (Memory Controller Hub), ICH (I/O Controller Hub) are initialized.
  • PEIM: memory initialization. Initializing main memory and transferring data from the cache into it.
  • Checking mode S3. No - transfer of control to the DXE phase. Yes - restore the original state of the processor and all devices and switch to the OS.
• DXE phase. (Driver eXecution Environment, Driver loading environment). The loading of components in this phase is based on resources that were initialized in the PEI phase. Final initialization phase for all devices. Starting UEFI services: Boot Services, Runtime Services and DXE Services.
  • The DXE kernel is loaded. The DXE infrastructure is created: the necessary data structures and a handle database are created. Includes basic DXE interfaces. Launches a number of services: Boot Services, Runtime Services, DXE Services.
  • Launching DXE Manager. Using the Hand-off Block structure (HOB list) transferred from PEI, it determines the available Firmware Volume (FV, a structured database of DXE executable modules: drivers and applications) and searches for drivers in them, launches them, observing dependencies. At this moment, the remaining components are activated, several at the same time. The manager loads all available drivers from all available media.
  • Loading the SMM Init driver. Initiates a subphase. SMM (System management mode) is one of the privileged code execution modes of an x86 processor, in which the processor switches to an independent address space, saves the context of the current task, then executes the necessary code, then returns to main mode. Why do we need SMM? But because in this mode you can do anything you want with the system, regardless of the OS. The SMM code can be executed after the DXE phase has ended.
  • UEFI Boot Manager starts. This happens after all drivers have started. Control is transferred to the BDS phase.
• BDS phase. (Boot Device Selection). Implements the platform loading policy. The main task is to connect the devices required for booting, select (manually or automatically) the boot device and boot from it. It often performs a recursive search through all available FVs and tries to find content available for download.
  • Console devices are initialized, described by the environment variables ConOut (ConsoleOutHandle), ConIn (ConsoleInHandle), StdErr (StandardErrorHandle).
  • The UEFI device drivers listed in environment variable DriverOrder (containing Driver#### options in load order).
  • The UEFI application is loaded from the Boot#### boot device. Lists of devices are contained in the BootOrder environment variable in boot order.
  • If we were unable to do any of the above, then call the DXE manager to check that the dependencies of additional drivers have been provided since the last time the manager was called. After which control returns to the BDS phase again.

UEFI Boot Manager operation algorithm

The UEFI boot concept is significantly different from the BIOS boot concept. If you remember the BIOS, the bootstrap code int 19h (bootstrap loader) was responsible for loading there, the task of which was only to load the master boot record (MBR) from the boot device into memory and transfer control to it. In UEFI, everything is somewhat more interesting; it contains its own full-fledged built-in bootloader, which is called UEFI Boot Manager (UEFI Boot Manager or simply Boot Manager), which has much richer functionality.

UEFI Boot Manager is a standard generic UEFI module.

Boot Manager implements a fairly wide range of functions, which include loading UEFI images such as: UEFI first-stage OS loaders, UEFI drivers, UEFI applications. Booting can be done from any UEFI image hosted on any UEFI-supported file system located on any supported platform physical media information. UEFI Boot Manager has its own configuration, the parameters of which are located in the form of a number of variables in a common NVRAM (Non-volatile RAM).

EFI NVRAM is a shared memory area designed to store UEFI configuration parameters, available for use by firmware developers, hardware manufacturers, operating system developers, and users.

UEFI parameters are stored in NVRAM as variables, which are classically represented by the pair "parameter name" = "value". These variables contain a large number of parameters that relate to different functional parts of the UEFI, that is, in addition to the UEFI Boot Manager parameters, NVRAM stores many other UEFI parameters. However, in the context of this chapter we are only interested in variables related to the UEFI Boot Manager. This, firstly queue, a BootOrder variable that points to boot descriptor variables named Boot#### Each Boot#### element is a pointer to a physical device and (optionally) can even describe a file representing a UEFI image that should be used from this the physical device will boot.

All boot devices are described as a full path, that is, they contain a readable name of the boot file, so they can be added to the boot menu.

This is roughly how I imagine the algorithm for enumerating media during UEFI operation:

As we can see, UEFI Boot Manager parses BootOrder , that is, it loads the device path of each Boot#### element in the order specified in the BootOrder variable and tries to boot from the specified device. If there is an error, the boot manager moves on to the next element. In addition, a so-called download list is generated. This list is relevant for the UEFI settings interface and looks familiar standard menu downloads (Boot Menu). The UEFI Boot List is generated based on the BootOrder variable and is used to allow the user to make changes to the order and configuration of boot devices.
How is the BootOrder itself formed? And it’s very simple, for example, during the installation of the Windows operating system, the installer creates an ESP partition (if it does not exist) on the installation disk, formats this partition into a file FAT system, then places its boot loader (for Windows 7+ this is the file bootmgfw.efi ) and some other files along the path \EFI\Microsoft\Boot\ . Once the OS installation is complete, Windows installer creates a variable in EFI NVRAM called Boot#### (where #### is a hexadecimal number) referencing the manager Windows boot named bootmgfw.efi . Then, sets the BootOrder variable?

UEFI bootable media requirements

The UEFI specification, among other things, describes certain requirements for the rules for placing partitions and boot loaders on media. And for different classes of devices, as we will see later, they differ significantly.

Hard drive requirements

Every boot HDD must contain a special EFI partition System Partition (ESP). The ESP partition must adhere to the directory hierarchy (structure) predefined by the standard: the /EFI directory must be located at the root of the ESP partition. The /EFI folder, in turn, should contain subdirectories of operating system vendors, hardware manufacturers, general tools and drivers:

\EFI\<директория вендора ОС 1> <файл-загрузчик-ОС1>.efi\<директория вендора ОС 2> <файл-загрузчик-ОС2>.efi. . . \<директория вендора ОС N> <файл-загрузчик-ОСN>.efi\<директория производителя оборудования (OEM)> .efi\<директория BIOS вендора> <приложение-BIOS-вендора>.efi\<директория вендора стороннего ПО> <стороннее-приложение>.efi \BOOT BOOT(architecture_type).efi

\<директория вендора ОС 1> <файл-загрузчик-ОС1>.efi \<директория вендора ОС 2> Register of subdirectories. Vendors whose directories are not described in the vendor subdirectory and who do not have their own subdirectories in the /EFI folder often place their bootloader as the "default bootloader". For example, for x64 systems along the path: /EFI/Boot/bootx64.efi. The boot loader file is a typical UEFI application, has the PE32+ format and contains code for the initial stage of loading the operating system, that is, it begins the OS boot process. Its purpose is to prepare data structures, load the OS kernel into memory and transfer control to it. The specification describes the /EFI/Boot subdirectory. This subdirectory is used as the “default” location, that is, in a situation when, for some reason, some bootloader is lost (not configured) in NVRAM. For such a case, this directory contains the so-called “default boot loader”, which has a standardized name BOOT (architecture_type).efi Some older UEFI implementations were bugged, they simply ignored the boot list in NVRAM and loaded directly modules or /EFI/BOOT/bootx64.efi . Other, no less “direct” UEFI options did not support the boot menu and also always loaded /EFI/Boot/bootx64.efi or /EFI/Microsoft/Boot/bootmgfw.efi depending on your mysterious preferences. Booting in Legacy mode UEFI does not run any code from the classic MBR, regardless of whether the sector is present on the media installed on the system or not. The exception is UEFI versions that implement “compatibility mode” support. As a result, for traditional (legacy) loading of operating systems compatible with the MBR markup standard, UEFI provides special modules that can be (at the discretion of the vendor) included in the firmware. You can find out whether your specific UEFI firmware supports “compatibility mode” by searching the UEFI interface for parameters such as Legacy, Legacy CSM, Launch CSM, CSM Boot, CSM OS, Launch CSM or CSM Support. It should be noted that in the vast majority of firmware this mode is present, which greatly simplifies the life of users who bought new laptops or motherboards, but have not changed their habits in using “old” operating systems from MS :) It is logical to assume that if there is a CSM module, the firmware code when booting in traditional mode should be as close as possible to the similar functional features of traditional BIOS, simply emulating key technologies. Let's take a look at what the UEFI Compatibility Support Module (CSM) does when booting in legacy mode. For now, I will give here only an abstract conditional loading algorithm in Legacy/Compatibility Support Module (CSM) mode: Is booting in legacy mode required? If not, then we go to the usual UEFI Boot chain. Load the Legacy Driver module. Load the Legacy BIOS module. Is support for traditional video BIOS functions required (implementation of int 10h interrupt functions)? Yes - we are loading. Is support for other traditional BIOS extensions (int 13h..) required? Yes - we are loading. Loading a traditional (legacy) OS? No - we go to normal UEFI boot. We form SMBIOS structures. We form Legacy Device structures. We form the int 15h interrupt structure, the BBS (BIOS Boot Specification) API structure. We generate ACPI RSD PTR. Upload a compatible SMM code. We load the code from the MBR and transfer control to it. Multiboot in UEFI From the very beginning of the mass distribution of personal computers, from time to time the task arose of deploying several operating systems on one PC, which could host one or more physical media. Not so long ago, the situation was significantly changed by the discovery of virtualization technology, but this did not completely eliminate the problem. In its classical sense, in relation to stations booting using the traditional PC/AT BIOS method using classic MBR markup, multiboot was third party code in the main boot sector (MBR), which loads the so-called boot manager (multi-booter), which stores settings for each operating system installed on the computer and provides a menu for selecting how to boot a particular OS. If we talk about our time, that is, about multibooting in relation to media partitioned using GPT markup, then a lot has changed now. As we have already noted, UEFI can directly work with GPT disks, so the task of installing multiple operating systems is greatly simplified. Now all the functions of the multibooter are taken over by the built-in UEFI Boot Manager, the operating principles of which we described above. The OS installer only needs to do what it already does very well: place the bootloader on a special ESP partition in “its” directory hierarchy, after which this bootloader becomes “visible” in the UEFI settings. In addition to the OS installer, now the user himself, using the settings (graphical/text interface UEFI), can manually add a bootloader located on any physical media connected and visible to the system. All these added different ways Boot loaders become available through the Boot Menu, which the user can configure/call directly during UEFI operation, that is, at the initial stage of PC boot. In other words, multibooting in UEFI is simply a matter of running UEFI applications (OS-specific bootloaders) located on mounted media on a special ESP partition in a directory hierarchy rooted at /EFI.

With the release of Windows 8, manufacturers began to actively implement the successor to the BIOS - the UEFI interface, which during its existence has already managed to cause a lot of trouble. We will tell you how, despite this, to take advantage of its benefits.

The massive transition to UEFI (Unified Extensible Firmware Interface) has already begun. Microsoft requires this interface to be used on all computers that will ship with Windows 8. More precisely, we are talking about UEFI with the Secure Boot feature. At the same time, only “eight” can work on such PCs without problems: neither Windows XP nor “seven” can be installed on a UEFI machine without additional manipulations.

You won't be able to boot from a Linux Live or Windows flash drive either. What exactly can happen if you try to start with installation flash drive on a Sony VAIO laptop, shown in the picture above. And the problems with UEFI don't end there. Each hardware manufacturer configures UEFI at its own discretion, thereby creating unnecessary difficulties for the user. The IdeaPad laptop from Lenovo was not able to recognize the same flash drive as boot media at all. At the same time, Lenovo has nothing to reproach: the fact is that the bootable flash drive is formatted as a file NTFS system, and UEFI does not support booting from such media. If you connect the same drive to an EliteBook laptop from HP, it will boot without problems and allow you to install Windows. The problem is that all the data on the EliteBook disk would be deleted after installation.

Everyone configures differently

Are you confused? No wonder: UEFI with Secure Boot establishes new rules for installing and booting operating systems, and hardware manufacturers interpret these rules in their own way, which creates additional difficulties for the user. Therefore, in this article, we set ourselves the goal of clearing up the confusion around UEFI. Using laptops from major manufacturers as an example, we will tell you how UEFI works, what role the Secure Boot function plays, how to bypass the “traps” set by the new interface, and what you need to use bootable flash drives without fear of any destructive consequences.

How UEFI works

UEFI boots strictly according to established rules. If the OS does not support UEFI, BIOS emulation mode is activated. The process of booting a BIOS-based PC is quite simple: after pressing the power button, the BIOS starts, which checks the status of the hardware and loads the firmware - simple drivers for individual hardware components. The BIOS then searches for the OS bootloader and activates it. This in turn loads the operating system or displays a list of available operating systems.

UEFI-based computers boot in a similar way only until the boot options are searched. After this, everything happens differently. UEFI has its own OS bootloader with integrated launch managers for installed systems. For it, a small partition (100–250 MB) is created on the disk, formatted in the FAT32 file system, which is called Extensible Firmware Interface System Partition ( system partition Extensible Firmware Interface (ESP). It contains drivers for hardware components that can be accessed by the running operating system. General rule This is: with the exception of DVDs, UEFI can only boot from media formatted with the FAT32 file system.

UEFI is a complex mechanism

ESP has its advantages: thanks to UEFI drivers and the OS loader, Windows starts faster and responds more adequately to critical driver errors. But the UEFI interface also imposes restrictions: it allows you to install the OS only on hard drives that are marked according to the GPT standard. The latter is not supported by any BIOS version, since, unlike the traditional partitioning scheme (MBR), it uses 64-bit sector addresses. In addition to Windows 8, only 64-bit versions support the UEFI interface Windows Vista and 7, as well as Linux with kernel 3.2 and higher. Moreover, for PCs certified to work with G8, Microsoft requires the use of the Secure Boot option. In this mode, UEFI only launches verified OS boot loaders that contain Microsoft digitally signed drivers.

Along with Windows 8, only the Shim bootloader (Linux) has drivers with the necessary signatures for Secure Boot. They are not available in other OSes. So if you want to install on like a computer in addition to the “eight” also Windows 7 or Vista, you need to open the UEFI menu and disable Secure Boot. If you choose a non-UEFI compatible OS as your second OS, you will need to use the Compatibility Support Module (CSM), which can be enabled in UEFI. Unfortunately, manufacturers use different versions of UEFI, and it can sometimes be difficult to figure out how to disable Secure Boot and enter BIOS emulation mode. We will consider these questions further.

UEFI based PC boot process

Depending on the configuration, UEFI either boots the computer itself or goes into emulation mode of the standard BIOS. Only after this does the Windows Boot Manager start.

Installing Windows on a PC with UEFI and Secure Boot On a PC with Windows 8 based on UEFI Secure Boot, other versions of the OS can be installed only under certain conditions. The user must select the correct boot mode in advance and prepare the installation flash drive accordingly.

Enabling BIOS emulation mode Complete confusion: the method for entering BIOS emulation mode depends on the UEFI version. On Sony VAIO (1) you need to activate the “Legasy” option, on ASUS Zenbook(2) - “Launch CSM”.

UEFI setup

Each manufacturer uses its own version of UEFI in laptops and ultrabooks. However, it does not provide access to all the necessary functions. Often, when loading a PC or laptop, the display does not display the name of the button that can be used to open the UEFI settings menu. We suggest doing the following: in the Metro interface, go to the “Options | Change PC settings" in the sidebar and activate the "General | Special options downloads". After the restart, the OS boot manager will appear, which will allow you to open the UEFI menu. The exception is HP's UEFI, which does not have this option. The following will help: while loading, hold down the "Esc" key. In any case, you must first find out which button allows you to enter the UEFI menu. If you change the boot mode to CSM or Legasy BIOS to boot from a rescue flash drive, you must switch back from CSM to UEFI after the recovery operation, otherwise Windows 8 will not start. But there are exceptions here: Aptio Setup Utility on ASUS computers activates UEFI automatically in the absence of BIOS-compatible bootable media, so you just need to disconnect the flash drive.

Disabling Secure Boot will be required if, in addition to G8, you want to install a 64-bit version of Windows Vista or 7. Sometimes the so-called hybrid mode is supported, as in devices from HP, in which UEFI can boot from all bootable media and, if necessary, switch to BIOS mode. In the widely used UEFI version InsydeH2O, this depends on whether the laptop manufacturer has provided the ability to disable Secure Boot or not. IN Acer Aspire S7 this function is not available, and to deactivate it you need to switch from UEFI to BIOS mode and back.

• Translation

Newer computers use UEFI firmware instead of the traditional BIOS. Both of these programs are examples of software low level, which runs when the computer starts before the operating system boots. UEFI is a newer solution, it supports larger hard drives, boots faster, is more secure - and, very conveniently, has graphical interface and supports mouse.

Some newer computers that ship with UEFI still call it "BIOS" to avoid confusion for users accustomed to traditional PC BIOSes. But even if you see it mentioned, know that your new computer will most likely be equipped with UEFI, not BIOS.

What is BIOS?

BIOS stands for Basic Input-Output system, a basic input-output system. It is a low-level program stored on a chip on your computer's motherboard. The BIOS loads when you turn on your computer and is responsible for waking up its hardware components, making sure they are working correctly, and then launching the boot loader program, which starts the Windows operating system or any other operating system you have installed.

The BIOS setup screen allows you to change many settings. Computer hardware configuration, system time, boot order. This screen can be called up at the beginning of the computer boot by pressing a certain key - on different computers it is different, but the Esc, F2, F10, Delete keys are often used. By saving a setting, you store it in the motherboard memory. When you boot your computer, the BIOS will configure it as specified in the saved settings.

Before loading the operating system, the BIOS goes through POST, or Power-On Self Test, self-testing after switching on. It checks that the hardware is configured correctly and is working properly. If something is wrong, you will see a series of error messages on the screen or hear a mysterious squeak from the system unit. What exactly do they mean sound signals described in the computer manual.

When the computer boots after POST, the BIOS looks for Master Boot Record, or MBR - master boot record. It is stored on boot device and is used to launch the OS boot loader.

You may also have seen the acronym CMOS, which stands for Complementary Metal-Oxide-Semiconductor. It refers to the memory in which the BIOS stores various settings. Its use is obsolete, since this method has already been replaced by flash memory (also called EEPROM).

Why is the BIOS outdated?

BIOS has been around for a long time and has evolved little. Even MS-DOS computers released in the 1980s had a BIOS.

Of course, with BIOS time still changed and improved. Its extensions were developed, in particular, ACPI, Advanced Configuration and Power Interface (advanced configuration and power management interface). This allowed the BIOS to more easily configure devices and more advanced power management, such as hibernation. But BIOS has not evolved as much as other computer technologies since MS-DOS.

The traditional BIOS still has serious limitations. It can only boot from hard drives with a capacity of no more than 2.1 TB. Nowadays, 3 TB disks are already common, and a computer with BIOS will not boot from them. This is a BIOS MBR limitation.

The BIOS must operate in 16-bit processor mode and only 1 MB of memory is available to it. It has trouble initializing multiple devices at the same time, resulting in a slow boot process during which all hardware interfaces and devices are initialized.

The BIOS was long overdue for replacement. Intel began working on the Extensible Firmware Interface (EFI) back in 1998. Apple chose EFI when it switched to Intel architecture on its Macs in 2006, but other manufacturers didn't follow suit.

In 2007, Intel, AMD, Microsoft and PC manufacturers agreed on a new specification, the Unified Extensible Firmware Interface (UEFI), a unified extensible firmware interface. This is an industry standard maintained by the UEFI forum and does not depend solely on Intel. UEFI support in Windows was introduced with the release of Windows Vista Service Pack 1 and Windows 7. Most computers you can buy today use UEFI instead of BIOS.

How UEFI replaces and improves BIOS

UEFI replaces the traditional BIOS on PCs. There is no way to change the BIOS to UEFI on an existing PC. You need to buy hardware that supports UEFI. Most versions of UEFI support BIOS emulation so you can install and run a legacy OS waiting availability of BIOS instead of UEFI - so they are backward compatible.

The new standard bypasses BIOS limitations. UEFI firmware can boot from drives larger than 2.2 TB - the theoretical limit for them is 9.4 zettabytes. This is approximately three times the amount of data contained on the Internet today. UEFI supports such volumes due to the use of GPT partitioning instead of MBR. It also has a standardized boot process and runs executable programs EFI instead of code located in the MBR.

UEFI can operate in 32-bit or 64-bit modes and its address space is larger than that of the BIOS - which means faster booting. This also means that UEFI setup screens can be made more beautiful than those of the BIOS, including graphics and mouse support. But this is optional. Many computers to this day run UEFI with text mode, which look and work just like the old BIOS screens.

There are many other features built into UEFI. She supports safe start Secure Boot, in which you can verify that the OS boot has not been modified by any malicious program. It can support network operation, allowing remote configuration and debugging. With a traditional BIOS, you had to sit directly in front of the computer to set up your computer.

And this is not just a BIOS replacement. UEFI is a small operating system that runs on top of the PC's firmware, so it can do much more than BIOS. It can be stored in flash memory on the motherboard or loaded from hard drive or from the network.

Different computers have different interfaces and UEFI properties. It all depends on the computer manufacturer, but the basic capabilities are the same for everyone.

How to Access UEFI Settings on a Modern PC

If you regular user, you won’t even notice the transition to a computer with UEFI. The computer will boot and shut down faster, and you will also have access to disks larger than 2.2 TB.

But the procedure for accessing the settings will be slightly different. To access the UEFI settings screen, you may need a boot boot Windows menu. PC manufacturers didn't want to slow down a fast booting computer by waiting for a key to be pressed. But we also came across UEFIs in which manufacturers left the ability to enter the settings in the same way as in the BIOS - by pressing a key during boot.

UEFI is a big update, but it happened quietly. Most PC users won't notice it and don't have to worry about their new computer using UEFI instead of the regular BIOS. PCs will simply perform better and support more modern hardware and features.

For a more detailed explanation of the differences in the UEFI boot process, see

Many of the modern brands producing PC hardware components, as well as software, strive to ensure that their products support the UEFI interface. This software solution is intended to become an alternative to the input-output system - BIOS - that is familiar to many computer enthusiasts. What are the specifics of the software in question? What nuances are typical for using its capabilities?

What is UEFI

Let's look at some basic information about UEFI. What kind of development is this? UEFI is a special interface that is installed between the OS installed on the computer and the software responsible for the low-level functions of the PC hardware components.

Sometimes referred to as UEFI BIOS. On the one hand, there is some error in this name, since BIOS is a software solution that operates on different principles. UEFI is developed by Intel, BIOS is software that exists in several versions supported different brands.

On the other hand, the purpose of BIOS and UEFI is almost the same. BIOS UEFI is a formal, not entirely correct phrase, but it does not contradict the logic of software and hardware algorithms for PC control.

Differences between BIOS and UEFI

But the first thing we will pay attention to is finding the differences between a “clean” BIOS and a “classic” UEFI. The fact is that the software solution we are considering is positioned as a more advanced alternative to BIOS. Many manufacturers of modern computer motherboards are trying to provide support for the appropriate type of software from Intel. Thus, we can trace the differences between UEFI and BIOS by studying, first of all, the shortcomings of the second system.

The first disadvantage of BIOS is that this system cannot ensure full use of disk space on very large “hard drives” - those that exceed 2 terabytes in volume. Indeed, just a few years ago such values ​​characterizing the capacity hard drives, seemed fantastic, and therefore PC manufacturers did not particularly focus on the corresponding BIOS drawback. But today you won’t surprise anyone with a hard drive with a capacity of more than 2TB. PC manufacturers began to feel that it was time to switch to UEFI, that this was an objective necessity based on modern technological trends.

Another feature of BIOS is that it supports a limited number of primary partitions on the hard drive. In turn, UEFI works with 128. The structure of the new software solution from Intel implements a new partition table - GPT, which, in fact, allows you to use the noted technological advantage of UEFI.

With all the noted differences between the new software environment developed by Intel and the traditional BIOS input/output system, the main functions of the corresponding solutions are generally the same. Apart from the fundamentally new security algorithm in UEFI, there are not too many actual differences between the systems. Some experts believe that the new software platform allows operating systems to boot faster, others note that this is only relevant for Windows 8. Let's take a closer look at the security system implemented in UEFI.

New security technology

Where the new UEFI BIOS system is ahead is in the level of security. The fact is that there are viruses that can penetrate the microcircuit where the BIOS algorithms are written. After which it becomes possible loading An OS with extended user rights, which opens up the widest possibilities for a hacker. In turn, the new solution from Intel implements secure boot - UEFI provides an appropriate algorithm called Secure Boot.

It is based on the use of special keys, which must be certified by the largest brands in the IT market. However, as experts note, in practice there are not too many such companies yet. In particular, with regard to the support of the corresponding option by operating system manufacturers, it is fully provided only by Microsoft and only in Windows 8. There is also information that compatibility with the new security system is implemented in some Linux distributions.

Benefits of UEFI

It is obvious that the noted disadvantages of the BIOS are, at the same time, the advantages of the new software solution. However, UEFI is characterized by a number of other important advantages. Let's look at them.

First of all, it is a convenient, intuitive and functional interface. As a rule, it implements mouse support - which is not typical for BIOS. Also, many versions of UEFI (BIOS does not have this option either) provide a Russified interface.

The algorithms provided by the new software solution allow loading operating systems in most cases significantly faster than when using BIOS. For example, Windows 8 installed on a UEFI-enabled computer can boot—provided the processor and other key hardware components have adequate performance—in literally 10 seconds.

Among other significant advantages of the software solution in question, which many IT specialists highlight, is a simpler update algorithm compared to BIOS mechanisms. Other useful option UEFI - the presence in a given system of its own, which can be used if several operating systems are installed on the PC.

So, the technological advantages of the new PC management software interface, which was developed by Intel, are clear to us. The largest brands of PC hardware components ensure compatibility of the corresponding hardware with UEFI - Gigabyte, ASUS, SONY. The transition to a new system, as many IT experts believe, can turn into a sustainable technology trend. The opportunities offered to the global IT community by Intel, which developed UEFI, may well be attractive to leading manufacturers of software and hardware components for PCs. Moreover, the corresponding UEFI technological options are supported by the largest brand in the operating system market.

Facts about Secure Boot

Let's take a closer look at the advantages of Secure Boot technology supported by UEFI. What is this concept? safe booting of the computer, which is designed to protect the system, as we noted above, from the penetration of viruses. However, for its full use, the keys used by this protocol must be certified. At the moment, very few software brands satisfy this criterion. Among these is Microsoft, which has implemented support for the corresponding algorithms in Windows 8.

It may be noted that this circumstance in some cases can complicate the installation of other operating systems on a PC running UEFI. If you have to install Windows, UEFI may still show some loyalty to this - but provided that the OS version is as close as possible to the one installed by the computer manufacturer. It may also be noted that some Linux distributions are also compatible with the Secure Boot option.

But even if, due to the function in question, loading a new OS is prohibited by the system, the structure of the UEFI interface provides the ability to disable Secure Boot algorithms. It is clear that in this case, loading the OS will not be so safe, however, the corresponding option can be reactivated at any time and start working with Windows 8.

Which OS are fully UEFI compatible?

In very rare cases, individual IT specialists manage to install alternative operating systems on a PC with Secure Boot support. For example, it is known that it is theoretically possible to install Windows 7 on some laptops that support UEFI BIOS. ASUS is among the manufacturers of such PCs. But this is rather an exception to the rule. In general, the probability of successful installation of even other editions of Windows 8 is low. However, as we noted above, some Linux distributions are also compatible with UEFI options.

Features of UEFI setup

Let's look at some of the nuances of setting up the software solution in question from Intel. An interesting option is BIOS emulation using UEFI. What is this opportunity? Indeed, some versions of UEFI implement algorithms by which PC management is organized in accordance with the mechanisms used by the input/output system, which is the historical predecessor of UEFI.

Depending on the specific PC, this mode may be called differently. Most often this is Legacy or Launch CSM. However, there are no difficulties with how to install UEFI in standard boot mode.

Nuances of accessing UEFI

Another interesting fact that is useful to note is that there are a large number of versions of UEFI. They can vary significantly between PCs made by different brands. At the same time, the level of availability of certain functions on different computers can also vary significantly. It often happens, for example, that when the computer boots, the menu with which you can enter the UEFI settings is not displayed. But in this case, Windows OS usually provides an alternative option for downloading the necessary options. You need to go to “Settings” and activate the “Special boot options” option.

After this, you can reboot - and several options for loading your PC will appear on the screen. Eat alternative way provide access to the appropriate UEFI options. It works on many PCs. You need to press Esc at the very beginning of the computer boot. After this, the menu in question should open.

Specifics of operation in different modes

Please note that when changing the normal UEFI operating mode to Legacy, it is advisable to use necessary programs that require disabling Secure Boot or running with BIOS emulation, re-enable the UEFI interface with all relevant options as soon as possible. Otherwise, Windows 8, as some IT specialists note, may not start. However, many PCs do not have this problem. Some manufacturer brands implement algorithms into the PC management structure that allow you to activate the UEFI mode automatically. Some PC models implement a hybrid mode, in which the UEFI system boots from any media, and BIOS modulation can be started if necessary. Differences in UEFI versions may also mean that disabling Secure Boot in the normal operation mode of the Intel software solution is not possible. To do this, you will have to activate the BIOS emulation function in any case.

UEFI and bootable flash drives

In some cases, users need to boot the operating system from a flash drive. The main difficulty is that a UEFI bootable flash drive having a format other than FAT32 is not recognized. But this problem can be successfully resolved. How?

So, by default, bootable USB flash drives for Windows are formatted in a format that UEFI does not recognize. That's why the main task- ensure that the corresponding hardware component is formatted in the more universal file system - FAT32. The most interesting thing is that many IT specialists consider it outdated. But using the example of one of the most modern software solutions, which is, of course, UEFI, we can trace the relevance of the corresponding standard.

Flash drive for booting in UEFI mode: components

What do we need to ensure that the UEFI bootable flash drive is recognized without problems? First of all, this is, in fact, a USB drive itself. It is advisable that its capacity be at least 4 GB. It is also advisable that no valuable files be placed on it, since we have to completely format the flash drive. The next component we need is a Windows OS distribution. Let it be the 64-bit version of Windows 7. Another UEFI feature, which should be mentioned - 32-bit OS from Microsoft given the system does not support.

Preparing a flash drive

If we have the marked components, then we can start working. First, insert the USB flash drive. Then, open the command line in Windows interface. It is necessary, however, that the user have administrator rights. Through you need to launch the DISKPART program - simply by entering this word. After this, you need to enter the list disk command, which will display a list of disks present in the system. You need to find a USB flash drive in it. If it is number 2 in the list, then you need to enter the command select disk 2.

Formatting a flash drive

Next you need to format the media. To do this, you need to enter the clean command. After this, you need to create a primary partition on the disk. This can be done using the create partition primary command. After this, the created partition should be made active. To do this, enter the active command. After this, you can display a list of sections. To do this, enter list volume in the command line. We find the section that we created. If it is listed as number 3, then enter the command select volume 3. After this, you need to format it in the FAT32 system. To do this you need to enter format command fs=fat32. The basic bootable media is thus ready. But that is not all. You need to assign a drive letter to the flash drive. This can be done using the assign command. After that, enter exit and exit the command line.

Burning the distribution to a flash drive

After all the steps described above, you need to copy Windows distribution 7 per flash drive. This can also be done using the command line. How? There is a special command for this - xcopy. You need to enter it, then specify the address of the disk with the distribution kit, insert the * symbol, indicate the letter that corresponds to the flash drive intended for loading into UEFI, and then enter the command with the symbols /s /e. Then you need to go through the command line to the flash drive. There you need to go to the efi\microsoft\boot directory. It needs to be copied to the efi\boot folder. After this, you need to copy the file called bootmgfw.efi to the efi\boot folder, and then rename it to the bootx64.efi file.

The work with the flash drive is completed. A UEFI disk with the FAT32 file system, which we can just recognize without problems. Accordingly, you can install Windows 7 on a PC from it. Of course, provided that the Secure Boot algorithm is disabled in the UEFI options, which prohibits the installation of OSes that differ from Windows 8 on the computer.

The massive transition to UEFI (Unified Extensible Firmware Interface) has already begun. Microsoft requires this interface to be used on all computers that will ship with Windows 8. More precisely, we are talking about UEFI with the Secure Boot feature. At the same time, only “eight” can work on such PCs without problems: neither Windows XP nor “seven” can be installed on a UEFI machine without additional manipulations. You won't be able to boot from a Linux Live or Windows flash drive either. What exactly can happen if you try to start from the installation flash drive on a Sony VAIO laptop is shown in the picture above. And the problems with UEFI don't end there. Each hardware manufacturer configures UEFI at its own discretion, thereby creating unnecessary difficulties for the user. The IdeaPad laptop from Lenovo was not able to recognize the same flash drive as boot media at all. At the same time, Lenovo has nothing to blame: the fact is that the bootable flash drive is formatted in the NTFS file system, and UEFI does not support booting from such media. If you connect the same drive to an EliteBook laptop from HP, it will boot without problems and allow you to install Windows. The problem is that all the data on the EliteBook disk would be deleted after installation.

Everyone configures differently

Are you confused? No wonder: UEFI with Secure Boot establishes new rules for installing and booting operating systems, and hardware manufacturers interpret these rules in their own way, which creates additional difficulties for the user. Therefore, in this article, we set ourselves the goal of clearing up the confusion around UEFI. Using laptops from major manufacturers as an example, we will tell you how UEFI works, what role the Secure Boot function plays, how to bypass the “traps” set by the new interface, and what you need to use bootable flash drives without fear of any destructive consequences.

How UEFI works

UEFI boots strictly according to established rules. If the OS does not support UEFI, BIOS emulation mode is activated. The process of booting a BIOS-based PC is quite simple: after pressing the power button, the BIOS starts, which checks the status of the hardware and loads the firmware - simple drivers for individual hardware components. The BIOS then searches for the OS bootloader and activates it. This in turn loads the operating system or displays a list of available operating systems.

UEFI-based computers boot in a similar way only until the boot options are searched. After this, everything happens differently. UEFI has its own OS bootloader with integrated launch managers for installed systems. For it, a small partition (100–250 MB) is created on the disk, formatted in the FAT32 file system, which is called Extensible Firmware Interface System Partition (ESP system partition). It contains drivers for hardware components that can be accessed by the running operating system. The general rule is that, with the exception of DVDs, UEFI can only boot from media formatted with the FAT32 file system.

UEFI is a complex mechanism

ESP has its advantages: thanks to UEFI drivers and the OS loader, Windows starts faster and responds more adequately to critical driver errors. But the UEFI interface also imposes restrictions: it allows you to install the OS only on hard drives that are marked according to the GPT standard. The latter is not supported by any BIOS version, since, unlike the traditional partitioning scheme (MBR), it uses 64-bit sector addresses. In addition to Windows 8, the UEFI interface is supported only by 64-bit versions of Windows Vista and 7, as well as Linux with kernel 3.2 and higher. Moreover, for PCs certified to work with G8, Microsoft requires the use of the Secure Boot option. In this mode, UEFI only launches verified OS boot loaders that contain Microsoft digitally signed drivers.

Along with Windows 8, only the Shim bootloader (Linux) has drivers with the necessary signatures for Secure Boot. They are not available in other OSes. Therefore, if you want to install Windows 7 or Vista on such a computer, in addition to G8, you need to open the UEFI menu and disable Secure Boot. If you choose a non-UEFI compatible OS as your second OS, you will need to use the Compatibility Support Module (CSM), which can be enabled in UEFI. Unfortunately, manufacturers use different versions of UEFI, and it can sometimes be difficult to figure out how to disable Secure Boot and enter BIOS emulation mode. We will consider these questions further.

UEFI based PC boot process

Depending on the configuration, UEFI either boots the computer itself or goes into emulation mode of the standard BIOS. Only after this does the Windows Boot Manager start.

Installing Windows on a PC with UEFI and Secure Boot

On a PC with Windows 8 based on UEFI Secure Boot, other versions of the OS can be installed only under certain conditions. The user must select the correct boot mode in advance and prepare the installation flash drive accordingly.

Enabling BIOS emulation mode

Complete confusion: the method for entering BIOS emulation mode depends on the UEFI version. On Sony VAIO (1) you need to activate the “Legasy” option, on ASUS Zenbook (2) - “Launch CSM”.

UEFI setup

Each manufacturer uses its own version of UEFI in laptops and ultrabooks. However, it does not provide access to all the necessary functions. Often, when loading a PC or laptop, the display does not display the name of the button that can be used to open the UEFI settings menu. We suggest doing the following: in the Metro interface, go to the “Options | Change PC settings" in the sidebar and activate the "General | Special download options." After the restart, the OS boot manager will appear, which will allow you to open the UEFI menu. The exception is HP's UEFI, which does not have this option. The following will help: while loading, hold down the "Esc" key. In any case, you must first find out which button allows you to enter the UEFI menu. If you change the boot mode to CSM or Legasy BIOS to boot from a rescue flash drive, you must switch back from CSM to UEFI after the recovery operation, otherwise Windows 8 will not start. But there are exceptions here: Aptio Setup Utility on ASUS computers activates UEFI automatically in the absence of BIOS-compatible bootable media, so you just need to disconnect the flash drive.

Disabling Secure Boot will be required if, in addition to G8, you want to install a 64-bit version of Windows Vista or 7. Sometimes the so-called hybrid mode is supported, as in devices from HP, in which UEFI can boot from all bootable media and, if necessary, switch to BIOS mode. In the widely used UEFI version InsydeH2O, this depends on whether the laptop manufacturer has provided the ability to disable Secure Boot or not. In the Acer Aspire S7, this function is not available, and to deactivate it you need to switch from UEFI to BIOS mode and back.

Difficulties with recovery

With the advent of UEFI, manufacturers changed the way they work with the OS recovery system. The “Alt+F10” keyboard shortcut, which was previously used, for example, in Acer models, no longer works or is assigned to other functions. And the “F9” button loads on the new Zenbook not the ASUS Preload Wizard, but the program Windows recovery 8 with extended boot menu.

The VAIO Care recovery mode in Sony laptops can be opened in a similar menu by selecting the “Control Panel | Troubleshooting | Recovery". But if you start the OS boot manager and select “Diagnostics | Restore" or "Restore to original state", the device will ask you to insert the original Windows disk 8, which is not included in the package. On Acer models, backup is performed using a pre-installed Windows program, and restoration from backup copy carried out from an external USB drive. However, you must first go to the UEFI menu and specify such a disk as a boot one.

Going to the UEFI menu from Windows

If the Windows 8 launch function with advanced settings is activated, then by selecting “Diagnostics” (1) and “ Extra options"(2), you can access the UEFI Firmware Settings menu (3).

Useful features UEFI

Each laptop manufacturer uses different versions of the UEFI interface and implements it in the system in accordance with their ideas. The table, broken down by model, will show you where the main UEFI features are located.

Solving the problem: disabling Secure Boot

In some cases, Secure Boot cannot be deactivated directly. In Acer Aspire S7, for example, this function is not available. But if you switch to “Legacy BIOS” (1) and back again (2), Secure Boot will be disabled.

Everything is possible in hybrid mode

HP's version of the UEFI interface supports hybrid mode, in which, depending on the boot media, one of two modes is launched - either UEFI or CSM. In this case, the Secure Boot function is disabled automatically.

Run from a flash drive

Older flash media for emergency boot and recovery only work in BIOS mode. We will make them UEFI compatible.

USB flash drives have recently become increasingly used as bootable media for restoring or installing Windows. This is due to the fact that in modern laptops very rarely installed optical drives. If you have examined the UEFI settings on your computer, it is recommended that you also upgrade your flash drives. With the advent of UEFI, all existing bootable flash drives can no longer be used in the usual way. For example, if you created a bootable USB media using UNetbootin, you will need to start your PC in CSM mode. The same applies to all old flash drives, since the developers of Linux Live distributions (for example, GParted) only began to add a bootloader with UEFI support and Secure Boot functions in the latest, most recent versions of their applications.

The simplest method is to disable Secure Boot in UEFI, then use the free Rufus programs a UEFI-compatible flash drive is created and the latest version of GParted is copied to it.

The Microsoft program is outdated

Regarding bootable USB media with operating system Windows system slightly different rules apply. To be UEFI compatible, they must be formatted with the FAT32 file system. Many users, even for Windows 8, create bootable drives on flash drives formatted using a program from Microsoft, part of the “seven”. However this application by default formats the drive in the NTFS file system, as a result of which the system on the media cannot subsequently be installed on a computer with UEFI. To avoid waiting for an updated program from Microsoft, you can create a bootable drive manually. To do this, first format the USB flash drive using a free utility. Then open the ISO image in Windows 8 and copy the files it contains to the media.

But in order for a UEFI-compatible flash drive with 64-bit Windows 7 to boot without any problems, you will need to copy the UEFI boot loader to the desired directory on the flash drive. To do this, using free archiver 7-Zip, find the Install.wim archive file in the ISO image that contains the Windows 7 installation files in the Sources folder and open it. After that, copy the bootmgfw.efi file from the 1\Windows\Boot\EFI directory. Then save it to your flash drive in the efi\boot directory and rename it bootx64.efi. After this, you can work with the USB drive in UEFI mode, and you will be able to install Windows 7 from it without any problems.

Creation bootable flash drives based on Live systems

To be compatible with UEFI, flash drives must be formatted in FAT32. For example, the UNetbootin (1) program creates bootable drives based on Linux Live distributions, formatting them in FAT. However, the Rufus utility (2) offers a more correct option.

Flash drive for OS recovery on PC with UEFI

Flash drives based on recent Live systems, such as GParted, can easily access UEFI PCs, since their built-in tools - such as GPart (1) and TestDisk (2) - can work with GPT partitions.

Formatting a bootable USB flash drive with Windows

The 64-bit version of Windows 7 can also be installed on a PC with UEFI. If you want to perform this operation from a USB drive, you need to format it using the Windows DiskPart program as a FAT32 file system and make it bootable.

Removing the UEFI Boot Loader

A UEFI-compatible flash drive running Windows 7 additionally requires a UEFI boot loader - bootmgfw.efi. It must be manually copied from the install.wim archive to a flash drive using 7-Zip or any other archiver.

Source