Edit count of the user ($1) (user_editcount) | 2716 |
Name of the user account ($1) (user_name) | 'Raphael1' |
Age of the user account ($1) (user_age) | 442087574 |
Groups (including implicit) the user is in ($1) (user_groups) | [
0 => 'extendedconfirmed',
1 => '*',
2 => 'user',
3 => 'autoconfirmed'
] |
Rights that the user has ($1) (user_rights) | [
0 => 'extendedconfirmed',
1 => 'createaccount',
2 => 'read',
3 => 'edit',
4 => 'createtalk',
5 => 'writeapi',
6 => 'viewmywatchlist',
7 => 'editmywatchlist',
8 => 'viewmyprivateinfo',
9 => 'editmyprivateinfo',
10 => 'editmyoptions',
11 => 'abusefilter-log-detail',
12 => 'urlshortener-create-url',
13 => 'centralauth-merge',
14 => 'abusefilter-view',
15 => 'abusefilter-log',
16 => 'vipsscaler-test',
17 => 'collectionsaveasuserpage',
18 => 'reupload-own',
19 => 'move-rootuserpages',
20 => 'createpage',
21 => 'minoredit',
22 => 'editmyusercss',
23 => 'editmyuserjson',
24 => 'editmyuserjs',
25 => 'purge',
26 => 'sendemail',
27 => 'applychangetags',
28 => 'spamblacklistlog',
29 => 'mwoauthmanagemygrants',
30 => 'reupload',
31 => 'upload',
32 => 'move',
33 => 'collectionsaveascommunitypage',
34 => 'autoconfirmed',
35 => 'editsemiprotected',
36 => 'skipcaptcha',
37 => 'transcode-reset',
38 => 'createpagemainns',
39 => 'movestable',
40 => 'autoreview'
] |
Whether the user is editing from mobile app ($1) (user_app) | false |
Whether or not a user is editing through the mobile interface ($1) (user_mobile) | false |
Page ID ($1) (page_id) | 866065 |
Page namespace ($1) (page_namespace) | 0 |
Page title without namespace ($1) (page_title) | 'Unified Extensible Firmware Interface' |
Full page title ($1) (page_prefixedtitle) | 'Unified Extensible Firmware Interface' |
Edit protection level of the page ($1) (page_restrictions_edit) | [] |
Page age in seconds ($1) (page_age) | 492470779 |
Action ($1) (action) | 'edit' |
Edit summary/reason ($1) (summary) | '/* {{Anchor|GOP|VARIABLE}}Services */ This is not „fearmongering“. Check the reference' |
Old content model ($1) (old_content_model) | 'wikitext' |
New content model ($1) (new_content_model) | 'wikitext' |
Old page wikitext, before the edit ($1) (old_wikitext) | '{{short description|Specification that defines a software interface between an operating system and platform firmware}}
{{Merge from|UEFI Platform Initialization|date=May 2019}}
{{lead too short|date=December 2014}}
{{Use dmy dates|date=February 2020}}
[[File:Efi-simple.svg|thumb|upright=1.4|EFI's position in the software stack]]
The '''Unified Extensible Firmware Interface''' ('''UEFI''') is a [[specification]] that defines a software [[Interface (computer science)|interface]] between an [[operating system]] and platform [[firmware]]. UEFI replaces the legacy Basic Input/Output System ([[BIOS]]) firmware interface originally present in all [[IBM PC compatible|IBM PC-compatible]] [[personal computer]]s,<ref name="Intel2000">{{cite web|url=http://systems.cs.colorado.edu/Documentation/IntelDataSheets/xscalemagazine.pdf | title =Solving BIOS Boot Issues with EFI |first=Michael |last=Kinney |date=1 September 2000 |accessdate=14 September 2010 |pages=47–50}}</ref><ref name="ElReg1" /> with most UEFI firmware implementations providing support for legacy BIOS services. UEFI can support remote diagnostics and repair of computers, even with no operating system installed.<ref>{{cite web|url=http://h30565.www3.hp.com/t5/Feature-Articles/The-30-year-long-Reign-of-BIOS-is-Over-Why-UEFI-Will-Rock-Your/ba-p/198 | archiveurl=https://web.archive.org/web/20130626000135/http://h30565.www3.hp.com/t5/Feature-Articles/The-30-year-long-Reign-of-BIOS-is-Over-Why-UEFI-Will-Rock-Your/ba-p/198 | archivedate=26 June 2013 | title=The 30-year-long Reign of BIOS is Over: Why UEFI W... - Input Output |website=HP.com |date= |accessdate=6 March 2012}}</ref>
[[Intel]] developed the original '''Extensible Firmware Interface''' ('''EFI''') specifications. Some of the EFI's practices and data formats mirror those of [[Microsoft Windows]].<ref>[https://www.cl.cam.ac.uk/~mgk25/mswish/ut-rtc.html IBM PC Real Time Clock should run in UT]. Cl.cam.ac.uk. Retrieved on 30 October 2013.</ref><ref name="Matthew Garrett">{{cite web |url=https://www.youtube.com/watch?v=V2aq5M3Q76U#t=14m45s |title=EFI and Linux: The Future Is Here, and It's Awful |first=Matthew |last=Garrett |date=19 January 2012 |work=[[linux.conf.au]] 2012 |accessdate=2 April 2012}}</ref> In 2005, UEFI deprecated EFI 1.10 (the final release of EFI). The [[Unified EFI Forum]] is the industry body that manages the UEFI specifications throughout.
== History ==
The original motivation for EFI came during early development of the first Intel–HP [[Itanium]] systems in the mid-1990s. [[BIOS]] limitations (such as 16-bit [[CPU modes|processor mode]], [[real mode|1 MB addressable space]] and [[PC AT]] hardware) had become too restrictive for the larger server platforms Itanium was targeting.<ref name = "EmulexUEFI" /> The effort to address these concerns began in 1998 and was initially called ''Intel Boot Initiative''.<ref>{{citation | url = http://www.intel.com/technology/efi/ | archiveurl = https://web.archive.org/web/20100105051711/http://www.intel.com/technology/efi/ | archivedate = 5 January 2010 | title = Extensible Firmware Interface (EFI) and Unified EFI (UEFI) | publisher = Intel}}</ref> It was later renamed to ''Extensible Firmware Interface'' (EFI).<ref>{{citation | first = Dong | last = Wei | title = Beyond BIOS | chapter = foreword | publisher = Intel Press | year = 2006 | isbn = 978-0-9743649-0-2}}</ref><ref>{{citation | chapter-url = http://www.intel.com/technology/efi/main_specification.htm | title = Extensible Firmware Interface | chapter = 1.10 Specification overview | publisher = Intel}}</ref>
In July 2005, Intel ceased its development of the EFI specification at version 1.10, and contributed it to the [[Unified EFI Forum]], which has developed the specification as the ''Unified Extensible Firmware Interface'' (UEFI). The original EFI specification remains owned by Intel, which exclusively provides licenses for EFI-based products, but the UEFI specification is owned by the UEFI Forum.<ref name = "EmulexUEFI">{{cite news | url = http://www.emulex.com/artifacts/757d23e7-8acb-41a7-872a-afb733ab0688/elx_tb_all_uefi_ibm.pdf |title=Emulex UEFI Implementation Delivers Industry-leading Features for IBM Systems |publisher=Emulex | accessdate =14 September 2010}}</ref><ref>{{citation | url = http://www.uefi.org/about/ | publisher = Unified EFI Forum | title = About | quote = Q: What is the relationship between EFI and UEFI? A: The UEFI specification is based on the EFI 1.10 specification published by Intel with corrections and changes managed by the Unified EFI Forum. Intel still holds the copyright on the EFI 1.10 specification, but has contributed it to the Forum so that the Forum can evolve it. There will be no future versions of the EFI specification, but customers who license it can still use it under the terms of their license from Intel. The license to the Unified EFI Specification comes from the Forum, not from Intel}}</ref>
Version 2.1 of the UEFI specification was released on 7 January 2007. It added [[cryptography]], network authentication and the [[user interface]] architecture ('Human Interface Infrastructure' in UEFI). The latest UEFI specification, version 2.8, was approved in March 2019.<ref>{{cite web|url=http://www.uefi.org/specifications|title=Unified Extensible Firmware Interface Forum Specifications|publisher=|accessdate=3 June 2019}}</ref>
Tiano was the first [[open source]] UEFI implementation and was released by Intel in 2004. Tiano has since then been superseded by EDK<ref>{{Cite web | url=https://github.com/tianocore/edk |title =GitHub - tianocore/Edk: Git mirror of EDK.|date = 19 March 2019}}</ref> and EDK2<ref>{{Cite web | url=https://github.com/tianocore/tianocore.github.io/wiki/EDK-II | title=GitHub - tianocore/Tianocore.github.io: Tianocore website.| date=8 August 2019}}</ref> and is now maintained by the TianoCore community.<ref>{{Cite web | url=https://www.tianocore.org/ |title = What is TianoCore?}}</ref>
In December 2018, [[Microsoft]] announced Project Mu, a fork of TianoCore EDK2 used in [[Microsoft Surface]] and [[Hyper-V]] products. The project promotes the idea of [[Firmware as a Service]].<ref>{{cite web|url= https://betanews.com/2018/12/20/microsoft-project-mu/|title= Microsoft announces Project Mu, an open-source release of the UEFI core|date= 20 December 2018}}</ref>
== Advantages ==
The interface defined by the EFI specification includes data tables that contain platform information, and boot and runtime services that are available to the OS loader and OS. UEFI firmware provides several technical advantages over a traditional BIOS system:<ref name="UEFI2009Microsoft">{{cite web |url=http://www.microsoft.com/whdc/system/platform/firmware/UEFI_Windows.mspx |title=UEFI and Windows |publisher=Microsoft |date=15 September 2009 |accessdate=14 September 2010 }}</ref>
* Ability to use large disks partitions (over 2 [[terabyte|TB]]) with a [[GUID Partition Table]] (GPT)<ref name="grub-bios-installation">{{cite web
| url = https://www.gnu.org/software/grub/manual/html_node/BIOS-installation.html
| title = Installation
| work = 3.4 BIOS installation
| accessdate = 25 September 2013
| publisher = [[GNU GRUB]]
}}</ref>{{Efn|name="note1"|Large disk support and features such as [[Advanced Configuration and Power Interface]] (ACPI) and [[SMBIOS|System Management BIOS]] (SMBIOS) were subsequently implemented in BIOS-based systems.}}
* CPU-independent architecture{{Efn|name="note1"}}
* CPU-independent drivers{{Efn|name="note1"}}
* Flexible pre-OS environment, including network capability
* Modular design
* Backward and forward compatibility
== Compatibility ==
=== {{Anchor|HANDOVER|BOOT-STUB}}Processor compatibility ===
As of version 2.5, processor bindings exist for Itanium, x86, x86-64, [[ARM architecture|ARM]] (AArch32) and [[ARM64]] (AArch64).<ref>UEFI Specification 2.4, section 2.3</ref> Only [[endianness|little-endian]] processors can be supported.<ref>UEFI specification 2.3.1, section 1.8.1.</ref> Unofficial UEFI support is under development for POWERPC64 by implementing [[#Intel EFI|TianoCore]] on top of OPAL,<ref>{{cite web|url=https://github.com/andreiw/ppc64le-yedk2|title=GitHub - andreiw/ppc64le-edk2: TianoCore UEFI for OPAL/PowerNV (PPC64/PowerPC64 Little-Endian)|work=GitHub}}</ref> the OpenPOWER abstraction layer, running in little-endian mode.<ref>{{cite web|url=http://firmwaresecurity.com/2015/10/12/tianocore-for-openpower/comment-page-1/|title=Tianocore for OpenPOWER|work=Firmware Security|date=12 October 2015}}</ref> Similar projects exist for [[MIPS architecture|MIPS]]<ref>{{cite web|url=http://sourceforge.net/projects/efi-mips/|title=EFI-MIPS|author=kontais|work=SourceForge}}</ref> and [[RISC-V]].<ref>{{cite web|url=http://www.lowrisc.org/|title=lowRISC · lowRISC|publisher=}}</ref> As of UEFI 2.7, RISC-V processor bindings have been officially established for 32-, 64- and 128-bit modes.<ref>http://www.uefi.org/sites/default/files/resources/UEFI_Spec_2_7.pdf</ref>
Standard PC BIOS is limited to a 16-bit processor mode and 1 MB of addressable memory space, resulting from the design based on the [[IBM Personal Computer|IBM 5150]] that used a 16-bit [[Intel 8088]] processor.<ref name="EmulexUEFI"/><ref name="BitTechUEFI">{{cite news | url = http://www.bit-tech.net/hardware/storage/2010/06/01/are-we-ready-for-3tb-hard-disks/2 |title=LBA explained — Solving the 3TB Problem? |publisher=bit-tech |first=Ben |last=Hardwidge |date = 1 June 2010 | accessdate =18 June 2010}}</ref> In comparison, the processor mode in a UEFI environment can be either 32-bit ([[x86|x86-32]], AArch32) or 64-bit ([[x86-64]], Itanium, and AArch64).<ref name="EmulexUEFI" /><ref name="AskBIOSGuyWhyUEFI">{{cite news |url=http://community.edc.intel.com/t5/New-to-Intel-Architecture-Blog/Ask-a-BIOS-Guy-quot-Why-UEFI-quot/ba-p/2781 |title=Ask a BIOS Guy: "Why UEFI" |publisher=Intel Architecture Blog |author=Brian Richardson |date=10 May 2010 |accessdate=18 June 2010 |url-status=dead |archiveurl=https://web.archive.org/web/20101009214219/http://community.edc.intel.com/t5/New-to-Intel-Architecture-Blog/Ask-a-BIOS-Guy-quot-Why-UEFI-quot/ba-p/2781 |archivedate=9 October 2010 }}</ref> 64-bit UEFI firmware implementations support [[long mode]], which allows applications in the preboot execution environment to use 64-bit addressing to get direct access to all of the machine's memory.<ref name="WinHec2008UEFI">{{cite news |url=http://download.microsoft.com/download/5/e/6/5e66b27b-988b-4f50-af3a-c2ff1e62180f/cor-t605_wh08.pptx |archiveurl=https://web.archive.org/web/20140104004546/http://download.microsoft.com/download/5/e/6/5e66b27b-988b-4f50-af3a-c2ff1e62180f/cor-t605_wh08.pptx |format = PPTX |title = UEFI Momentum — The AMD perspective |archivedate=4 January 2014 |publisher=AMD |author=Gary Simpson |accessdate=20 September 2014}}</ref>
UEFI requires the firmware and operating system loader (or kernel) to be size-matched; for example, a 64-bit UEFI firmware implementation can load only a 64-bit operating system (OS) boot loader or kernel. After the system transitions from "Boot Services" to "Runtime Services", the operating system kernel takes over. At this point, the kernel can change processor modes if it desires, but this bars usage of the runtime services (unless the kernel switches back again).<ref name="uefi-spec-24" />{{rp|sections 2.3.2 and 2.3.4}} As of version 3.15, the [[Linux kernel]] supports 64-bit kernels to be [[Booting|booted]] on 32-bit UEFI firmware implementations running on [[x86-64]] CPUs, with ''UEFI handover'' support from a UEFI boot loader as the requirement.<ref>{{cite web
| url = http://kernelnewbies.org/Linux_3.15#head-e6cf8178e4d5eafc23b0abda81974d2b71ffecf4
| title = Linux kernel 3.15, Section 1.3. EFI 64-bit kernels can be booted from 32-bit firmware
| date = 8 June 2014 | accessdate = 15 June 2014
| website = kernelnewbies.org
}}</ref> UEFI handover protocol [[Data deduplication|deduplicates]] the UEFI initialization code between the kernel and UEFI boot loaders, leaving the initialization to be performed only by the Linux kernel's ''UEFI boot stub''.<ref>{{cite web
| url = https://lwn.net/Articles/507827/
| title = x86, efi: Handover Protocol
| date = 19 July 2012 | accessdate = 15 June 2014
| publisher = [[LWN.net]]
}}</ref><ref>{{cite web
| url = https://www.kernel.org/doc/Documentation/efi-stub.txt
| title = Linux kernel documentation: Documentation/efi-stub.txt
| date = 1 February 2014 | accessdate = 15 June 2014
| publisher = [[kernel.org]]
}}</ref>
=== {{Anchor|DISKDEVCOMPAT}}Disk device compatibility ===
{{See also|GUID Partition Table#OSSUPPORT|Protective MBR|l1=GPT § Operating systems support}}
In addition to the standard PC disk partition scheme that uses a [[master boot record]] (MBR), UEFI also works with a new partitioning scheme called [[GUID Partition Table]] (GPT), which is free from many of the limitations of MBR. In particular, the MBR limits on the number and size of disk partitions (up to four [[primary partition]]s per disk, and up to 2 [[Tebibyte|TiB]] {{nobreak|(2 × 2<sup>40</sup> [[byte]]s)}} per disk) are relaxed.<ref name="UEFI_Drive_Partition_Limits_Fact_Sheet">{{cite news
| url = http://www.uefi.org/sites/default/files/resources/UEFI_Drive_Partition_Limits_Fact_Sheet.pdf
| title = FAQ: Drive Partition Limits
| publisher = UEFI Forum
| accessdate =5 December 2019
}}</ref> More specifically, GPT allows for a maximum disk and partition size of 8 [[Zebibyte|ZiB]] {{nobreak|(8 × 2<sup>70</sup> bytes)}}.<ref name="UEFIDrivePartitionFAQ">{{cite news
| url = http://www.uefi.org/learning_center/UEFI_MBR_Limits_v2.pdf
| title = FAQ: Drive Partition Limits
| publisher = UEFI Forum
| accessdate =9 June 2010
}}</ref><ref name=IBMLargeDrivesGPT>{{cite web
| url = http://www.ibm.com/developerworks/library/l-gpt/index.html
| title = Make the most of large drives with GPT and Linux
| author = Roderick W. Smith
| publisher = [[IBM]]
| date = 3 July 2012
| accessdate = 25 September 2013}}</ref>
==== Linux ====
{{See also|EFI System partition#Linux}}
Support for GPT in [[Linux]] is enabled by turning on the option <code>CONFIG_EFI_PARTITION</code> (EFI GUID Partition Support) during kernel configuration.<ref>{{cite web
| url = https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/tree/block/partitions/Kconfig?id=refs/tags/v3.11.1#n247
| title = block/partitions/Kconfig (3.11.1)
| work = CONFIG_EFI_PARTITION (line #247)
| publisher = kernel.org
| accessdate = 25 September 2013
}}</ref> This option allows Linux to recognize and use GPT disks after the system firmware passes control over the system to Linux.
For reverse compatibility, Linux can use GPT disks in BIOS-based systems for both data storage and booting, as both [[GRUB 2]] and Linux are GPT-aware. Such a setup is usually referred to as ''BIOS-GPT''.<ref name="arch-grub">{{cite web
| url = https://wiki.archlinux.org/index.php/GRUB#BIOS_systems
| title = GRUB
| work = BIOS systems
| publisher = [[Arch Linux]]
| accessdate = 25 September 2013
}}{{unreliable source?|date=September 2013}}</ref> As GPT incorporates the protective MBR, a BIOS-based computer can boot from a GPT disk using a GPT-aware boot loader stored in the protective MBR's [[Master boot record#Sector layout|bootstrap code area]].<ref name="IBMLargeDrivesGPT" /> In the case of GRUB, such a configuration requires a [[BIOS boot partition]] for GRUB to embed its second-stage code due to absence of the post-MBR gap in GPT partitioned disks (which is taken over by the GPT's ''Primary Header'' and ''Primary Partition Table''). Commonly 1 [[MiB]] in size, this partition's [[Globally Unique Identifier]] (GUID) in GPT scheme is {{Mono|21686148-6449-6E6F-744E-656564454649}} and is used by GRUB only in BIOS-GPT setups. From GRUB's perspective, no such partition type exists in case of MBR partitioning. This partition is not required if the system is UEFI-based because no embedding of the second-stage code is needed in that case.<ref name="grub-bios-installation"/><ref name="IBMLargeDrivesGPT" /><ref name="arch-grub" />
UEFI systems can access GPT disks and boot directly from them, which allows Linux to use UEFI boot methods. Booting Linux from GPT disks on UEFI systems involves creation of an [[EFI system partition]] (ESP), which contains UEFI applications such as bootloaders, operating system kernels, and utility software.<ref>{{cite web
| url = https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Installation_Guide/s2-grub-whatis-booting-uefi.html
| title = GRUB and the boot process on UEFI-based x86 systems
| accessdate = 14 November 2013
| website = redhat.com
}}</ref><ref>{{cite web
| url = http://blog.fpmurphy.com/2010/09/uefi-booting-64-bit-redhat-enterprise-linux-6.html
| title = UEFI Booting 64-bit Redhat Enterprise Linux 6
| date = September 2010 | accessdate = 14 November 2013
| website = fpmurphy.com
}}</ref><ref name="arch-uefi-loaders">{{cite web
| url = https://wiki.archlinux.org/index.php/UEFI_Bootloaders
| title = UEFI Bootloaders
| accessdate = 25 September 2013
| website = archlinux.org
}}{{unreliable source?|date=September 2013}}</ref> Such a setup is usually referred to as ''UEFI-GPT'', while ESP is recommended to be at least 512 MiB in size and formatted with a FAT32 filesystem for maximum compatibility.<ref name="IBMLargeDrivesGPT" /><ref name="arch-grub" /><ref name="arch-uefi">{{cite web
| url = https://wiki.archlinux.org/index.php/Unified_Extensible_Firmware_Interface#EFI_System_Partition
| title = Unified Extensible Firmware Interface: EFI System Partition
| accessdate = 25 September 2013
| website = archlinux.org
}}{{unreliable source?|date=September 2013}}</ref>
For [[backward compatibility]], most UEFI implementations also support booting from MBR-partitioned disks, through the Compatibility Support Module (CSM) that provides legacy BIOS compatibility.<ref name="arch-forum-uefi-mbr">{{cite web
| url = https://bbs.archlinux.org/viewtopic.php?id=142637
| title = UEFI system booting from MBR partition table and GRUB legacy
| date = June 2012 | accessdate = 6 October 2013
| publisher = Arch Linux Forums
}}</ref> In that case, booting Linux on UEFI systems is the same as on legacy BIOS-based systems.
==== Microsoft Windows ====
The 64-bit versions of [[Windows Vista]] SP1 and later can boot from disks with a partition size larger than 2 [[Terabyte|TB]].
== Features ==
=== {{Anchor|GOP|VARIABLE}}Services ===
EFI defines two types of services: ''boot services'' and ''runtime services''. Boot services are available only while the firmware owns the platform (i.e., before the <code>ExitBootServices</code> call), and they include text and graphical consoles on various devices, and bus, block and file services. Runtime services are still accessible while the operating system is running; they include services such as date, time and [[Non-volatile random-access memory|NVRAM]] access.
In addition, the ''Graphics Output Protocol'' (GOP) provides limited runtime services support; see also [[#Graphics features|Graphics features]] section below. The operating system is permitted to directly write to the framebuffer provided by GOP during runtime mode. However, the ability to change video modes is lost after transitioning to runtime services mode until the OS graphics driver is loaded.
; Variable services
: UEFI variables provide a way to store data, in particular non-volatile data, that is shared between platform firmware and operating systems or UEFI applications. Variable namespaces are identified by GUIDs, and variables are key/value pairs. For example, variables can be used to keep crash messages in NVRAM after a crash for the operating system to retrieve after a reboot.<ref name=theh-brickwindows/>
; Time services
: UEFI provides device-independent time services. Time services include support for timezone and daylight saving fields, which allow the hardware [[real-time clock]] to be set to local time or UTC.<ref>UEFI specification, section 7.3</ref> On machines using a PC-AT real-time clock, by default the hardware clock still has to be set to local time for compatibility with BIOS-based Windows,<ref name="Matthew Garrett"/> unless using recent versions and an entry in the Windows registry is set to indicate the use of UTC.
=== {{Anchor|APPLICATIONS}}Applications ===
[[File:Efi flowchart extended.svg|thumb|upright=1.9|Interaction between the EFI boot manager and EFI drivers]]
Beyond loading an OS, UEFI can run ''UEFI applications'', which reside as files on the EFI System Partition. They can be executed from the UEFI command shell, by the firmware's [[#BOOT-MANAGER|boot manager]], or by other UEFI applications. ''UEFI applications'' can be developed and installed independently of the system manufacturer.
A type of UEFI application is an OS loader such as [[GRUB]], [[rEFInd]], [[Gummiboot (software)|Gummiboot]], and [[Windows Boot Manager]]; which loads an OS file into memory and executes it. Also, an OS loader can provide a user interface to allow the selection of another UEFI application to run. Utilities like the [[#SHELL|UEFI shell]] are also UEFI applications.
=== Protocols ===
EFI defines protocols as a set of software interfaces used for communication between two binary modules. All EFI drivers must provide services to others via protocols.
=== {{Anchor|EBC}}Device drivers ===
In addition to standard processor architecture-specific device drivers, EFI provides for a processor-independent [[device driver]] stored in memory as ''EFI byte code'' or ''EBC''. System firmware has an interpreter for EBC images. In that sense, EBC is analogous to [[Open Firmware]], the hardware-independent firmware used in [[PowerPC]]-based [[Apple Macintosh]] and [[Sun Microsystems]] [[SPARC]] computers, among others.
Some architecture-specific (non-EFI Byte Code) EFI drivers for some device types can have interfaces for use by the OS. This allows the OS to rely on EFI for drivers to perform basic graphics and network functions before, and if, operating-system-specific drivers are loaded.
=== Graphics features ===
The EFI specification defined a UGA (Universal Graphic Adapter) protocol as a way to support device-independent graphics. UEFI did not include UGA and replaced it with GOP (Graphics Output Protocol), with the explicit goal of removing [[VGA]] hardware dependencies. The two are similar.<ref>{{cite web
| url = http://www.intel.com/content/www/us/en/intelligent-systems/intel-embedded-graphics-drivers/faq-bios-firmware.html
| title = Intel Embedded Graphics Drivers FAQ: BIOS and firmware
| accessdate = 19 May 2014
| publisher = [[Intel]]
}}</ref>
UEFI 2.1 defined a "Human Interface Infrastructure" (HII) to manage user input, localized strings, fonts, and forms (in the HTML sense). These enable [[original equipment manufacturer]]s (OEMs) or [[independent BIOS vendor]]s (IBVs) to design graphical interfaces for pre-boot configuration; UEFI itself does not define a user interface.
Most early UEFI firmware implementations were console-based, but as early as 2007 some implementations featured a graphical user interface.
=== EFI system partition ===
{{Main|EFI system partition}}
An EFI system partition, often abbreviated to ESP, is a [[data storage device]] partition that is used in computers adhering to the UEFI specification. Accessed by the UEFI firmware when a computer is powered up, it stores UEFI applications and the files these applications need to run, including [[operating system kernel]]s. Supported [[partition table]] schemes include [[Master boot record|MBR]] and [[GUID Partition Table|GPT]], as well as [[El Torito (CD-ROM standard)|El Torito]] volumes on optical disks.<ref name="uefi-spec-24">{{cite web
| url = http://www.uefi.org/specifications
| title = UEFI Specifications (version 2.4 and older)
| format = PDF | publisher = Unified EFI, Inc.
| date = June 2013 | accessdate = 25 September 2013
}}</ref>{{rp|section 2.6.2}} For use on ESPs, UEFI defines a specific version of the [[FAT file system]], which is maintained as part of the UEFI specification and independently from the original FAT specification, encompassing a variant of the [[FAT32]] file system on ESPs, and [[FAT16]] and [[FAT12]] file systems on removable media.<ref name="uefi-spec-24" />{{rp|section 12.3}}<ref name="uefi-spec-2.5">{{cite web
| url = http://www.uefi.org/sites/default/files/resources/UEFI%202_5.pdf#page=536
| title = UEFI Specification Version 2.5, Section 12.3 File System Format
| date = April 2015 | accessdate = 29 May 2015
| website = uefi.org
| format = PDF | pages = 536, 537
| quote = The file system supported by the Extensible Firmware Interface is based on the FAT file system. EFI defines a specific version of FAT that is explicitly documented and testable. Conformance to the EFI specification and its associate reference documents is the only definition of FAT that needs to be implemented to support EFI. To differentiate the EFI file system from pure FAT, a new partition file system type has been defined.
}}</ref><ref>{{cite web
| url = https://developer.apple.com/library/mac/technotes/tn2166/_index.html#//apple_ref/doc/uid/DTS10003927-CH1-SUBSECTION6
| title = Technical Note TN2166: Secrets of the GPT
| date = 6 November 2006 | accessdate = 6 May 2015
| website = developer.apple.com
}}</ref> The ESP also provides space for a boot sector as part of the backward BIOS compatibility.<ref name="arch-forum-uefi-mbr" />
=== Booting ===
==== {{Anchor|UEFIBOOT|BOOT-MANAGER}}UEFI booting ====
Unlike the legacy PC BIOS, UEFI does not rely on a [[boot sector]], defining instead a [[boot manager]] as part of the UEFI specification. When a computer is powered on, the boot manager checks the boot configuration and based on its settings, loads into memory and then executes the specified OS loader or [[operating system kernel]]. The boot configuration is defined by variables stored in [[NVRAM]], including variables that indicate the file system paths to OS loaders and OS kernels.
OS loaders can be automatically detected by UEFI, which enables easy [[booting]] from removable devices such as [[USB flash drive]]s. This automated detection relies on standardized file paths to the OS loader, with the path varying depending on the [[computer architecture]]. The format of the file path is defined as {{Mono|<nowiki><EFI_SYSTEM_PARTITION>/EFI/BOOT/BOOT<MACHINE_TYPE_SHORT_NAME>.EFI</nowiki>}}; for example, the file path to the OS loader on an [[x86-64]] system is {{Mono|/efi/BOOT/BOOTX64.EFI}},<ref name="uefi-spec-24" /> and {{Mono|efi\boot\bootaa64.efi}} on ARM64 architecture.
Booting UEFI systems from GPT-partitioned disks is commonly called ''UEFI-GPT booting''. Despite the fact that the UEFI specification requires MBR partition tables to be fully supported,<ref name="uefi-spec-24" /> some UEFI firmware implementations immediately switch to the BIOS-based CSM booting depending on the type of boot disk's partition table, effectively preventing UEFI booting to be performed from EFI System partitions on MBR-partitioned disks.<ref name="arch-forum-uefi-mbr" /> Such a boot scheme is commonly called ''UEFI-MBR''.
It is also common for a boot manager to have a textual user interface so the user can select the desired OS (or system utility) from a list of available boot options.
==== {{Anchor|CSMBOOT}}CSM booting ====
To ensure backward compatibility, most UEFI firmware implementations on PC-class machines also support booting in legacy BIOS mode from MBR-partitioned disks, through the ''Compatibility Support Module (CSM)'' that provides legacy BIOS compatibility. In this scenario, booting is performed in the same way as on legacy BIOS-based systems, by ignoring the partition table and relying on the content of a [[boot sector]].<ref name="arch-forum-uefi-mbr" />
BIOS-style booting from MBR-partitioned disks is commonly called ''BIOS-MBR'', regardless of it being performed on UEFI or legacy BIOS-based systems. Furthermore, booting legacy BIOS-based systems from GPT disks is also possible, and such a boot scheme is commonly called ''BIOS-GPT''.
The ''Compatibility Support Module'' allows legacy operating systems and some [[option ROM]]s that do not support UEFI to still be used.<ref name="intel-csm-r097">{{cite web
| url = http://www.intel.com/content/dam/doc/reference-guide/efi-compatibility-support-module-specification-v097.pdf
| title = Intel® Platform Innovation Framework for EFI
| work = Compatibility Support Module Specification (revision 0.97)
| date = 4 September 2007 | accessdate = 6 October 2013
| publisher = Intel
}}</ref> It also provides required legacy [[System Management Mode]] (SMM) functionality, called ''CompatibilitySmm'', as an addition to features provided by the UEFI SMM. This is optional and highly chipset- and platform-specific. An example of such a legacy SMM functionality is providing USB legacy support for keyboard and mouse, by emulating their classic [[PS/2 connector|PS/2]] counterparts.<ref name="intel-csm-r097" />
In November 2017, Intel announced that it planned to phase out support for CSM by 2020.<ref>{{Cite news|url=https://arstechnica.com/gadgets/2017/11/intel-to-kill-off-the-last-vestiges-of-the-ancient-pc-bios-by-2020/|title=The PC BIOS will be killed off by 2020 as Intel plans move to pure UEFI|work=Ars Technica|access-date=29 May 2018|language=en-us}}</ref>
==== Network booting ====
The UEFI specification includes support for booting over network via the [[Preboot eXecution Environment]] (PXE). PXE booting use [[network protocol]]s include [[Internet Protocol]] (IPv4 and IPv6), [[User Datagram Protocol]] (UDP), [[Dynamic Host Configuration Protocol]] (DHCP) and [[Trivial File Transfer Protocol]] (TFTP).<ref name="uefi-spec-24" /><ref>{{cite web
| url = https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Installation_Guide/s1-netboot-pxe-config-efi.html
| title = Red Hat Enterprise Linux 6 Installation Guide
| work = 30.2.2. Configuring PXE boot for EFI
| accessdate = 9 October 2013
| publisher = [[Red Hat]]
}}</ref>
OS images can be remotely stored on [[storage area network]]s (SANs), with [[iSCSI|Internet Small Computer System Interface]] (iSCSI) and [[Fibre Channel over Ethernet]] (FCoE) as supported protocols for accessing the SANs.<ref name="uefi-spec-24" /><ref>{{cite web
| url = http://www.uefi.org/sites/default/files/resources/UEFI_Summit_July_2013_UEFI2.4_Networking.pdf
| title = Advances in Pre-OS Networking in UEFI 2.4
| date = July 2013 | accessdate = 29 May 2019
| publisher = [[Hewlett-Packard]]
| last = El-Haj-Mahmoud
| first = Samer
}}</ref><ref>{{cite web
| url = http://www.redbooks.ibm.com/redbooks/pdfs/sg247986.pdf
| title = Storage and Network Convergence Using FCoE and iSCSI
| date = July 2012 | accessdate = 9 October 2013
| publisher = [[IBM]] }}</ref>
Version 2.5 of the UEFI specification adds support for accessing boot images over the [[HTTP]] protocol.<ref>{{cite web
| url = http://firmwaresecurity.com/2015/05/09/new-uefi-http-boot-support-in-uefi-2-5/
| title = New UEFI HTTP Boot support in UEFI 2.5
| date = 9 May 2015 | accessdate = 13 August 2015
| website = firmwaresecurity.com
}}</ref>
==== {{Anchor|SECURE-BOOT}}Secure boot ====
{{See also|#Secure boot criticism|l1=Secure boot criticism}}
The UEFI 2.3.1 Errata C specification (or higher) defines a protocol known as ''secure boot'', which can secure the boot process by preventing the loading of drivers or OS loaders that are not [[public-key cryptography|signed]] with an acceptable [[digital signature]]. The mechanical details of how precisely these drivers are to be signed are not specified.<ref>{{cite web
| title = Secure Boot Overview
| url = https://technet.microsoft.com/en-us/library/hh824987.aspx
| publisher = Microsoft
| accessdate = 18 February 2016
}}</ref> When secure boot is enabled, it is initially placed in "setup" mode, which allows a public key known as the "platform key" (PK) to be written to the firmware. Once the key is written, secure boot enters "User" mode, where only drivers and loaders signed with the platform key can be loaded by the firmware. Additional "[[key exchange key]]s" (KEK) can be added to a database stored in memory to allow other certificates to be used, but they must still have a connection to the private portion of the platform key.<ref name=uefi-secureboot>{{cite web
| last = Edge | first = Jake
| title = UEFI and "secure boot"
| url = https://lwn.net/Articles/447381/
| website = [[LWN.net]]
| accessdate = 9 September 2012
}}</ref> Secure boot can also be placed in "Custom" mode, where additional public keys can be added to the system that do not match the private key.<ref name=pcw-ueficontroversy>{{cite web
| title = Windows 8 Secure Boot: The Controversy Continues
| url = https://www.pcworld.com/article/248342/windows_8_secure_boot_the_controversy_continues.html
| website = PC World
| accessdate = 9 September 2012}}</ref>
Secure boot is supported by [[Windows 8]] and [[8.1]], [[Windows Server 2012]], and 2012 R2, and [[Windows 10]], VMware vSphere 6.5<ref>{{Cite news|url=https://blogs.vmware.com/vsphere/2017/05/secure-boot-esxi-6-5-hypervisor-assurance.html|title=Secure Boot for ESXi 6.5 - Hypervisor Assurance|date=4 May 2017|work=VMware vSphere Blog|access-date=18 August 2017}}</ref> and a number of [[Linux distribution]]s including [[Fedora (operating system)|Fedora]] (since version 18), [[openSUSE]] (since version 12.3), RHEL (since version 7), CentOS (since version 7<ref>[https://wiki.centos.org/HowTos/UEFI HowTos/UEFI - CentOS Wiki<!-- Bot generated title -->]</ref>), Debian (since version 10),<ref>{{cite web |url=https://www.phoronix.com/scan.php?page=news_item&px=Debian-UEFI-SecureBoot-2018 |title=Debian Making Progress on UEFI SecureBoot Support in 2018 |last=Larabel |first=Michael |date=30 April 2018 |website=Phoronix |publisher=Phoronix Media |access-date=23 May 2018}}</ref> and [[Ubuntu (operating system)|Ubuntu]] (since version 12.04.2).<ref>{{cite web |first=Matthew |last=Garrett |url=http://mjg59.dreamwidth.org/20522.html |title=Secure Boot distribution support |website=Mjg59.dreamwidth.org |date=27 December 2012 |accessdate=20 March 2014}}</ref> {{As of|2017|1}}, [[FreeBSD]] support is in a planning stage.<ref>{{cite web|title=SecureBoot|url=https://wiki.freebsd.org/SecureBoot|website=FreeBSD Wiki|publisher=FreeBSD|accessdate=16 June 2015}}</ref>
=== {{Anchor|SHELL}}UEFI shell ===
UEFI provides a [[Shell (computing)|shell environment]], which can be used to execute other UEFI applications, including UEFI [[boot loader]]s.<ref name="arch-uefi-loaders" /> Apart from that, commands available in the UEFI shell can be used for obtaining various other information about the system or the firmware, including getting the memory map (<tt>memmap</tt>), modifying boot manager variables (<tt>bcfg</tt>), running partitioning programs (<tt>[[diskpart]]</tt>), loading UEFI drivers, and editing text files (<tt>edit</tt>).<ref name="arch-uefi-shell">{{cite web
| url = https://wiki.archlinux.org/index.php/Unified_Extensible_Firmware_Interface#UEFI_Shell
| title = Unified Extensible Firmware Interface
| work = UEFI Shell
| publisher = [[Arch Linux]]
| accessdate = 25 September 2013
}}{{unreliable source?|date=September 2013}}</ref><ref name="EFI-Shells-and-Scripting">{{cite web
| url = http://software.intel.com/en-us/articles/efi-shells-and-scripting/
| title = EFI Shells and Scripting
| publisher = [[Intel]]
| accessdate = 25 September 2013
}}</ref><ref name="uefi-shell-spec-2">{{cite web
| url = http://www.uefi.org/specifications
| title = UEFI Shell Specification Version 2.0, Errata A
| format = PDF | publisher = Unified EFI, Inc.
| date = May 2012 | accessdate = 25 September 2013
}}</ref>
Source code for a UEFI shell can be downloaded from the [[Intel]]'s [[#Intel EFI|TianoCore]] UDK2010 / EDK2 [[SourceForge]] project.<ref>{{cite web
|url = http://sourceforge.net/apps/mediawiki/tianocore/index.php?title=Welcome_to_TianoCore
|title = TianoCore on SourceForge
|publisher = [[Intel]]
|accessdate = 25 September 2013
|url-status = dead
|archiveurl = https://web.archive.org/web/20131003090136/http://sourceforge.net/apps/mediawiki/tianocore/index.php?title=Welcome_to_TianoCore
|archivedate = 3 October 2013
|df = dmy-all
}}</ref> Shell v2 works best in UEFI 2.3+ systems and is recommended over the shell v1 in those systems. Shell v1 should work in all UEFI systems.<ref name="arch-uefi-shell" /><ref>{{cite web
| url = http://sourceforge.net/mailarchive/message.php?msg_id=28690732
| title = Email Archive: edk2-devel
| work = [edk2] Inclusion of UEFI shell in Linux distro iso
| publisher = [[SourceForge]]
| year = 2012 | accessdate = 25 September 2013
}}</ref><ref>{{cite web
| url = http://sourceforge.net/apps/mediawiki/tianocore/index.php?title=Shell_FAQ
| title = TianoCore on SourceForge
| work = Shell FAQ
| publisher = [[Intel]]
| accessdate = 25 September 2013
}}</ref>
Methods used for launching UEFI shell depend on the manufacturer and model of the system [[motherboard]]. Some of them already provide a direct option in firmware setup for launching, e.g. compiled x86-64 version of the shell needs to be made available as <tt><EFI_SYSTEM_PARTITION>/SHELLX64.EFI</tt>. Some other systems have an already embedded UEFI shell which can be launched by appropriate key press combinations.<ref name="arch-uefi-shell-launching">{{cite web
| url = https://wiki.archlinux.org/index.php/Unified_Extensible_Firmware_Interface#Launching_UEFI_Shell
| title = Unified Extensible Firmware Interface
| work = Launching UEFI Shell
| publisher = [[Arch Linux]]
| accessdate = 25 September 2013
}}{{unreliable source?|date=September 2013}}</ref><ref>{{cite web
| url = http://download.intel.com/support/motherboards/server/sb/efi_whitepaper.pdf
| title = Basic Instructions for Using EFI for Server Configuration on Intel® Server Boards and Intel® Server Systems
| publisher = [[Intel]]
| year = 2008 | accessdate = 25 September 2013
}}</ref> For other systems, the solution is either creating an appropriate USB flash drive or adding manually (<tt>bcfg</tt>) a boot option associated with the compiled version of shell.<ref name="uefi-shell-spec-2" /><ref name="arch-uefi-shell-launching" /><ref>{{cite web
| url = https://wiki.archlinux.org/index.php/Unified_Extensible_Firmware_Interface#bcfg
| title = Unified Extensible Firmware Interface
| work = bcfg
| publisher = [[Arch Linux]]
| accessdate = 25 September 2013
}}{{unreliable source?|date=September 2013}}</ref><ref>{{cite web
| url = https://wiki.archlinux.org/index.php/GRUB_EFI_Examples#Asus
| title = GRUB EFI Examples
| work = Asus
| publisher = [[Arch Linux]]
| accessdate = 25 September 2013
}}{{unreliable source?|date=September 2013}}</ref>
====Commands====
The following list of [[command (computing)|commands]] is supported by the EFI shell.<ref name="EFI-Shells-and-Scripting" />
{{div col|colwidth=9em}}
* [[help (command)|help]]
* guid
* set
* [[alias (command)|alias]]
* dh
* unload
* map
* [[mount (Unix)|mount]]
* [[cd (command)|cd]]
* [[echo (command)|echo]]
* pause
* [[ls]]
* [[mkdir]]
* mode
* [[cp (command)|cp]]
* [[comp (command)|comp]]
* [[rm (Unix)|rm]]
* memmap
* [[TYPE (DOS command)|type]]
* dmpstore
* load
* [[ver (command)|ver]]
* err
* [[TIME (command)|time]]
* [[date (command)|date]]
* stall
* reset
* [[vol (command)|vol]]
* [[attrib]]
* [[cls (command)|cls]]
* bcfg
* edit
* Edd30
* dblk
* pci
* mm
* mem
* EddDebug
{{div col end}}
=== Extensions ===
Extensions to EFI can be loaded from virtually any [[Non-volatile memory|non-volatile]] storage device attached to the computer. For example, an [[original equipment manufacturer]] (OEM) can distribute systems with an EFI partition on the hard drive, which would add additional functions to the standard EFI firmware stored on the motherboard's [[Read-only memory|ROM]].
== UEFI classes ==
UEFI machines can have one of the following "classes", which were used to help ease the transition to UEFI.
* Class 0:Legacy BIOS
* Class 1:Legacy BIOS with UEFI code, although it does not support UEFI booting
* Class 2:UEFI with CSM
* Class 3:UEFI without CSM
== Boot stages ==
=== SEC - Security Phase ===
This is the first stage of the UEFI boot but may have platform specific binary code that precedes it. (EX. Intel ME, AMD PSP). Minimal code written in assembly for the specific architecture. It initializes a temporary memory (often CPU cache as RAM) and serves as the systems software root of trust with the option of verifying PEI before hand-off.
=== PEI - Pre-EFI Initialization ===
The second stage of UEFI boot consist of a dependency aware dispatcher that loads and runs C written modules (PEIMs) to handle early hardware initialization tasks such as memory initialization and recovery operations. Additionally it is responsible for discovery of the current boot mode and handling many S3 operations. In the case of S3 resume, it is responsible for restoring many hardware registers to a pre-sleep state.
=== DXE - Driver Execution Environment ===
This stage also consist of C modules and a dependency aware dispatcher. With memory now available, most hardware drivers, feature code, PCI bus, and runtime services (UEFI -> OS services) are initialized.
=== BDS - Boot Device Select ===
In this stage, input and output devices are typically initialized, drivers or OPROMs on PCI devices are executed according to system configuration, and boot options are processed for availability, ordering, and device matching.
=== TSL - Transient System Load ===
This is the stage between boot selection and hand-off to the OS. At this point one may enter setup, UEFI shell, or execute an EFI application such as the OS boot loader.
=== RT - Runtime ===
The UEFI hands off to the OS. A UEFI compatible OS is now responsible for exiting boot services triggering the firmware to unload all no longer needed code and data leaving only SMM and Runtime service code / data.
When a legacy OS is used, CSM will handle this call ensuring the system is compatible with legacy BIOS expectations.
== Implementation and adoption ==
=== {{Anchor|TIANOCORE}}Intel EFI ===
Intel's implementation of EFI is the ''Intel Platform Innovation Framework'', codenamed ''Tiano''. Tiano runs on Intel's [[XScale]], [[Itanium]] and [[IA-32]] processors, and is proprietary software, although a portion of the code has been released under the [[BSD license]] or [[Eclipse Public License]] (EPL) as '''TianoCore'''. TianoCore can be used as a payload for [[coreboot]].<ref name="TianoCoreboot">{{cite web|url=http://www.coreboot.org/TianoCore|title=TianoCore - coreboot|accessdate=25 May 2012}}</ref>
[[Phoenix Technologies]]' implementations of UEFI include its SecureCore and SecureCore Tiano products.<ref name="PhoenixSecureCoreTiano">{{cite web|url=http://www.phoenix.com/pages/phoenix-securecore-tiano-tm|title=SecureCore Tiano™|publisher=Phoenix Technologies|accessdate=14 September 2010|url-status=dead|archiveurl=https://web.archive.org/web/20100906050148/http://www.phoenix.com/pages/phoenix-securecore-tiano-tm|archivedate=6 September 2010}}</ref> [[American Megatrends]] offers its own UEFI firmware implementation known as Aptio,<ref name="AMIAptio4">{{cite web |url=https://ami.com/ami_downloads/Aptio_4_Data_Sheet.pdf |title=Aptio®: The Complete UEFI Product Solution |publisher=American Megatrends, Inc |accessdate=2 May 2018}}</ref> while [[Insyde Software]] offers InsydeH2O, its own implementation of Tiano.<ref name="InsydeH2O">{{cite web |url=https://www.insyde.com/company/who-we-are/why-us |title=Why US? |publisher=Insyde Software Corp |accessdate=2 May 2018}}</ref>
In December 2018, [[Microsoft]] released an open source version of its TianoCore EDK2-based UEFI implementation from the [[Microsoft Surface|Surface]] line, Project Mu.<ref>{{Cite web|url=https://www.phoronix.com/scan.php?page=news_item&px=Microsoft-Project-Mu-UEFI|title=Microsoft Announces "Project Mu" For Open-Source UEFI Alternative To TianoCore |website=Phoronix|access-date=20 December 2018}}</ref>
=== Das U-Boot ===
An implementation of the UEFI API was introduced into the Universal Boot Loader ([[Das U-Boot]]) in 2017.<ref name="MarryingU-BootUEFIandGRUB">{{cite web|url=http://events17.linuxfoundation.org/sites/events/files/slides/Marrying%20U-Boot%2C%20UEFI%20and%20grub.pdf|title=Marrying U-Boot UEFI and GRUB|accessdate=12 September 2018}}</ref> On the [[ARM architecture#AArch64|ARMv8]] architecture [[Linux]] distributions use the U-Boot UEFI implementation in conjunction with [[GNU GRUB]] for booting (e.g. [[SUSE Linux]] <ref name="SuseU-BootGRUB">{{cite web|url=https://www.suse.com/media/article/UEFI_on_Top_of_U-Boot.pdf|title=UEFI on Top of U-Boot|accessdate=12 September 2018}}</ref>), the same holds true for OpenBSD.<ref name="OpenBSD63onRPi3">{{cite web|url=https://bijanebrahimi.github.io/blog/installing-openbsd-63-on-raspberry-pi-3.html|title=Installing OpenBSD 6.3 on Raspberry 3|accessdate=12 September 2018}}</ref> For booting from iSCSI [[iPXE]] can be used as a UEFI application loaded by U-Boot.<ref name="UBootiPXE">{{cite web|url=http://git.denx.de/?p=u-boot.git;a=blob;f=doc/README.iscsi;h=faee63626424e8842822f3dd6b1e2f23e0129ae9;hb=HEAD|title=iSCSI booting with U-Boot and iPXE|accessdate=12 September 2018}}</ref>
=== Platforms using EFI/UEFI ===
[[Intel]]'s first [[Itanium]] workstations and servers, released in 2000, implemented EFI 1.02.
[[Hewlett-Packard]]'s first [[Itanium 2]] systems, released in 2002, implemented EFI 1.10; they were able to boot [[Microsoft Windows|Windows]], [[Linux]], [[FreeBSD]] and [[HP-UX]]; [[OpenVMS]] added UEFI capability in June 2003.
In January 2006, [[Apple Inc.]] shipped its first [[Apple–Intel architecture|Intel-based Macintosh computers]]. These systems used EFI instead of [[Open Firmware]], which had been used on its previous PowerPC-based systems.<ref>Apple Computer. "[https://developer.apple.com/documentation/MacOSX/Conceptual/universal_binary/universal_binary_diffs/chapter_3_section_10.html Universal Binary Programming Guidelines, Second Edition: Extensible Firmware Interface (EFI)] {{webarchive |url=https://web.archive.org/web/20080724213607/http://developer.apple.com/documentation/MacOSX/Conceptual/universal_binary/universal_binary_diffs/chapter_3_section_10.html |date=24 July 2008 }}"</ref> On 5 April 2006, Apple first released [[Boot Camp (software)|Boot Camp]], which produces a Windows drivers disk and a non-destructive partitioning tool to allow the installation of Windows XP or Vista without requiring a reinstallation of Mac OS X. A firmware update was also released that added BIOS compatibility to its EFI implementation. Subsequent Macintosh models shipped with the newer firmware.<ref>[http://www.mactech.com/articles/mactech/Vol.23/23.05/OpenFirmwareToEFI/index.html Apple's Transition from Open Firmware to Extensible Firmware Interface], mactech, 2007.</ref>
During 2005, more than one million Intel systems shipped with Intel's implementation of UEFI.<ref name="IntelFrameworkOverviewUEFI">{{cite web | url = http://www.intel.com/technology/framework/overview1.htm |title=Intel® Platform Innovation Framework for UEFI Overview |publisher=Intel |accessdate=14 September 2010}}</ref> New mobile, desktop and server products, using Intel's implementation of UEFI, started shipping in 2006. For instance, boards that use the Intel 945 chipset series use Intel's UEFI firmware implementation.
Since 2005, EFI has also been implemented on non-PC architectures, such as [[embedded system]]s based on [[XScale]] cores.<ref name="IntelFrameworkOverviewUEFI" />
The EDK (EFI Developer Kit) includes an NT32 target, which allows EFI firmware and EFI applications to run within a [[Microsoft Windows|Windows]] application. But no direct hardware access is allowed by EDK NT32. This means only a subset of EFI application and drivers can be executed at the EDK NT32 target.
In 2008, more x86-64 systems adopted UEFI some of them using the [[rEFInd]] GUI boot menu. While many of these systems still allow booting only the BIOS-based OSes via the Compatibility Support Module (CSM) (thus not appearing to the user to be UEFI-based), other systems started to allow booting UEFI-based OSes. For example, IBM x3450 server, [[Micro-Star International|MSI]] motherboards with ClickBIOS, all HP EliteBook Notebook and Tablet PCs, newer HP Compaq Notebook PCs (e.g., 6730b, 6735b, etc.).
In 2009, IBM shipped [[IBM System x|System x]] machines (x3550 M2, x3650 M2, iDataPlex dx360 M2) and [[IBM BladeCenter|BladeCenter]] HS22 with UEFI capability. Dell shipped PowerEdge T610, R610, R710, M610 and M710 servers with UEFI capability. More commercially available systems are mentioned in a UEFI whitepaper.<ref>{{citation | publisher = UEFI | url = http://www.uefi.org/news/uefi_industry/UEFIEvaluationPlatforms_2011_05.pdf | title = Evaluating UEFI using Commercially Available Platforms and Solutions | date = May 2011 | url-status = dead | archiveurl = https://web.archive.org/web/20120322062159/http://www.uefi.org/news/uefi_industry/UEFIEvaluationPlatforms_2011_05.pdf | archivedate = 22 March 2012 | df = dmy-all }}</ref>
In 2011, major vendors (such as [[ASRock]], [[Asus]], [[Gigabyte Technology|Gigabyte]], and [[Micro-Star International|MSI]]) launched several consumer-oriented motherboards using the Intel [[List of Intel chipsets#5/6/7 Series chipsets|6-series]] [[LGA 1155]] chipset and AMD 9 Series [[Socket AM3+|AM3+]] chipsets with UEFI.<ref name="Asus Motherboard">[http://www.bit-tech.net/hardware/motherboards/2010/11/16/asus-lga1155-motherboard-preview/1 Asus P67 Motherboard Preview].</ref>
With the release of Windows 8 in October 2012, Microsoft's certification requirements now require that computers include firmware that implements the UEFI specification. Furthermore, if the computer supports the "[[Connected Standby]]" feature of Windows 8 (which allows devices to have power management comparable to [[smartphone]]s, with an almost instantaneous return from standby mode), then the firmware is not permitted to contain a Compatibility Support Module (CSM). As such, systems that support Connected Standby are incapable of booting Legacy BIOS operating systems.<ref>{{cite web | publisher = Microsoft | url = http://msdn.microsoft.com/en-us/library/windows/hardware/jj128256.aspx | title = Windows Hardware Certification Requirements for Client and Server Systems | date = January 2013 |quote=System.Fundamentals.Firmware.CS.UEFISecureBoot.ConnectedStandby ... Platforms shall be UEFI Class Three (see UEFI Industry Group, Evaluating UEFI using Commercially Available Platforms and Solutions, version 0.3, for a definition) with no Compatibility Support Module installed or installable. BIOS emulation and legacy PC/AT boot must be disabled.}}</ref><ref name=pcmag-connected>{{cite web|title=Microsoft: All You Need to Know About Windows 8 on ARM|url=https://www.pcmag.com/article2/0,2817,2400059,00.asp|work=PC Magazine|accessdate=30 September 2013}}</ref>
In October 2017, Intel announced that it would remove legacy PC BIOS support from all its products by 2020, in favor of UEFI Class 3.<ref>{{Cite web|url=http://www.uefi.org/sites/default/files/resources/Brian_Richardson_Intel_Final.pdf|title="Last Mile" Barriers to Removing Legacy BIOS|last=Richardson|first=Brian|date=30 October 2017|access-date=22 November 2017}}</ref>
=== Operating systems ===
An operating system that can be booted from a (U)EFI is called a (U)EFI-aware operating system, defined by (U)EFI specification. Here the term ''booted from a (U)EFI'' means directly booting the system using a (U)EFI operating system loader stored on any storage device. The default location for the operating system loader is <code><EFI_SYSTEM_PARTITION>/BOOT/BOOT<MACHINE_TYPE_SHORT_NAME>.EFI</code>, where short name of the machine type can be <code>IA32</code>, <code>X64</code>, <code>IA64</code>, <code>ARM</code> or <code>AA64</code>.<ref name="uefi-spec-24" /> Some operating systems vendors may have their own boot loaders. They may also change the default boot location.
* The [[Linux kernel]] has been able to use EFI at boot time since early 2000,<ref>[http://sourceforge.net/mailarchive/forum.php?thread_name=1077918495.14506.1.camel%40raphael.fc.hp.com&forum_name=elilo-announce Announcement of release 3.5pre1] by maintainer Brett Johnson made on 27 February 2004.</ref> using the [[elilo]] EFI boot loader or, more recently, EFI versions of [[GNU GRUB|GRUB]].<ref name="debiangrubexample">{{citation | url = http://packages.debian.org/sid/grub-efi | title = EFI version of Grub | publisher = Debian GNU/Linux | accessdate =1 May 2008}}</ref> Grub+Linux also supports booting from a GUID partition table without UEFI.<ref name="grub-bios-installation"/> The distribution [[Ubuntu (operating system)|Ubuntu]] added support for UEFI secure boot as of version 12.10.<ref name=h-ubuntusecureboot>{{cite web|title=Ubuntu will use GRUB 2 for its Secure Boot implementation|url=http://www.h-online.com/open/news/item/Ubuntu-will-use-GRUB-2-for-its-Secure-Boot-implementation-1714232.html|publisher=The H Online|accessdate=28 October 2012}}</ref> Furthermore, the Linux kernel can be compiled with the option to run as an EFI bootloader on its own through the EFI bootstub feature.
* [[HP-UX]] has used (U)EFI as its boot mechanism on [[IA-64]] systems since 2002.
* HP [[OpenVMS]] has used (U)EFI on IA-64 since its initial evaluation release in December 2003, and for production releases since January 2005.<ref>{{citation | url = http://h71000.www7.hp.com/openvms/os/openvms-release-history.html | publisher = HP | title = OpenVMS Release History | accessdate = 16 September 2008 | url-status = dead | archiveurl = https://web.archive.org/web/20090105052030/http://h71000.www7.hp.com/openvms/os/openvms-release-history.html | archivedate = 5 January 2009 | df = dmy-all }}</ref>
* [[Apple Inc.|Apple]] uses EFI for its line of [[Apple–Intel architecture|Intel-based Macs]]. [[Mac OS X Tiger|Mac OS X v10.4]] Tiger and [[Mac OS X Leopard|Mac OS X v10.5]] Leopard implement EFI v1.10 in 32-bit mode even on newer 64-bit CPUs, but full support arrived with [[OS X Mountain Lion|OS X v10.8 Mountain Lion]].<ref name="appleuefiversion1">{{citation | url = http://refit.sourceforge.net/info/vista.html | title = rEFIt — Windows Vista and EFI | publisher = SourceForge}}</ref>
* The [[Itanium]] versions of [[Windows 2000]] (Advanced Server Limited Edition and Datacenter Server Limited Edition) implemented EFI 1.10 in 2002. MS [[Windows Server 2003]] for [[IA-64]], MS [[Windows XP 64-bit Edition]] and [[Windows 2000]] Advanced Server Limited Edition, all of which are for the Intel [[Itanium]] family of processors, implement EFI, a requirement of the platform through the [[DIG64]] specification.<ref>{{citation | publisher = Microsoft | title = Windows Server TechCenter | url = http://technet2.microsoft.com/WindowsServer/en/Library/6b03fad7-665e-49f3-8e7d-e1a6a5be9cf01033.mspx | contribution = Extensible Firmware Interface | url-status = dead | archiveurl = https://web.archive.org/web/20060830101936/http://technet2.microsoft.com/WindowsServer/en/library/6b03fad7-665e-49f3-8e7d-e1a6a5be9cf01033.mspx | archivedate = 30 August 2006 | df = dmy-all }}</ref>
* Microsoft introduced UEFI for x86-64 Windows operating systems with [[Windows Server 2008 R2]] and [[Windows 7]]. The 64-bit versions of [[Windows 7]] are compatible with EFI.{{Citation needed|date=February 2016}} 32-bit UEFI was originally not supported since vendors did not have any interest in producing native 32-bit UEFI firmware because of the mainstream status of [[64-bit computing]].<ref name="WindowsVistaUEFI">{{cite news |url= http://support.microsoft.com/kb/930061 |title=Unified Extended Firmware Interface support in Windows Vista |publisher=Microsoft |date=26 October 2006 |accessdate=12 June 2010 |quote= Microsoft determined that vendors would not have any interest in producing native UEFI 32-bit firmware because of the current status of mainstream 64-bit computing and platform costs. Therefore, Microsoft originally did not to ship support for 32-bit UEFI implementations.}}</ref> [[Windows 8]] includes further optimizations for UEFI systems, including a faster startup, 32-bit UEFI support, and secure boot support.<ref>{{cite web | url=http://www.winsupersite.com/blog/supersite-blog-39/windows8/microsoft-touts-incredible-windows-8-boot-times-140515 | title=Microsoft Touts Incredible Windows 8 Boot Times | accessdate=9 September 2011}}</ref><ref name="Windows8UEFISecureBoot">{{cite news |url=https://arstechnica.com/business/news/2011/09/windows-8-secure-boot-will-complicate-linux-installs.ars |title=Windows 8 secure boot could complicate Linux installs |author=Jon Brodkin |publisher=Ars Technica |date=21 September 2011 |accessdate=23 September 2011}}</ref>
* On 5 March 2013, the [[FreeBSD Foundation]] awarded a grant to a developer seeking to add UEFI support to the [[FreeBSD]] kernel and bootloader.<ref name=fbsd-uefi>{{cite web|title=FreeBSD to get UEFI support|url=http://www.h-online.com/open/news/item/FreeBSD-to-get-UEFI-support-1816670.html|publisher=The H|accessdate=7 March 2013}}</ref> The changes were initially stored in a discrete branch of the FreeBSD source code, but were merged into the mainline source on 4 April 2014 (revision 264095); the changes include support in the installer as well.<ref name=fbsd-uefi-merge>{{cite web|title=UEFI - FreeBSD Wiki|url=https://wiki.freebsd.org/UEFI|publisher=FreeBSD.org|accessdate=19 June 2014}}</ref>
* Oracle [[Solaris (operating system)|Solaris]] 11.1 and later support UEFI boot for x86 systems with UEFI firmware version 2.1 or later. [[GNU GRUB|GRUB]] 2 is used as the boot loader on x86.<ref name="solaris-uefi">{{cite web
| url = http://www.oracle.com/technetwork/server-storage/solaris11/documentation/solaris11-1-whatsnew-1732377.pdf
| title = Oracle Solaris 11.1 — What's New
| accessdate = 4 November 2013
| publisher = oracle.com }}</ref>
* [[OpenBSD]] 5.9<ref>{{Cite web|url=http://www.openbsd.org/59.html|title=OpenBSD 5.9|website=www.openbsd.org|access-date=11 September 2016}}</ref> introduced UEFI boot support for 64-bit x86 systems using its own custom loader, OpenBSD 6.0 extended that support to include ARMv7.<ref>{{Cite web|url=http://www.openbsd.org/60.html|title=OpenBSD 6.0|website=www.openbsd.org|access-date=11 September 2016}}</ref>
=== Use of UEFI with virtualization ===
* [[HP Integrity Virtual Machines]] provides UEFI boot on HP Integrity Servers. It also provides a virtualized UEFI environment for the guest UEFI-aware OSes.
* Intel hosts an Open Virtual Machine Firmware project on SourceForge.<ref>{{citation | url = http://sourceforge.net/apps/mediawiki/tianocore/index.php?title=OVMF | publisher = SourceForge | title = Open Virtual Machine Firmware | url-status = dead | archiveurl = https://web.archive.org/web/20111006173225/http://sourceforge.net/apps/mediawiki/tianocore/index.php?title=OVMF | archivedate = 6 October 2011 | df = dmy-all }}</ref>
* [[VMware Fusion]] 3 software for Mac OS X can boot Mac OS X Server virtual machines using UEFI.
* [[VMware Workstation]] prior to version 11 unofficially supports UEFI, but is manually enabled by editing the .vmx file.<ref>{{cite web|url=https://communities.vmware.com/thread/420405 |title=VMWare Workstation EFI firmware | VMware Communities |publisher=Communities.vmware.com |date= |accessdate=28 February 2014}}</ref> [[VMware Workstation]] version 11 and above supports UEFI, independently of whether the physical host system is UEFI-based. VMware Workstation 14 (and accordingly, Fusion 10) adds support for the [[#Secure boot|Secure Boot]] feature of UEFI.<ref>{{cite web|url=https://communities.vmware.com/docs/DOC-28494 |title=Using EFI/UEFI firmware in a VMware Virtual Machine | VMware Communities |publisher=Communities.vmware.com |date= |accessdate=18 January 2016}}</ref><ref>{{Cite news|url=https://blogs.vmware.com/workstation/2017/08/announcing-vmware-workstation-14.html|title=Announcing VMware Workstation 14 - VMware Workstation Zealot|date=22 August 2017|work=VMware Workstation Zealot|access-date=2 August 2018|language=en-US}}</ref>
* The [[vSphere]] [[ESXi]] 5.0 hypervisor officially support UEFI. Version 6.5 adds support for secure boot.<ref>{{cite web|url=https://www.vmware.com/support/vsphere5/doc/vsphere-esx-vcenter-server-50-new-features.html |title=What's New in vSphere 5.0 |publisher=Vmware.com |date= |accessdate=28 February 2014}}</ref><ref>{{Cite web|url=https://pubs.vmware.com/Release_Notes/en/vsphere/65/vsphere-esxi-vcenter-server-65-release-notes.html|title=VMware vSphere 6.5 Release Notes|website=pubs.vmware.com|access-date=13 January 2017}}</ref>
* [[VirtualBox]] has implemented UEFI since 3.1,<ref>{{citation | url = http://www.virtualbox.org/wiki/Changelog-3.1 | publisher = VirtualBox | title = 3.1 Changelog | url-status = dead | archiveurl = https://web.archive.org/web/20100928210932/http://www.virtualbox.org/wiki/Changelog-3.1 | archivedate = 28 September 2010 | df = dmy-all }}</ref> but limited to Unix/Linux operating systems and some versions of Windows (does not work with Windows Vista x64 and Windows 7 x64).<ref>{{citation | url = http://www.virtualbox.org/ticket/7702 | publisher = VirtualBox | title = Ticket 7702}}</ref><ref>{{citation | url = http://forums.virtualbox.org/viewtopic.php?f=1&p=183022#p114765 | publisher = VirtualBox | title = Forum | contribution = Statement by sr. software engineer at Oracle}}</ref>
* [[QEMU]]/[[Kernel-based Virtual Machine|KVM]] can be used with the Open Virtual Machine Firmware (OVMF) provided by [[#Intel EFI|TianoCore]].<ref>{{cite web|url=https://fedoraproject.org/wiki/Testing_secureboot_with_KVM |title=Testing secureboot with KVM |publisher=FedoraProject |date= |accessdate=28 February 2014}}</ref>
* The VMware ESXi version 5 hypervisor, part of [[VMware]] vSphere, supports virtualized UEFI as an alternative to the legacy PC BIOS inside a virtual machine.
* The second generation of the Microsoft [[Hyper-V]] virtual machine supports virtualized UEFI.<ref>{{cite web|url=https://technet.microsoft.com/en-us/library/dn282278.aspx |title=What's New in Hyper-V for Windows Server 2012 R2 |publisher=MicrosoftTechNet |date= |accessdate=24 June 2013}}</ref>
* [[Google Cloud Platform]] Shielded VMs support virtualized UEFI to enable Secure Boot.<ref>{{cite web|url=https://cloud.google.com/shielded-vm?gclid=Cj0KCQiA7aPyBRChARIsAJfWCgLq4tbyWeZHT6RrfMxAP5_X6O52Dq64WfAS_3TupIV3_moxFlReSGUaAqz0EALw_wcB|title=Shielded VMs| date= |accessdate=16 February 2019}}</ref>
== {{Anchor|EADK}}Applications development ==
''EDK2 Application Development Kit'' (EADK) makes it possible to use [[C standard library|standard C library]] functions in UEFI applications. EADK can be freely downloaded from the [[Intel]]'s TianoCore UDK2010 / EDK2 [[SourceForge]] project. As an example, a port of the [[Python (programming language)|Python]] interpreter is made available as a UEFI application by using the EADK.<ref>{{cite web
| url = http://sourceforge.net/apps/mediawiki/tianocore/index.php?title=EDKII_EADK
| title = TianoCore on SourceForge: EDK2 Application Development Kit (EADK)
| accessdate = 25 September 2013
| publisher = [[Intel]]
}}</ref>
A minimalistic "[[hello, world]]" C program written using EADK looks similar to its [[C (programming language)#HELLOWORLD|usual C counterpart]]:
<source lang="c">
#include <Uefi.h>
#include <Library/UefiLib.h>
#include <Library/ShellCEntryLib.h>
EFI_STATUS EFIAPI ShellAppMain(IN UINTN Argc, IN CHAR16 **Argv)
{
Print(L"hello, world\n");
return EFI_SUCCESS;
}
</source>
== Criticism ==
Numerous digital rights activists have protested against UEFI.
[[Ronald G. Minnich]], a co-author of [[coreboot]], and [[Cory Doctorow]], a digital rights activist, have criticized EFI as an attempt to remove the ability of the user to truly control the computer.<ref name="FosdemInterviewRonaldGMinnich">{{cite web | url = https://archive.fosdem.org/2007/interview/ronald%2bg%2bminnich.html |title = Interview: Ronald G Minnich | publisher = Fosdem | date = 6 February 2007 | accessdate =14 September 2010}}</ref><ref>{{citation | url = http://boingboing.net/2011/12/27/the-coming-war-on-general-purp.html | title = The Coming War on General Purpose Computation | first = Cory | last = Doctorow | date = 27 December 2011 | accessdate = 25 September 2013}}</ref> It does not solve the BIOS's long-standing problems of requiring two different drivers—one for the firmware and one for the operating system—for most hardware.<ref name="YouTubeCorebootFirmware">{{cite web |url = https://www.youtube.com/watch?v=X72LgcMpM9k | title = coreboot (aka LinuxBIOS): The Free/Open-Source x86 Firmware |publisher=YouTube |date=31 October 2008 |accessdate=14 September 2010 }}</ref>
Open-source project TianoCore also provides UEFI interfaces.<ref>{{citation | chapter-url = http://sourceforge.net/apps/mediawiki/tianocore/index.php?title=Welcome | publisher = SourceForge | title = TianoCore | chapter = Welcome | url-status = dead | archiveurl = https://web.archive.org/web/20120423101551/http://sourceforge.net/apps/mediawiki/tianocore/index.php?title=Welcome | archivedate = 23 April 2012 | df = dmy-all }}</ref> TianoCore lacks the specialized drivers that initialize chipset functions, which are instead provided by [[coreboot]], of which TianoCore is one of many payload options. The development of coreboot requires cooperation from chipset manufacturers to provide the specifications needed to develop initialization drivers.
=== {{Anchor|Secure boot criticism}}Secure boot ===
{{See also|Windows 8#Reception}}
In 2011, Microsoft announced that computers certified to run its [[Windows 8]] operating system had to ship with Microsoft's public key enrolled and secure boot enabled. Following the announcement, the company was accused by critics and free software/open source advocates (including the [[Free Software Foundation]]) of trying to use the secure boot functionality of UEFI to [[Vendor lock-in|hinder or outright prevent]] the installation of alternative operating systems such as [[Linux]]. Microsoft denied that the secure boot requirement was intended to serve as a form of [[Vendor lock-in|lock-in]], and clarified its requirements by stating that x86-based systems certified for Windows 8 must allow secure boot to enter custom mode or be disabled, but not on systems using the [[ARM architecture]].<ref name=pcw-ueficontroversy/><ref name="cwuk-arm">{{cite web|url=http://www.computerworlduk.com/blogs/open-enterprise/is-microsoft-blocking-linux-booting-on-arm-hardware-3569162/ |title=Is Microsoft Blocking Linux Booting on ARM Hardware? |publisher=Computerworld UK |date= |accessdate=6 March 2012}}</ref> [[Windows 10]] allows [[original equipment manufacturer|OEM]]s to decide whether or not secure boot can be managed by users of their x86 systems.<ref name=arstechnica-securebootw10>{{cite web|title=Windows 10 to make the Secure Boot alt-OS lock out a reality|url=https://arstechnica.com/information-technology/2015/03/windows-10-to-make-the-secure-boot-alt-os-lock-out-a-reality/|website=Ars Technica|accessdate=21 March 2015}}</ref>
Other developers raised concerns about the legal and practical issues of implementing support for secure boot on Linux systems in general. Former [[Red Hat]] developer [[Matthew Garrett]] noted that conditions in the [[GNU General Public License#Version 3|GNU General Public License version 3]] may prevent the use of the [[GNU GRUB|GNU Grand Unified Bootloader]] without a distribution's developer disclosing the private key (however, the [[Free Software Foundation]] has since clarified its position, assuring that the responsibility to make keys available was held by the hardware manufacturer),<ref name=h-ubuntusecureboot/> and that it would also be difficult for advanced users to build custom [[Linux kernel|kernel]]s that could function with secure boot enabled without self-signing them.<ref name="cwuk-arm"/> Other developers suggested that signed builds of Linux with another key could be provided, but noted that it would be difficult to persuade OEMs to ship their computers with the required key alongside the Microsoft key.<ref name="ElReg1">{{cite news|url=https://www.theregister.co.uk/2011/09/23/ms_denies_uefi_lock_in/|title=MS denies secure boot will exclude Linux|publisher=The Register|date=23 September 2011|accessdate=24 September 2011}}</ref>
Several major Linux distributions have developed different implementations for secure boot. Garrett himself developed a minimal bootloader known as a shim, which is a precompiled, signed bootloader that allows the user to individually trust keys provided by distributors.<ref>{{cite web|title=Shimming your way to Linux on Windows 8 PCs|url=http://www.zdnet.com/shimming-your-way-to-linux-on-windows-8-pcs-7000008246/|publisher=ZDNet|accessdate=26 February 2013}}</ref> [[Ubuntu (operating system)|Ubuntu 12.10]] uses an older version of shim{{Which|date=October 2017}} pre-configured for use with [[Canonical Ltd.|Canonical]]'s own key that verifies only the bootloader and allows unsigned kernels to be loaded; developers believed that the practice of signing only the bootloader is more feasible, since a trusted kernel is effective at securing only the [[user space]], and not the pre-boot state for which secure boot is designed to add protection. That also allows users to build their own kernels and use custom [[kernel module]]s as well, without the need to reconfigure the system.<ref name=h-ubuntusecureboot/><ref name=lwn-efilinux/><ref name=h-mscert>{{cite web|title=No Microsoft certificate support in Linux kernel says Torvalds|url=http://www.h-online.com/open/news/item/No-Microsoft-certificate-support-in-Linux-kernel-says-Torvalds-1811883.html|publisher=The H|accessdate=26 February 2013}}</ref> Canonical also maintains its own private key to sign installations of Ubuntu pre-loaded on certified OEM computers that run the operating system, and also plans to enforce a secure boot requirement as well{{emdash}}requiring both a Canonical key and a Microsoft key (for compatibility reasons) to be included in their firmware. [[Fedora (operating system)|Fedora]] also uses shim,{{Which|date=October 2017}} but requires that both the kernel and its modules be signed as well.<ref name=lwn-efilinux>{{cite web|title=Ubuntu details its UEFI secure boot plans|url=https://lwn.net/Articles/503803/|publisher=Linux Weekly News|accessdate=11 September 2012}}</ref>
It has been disputed whether the kernel and its modules must be signed as well; while the UEFI specifications do not require it, Microsoft has asserted that their contractual requirements do, and that it reserves the right to revoke any certificates used to sign code that can be used to compromise the security of the system.<ref name=h-mscert/> In February 2013, another Red Hat developer attempted to submit a patch to the Linux kernel that would allow it to parse Microsoft's authenticode signing using a master [[X.509]] key embedded in [[Portable Executable|PE]] files signed by Microsoft. However, the proposal was criticized by Linux creator [[Linus Torvalds]], who attacked Red Hat for supporting Microsoft's control over the secure boot infrastructure.<ref name=ars-linus>{{cite web|title=Linus Torvalds: I will not change Linux to "deep-throat Microsoft"|url=https://arstechnica.com/information-technology/2013/02/linus-torvalds-i-will-not-change-linux-to-deep-throat-microsoft/|publisher=Ars Technica|accessdate=26 February 2013}}</ref>
On 26 March 2013, the [[Spain|Spanish]] free software development group Hispalinux filed a formal complaint with the [[European Commission]], contending that Microsoft's secure boot requirements on OEM systems were "obstructive" and [[anti-competitive practices|anti-competitive]].<ref name=reuters-hispalinuxuefi>{{cite news|title=Exclusive: Open software group files complaint against Microsoft to EU|url=https://www.reuters.com/article/2013/03/26/us-microsoft-eu-idUSBRE92P0E120130326|publisher=Reuters|accessdate=26 March 2013|date=26 March 2013}}</ref>
At the [[Black Hat Briefings|Black Hat conference]] in August 2013, a group of security researchers presented a series of exploits in specific vendor implementations of UEFI that could be used to exploit secure boot.<ref name=itworld-securebootexploit>{{cite web|title=Researchers demo exploits that bypass Windows 8 Secure Boot|url=http://www.itworld.com/endpoint-security/367583/researchers-demo-exploits-bypass-windows-8-secure-boot|work=IT World|accessdate=5 August 2013}}</ref>
In August 2016 it was reported that two security researchers had found the "golden key" security key Microsoft uses in signing operating systems.<ref>{{cite news|last1=MENDELSOHN|first1=Tom|title=Secure Boot snafu: Microsoft leaks backdoor key, firmware flung wide open [Updated]|url=http://arstechnica.co.uk/security/2016/08/microsoft-secure-boot-firmware-snafu-leaks-golden-key/|accessdate=12 August 2016|publisher=Ars Technica|date=12 August 2016}}</ref> Technically, no key was exposed, however, an exploitable binary signed by the key was. This allows any software to run as though it was genuinely signed by Microsoft and exposes the possibility of [[rootkit]] and [[bootkit]] attacks. This also makes patching the fault impossible, since any patch can be replaced (downgraded) by the (signed) exploitable binary. Microsoft responded in a statement that the vulnerability only exists in [[ARM architecture]] and [[Windows RT]] devices, and has released two patches; however, the patches do not (and cannot) remove the vulnerability, which would require key replacements in end user firmware to fix.{{citation needed|date=October 2017}}
=== Firmware problems ===
The increased prominence of UEFI firmware in devices has also led to a number of technical problems blamed on their respective implementations.<ref name=zdnet-linux8>{{cite web|title=Linux on Windows 8 PCs: Some progress, but still a nuisance|url=http://www.zdnet.com/linux-on-windows-8-pcs-some-progress-but-still-a-nuisance-7000010697/|publisher=ZDNet|accessdate=26 February 2013}}</ref>
Following the release of Windows 8 in late 2012, it was discovered that certain [[Lenovo]] computer models with secure boot had firmware that was hardcoded to allow only executables named "[[Windows Boot Manager]]" or "[[Red Hat Enterprise Linux]]" to load, regardless of any other setting.<ref name=p-lenovo>{{cite web|title=Lenovo UEFI Only Wants To Boot Windows, RHEL|url=https://www.phoronix.com/scan.php?page=news_item&px=MTIyOTg|publisher=Phoronix|accessdate=26 February 2013}}</ref> Other problems were encountered by several [[Toshiba]] laptop models with secure boot that were missing certain certificates required for its proper operation.<ref name=zdnet-linux8/>
In January 2013, a bug surrounding the UEFI implementation on some [[Samsung]] laptops was publicized, which caused them to be [[Brick (electronics)|bricked]] after installing a Linux distribution in UEFI mode. While potential conflicts with a kernel module designed to access system features on Samsung laptops were initially blamed (also prompting kernel maintainers to disable the module on UEFI systems as a safety measure), Matthew Garrett discovered that the bug was actually triggered by storing too many UEFI variables to memory, and that the bug could also be triggered under Windows under certain conditions. In conclusion, he determined that the offending kernel module had caused kernel message dumps to be written to the firmware, thus triggering the bug.<ref name=theh-brickwindows>{{cite web|title=Samsung UEFI bug: Notebook bricked from Windows|url=http://www.h-online.com/open/news/item/Samsung-UEFI-bug-Notebook-bricked-from-Windows-1801439.html|publisher=The H|accessdate=27 February 2013}}</ref><ref name=bittech-uefideath>{{cite web|title=Linux acquitted in Samsung laptop UEFI deaths|url=http://www.bit-tech.net/news/bits/2013/02/11/linux-samsung-deaths-2/1|publisher=Bit-tech|accessdate=26 February 2013}}</ref><ref name=theh-samsungbrick>{{cite web|title=Booting Linux using UEFI can brick Samsung laptops|url=http://www.h-online.com/open/news/item/Booting-Linux-using-UEFI-can-brick-Samsung-laptops-1793958.html|publisher=The H|accessdate=26 February 2013}}</ref>
== See also ==
* [[OpenBIOS]]
* [[UEFI Platform Initialization]] (UEFI PI)
* [[System Management BIOS]] (SMBIOS)
* [[Trusted Platform Module]] (TPM)
== Notes ==
{{Notelist}}
== References ==
{{reflist|30em}}
== Further reading ==
*{{cite web |last1=Zimmer |first1=Vincent |first2=Michael |last2=Rothman |first3=Robert |last3=Hale |title=EFI Architecture |url=http://www.drdobbs.com/embedded-systems/efi-architecture/199500688 |work=[[Dr. Dobb's Journal]] |publisher=[[UBM plc|UBM]] |accessdate=12 October 2012 |date=10 May 2007}}
*{{cite web |first=Jonathan |last=de Boyne Pollard |url=http://jdebp.eu./FGA/efi-boot-process.html |title=The EFI boot process |work=Frequently Given Answers |date=11 July 2011 |accessdate=12 October 2012}}
*{{cite web |first=Jonathan |last=de Boyne Pollard |url=http://jdebp.eu./FGA/windows-nt-6-boot-process.html |title=The Windows NT 6 boot process |work=Frequently Given Answers |date=8 December 2011 |accessdate=12 October 2012}}
*{{cite web |first=Roderick W. |last=Smith |url=http://rodsbooks.com/bios2uefi/ |title=A BIOS to UEFI Transformation |work=Roderick W. Smith's Web Page |year=2011 |accessdate=12 October 2012}}
*{{cite web |first=Rajiv |last=Kothari |url=http://www.hardwaresecrets.com/article/UEFI-Just-How-Important-It-Really-Is/1385 |title=UEFI – Just How Important It Really Is |work=Hardware Secrets |date=21 September 2011 |accessdate=12 October 2012 |url-status=dead |archiveurl=https://web.archive.org/web/20121025093125/http://www.hardwaresecrets.com/article/UEFI-Just-How-Important-It-Really-Is/1385 |archivedate=25 October 2012 }}
*{{cite journal |first=Doug |last=Fisher |url=http://noggin.intel.com/technology-journal/2011/151/uefi-today-bootstrapping-continuum |title=UEFI Today: Bootstrapping the Continuum |journal=Intel Technology Journal |publisher=Intel |volume=15 |issue=1 |year=2011 |isbn=9781934053430 |accessdate=24 September 2013}}
== External links ==
{{Commons category|Extensible Firmware Interface}}
* {{Official website|https://uefi.org/}}
*[https://uefi.org/specifications UEFI Specifications]
*[https://www.tianocore.org/ Intel-sponsored open-source EFI Framework initiative].
*[https://www.intel.com/content/www/us/en/architecture-and-technology/unified-extensible-firmware-interface/efi-homepage-general-technology.html Intel EFI/UEFI portal]
*[https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-8.1-and-8/hh824898(v=win.10) Microsoft UEFI Support and Requirements for Windows Operating Systems]
*[https://www.techrepublic.com/blog/windows-and-office/how-windows-8-hybrid-shutdown-fast-boot-feature-works/ How Windows 8 Hybrid Shutdown / Fast Boot feature works]
* [https://technet.microsoft.com/en-us/windows/dn168167.aspx Securing the Windows 8 Boot Process]
* [http://www.uefi.tech UEFI Development Community]
* [https://www.welivesecurity.com/2018/09/27/lojax-first-uefi-rootkit-found-wild-courtesy-sednit-group/ LoJax: First UEFI rootkit found in the wild, courtesy of the Sednit group]
[[Category:Unified Extensible Firmware Interface| ]]' |
New page wikitext, after the edit ($1) (new_wikitext) | '{{short description|Specification that defines a software interface between an operating system and platform firmware}}
{{Merge from|UEFI Platform Initialization|date=May 2019}}
{{lead too short|date=December 2014}}
{{Use dmy dates|date=February 2020}}
[[File:Efi-simple.svg|thumb|upright=1.4|EFI's position in the software stack]]
The '''Unified Extensible Firmware Interface''' ('''UEFI''') is a [[specification]] that defines a software [[Interface (computer science)|interface]] between an [[operating system]] and platform [[firmware]]. UEFI replaces the legacy Basic Input/Output System ([[BIOS]]) firmware interface originally present in all [[IBM PC compatible|IBM PC-compatible]] [[personal computer]]s,<ref name="Intel2000">{{cite web|url=http://systems.cs.colorado.edu/Documentation/IntelDataSheets/xscalemagazine.pdf | title =Solving BIOS Boot Issues with EFI |first=Michael |last=Kinney |date=1 September 2000 |accessdate=14 September 2010 |pages=47–50}}</ref><ref name="ElReg1" /> with most UEFI firmware implementations providing support for legacy BIOS services. UEFI can support remote diagnostics and repair of computers, even with no operating system installed.<ref>{{cite web|url=http://h30565.www3.hp.com/t5/Feature-Articles/The-30-year-long-Reign-of-BIOS-is-Over-Why-UEFI-Will-Rock-Your/ba-p/198 | archiveurl=https://web.archive.org/web/20130626000135/http://h30565.www3.hp.com/t5/Feature-Articles/The-30-year-long-Reign-of-BIOS-is-Over-Why-UEFI-Will-Rock-Your/ba-p/198 | archivedate=26 June 2013 | title=The 30-year-long Reign of BIOS is Over: Why UEFI W... - Input Output |website=HP.com |date= |accessdate=6 March 2012}}</ref>
[[Intel]] developed the original '''Extensible Firmware Interface''' ('''EFI''') specifications. Some of the EFI's practices and data formats mirror those of [[Microsoft Windows]].<ref>[https://www.cl.cam.ac.uk/~mgk25/mswish/ut-rtc.html IBM PC Real Time Clock should run in UT]. Cl.cam.ac.uk. Retrieved on 30 October 2013.</ref><ref name="Matthew Garrett">{{cite web |url=https://www.youtube.com/watch?v=V2aq5M3Q76U#t=14m45s |title=EFI and Linux: The Future Is Here, and It's Awful |first=Matthew |last=Garrett |date=19 January 2012 |work=[[linux.conf.au]] 2012 |accessdate=2 April 2012}}</ref> In 2005, UEFI deprecated EFI 1.10 (the final release of EFI). The [[Unified EFI Forum]] is the industry body that manages the UEFI specifications throughout.
== History ==
The original motivation for EFI came during early development of the first Intel–HP [[Itanium]] systems in the mid-1990s. [[BIOS]] limitations (such as 16-bit [[CPU modes|processor mode]], [[real mode|1 MB addressable space]] and [[PC AT]] hardware) had become too restrictive for the larger server platforms Itanium was targeting.<ref name = "EmulexUEFI" /> The effort to address these concerns began in 1998 and was initially called ''Intel Boot Initiative''.<ref>{{citation | url = http://www.intel.com/technology/efi/ | archiveurl = https://web.archive.org/web/20100105051711/http://www.intel.com/technology/efi/ | archivedate = 5 January 2010 | title = Extensible Firmware Interface (EFI) and Unified EFI (UEFI) | publisher = Intel}}</ref> It was later renamed to ''Extensible Firmware Interface'' (EFI).<ref>{{citation | first = Dong | last = Wei | title = Beyond BIOS | chapter = foreword | publisher = Intel Press | year = 2006 | isbn = 978-0-9743649-0-2}}</ref><ref>{{citation | chapter-url = http://www.intel.com/technology/efi/main_specification.htm | title = Extensible Firmware Interface | chapter = 1.10 Specification overview | publisher = Intel}}</ref>
In July 2005, Intel ceased its development of the EFI specification at version 1.10, and contributed it to the [[Unified EFI Forum]], which has developed the specification as the ''Unified Extensible Firmware Interface'' (UEFI). The original EFI specification remains owned by Intel, which exclusively provides licenses for EFI-based products, but the UEFI specification is owned by the UEFI Forum.<ref name = "EmulexUEFI">{{cite news | url = http://www.emulex.com/artifacts/757d23e7-8acb-41a7-872a-afb733ab0688/elx_tb_all_uefi_ibm.pdf |title=Emulex UEFI Implementation Delivers Industry-leading Features for IBM Systems |publisher=Emulex | accessdate =14 September 2010}}</ref><ref>{{citation | url = http://www.uefi.org/about/ | publisher = Unified EFI Forum | title = About | quote = Q: What is the relationship between EFI and UEFI? A: The UEFI specification is based on the EFI 1.10 specification published by Intel with corrections and changes managed by the Unified EFI Forum. Intel still holds the copyright on the EFI 1.10 specification, but has contributed it to the Forum so that the Forum can evolve it. There will be no future versions of the EFI specification, but customers who license it can still use it under the terms of their license from Intel. The license to the Unified EFI Specification comes from the Forum, not from Intel}}</ref>
Version 2.1 of the UEFI specification was released on 7 January 2007. It added [[cryptography]], network authentication and the [[user interface]] architecture ('Human Interface Infrastructure' in UEFI). The latest UEFI specification, version 2.8, was approved in March 2019.<ref>{{cite web|url=http://www.uefi.org/specifications|title=Unified Extensible Firmware Interface Forum Specifications|publisher=|accessdate=3 June 2019}}</ref>
Tiano was the first [[open source]] UEFI implementation and was released by Intel in 2004. Tiano has since then been superseded by EDK<ref>{{Cite web | url=https://github.com/tianocore/edk |title =GitHub - tianocore/Edk: Git mirror of EDK.|date = 19 March 2019}}</ref> and EDK2<ref>{{Cite web | url=https://github.com/tianocore/tianocore.github.io/wiki/EDK-II | title=GitHub - tianocore/Tianocore.github.io: Tianocore website.| date=8 August 2019}}</ref> and is now maintained by the TianoCore community.<ref>{{Cite web | url=https://www.tianocore.org/ |title = What is TianoCore?}}</ref>
In December 2018, [[Microsoft]] announced Project Mu, a fork of TianoCore EDK2 used in [[Microsoft Surface]] and [[Hyper-V]] products. The project promotes the idea of [[Firmware as a Service]].<ref>{{cite web|url= https://betanews.com/2018/12/20/microsoft-project-mu/|title= Microsoft announces Project Mu, an open-source release of the UEFI core|date= 20 December 2018}}</ref>
== Advantages ==
The interface defined by the EFI specification includes data tables that contain platform information, and boot and runtime services that are available to the OS loader and OS. UEFI firmware provides several technical advantages over a traditional BIOS system:<ref name="UEFI2009Microsoft">{{cite web |url=http://www.microsoft.com/whdc/system/platform/firmware/UEFI_Windows.mspx |title=UEFI and Windows |publisher=Microsoft |date=15 September 2009 |accessdate=14 September 2010 }}</ref>
* Ability to use large disks partitions (over 2 [[terabyte|TB]]) with a [[GUID Partition Table]] (GPT)<ref name="grub-bios-installation">{{cite web
| url = https://www.gnu.org/software/grub/manual/html_node/BIOS-installation.html
| title = Installation
| work = 3.4 BIOS installation
| accessdate = 25 September 2013
| publisher = [[GNU GRUB]]
}}</ref>{{Efn|name="note1"|Large disk support and features such as [[Advanced Configuration and Power Interface]] (ACPI) and [[SMBIOS|System Management BIOS]] (SMBIOS) were subsequently implemented in BIOS-based systems.}}
* CPU-independent architecture{{Efn|name="note1"}}
* CPU-independent drivers{{Efn|name="note1"}}
* Flexible pre-OS environment, including network capability
* Modular design
* Backward and forward compatibility
== Compatibility ==
=== {{Anchor|HANDOVER|BOOT-STUB}}Processor compatibility ===
As of version 2.5, processor bindings exist for Itanium, x86, x86-64, [[ARM architecture|ARM]] (AArch32) and [[ARM64]] (AArch64).<ref>UEFI Specification 2.4, section 2.3</ref> Only [[endianness|little-endian]] processors can be supported.<ref>UEFI specification 2.3.1, section 1.8.1.</ref> Unofficial UEFI support is under development for POWERPC64 by implementing [[#Intel EFI|TianoCore]] on top of OPAL,<ref>{{cite web|url=https://github.com/andreiw/ppc64le-yedk2|title=GitHub - andreiw/ppc64le-edk2: TianoCore UEFI for OPAL/PowerNV (PPC64/PowerPC64 Little-Endian)|work=GitHub}}</ref> the OpenPOWER abstraction layer, running in little-endian mode.<ref>{{cite web|url=http://firmwaresecurity.com/2015/10/12/tianocore-for-openpower/comment-page-1/|title=Tianocore for OpenPOWER|work=Firmware Security|date=12 October 2015}}</ref> Similar projects exist for [[MIPS architecture|MIPS]]<ref>{{cite web|url=http://sourceforge.net/projects/efi-mips/|title=EFI-MIPS|author=kontais|work=SourceForge}}</ref> and [[RISC-V]].<ref>{{cite web|url=http://www.lowrisc.org/|title=lowRISC · lowRISC|publisher=}}</ref> As of UEFI 2.7, RISC-V processor bindings have been officially established for 32-, 64- and 128-bit modes.<ref>http://www.uefi.org/sites/default/files/resources/UEFI_Spec_2_7.pdf</ref>
Standard PC BIOS is limited to a 16-bit processor mode and 1 MB of addressable memory space, resulting from the design based on the [[IBM Personal Computer|IBM 5150]] that used a 16-bit [[Intel 8088]] processor.<ref name="EmulexUEFI"/><ref name="BitTechUEFI">{{cite news | url = http://www.bit-tech.net/hardware/storage/2010/06/01/are-we-ready-for-3tb-hard-disks/2 |title=LBA explained — Solving the 3TB Problem? |publisher=bit-tech |first=Ben |last=Hardwidge |date = 1 June 2010 | accessdate =18 June 2010}}</ref> In comparison, the processor mode in a UEFI environment can be either 32-bit ([[x86|x86-32]], AArch32) or 64-bit ([[x86-64]], Itanium, and AArch64).<ref name="EmulexUEFI" /><ref name="AskBIOSGuyWhyUEFI">{{cite news |url=http://community.edc.intel.com/t5/New-to-Intel-Architecture-Blog/Ask-a-BIOS-Guy-quot-Why-UEFI-quot/ba-p/2781 |title=Ask a BIOS Guy: "Why UEFI" |publisher=Intel Architecture Blog |author=Brian Richardson |date=10 May 2010 |accessdate=18 June 2010 |url-status=dead |archiveurl=https://web.archive.org/web/20101009214219/http://community.edc.intel.com/t5/New-to-Intel-Architecture-Blog/Ask-a-BIOS-Guy-quot-Why-UEFI-quot/ba-p/2781 |archivedate=9 October 2010 }}</ref> 64-bit UEFI firmware implementations support [[long mode]], which allows applications in the preboot execution environment to use 64-bit addressing to get direct access to all of the machine's memory.<ref name="WinHec2008UEFI">{{cite news |url=http://download.microsoft.com/download/5/e/6/5e66b27b-988b-4f50-af3a-c2ff1e62180f/cor-t605_wh08.pptx |archiveurl=https://web.archive.org/web/20140104004546/http://download.microsoft.com/download/5/e/6/5e66b27b-988b-4f50-af3a-c2ff1e62180f/cor-t605_wh08.pptx |format = PPTX |title = UEFI Momentum — The AMD perspective |archivedate=4 January 2014 |publisher=AMD |author=Gary Simpson |accessdate=20 September 2014}}</ref>
UEFI requires the firmware and operating system loader (or kernel) to be size-matched; for example, a 64-bit UEFI firmware implementation can load only a 64-bit operating system (OS) boot loader or kernel. After the system transitions from "Boot Services" to "Runtime Services", the operating system kernel takes over. At this point, the kernel can change processor modes if it desires, but this bars usage of the runtime services (unless the kernel switches back again).<ref name="uefi-spec-24" />{{rp|sections 2.3.2 and 2.3.4}} As of version 3.15, the [[Linux kernel]] supports 64-bit kernels to be [[Booting|booted]] on 32-bit UEFI firmware implementations running on [[x86-64]] CPUs, with ''UEFI handover'' support from a UEFI boot loader as the requirement.<ref>{{cite web
| url = http://kernelnewbies.org/Linux_3.15#head-e6cf8178e4d5eafc23b0abda81974d2b71ffecf4
| title = Linux kernel 3.15, Section 1.3. EFI 64-bit kernels can be booted from 32-bit firmware
| date = 8 June 2014 | accessdate = 15 June 2014
| website = kernelnewbies.org
}}</ref> UEFI handover protocol [[Data deduplication|deduplicates]] the UEFI initialization code between the kernel and UEFI boot loaders, leaving the initialization to be performed only by the Linux kernel's ''UEFI boot stub''.<ref>{{cite web
| url = https://lwn.net/Articles/507827/
| title = x86, efi: Handover Protocol
| date = 19 July 2012 | accessdate = 15 June 2014
| publisher = [[LWN.net]]
}}</ref><ref>{{cite web
| url = https://www.kernel.org/doc/Documentation/efi-stub.txt
| title = Linux kernel documentation: Documentation/efi-stub.txt
| date = 1 February 2014 | accessdate = 15 June 2014
| publisher = [[kernel.org]]
}}</ref>
=== {{Anchor|DISKDEVCOMPAT}}Disk device compatibility ===
{{See also|GUID Partition Table#OSSUPPORT|Protective MBR|l1=GPT § Operating systems support}}
In addition to the standard PC disk partition scheme that uses a [[master boot record]] (MBR), UEFI also works with a new partitioning scheme called [[GUID Partition Table]] (GPT), which is free from many of the limitations of MBR. In particular, the MBR limits on the number and size of disk partitions (up to four [[primary partition]]s per disk, and up to 2 [[Tebibyte|TiB]] {{nobreak|(2 × 2<sup>40</sup> [[byte]]s)}} per disk) are relaxed.<ref name="UEFI_Drive_Partition_Limits_Fact_Sheet">{{cite news
| url = http://www.uefi.org/sites/default/files/resources/UEFI_Drive_Partition_Limits_Fact_Sheet.pdf
| title = FAQ: Drive Partition Limits
| publisher = UEFI Forum
| accessdate =5 December 2019
}}</ref> More specifically, GPT allows for a maximum disk and partition size of 8 [[Zebibyte|ZiB]] {{nobreak|(8 × 2<sup>70</sup> bytes)}}.<ref name="UEFIDrivePartitionFAQ">{{cite news
| url = http://www.uefi.org/learning_center/UEFI_MBR_Limits_v2.pdf
| title = FAQ: Drive Partition Limits
| publisher = UEFI Forum
| accessdate =9 June 2010
}}</ref><ref name=IBMLargeDrivesGPT>{{cite web
| url = http://www.ibm.com/developerworks/library/l-gpt/index.html
| title = Make the most of large drives with GPT and Linux
| author = Roderick W. Smith
| publisher = [[IBM]]
| date = 3 July 2012
| accessdate = 25 September 2013}}</ref>
==== Linux ====
{{See also|EFI System partition#Linux}}
Support for GPT in [[Linux]] is enabled by turning on the option <code>CONFIG_EFI_PARTITION</code> (EFI GUID Partition Support) during kernel configuration.<ref>{{cite web
| url = https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/tree/block/partitions/Kconfig?id=refs/tags/v3.11.1#n247
| title = block/partitions/Kconfig (3.11.1)
| work = CONFIG_EFI_PARTITION (line #247)
| publisher = kernel.org
| accessdate = 25 September 2013
}}</ref> This option allows Linux to recognize and use GPT disks after the system firmware passes control over the system to Linux.
For reverse compatibility, Linux can use GPT disks in BIOS-based systems for both data storage and booting, as both [[GRUB 2]] and Linux are GPT-aware. Such a setup is usually referred to as ''BIOS-GPT''.<ref name="arch-grub">{{cite web
| url = https://wiki.archlinux.org/index.php/GRUB#BIOS_systems
| title = GRUB
| work = BIOS systems
| publisher = [[Arch Linux]]
| accessdate = 25 September 2013
}}{{unreliable source?|date=September 2013}}</ref> As GPT incorporates the protective MBR, a BIOS-based computer can boot from a GPT disk using a GPT-aware boot loader stored in the protective MBR's [[Master boot record#Sector layout|bootstrap code area]].<ref name="IBMLargeDrivesGPT" /> In the case of GRUB, such a configuration requires a [[BIOS boot partition]] for GRUB to embed its second-stage code due to absence of the post-MBR gap in GPT partitioned disks (which is taken over by the GPT's ''Primary Header'' and ''Primary Partition Table''). Commonly 1 [[MiB]] in size, this partition's [[Globally Unique Identifier]] (GUID) in GPT scheme is {{Mono|21686148-6449-6E6F-744E-656564454649}} and is used by GRUB only in BIOS-GPT setups. From GRUB's perspective, no such partition type exists in case of MBR partitioning. This partition is not required if the system is UEFI-based because no embedding of the second-stage code is needed in that case.<ref name="grub-bios-installation"/><ref name="IBMLargeDrivesGPT" /><ref name="arch-grub" />
UEFI systems can access GPT disks and boot directly from them, which allows Linux to use UEFI boot methods. Booting Linux from GPT disks on UEFI systems involves creation of an [[EFI system partition]] (ESP), which contains UEFI applications such as bootloaders, operating system kernels, and utility software.<ref>{{cite web
| url = https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Installation_Guide/s2-grub-whatis-booting-uefi.html
| title = GRUB and the boot process on UEFI-based x86 systems
| accessdate = 14 November 2013
| website = redhat.com
}}</ref><ref>{{cite web
| url = http://blog.fpmurphy.com/2010/09/uefi-booting-64-bit-redhat-enterprise-linux-6.html
| title = UEFI Booting 64-bit Redhat Enterprise Linux 6
| date = September 2010 | accessdate = 14 November 2013
| website = fpmurphy.com
}}</ref><ref name="arch-uefi-loaders">{{cite web
| url = https://wiki.archlinux.org/index.php/UEFI_Bootloaders
| title = UEFI Bootloaders
| accessdate = 25 September 2013
| website = archlinux.org
}}{{unreliable source?|date=September 2013}}</ref> Such a setup is usually referred to as ''UEFI-GPT'', while ESP is recommended to be at least 512 MiB in size and formatted with a FAT32 filesystem for maximum compatibility.<ref name="IBMLargeDrivesGPT" /><ref name="arch-grub" /><ref name="arch-uefi">{{cite web
| url = https://wiki.archlinux.org/index.php/Unified_Extensible_Firmware_Interface#EFI_System_Partition
| title = Unified Extensible Firmware Interface: EFI System Partition
| accessdate = 25 September 2013
| website = archlinux.org
}}{{unreliable source?|date=September 2013}}</ref>
For [[backward compatibility]], most UEFI implementations also support booting from MBR-partitioned disks, through the Compatibility Support Module (CSM) that provides legacy BIOS compatibility.<ref name="arch-forum-uefi-mbr">{{cite web
| url = https://bbs.archlinux.org/viewtopic.php?id=142637
| title = UEFI system booting from MBR partition table and GRUB legacy
| date = June 2012 | accessdate = 6 October 2013
| publisher = Arch Linux Forums
}}</ref> In that case, booting Linux on UEFI systems is the same as on legacy BIOS-based systems.
==== Microsoft Windows ====
The 64-bit versions of [[Windows Vista]] SP1 and later can boot from disks with a partition size larger than 2 [[Terabyte|TB]].
== Features ==
=== {{Anchor|GOP|VARIABLE}}Services ===
EFI defines two types of services: ''boot services'' and ''runtime services''. Boot services are available only while the firmware owns the platform (i.e., before the <code>ExitBootServices</code> call), and they include text and graphical consoles on various devices, and bus, block and file services. Runtime services are still accessible while the operating system is running; they include services such as date, time and [[Non-volatile random-access memory|NVRAM]] access.
<code>ExitBootServices</code> is used by the [[CIA]] as a hook to inject their trojan code even before the Operating System is loaded.<ref name="Vault7">{{cite web|url=https://wikileaks.org/ciav7p1/cms/page_36896783.html | title=ExitBootServices Hooking |website=wikileaks.org |date= |accessdate=2017-03-20}}</ref>
In addition, the ''Graphics Output Protocol'' (GOP) provides limited runtime services support; see also [[#Graphics features|Graphics features]] section below. The operating system is permitted to directly write to the framebuffer provided by GOP during runtime mode. However, the ability to change video modes is lost after transitioning to runtime services mode until the OS graphics driver is loaded.
; Variable services
: UEFI variables provide a way to store data, in particular non-volatile data, that is shared between platform firmware and operating systems or UEFI applications. Variable namespaces are identified by GUIDs, and variables are key/value pairs. For example, variables can be used to keep crash messages in NVRAM after a crash for the operating system to retrieve after a reboot.<ref name=theh-brickwindows/>
; Time services
: UEFI provides device-independent time services. Time services include support for timezone and daylight saving fields, which allow the hardware [[real-time clock]] to be set to local time or UTC.<ref>UEFI specification, section 7.3</ref> On machines using a PC-AT real-time clock, by default the hardware clock still has to be set to local time for compatibility with BIOS-based Windows,<ref name="Matthew Garrett"/> unless using recent versions and an entry in the Windows registry is set to indicate the use of UTC.
=== {{Anchor|APPLICATIONS}}Applications ===
[[File:Efi flowchart extended.svg|thumb|upright=1.9|Interaction between the EFI boot manager and EFI drivers]]
Beyond loading an OS, UEFI can run ''UEFI applications'', which reside as files on the EFI System Partition. They can be executed from the UEFI command shell, by the firmware's [[#BOOT-MANAGER|boot manager]], or by other UEFI applications. ''UEFI applications'' can be developed and installed independently of the system manufacturer.
A type of UEFI application is an OS loader such as [[GRUB]], [[rEFInd]], [[Gummiboot (software)|Gummiboot]], and [[Windows Boot Manager]]; which loads an OS file into memory and executes it. Also, an OS loader can provide a user interface to allow the selection of another UEFI application to run. Utilities like the [[#SHELL|UEFI shell]] are also UEFI applications.
=== Protocols ===
EFI defines protocols as a set of software interfaces used for communication between two binary modules. All EFI drivers must provide services to others via protocols.
=== {{Anchor|EBC}}Device drivers ===
In addition to standard processor architecture-specific device drivers, EFI provides for a processor-independent [[device driver]] stored in memory as ''EFI byte code'' or ''EBC''. System firmware has an interpreter for EBC images. In that sense, EBC is analogous to [[Open Firmware]], the hardware-independent firmware used in [[PowerPC]]-based [[Apple Macintosh]] and [[Sun Microsystems]] [[SPARC]] computers, among others.
Some architecture-specific (non-EFI Byte Code) EFI drivers for some device types can have interfaces for use by the OS. This allows the OS to rely on EFI for drivers to perform basic graphics and network functions before, and if, operating-system-specific drivers are loaded.
=== Graphics features ===
The EFI specification defined a UGA (Universal Graphic Adapter) protocol as a way to support device-independent graphics. UEFI did not include UGA and replaced it with GOP (Graphics Output Protocol), with the explicit goal of removing [[VGA]] hardware dependencies. The two are similar.<ref>{{cite web
| url = http://www.intel.com/content/www/us/en/intelligent-systems/intel-embedded-graphics-drivers/faq-bios-firmware.html
| title = Intel Embedded Graphics Drivers FAQ: BIOS and firmware
| accessdate = 19 May 2014
| publisher = [[Intel]]
}}</ref>
UEFI 2.1 defined a "Human Interface Infrastructure" (HII) to manage user input, localized strings, fonts, and forms (in the HTML sense). These enable [[original equipment manufacturer]]s (OEMs) or [[independent BIOS vendor]]s (IBVs) to design graphical interfaces for pre-boot configuration; UEFI itself does not define a user interface.
Most early UEFI firmware implementations were console-based, but as early as 2007 some implementations featured a graphical user interface.
=== EFI system partition ===
{{Main|EFI system partition}}
An EFI system partition, often abbreviated to ESP, is a [[data storage device]] partition that is used in computers adhering to the UEFI specification. Accessed by the UEFI firmware when a computer is powered up, it stores UEFI applications and the files these applications need to run, including [[operating system kernel]]s. Supported [[partition table]] schemes include [[Master boot record|MBR]] and [[GUID Partition Table|GPT]], as well as [[El Torito (CD-ROM standard)|El Torito]] volumes on optical disks.<ref name="uefi-spec-24">{{cite web
| url = http://www.uefi.org/specifications
| title = UEFI Specifications (version 2.4 and older)
| format = PDF | publisher = Unified EFI, Inc.
| date = June 2013 | accessdate = 25 September 2013
}}</ref>{{rp|section 2.6.2}} For use on ESPs, UEFI defines a specific version of the [[FAT file system]], which is maintained as part of the UEFI specification and independently from the original FAT specification, encompassing a variant of the [[FAT32]] file system on ESPs, and [[FAT16]] and [[FAT12]] file systems on removable media.<ref name="uefi-spec-24" />{{rp|section 12.3}}<ref name="uefi-spec-2.5">{{cite web
| url = http://www.uefi.org/sites/default/files/resources/UEFI%202_5.pdf#page=536
| title = UEFI Specification Version 2.5, Section 12.3 File System Format
| date = April 2015 | accessdate = 29 May 2015
| website = uefi.org
| format = PDF | pages = 536, 537
| quote = The file system supported by the Extensible Firmware Interface is based on the FAT file system. EFI defines a specific version of FAT that is explicitly documented and testable. Conformance to the EFI specification and its associate reference documents is the only definition of FAT that needs to be implemented to support EFI. To differentiate the EFI file system from pure FAT, a new partition file system type has been defined.
}}</ref><ref>{{cite web
| url = https://developer.apple.com/library/mac/technotes/tn2166/_index.html#//apple_ref/doc/uid/DTS10003927-CH1-SUBSECTION6
| title = Technical Note TN2166: Secrets of the GPT
| date = 6 November 2006 | accessdate = 6 May 2015
| website = developer.apple.com
}}</ref> The ESP also provides space for a boot sector as part of the backward BIOS compatibility.<ref name="arch-forum-uefi-mbr" />
=== Booting ===
==== {{Anchor|UEFIBOOT|BOOT-MANAGER}}UEFI booting ====
Unlike the legacy PC BIOS, UEFI does not rely on a [[boot sector]], defining instead a [[boot manager]] as part of the UEFI specification. When a computer is powered on, the boot manager checks the boot configuration and based on its settings, loads into memory and then executes the specified OS loader or [[operating system kernel]]. The boot configuration is defined by variables stored in [[NVRAM]], including variables that indicate the file system paths to OS loaders and OS kernels.
OS loaders can be automatically detected by UEFI, which enables easy [[booting]] from removable devices such as [[USB flash drive]]s. This automated detection relies on standardized file paths to the OS loader, with the path varying depending on the [[computer architecture]]. The format of the file path is defined as {{Mono|<nowiki><EFI_SYSTEM_PARTITION>/EFI/BOOT/BOOT<MACHINE_TYPE_SHORT_NAME>.EFI</nowiki>}}; for example, the file path to the OS loader on an [[x86-64]] system is {{Mono|/efi/BOOT/BOOTX64.EFI}},<ref name="uefi-spec-24" /> and {{Mono|efi\boot\bootaa64.efi}} on ARM64 architecture.
Booting UEFI systems from GPT-partitioned disks is commonly called ''UEFI-GPT booting''. Despite the fact that the UEFI specification requires MBR partition tables to be fully supported,<ref name="uefi-spec-24" /> some UEFI firmware implementations immediately switch to the BIOS-based CSM booting depending on the type of boot disk's partition table, effectively preventing UEFI booting to be performed from EFI System partitions on MBR-partitioned disks.<ref name="arch-forum-uefi-mbr" /> Such a boot scheme is commonly called ''UEFI-MBR''.
It is also common for a boot manager to have a textual user interface so the user can select the desired OS (or system utility) from a list of available boot options.
==== {{Anchor|CSMBOOT}}CSM booting ====
To ensure backward compatibility, most UEFI firmware implementations on PC-class machines also support booting in legacy BIOS mode from MBR-partitioned disks, through the ''Compatibility Support Module (CSM)'' that provides legacy BIOS compatibility. In this scenario, booting is performed in the same way as on legacy BIOS-based systems, by ignoring the partition table and relying on the content of a [[boot sector]].<ref name="arch-forum-uefi-mbr" />
BIOS-style booting from MBR-partitioned disks is commonly called ''BIOS-MBR'', regardless of it being performed on UEFI or legacy BIOS-based systems. Furthermore, booting legacy BIOS-based systems from GPT disks is also possible, and such a boot scheme is commonly called ''BIOS-GPT''.
The ''Compatibility Support Module'' allows legacy operating systems and some [[option ROM]]s that do not support UEFI to still be used.<ref name="intel-csm-r097">{{cite web
| url = http://www.intel.com/content/dam/doc/reference-guide/efi-compatibility-support-module-specification-v097.pdf
| title = Intel® Platform Innovation Framework for EFI
| work = Compatibility Support Module Specification (revision 0.97)
| date = 4 September 2007 | accessdate = 6 October 2013
| publisher = Intel
}}</ref> It also provides required legacy [[System Management Mode]] (SMM) functionality, called ''CompatibilitySmm'', as an addition to features provided by the UEFI SMM. This is optional and highly chipset- and platform-specific. An example of such a legacy SMM functionality is providing USB legacy support for keyboard and mouse, by emulating their classic [[PS/2 connector|PS/2]] counterparts.<ref name="intel-csm-r097" />
In November 2017, Intel announced that it planned to phase out support for CSM by 2020.<ref>{{Cite news|url=https://arstechnica.com/gadgets/2017/11/intel-to-kill-off-the-last-vestiges-of-the-ancient-pc-bios-by-2020/|title=The PC BIOS will be killed off by 2020 as Intel plans move to pure UEFI|work=Ars Technica|access-date=29 May 2018|language=en-us}}</ref>
==== Network booting ====
The UEFI specification includes support for booting over network via the [[Preboot eXecution Environment]] (PXE). PXE booting use [[network protocol]]s include [[Internet Protocol]] (IPv4 and IPv6), [[User Datagram Protocol]] (UDP), [[Dynamic Host Configuration Protocol]] (DHCP) and [[Trivial File Transfer Protocol]] (TFTP).<ref name="uefi-spec-24" /><ref>{{cite web
| url = https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Installation_Guide/s1-netboot-pxe-config-efi.html
| title = Red Hat Enterprise Linux 6 Installation Guide
| work = 30.2.2. Configuring PXE boot for EFI
| accessdate = 9 October 2013
| publisher = [[Red Hat]]
}}</ref>
OS images can be remotely stored on [[storage area network]]s (SANs), with [[iSCSI|Internet Small Computer System Interface]] (iSCSI) and [[Fibre Channel over Ethernet]] (FCoE) as supported protocols for accessing the SANs.<ref name="uefi-spec-24" /><ref>{{cite web
| url = http://www.uefi.org/sites/default/files/resources/UEFI_Summit_July_2013_UEFI2.4_Networking.pdf
| title = Advances in Pre-OS Networking in UEFI 2.4
| date = July 2013 | accessdate = 29 May 2019
| publisher = [[Hewlett-Packard]]
| last = El-Haj-Mahmoud
| first = Samer
}}</ref><ref>{{cite web
| url = http://www.redbooks.ibm.com/redbooks/pdfs/sg247986.pdf
| title = Storage and Network Convergence Using FCoE and iSCSI
| date = July 2012 | accessdate = 9 October 2013
| publisher = [[IBM]] }}</ref>
Version 2.5 of the UEFI specification adds support for accessing boot images over the [[HTTP]] protocol.<ref>{{cite web
| url = http://firmwaresecurity.com/2015/05/09/new-uefi-http-boot-support-in-uefi-2-5/
| title = New UEFI HTTP Boot support in UEFI 2.5
| date = 9 May 2015 | accessdate = 13 August 2015
| website = firmwaresecurity.com
}}</ref>
==== {{Anchor|SECURE-BOOT}}Secure boot ====
{{See also|#Secure boot criticism|l1=Secure boot criticism}}
The UEFI 2.3.1 Errata C specification (or higher) defines a protocol known as ''secure boot'', which can secure the boot process by preventing the loading of drivers or OS loaders that are not [[public-key cryptography|signed]] with an acceptable [[digital signature]]. The mechanical details of how precisely these drivers are to be signed are not specified.<ref>{{cite web
| title = Secure Boot Overview
| url = https://technet.microsoft.com/en-us/library/hh824987.aspx
| publisher = Microsoft
| accessdate = 18 February 2016
}}</ref> When secure boot is enabled, it is initially placed in "setup" mode, which allows a public key known as the "platform key" (PK) to be written to the firmware. Once the key is written, secure boot enters "User" mode, where only drivers and loaders signed with the platform key can be loaded by the firmware. Additional "[[key exchange key]]s" (KEK) can be added to a database stored in memory to allow other certificates to be used, but they must still have a connection to the private portion of the platform key.<ref name=uefi-secureboot>{{cite web
| last = Edge | first = Jake
| title = UEFI and "secure boot"
| url = https://lwn.net/Articles/447381/
| website = [[LWN.net]]
| accessdate = 9 September 2012
}}</ref> Secure boot can also be placed in "Custom" mode, where additional public keys can be added to the system that do not match the private key.<ref name=pcw-ueficontroversy>{{cite web
| title = Windows 8 Secure Boot: The Controversy Continues
| url = https://www.pcworld.com/article/248342/windows_8_secure_boot_the_controversy_continues.html
| website = PC World
| accessdate = 9 September 2012}}</ref>
Secure boot is supported by [[Windows 8]] and [[8.1]], [[Windows Server 2012]], and 2012 R2, and [[Windows 10]], VMware vSphere 6.5<ref>{{Cite news|url=https://blogs.vmware.com/vsphere/2017/05/secure-boot-esxi-6-5-hypervisor-assurance.html|title=Secure Boot for ESXi 6.5 - Hypervisor Assurance|date=4 May 2017|work=VMware vSphere Blog|access-date=18 August 2017}}</ref> and a number of [[Linux distribution]]s including [[Fedora (operating system)|Fedora]] (since version 18), [[openSUSE]] (since version 12.3), RHEL (since version 7), CentOS (since version 7<ref>[https://wiki.centos.org/HowTos/UEFI HowTos/UEFI - CentOS Wiki<!-- Bot generated title -->]</ref>), Debian (since version 10),<ref>{{cite web |url=https://www.phoronix.com/scan.php?page=news_item&px=Debian-UEFI-SecureBoot-2018 |title=Debian Making Progress on UEFI SecureBoot Support in 2018 |last=Larabel |first=Michael |date=30 April 2018 |website=Phoronix |publisher=Phoronix Media |access-date=23 May 2018}}</ref> and [[Ubuntu (operating system)|Ubuntu]] (since version 12.04.2).<ref>{{cite web |first=Matthew |last=Garrett |url=http://mjg59.dreamwidth.org/20522.html |title=Secure Boot distribution support |website=Mjg59.dreamwidth.org |date=27 December 2012 |accessdate=20 March 2014}}</ref> {{As of|2017|1}}, [[FreeBSD]] support is in a planning stage.<ref>{{cite web|title=SecureBoot|url=https://wiki.freebsd.org/SecureBoot|website=FreeBSD Wiki|publisher=FreeBSD|accessdate=16 June 2015}}</ref>
=== {{Anchor|SHELL}}UEFI shell ===
UEFI provides a [[Shell (computing)|shell environment]], which can be used to execute other UEFI applications, including UEFI [[boot loader]]s.<ref name="arch-uefi-loaders" /> Apart from that, commands available in the UEFI shell can be used for obtaining various other information about the system or the firmware, including getting the memory map (<tt>memmap</tt>), modifying boot manager variables (<tt>bcfg</tt>), running partitioning programs (<tt>[[diskpart]]</tt>), loading UEFI drivers, and editing text files (<tt>edit</tt>).<ref name="arch-uefi-shell">{{cite web
| url = https://wiki.archlinux.org/index.php/Unified_Extensible_Firmware_Interface#UEFI_Shell
| title = Unified Extensible Firmware Interface
| work = UEFI Shell
| publisher = [[Arch Linux]]
| accessdate = 25 September 2013
}}{{unreliable source?|date=September 2013}}</ref><ref name="EFI-Shells-and-Scripting">{{cite web
| url = http://software.intel.com/en-us/articles/efi-shells-and-scripting/
| title = EFI Shells and Scripting
| publisher = [[Intel]]
| accessdate = 25 September 2013
}}</ref><ref name="uefi-shell-spec-2">{{cite web
| url = http://www.uefi.org/specifications
| title = UEFI Shell Specification Version 2.0, Errata A
| format = PDF | publisher = Unified EFI, Inc.
| date = May 2012 | accessdate = 25 September 2013
}}</ref>
Source code for a UEFI shell can be downloaded from the [[Intel]]'s [[#Intel EFI|TianoCore]] UDK2010 / EDK2 [[SourceForge]] project.<ref>{{cite web
|url = http://sourceforge.net/apps/mediawiki/tianocore/index.php?title=Welcome_to_TianoCore
|title = TianoCore on SourceForge
|publisher = [[Intel]]
|accessdate = 25 September 2013
|url-status = dead
|archiveurl = https://web.archive.org/web/20131003090136/http://sourceforge.net/apps/mediawiki/tianocore/index.php?title=Welcome_to_TianoCore
|archivedate = 3 October 2013
|df = dmy-all
}}</ref> Shell v2 works best in UEFI 2.3+ systems and is recommended over the shell v1 in those systems. Shell v1 should work in all UEFI systems.<ref name="arch-uefi-shell" /><ref>{{cite web
| url = http://sourceforge.net/mailarchive/message.php?msg_id=28690732
| title = Email Archive: edk2-devel
| work = [edk2] Inclusion of UEFI shell in Linux distro iso
| publisher = [[SourceForge]]
| year = 2012 | accessdate = 25 September 2013
}}</ref><ref>{{cite web
| url = http://sourceforge.net/apps/mediawiki/tianocore/index.php?title=Shell_FAQ
| title = TianoCore on SourceForge
| work = Shell FAQ
| publisher = [[Intel]]
| accessdate = 25 September 2013
}}</ref>
Methods used for launching UEFI shell depend on the manufacturer and model of the system [[motherboard]]. Some of them already provide a direct option in firmware setup for launching, e.g. compiled x86-64 version of the shell needs to be made available as <tt><EFI_SYSTEM_PARTITION>/SHELLX64.EFI</tt>. Some other systems have an already embedded UEFI shell which can be launched by appropriate key press combinations.<ref name="arch-uefi-shell-launching">{{cite web
| url = https://wiki.archlinux.org/index.php/Unified_Extensible_Firmware_Interface#Launching_UEFI_Shell
| title = Unified Extensible Firmware Interface
| work = Launching UEFI Shell
| publisher = [[Arch Linux]]
| accessdate = 25 September 2013
}}{{unreliable source?|date=September 2013}}</ref><ref>{{cite web
| url = http://download.intel.com/support/motherboards/server/sb/efi_whitepaper.pdf
| title = Basic Instructions for Using EFI for Server Configuration on Intel® Server Boards and Intel® Server Systems
| publisher = [[Intel]]
| year = 2008 | accessdate = 25 September 2013
}}</ref> For other systems, the solution is either creating an appropriate USB flash drive or adding manually (<tt>bcfg</tt>) a boot option associated with the compiled version of shell.<ref name="uefi-shell-spec-2" /><ref name="arch-uefi-shell-launching" /><ref>{{cite web
| url = https://wiki.archlinux.org/index.php/Unified_Extensible_Firmware_Interface#bcfg
| title = Unified Extensible Firmware Interface
| work = bcfg
| publisher = [[Arch Linux]]
| accessdate = 25 September 2013
}}{{unreliable source?|date=September 2013}}</ref><ref>{{cite web
| url = https://wiki.archlinux.org/index.php/GRUB_EFI_Examples#Asus
| title = GRUB EFI Examples
| work = Asus
| publisher = [[Arch Linux]]
| accessdate = 25 September 2013
}}{{unreliable source?|date=September 2013}}</ref>
====Commands====
The following list of [[command (computing)|commands]] is supported by the EFI shell.<ref name="EFI-Shells-and-Scripting" />
{{div col|colwidth=9em}}
* [[help (command)|help]]
* guid
* set
* [[alias (command)|alias]]
* dh
* unload
* map
* [[mount (Unix)|mount]]
* [[cd (command)|cd]]
* [[echo (command)|echo]]
* pause
* [[ls]]
* [[mkdir]]
* mode
* [[cp (command)|cp]]
* [[comp (command)|comp]]
* [[rm (Unix)|rm]]
* memmap
* [[TYPE (DOS command)|type]]
* dmpstore
* load
* [[ver (command)|ver]]
* err
* [[TIME (command)|time]]
* [[date (command)|date]]
* stall
* reset
* [[vol (command)|vol]]
* [[attrib]]
* [[cls (command)|cls]]
* bcfg
* edit
* Edd30
* dblk
* pci
* mm
* mem
* EddDebug
{{div col end}}
=== Extensions ===
Extensions to EFI can be loaded from virtually any [[Non-volatile memory|non-volatile]] storage device attached to the computer. For example, an [[original equipment manufacturer]] (OEM) can distribute systems with an EFI partition on the hard drive, which would add additional functions to the standard EFI firmware stored on the motherboard's [[Read-only memory|ROM]].
== UEFI classes ==
UEFI machines can have one of the following "classes", which were used to help ease the transition to UEFI.
* Class 0:Legacy BIOS
* Class 1:Legacy BIOS with UEFI code, although it does not support UEFI booting
* Class 2:UEFI with CSM
* Class 3:UEFI without CSM
== Boot stages ==
=== SEC - Security Phase ===
This is the first stage of the UEFI boot but may have platform specific binary code that precedes it. (EX. Intel ME, AMD PSP). Minimal code written in assembly for the specific architecture. It initializes a temporary memory (often CPU cache as RAM) and serves as the systems software root of trust with the option of verifying PEI before hand-off.
=== PEI - Pre-EFI Initialization ===
The second stage of UEFI boot consist of a dependency aware dispatcher that loads and runs C written modules (PEIMs) to handle early hardware initialization tasks such as memory initialization and recovery operations. Additionally it is responsible for discovery of the current boot mode and handling many S3 operations. In the case of S3 resume, it is responsible for restoring many hardware registers to a pre-sleep state.
=== DXE - Driver Execution Environment ===
This stage also consist of C modules and a dependency aware dispatcher. With memory now available, most hardware drivers, feature code, PCI bus, and runtime services (UEFI -> OS services) are initialized.
=== BDS - Boot Device Select ===
In this stage, input and output devices are typically initialized, drivers or OPROMs on PCI devices are executed according to system configuration, and boot options are processed for availability, ordering, and device matching.
=== TSL - Transient System Load ===
This is the stage between boot selection and hand-off to the OS. At this point one may enter setup, UEFI shell, or execute an EFI application such as the OS boot loader.
=== RT - Runtime ===
The UEFI hands off to the OS. A UEFI compatible OS is now responsible for exiting boot services triggering the firmware to unload all no longer needed code and data leaving only SMM and Runtime service code / data.
When a legacy OS is used, CSM will handle this call ensuring the system is compatible with legacy BIOS expectations.
== Implementation and adoption ==
=== {{Anchor|TIANOCORE}}Intel EFI ===
Intel's implementation of EFI is the ''Intel Platform Innovation Framework'', codenamed ''Tiano''. Tiano runs on Intel's [[XScale]], [[Itanium]] and [[IA-32]] processors, and is proprietary software, although a portion of the code has been released under the [[BSD license]] or [[Eclipse Public License]] (EPL) as '''TianoCore'''. TianoCore can be used as a payload for [[coreboot]].<ref name="TianoCoreboot">{{cite web|url=http://www.coreboot.org/TianoCore|title=TianoCore - coreboot|accessdate=25 May 2012}}</ref>
[[Phoenix Technologies]]' implementations of UEFI include its SecureCore and SecureCore Tiano products.<ref name="PhoenixSecureCoreTiano">{{cite web|url=http://www.phoenix.com/pages/phoenix-securecore-tiano-tm|title=SecureCore Tiano™|publisher=Phoenix Technologies|accessdate=14 September 2010|url-status=dead|archiveurl=https://web.archive.org/web/20100906050148/http://www.phoenix.com/pages/phoenix-securecore-tiano-tm|archivedate=6 September 2010}}</ref> [[American Megatrends]] offers its own UEFI firmware implementation known as Aptio,<ref name="AMIAptio4">{{cite web |url=https://ami.com/ami_downloads/Aptio_4_Data_Sheet.pdf |title=Aptio®: The Complete UEFI Product Solution |publisher=American Megatrends, Inc |accessdate=2 May 2018}}</ref> while [[Insyde Software]] offers InsydeH2O, its own implementation of Tiano.<ref name="InsydeH2O">{{cite web |url=https://www.insyde.com/company/who-we-are/why-us |title=Why US? |publisher=Insyde Software Corp |accessdate=2 May 2018}}</ref>
In December 2018, [[Microsoft]] released an open source version of its TianoCore EDK2-based UEFI implementation from the [[Microsoft Surface|Surface]] line, Project Mu.<ref>{{Cite web|url=https://www.phoronix.com/scan.php?page=news_item&px=Microsoft-Project-Mu-UEFI|title=Microsoft Announces "Project Mu" For Open-Source UEFI Alternative To TianoCore |website=Phoronix|access-date=20 December 2018}}</ref>
=== Das U-Boot ===
An implementation of the UEFI API was introduced into the Universal Boot Loader ([[Das U-Boot]]) in 2017.<ref name="MarryingU-BootUEFIandGRUB">{{cite web|url=http://events17.linuxfoundation.org/sites/events/files/slides/Marrying%20U-Boot%2C%20UEFI%20and%20grub.pdf|title=Marrying U-Boot UEFI and GRUB|accessdate=12 September 2018}}</ref> On the [[ARM architecture#AArch64|ARMv8]] architecture [[Linux]] distributions use the U-Boot UEFI implementation in conjunction with [[GNU GRUB]] for booting (e.g. [[SUSE Linux]] <ref name="SuseU-BootGRUB">{{cite web|url=https://www.suse.com/media/article/UEFI_on_Top_of_U-Boot.pdf|title=UEFI on Top of U-Boot|accessdate=12 September 2018}}</ref>), the same holds true for OpenBSD.<ref name="OpenBSD63onRPi3">{{cite web|url=https://bijanebrahimi.github.io/blog/installing-openbsd-63-on-raspberry-pi-3.html|title=Installing OpenBSD 6.3 on Raspberry 3|accessdate=12 September 2018}}</ref> For booting from iSCSI [[iPXE]] can be used as a UEFI application loaded by U-Boot.<ref name="UBootiPXE">{{cite web|url=http://git.denx.de/?p=u-boot.git;a=blob;f=doc/README.iscsi;h=faee63626424e8842822f3dd6b1e2f23e0129ae9;hb=HEAD|title=iSCSI booting with U-Boot and iPXE|accessdate=12 September 2018}}</ref>
=== Platforms using EFI/UEFI ===
[[Intel]]'s first [[Itanium]] workstations and servers, released in 2000, implemented EFI 1.02.
[[Hewlett-Packard]]'s first [[Itanium 2]] systems, released in 2002, implemented EFI 1.10; they were able to boot [[Microsoft Windows|Windows]], [[Linux]], [[FreeBSD]] and [[HP-UX]]; [[OpenVMS]] added UEFI capability in June 2003.
In January 2006, [[Apple Inc.]] shipped its first [[Apple–Intel architecture|Intel-based Macintosh computers]]. These systems used EFI instead of [[Open Firmware]], which had been used on its previous PowerPC-based systems.<ref>Apple Computer. "[https://developer.apple.com/documentation/MacOSX/Conceptual/universal_binary/universal_binary_diffs/chapter_3_section_10.html Universal Binary Programming Guidelines, Second Edition: Extensible Firmware Interface (EFI)] {{webarchive |url=https://web.archive.org/web/20080724213607/http://developer.apple.com/documentation/MacOSX/Conceptual/universal_binary/universal_binary_diffs/chapter_3_section_10.html |date=24 July 2008 }}"</ref> On 5 April 2006, Apple first released [[Boot Camp (software)|Boot Camp]], which produces a Windows drivers disk and a non-destructive partitioning tool to allow the installation of Windows XP or Vista without requiring a reinstallation of Mac OS X. A firmware update was also released that added BIOS compatibility to its EFI implementation. Subsequent Macintosh models shipped with the newer firmware.<ref>[http://www.mactech.com/articles/mactech/Vol.23/23.05/OpenFirmwareToEFI/index.html Apple's Transition from Open Firmware to Extensible Firmware Interface], mactech, 2007.</ref>
During 2005, more than one million Intel systems shipped with Intel's implementation of UEFI.<ref name="IntelFrameworkOverviewUEFI">{{cite web | url = http://www.intel.com/technology/framework/overview1.htm |title=Intel® Platform Innovation Framework for UEFI Overview |publisher=Intel |accessdate=14 September 2010}}</ref> New mobile, desktop and server products, using Intel's implementation of UEFI, started shipping in 2006. For instance, boards that use the Intel 945 chipset series use Intel's UEFI firmware implementation.
Since 2005, EFI has also been implemented on non-PC architectures, such as [[embedded system]]s based on [[XScale]] cores.<ref name="IntelFrameworkOverviewUEFI" />
The EDK (EFI Developer Kit) includes an NT32 target, which allows EFI firmware and EFI applications to run within a [[Microsoft Windows|Windows]] application. But no direct hardware access is allowed by EDK NT32. This means only a subset of EFI application and drivers can be executed at the EDK NT32 target.
In 2008, more x86-64 systems adopted UEFI some of them using the [[rEFInd]] GUI boot menu. While many of these systems still allow booting only the BIOS-based OSes via the Compatibility Support Module (CSM) (thus not appearing to the user to be UEFI-based), other systems started to allow booting UEFI-based OSes. For example, IBM x3450 server, [[Micro-Star International|MSI]] motherboards with ClickBIOS, all HP EliteBook Notebook and Tablet PCs, newer HP Compaq Notebook PCs (e.g., 6730b, 6735b, etc.).
In 2009, IBM shipped [[IBM System x|System x]] machines (x3550 M2, x3650 M2, iDataPlex dx360 M2) and [[IBM BladeCenter|BladeCenter]] HS22 with UEFI capability. Dell shipped PowerEdge T610, R610, R710, M610 and M710 servers with UEFI capability. More commercially available systems are mentioned in a UEFI whitepaper.<ref>{{citation | publisher = UEFI | url = http://www.uefi.org/news/uefi_industry/UEFIEvaluationPlatforms_2011_05.pdf | title = Evaluating UEFI using Commercially Available Platforms and Solutions | date = May 2011 | url-status = dead | archiveurl = https://web.archive.org/web/20120322062159/http://www.uefi.org/news/uefi_industry/UEFIEvaluationPlatforms_2011_05.pdf | archivedate = 22 March 2012 | df = dmy-all }}</ref>
In 2011, major vendors (such as [[ASRock]], [[Asus]], [[Gigabyte Technology|Gigabyte]], and [[Micro-Star International|MSI]]) launched several consumer-oriented motherboards using the Intel [[List of Intel chipsets#5/6/7 Series chipsets|6-series]] [[LGA 1155]] chipset and AMD 9 Series [[Socket AM3+|AM3+]] chipsets with UEFI.<ref name="Asus Motherboard">[http://www.bit-tech.net/hardware/motherboards/2010/11/16/asus-lga1155-motherboard-preview/1 Asus P67 Motherboard Preview].</ref>
With the release of Windows 8 in October 2012, Microsoft's certification requirements now require that computers include firmware that implements the UEFI specification. Furthermore, if the computer supports the "[[Connected Standby]]" feature of Windows 8 (which allows devices to have power management comparable to [[smartphone]]s, with an almost instantaneous return from standby mode), then the firmware is not permitted to contain a Compatibility Support Module (CSM). As such, systems that support Connected Standby are incapable of booting Legacy BIOS operating systems.<ref>{{cite web | publisher = Microsoft | url = http://msdn.microsoft.com/en-us/library/windows/hardware/jj128256.aspx | title = Windows Hardware Certification Requirements for Client and Server Systems | date = January 2013 |quote=System.Fundamentals.Firmware.CS.UEFISecureBoot.ConnectedStandby ... Platforms shall be UEFI Class Three (see UEFI Industry Group, Evaluating UEFI using Commercially Available Platforms and Solutions, version 0.3, for a definition) with no Compatibility Support Module installed or installable. BIOS emulation and legacy PC/AT boot must be disabled.}}</ref><ref name=pcmag-connected>{{cite web|title=Microsoft: All You Need to Know About Windows 8 on ARM|url=https://www.pcmag.com/article2/0,2817,2400059,00.asp|work=PC Magazine|accessdate=30 September 2013}}</ref>
In October 2017, Intel announced that it would remove legacy PC BIOS support from all its products by 2020, in favor of UEFI Class 3.<ref>{{Cite web|url=http://www.uefi.org/sites/default/files/resources/Brian_Richardson_Intel_Final.pdf|title="Last Mile" Barriers to Removing Legacy BIOS|last=Richardson|first=Brian|date=30 October 2017|access-date=22 November 2017}}</ref>
=== Operating systems ===
An operating system that can be booted from a (U)EFI is called a (U)EFI-aware operating system, defined by (U)EFI specification. Here the term ''booted from a (U)EFI'' means directly booting the system using a (U)EFI operating system loader stored on any storage device. The default location for the operating system loader is <code><EFI_SYSTEM_PARTITION>/BOOT/BOOT<MACHINE_TYPE_SHORT_NAME>.EFI</code>, where short name of the machine type can be <code>IA32</code>, <code>X64</code>, <code>IA64</code>, <code>ARM</code> or <code>AA64</code>.<ref name="uefi-spec-24" /> Some operating systems vendors may have their own boot loaders. They may also change the default boot location.
* The [[Linux kernel]] has been able to use EFI at boot time since early 2000,<ref>[http://sourceforge.net/mailarchive/forum.php?thread_name=1077918495.14506.1.camel%40raphael.fc.hp.com&forum_name=elilo-announce Announcement of release 3.5pre1] by maintainer Brett Johnson made on 27 February 2004.</ref> using the [[elilo]] EFI boot loader or, more recently, EFI versions of [[GNU GRUB|GRUB]].<ref name="debiangrubexample">{{citation | url = http://packages.debian.org/sid/grub-efi | title = EFI version of Grub | publisher = Debian GNU/Linux | accessdate =1 May 2008}}</ref> Grub+Linux also supports booting from a GUID partition table without UEFI.<ref name="grub-bios-installation"/> The distribution [[Ubuntu (operating system)|Ubuntu]] added support for UEFI secure boot as of version 12.10.<ref name=h-ubuntusecureboot>{{cite web|title=Ubuntu will use GRUB 2 for its Secure Boot implementation|url=http://www.h-online.com/open/news/item/Ubuntu-will-use-GRUB-2-for-its-Secure-Boot-implementation-1714232.html|publisher=The H Online|accessdate=28 October 2012}}</ref> Furthermore, the Linux kernel can be compiled with the option to run as an EFI bootloader on its own through the EFI bootstub feature.
* [[HP-UX]] has used (U)EFI as its boot mechanism on [[IA-64]] systems since 2002.
* HP [[OpenVMS]] has used (U)EFI on IA-64 since its initial evaluation release in December 2003, and for production releases since January 2005.<ref>{{citation | url = http://h71000.www7.hp.com/openvms/os/openvms-release-history.html | publisher = HP | title = OpenVMS Release History | accessdate = 16 September 2008 | url-status = dead | archiveurl = https://web.archive.org/web/20090105052030/http://h71000.www7.hp.com/openvms/os/openvms-release-history.html | archivedate = 5 January 2009 | df = dmy-all }}</ref>
* [[Apple Inc.|Apple]] uses EFI for its line of [[Apple–Intel architecture|Intel-based Macs]]. [[Mac OS X Tiger|Mac OS X v10.4]] Tiger and [[Mac OS X Leopard|Mac OS X v10.5]] Leopard implement EFI v1.10 in 32-bit mode even on newer 64-bit CPUs, but full support arrived with [[OS X Mountain Lion|OS X v10.8 Mountain Lion]].<ref name="appleuefiversion1">{{citation | url = http://refit.sourceforge.net/info/vista.html | title = rEFIt — Windows Vista and EFI | publisher = SourceForge}}</ref>
* The [[Itanium]] versions of [[Windows 2000]] (Advanced Server Limited Edition and Datacenter Server Limited Edition) implemented EFI 1.10 in 2002. MS [[Windows Server 2003]] for [[IA-64]], MS [[Windows XP 64-bit Edition]] and [[Windows 2000]] Advanced Server Limited Edition, all of which are for the Intel [[Itanium]] family of processors, implement EFI, a requirement of the platform through the [[DIG64]] specification.<ref>{{citation | publisher = Microsoft | title = Windows Server TechCenter | url = http://technet2.microsoft.com/WindowsServer/en/Library/6b03fad7-665e-49f3-8e7d-e1a6a5be9cf01033.mspx | contribution = Extensible Firmware Interface | url-status = dead | archiveurl = https://web.archive.org/web/20060830101936/http://technet2.microsoft.com/WindowsServer/en/library/6b03fad7-665e-49f3-8e7d-e1a6a5be9cf01033.mspx | archivedate = 30 August 2006 | df = dmy-all }}</ref>
* Microsoft introduced UEFI for x86-64 Windows operating systems with [[Windows Server 2008 R2]] and [[Windows 7]]. The 64-bit versions of [[Windows 7]] are compatible with EFI.{{Citation needed|date=February 2016}} 32-bit UEFI was originally not supported since vendors did not have any interest in producing native 32-bit UEFI firmware because of the mainstream status of [[64-bit computing]].<ref name="WindowsVistaUEFI">{{cite news |url= http://support.microsoft.com/kb/930061 |title=Unified Extended Firmware Interface support in Windows Vista |publisher=Microsoft |date=26 October 2006 |accessdate=12 June 2010 |quote= Microsoft determined that vendors would not have any interest in producing native UEFI 32-bit firmware because of the current status of mainstream 64-bit computing and platform costs. Therefore, Microsoft originally did not to ship support for 32-bit UEFI implementations.}}</ref> [[Windows 8]] includes further optimizations for UEFI systems, including a faster startup, 32-bit UEFI support, and secure boot support.<ref>{{cite web | url=http://www.winsupersite.com/blog/supersite-blog-39/windows8/microsoft-touts-incredible-windows-8-boot-times-140515 | title=Microsoft Touts Incredible Windows 8 Boot Times | accessdate=9 September 2011}}</ref><ref name="Windows8UEFISecureBoot">{{cite news |url=https://arstechnica.com/business/news/2011/09/windows-8-secure-boot-will-complicate-linux-installs.ars |title=Windows 8 secure boot could complicate Linux installs |author=Jon Brodkin |publisher=Ars Technica |date=21 September 2011 |accessdate=23 September 2011}}</ref>
* On 5 March 2013, the [[FreeBSD Foundation]] awarded a grant to a developer seeking to add UEFI support to the [[FreeBSD]] kernel and bootloader.<ref name=fbsd-uefi>{{cite web|title=FreeBSD to get UEFI support|url=http://www.h-online.com/open/news/item/FreeBSD-to-get-UEFI-support-1816670.html|publisher=The H|accessdate=7 March 2013}}</ref> The changes were initially stored in a discrete branch of the FreeBSD source code, but were merged into the mainline source on 4 April 2014 (revision 264095); the changes include support in the installer as well.<ref name=fbsd-uefi-merge>{{cite web|title=UEFI - FreeBSD Wiki|url=https://wiki.freebsd.org/UEFI|publisher=FreeBSD.org|accessdate=19 June 2014}}</ref>
* Oracle [[Solaris (operating system)|Solaris]] 11.1 and later support UEFI boot for x86 systems with UEFI firmware version 2.1 or later. [[GNU GRUB|GRUB]] 2 is used as the boot loader on x86.<ref name="solaris-uefi">{{cite web
| url = http://www.oracle.com/technetwork/server-storage/solaris11/documentation/solaris11-1-whatsnew-1732377.pdf
| title = Oracle Solaris 11.1 — What's New
| accessdate = 4 November 2013
| publisher = oracle.com }}</ref>
* [[OpenBSD]] 5.9<ref>{{Cite web|url=http://www.openbsd.org/59.html|title=OpenBSD 5.9|website=www.openbsd.org|access-date=11 September 2016}}</ref> introduced UEFI boot support for 64-bit x86 systems using its own custom loader, OpenBSD 6.0 extended that support to include ARMv7.<ref>{{Cite web|url=http://www.openbsd.org/60.html|title=OpenBSD 6.0|website=www.openbsd.org|access-date=11 September 2016}}</ref>
=== Use of UEFI with virtualization ===
* [[HP Integrity Virtual Machines]] provides UEFI boot on HP Integrity Servers. It also provides a virtualized UEFI environment for the guest UEFI-aware OSes.
* Intel hosts an Open Virtual Machine Firmware project on SourceForge.<ref>{{citation | url = http://sourceforge.net/apps/mediawiki/tianocore/index.php?title=OVMF | publisher = SourceForge | title = Open Virtual Machine Firmware | url-status = dead | archiveurl = https://web.archive.org/web/20111006173225/http://sourceforge.net/apps/mediawiki/tianocore/index.php?title=OVMF | archivedate = 6 October 2011 | df = dmy-all }}</ref>
* [[VMware Fusion]] 3 software for Mac OS X can boot Mac OS X Server virtual machines using UEFI.
* [[VMware Workstation]] prior to version 11 unofficially supports UEFI, but is manually enabled by editing the .vmx file.<ref>{{cite web|url=https://communities.vmware.com/thread/420405 |title=VMWare Workstation EFI firmware | VMware Communities |publisher=Communities.vmware.com |date= |accessdate=28 February 2014}}</ref> [[VMware Workstation]] version 11 and above supports UEFI, independently of whether the physical host system is UEFI-based. VMware Workstation 14 (and accordingly, Fusion 10) adds support for the [[#Secure boot|Secure Boot]] feature of UEFI.<ref>{{cite web|url=https://communities.vmware.com/docs/DOC-28494 |title=Using EFI/UEFI firmware in a VMware Virtual Machine | VMware Communities |publisher=Communities.vmware.com |date= |accessdate=18 January 2016}}</ref><ref>{{Cite news|url=https://blogs.vmware.com/workstation/2017/08/announcing-vmware-workstation-14.html|title=Announcing VMware Workstation 14 - VMware Workstation Zealot|date=22 August 2017|work=VMware Workstation Zealot|access-date=2 August 2018|language=en-US}}</ref>
* The [[vSphere]] [[ESXi]] 5.0 hypervisor officially support UEFI. Version 6.5 adds support for secure boot.<ref>{{cite web|url=https://www.vmware.com/support/vsphere5/doc/vsphere-esx-vcenter-server-50-new-features.html |title=What's New in vSphere 5.0 |publisher=Vmware.com |date= |accessdate=28 February 2014}}</ref><ref>{{Cite web|url=https://pubs.vmware.com/Release_Notes/en/vsphere/65/vsphere-esxi-vcenter-server-65-release-notes.html|title=VMware vSphere 6.5 Release Notes|website=pubs.vmware.com|access-date=13 January 2017}}</ref>
* [[VirtualBox]] has implemented UEFI since 3.1,<ref>{{citation | url = http://www.virtualbox.org/wiki/Changelog-3.1 | publisher = VirtualBox | title = 3.1 Changelog | url-status = dead | archiveurl = https://web.archive.org/web/20100928210932/http://www.virtualbox.org/wiki/Changelog-3.1 | archivedate = 28 September 2010 | df = dmy-all }}</ref> but limited to Unix/Linux operating systems and some versions of Windows (does not work with Windows Vista x64 and Windows 7 x64).<ref>{{citation | url = http://www.virtualbox.org/ticket/7702 | publisher = VirtualBox | title = Ticket 7702}}</ref><ref>{{citation | url = http://forums.virtualbox.org/viewtopic.php?f=1&p=183022#p114765 | publisher = VirtualBox | title = Forum | contribution = Statement by sr. software engineer at Oracle}}</ref>
* [[QEMU]]/[[Kernel-based Virtual Machine|KVM]] can be used with the Open Virtual Machine Firmware (OVMF) provided by [[#Intel EFI|TianoCore]].<ref>{{cite web|url=https://fedoraproject.org/wiki/Testing_secureboot_with_KVM |title=Testing secureboot with KVM |publisher=FedoraProject |date= |accessdate=28 February 2014}}</ref>
* The VMware ESXi version 5 hypervisor, part of [[VMware]] vSphere, supports virtualized UEFI as an alternative to the legacy PC BIOS inside a virtual machine.
* The second generation of the Microsoft [[Hyper-V]] virtual machine supports virtualized UEFI.<ref>{{cite web|url=https://technet.microsoft.com/en-us/library/dn282278.aspx |title=What's New in Hyper-V for Windows Server 2012 R2 |publisher=MicrosoftTechNet |date= |accessdate=24 June 2013}}</ref>
* [[Google Cloud Platform]] Shielded VMs support virtualized UEFI to enable Secure Boot.<ref>{{cite web|url=https://cloud.google.com/shielded-vm?gclid=Cj0KCQiA7aPyBRChARIsAJfWCgLq4tbyWeZHT6RrfMxAP5_X6O52Dq64WfAS_3TupIV3_moxFlReSGUaAqz0EALw_wcB|title=Shielded VMs| date= |accessdate=16 February 2019}}</ref>
== {{Anchor|EADK}}Applications development ==
''EDK2 Application Development Kit'' (EADK) makes it possible to use [[C standard library|standard C library]] functions in UEFI applications. EADK can be freely downloaded from the [[Intel]]'s TianoCore UDK2010 / EDK2 [[SourceForge]] project. As an example, a port of the [[Python (programming language)|Python]] interpreter is made available as a UEFI application by using the EADK.<ref>{{cite web
| url = http://sourceforge.net/apps/mediawiki/tianocore/index.php?title=EDKII_EADK
| title = TianoCore on SourceForge: EDK2 Application Development Kit (EADK)
| accessdate = 25 September 2013
| publisher = [[Intel]]
}}</ref>
A minimalistic "[[hello, world]]" C program written using EADK looks similar to its [[C (programming language)#HELLOWORLD|usual C counterpart]]:
<source lang="c">
#include <Uefi.h>
#include <Library/UefiLib.h>
#include <Library/ShellCEntryLib.h>
EFI_STATUS EFIAPI ShellAppMain(IN UINTN Argc, IN CHAR16 **Argv)
{
Print(L"hello, world\n");
return EFI_SUCCESS;
}
</source>
== Criticism ==
Numerous digital rights activists have protested against UEFI.
[[Ronald G. Minnich]], a co-author of [[coreboot]], and [[Cory Doctorow]], a digital rights activist, have criticized EFI as an attempt to remove the ability of the user to truly control the computer.<ref name="FosdemInterviewRonaldGMinnich">{{cite web | url = https://archive.fosdem.org/2007/interview/ronald%2bg%2bminnich.html |title = Interview: Ronald G Minnich | publisher = Fosdem | date = 6 February 2007 | accessdate =14 September 2010}}</ref><ref>{{citation | url = http://boingboing.net/2011/12/27/the-coming-war-on-general-purp.html | title = The Coming War on General Purpose Computation | first = Cory | last = Doctorow | date = 27 December 2011 | accessdate = 25 September 2013}}</ref> It does not solve the BIOS's long-standing problems of requiring two different drivers—one for the firmware and one for the operating system—for most hardware.<ref name="YouTubeCorebootFirmware">{{cite web |url = https://www.youtube.com/watch?v=X72LgcMpM9k | title = coreboot (aka LinuxBIOS): The Free/Open-Source x86 Firmware |publisher=YouTube |date=31 October 2008 |accessdate=14 September 2010 }}</ref>
Open-source project TianoCore also provides UEFI interfaces.<ref>{{citation | chapter-url = http://sourceforge.net/apps/mediawiki/tianocore/index.php?title=Welcome | publisher = SourceForge | title = TianoCore | chapter = Welcome | url-status = dead | archiveurl = https://web.archive.org/web/20120423101551/http://sourceforge.net/apps/mediawiki/tianocore/index.php?title=Welcome | archivedate = 23 April 2012 | df = dmy-all }}</ref> TianoCore lacks the specialized drivers that initialize chipset functions, which are instead provided by [[coreboot]], of which TianoCore is one of many payload options. The development of coreboot requires cooperation from chipset manufacturers to provide the specifications needed to develop initialization drivers.
=== {{Anchor|Secure boot criticism}}Secure boot ===
{{See also|Windows 8#Reception}}
In 2011, Microsoft announced that computers certified to run its [[Windows 8]] operating system had to ship with Microsoft's public key enrolled and secure boot enabled. Following the announcement, the company was accused by critics and free software/open source advocates (including the [[Free Software Foundation]]) of trying to use the secure boot functionality of UEFI to [[Vendor lock-in|hinder or outright prevent]] the installation of alternative operating systems such as [[Linux]]. Microsoft denied that the secure boot requirement was intended to serve as a form of [[Vendor lock-in|lock-in]], and clarified its requirements by stating that x86-based systems certified for Windows 8 must allow secure boot to enter custom mode or be disabled, but not on systems using the [[ARM architecture]].<ref name=pcw-ueficontroversy/><ref name="cwuk-arm">{{cite web|url=http://www.computerworlduk.com/blogs/open-enterprise/is-microsoft-blocking-linux-booting-on-arm-hardware-3569162/ |title=Is Microsoft Blocking Linux Booting on ARM Hardware? |publisher=Computerworld UK |date= |accessdate=6 March 2012}}</ref> [[Windows 10]] allows [[original equipment manufacturer|OEM]]s to decide whether or not secure boot can be managed by users of their x86 systems.<ref name=arstechnica-securebootw10>{{cite web|title=Windows 10 to make the Secure Boot alt-OS lock out a reality|url=https://arstechnica.com/information-technology/2015/03/windows-10-to-make-the-secure-boot-alt-os-lock-out-a-reality/|website=Ars Technica|accessdate=21 March 2015}}</ref>
Other developers raised concerns about the legal and practical issues of implementing support for secure boot on Linux systems in general. Former [[Red Hat]] developer [[Matthew Garrett]] noted that conditions in the [[GNU General Public License#Version 3|GNU General Public License version 3]] may prevent the use of the [[GNU GRUB|GNU Grand Unified Bootloader]] without a distribution's developer disclosing the private key (however, the [[Free Software Foundation]] has since clarified its position, assuring that the responsibility to make keys available was held by the hardware manufacturer),<ref name=h-ubuntusecureboot/> and that it would also be difficult for advanced users to build custom [[Linux kernel|kernel]]s that could function with secure boot enabled without self-signing them.<ref name="cwuk-arm"/> Other developers suggested that signed builds of Linux with another key could be provided, but noted that it would be difficult to persuade OEMs to ship their computers with the required key alongside the Microsoft key.<ref name="ElReg1">{{cite news|url=https://www.theregister.co.uk/2011/09/23/ms_denies_uefi_lock_in/|title=MS denies secure boot will exclude Linux|publisher=The Register|date=23 September 2011|accessdate=24 September 2011}}</ref>
Several major Linux distributions have developed different implementations for secure boot. Garrett himself developed a minimal bootloader known as a shim, which is a precompiled, signed bootloader that allows the user to individually trust keys provided by distributors.<ref>{{cite web|title=Shimming your way to Linux on Windows 8 PCs|url=http://www.zdnet.com/shimming-your-way-to-linux-on-windows-8-pcs-7000008246/|publisher=ZDNet|accessdate=26 February 2013}}</ref> [[Ubuntu (operating system)|Ubuntu 12.10]] uses an older version of shim{{Which|date=October 2017}} pre-configured for use with [[Canonical Ltd.|Canonical]]'s own key that verifies only the bootloader and allows unsigned kernels to be loaded; developers believed that the practice of signing only the bootloader is more feasible, since a trusted kernel is effective at securing only the [[user space]], and not the pre-boot state for which secure boot is designed to add protection. That also allows users to build their own kernels and use custom [[kernel module]]s as well, without the need to reconfigure the system.<ref name=h-ubuntusecureboot/><ref name=lwn-efilinux/><ref name=h-mscert>{{cite web|title=No Microsoft certificate support in Linux kernel says Torvalds|url=http://www.h-online.com/open/news/item/No-Microsoft-certificate-support-in-Linux-kernel-says-Torvalds-1811883.html|publisher=The H|accessdate=26 February 2013}}</ref> Canonical also maintains its own private key to sign installations of Ubuntu pre-loaded on certified OEM computers that run the operating system, and also plans to enforce a secure boot requirement as well{{emdash}}requiring both a Canonical key and a Microsoft key (for compatibility reasons) to be included in their firmware. [[Fedora (operating system)|Fedora]] also uses shim,{{Which|date=October 2017}} but requires that both the kernel and its modules be signed as well.<ref name=lwn-efilinux>{{cite web|title=Ubuntu details its UEFI secure boot plans|url=https://lwn.net/Articles/503803/|publisher=Linux Weekly News|accessdate=11 September 2012}}</ref>
It has been disputed whether the kernel and its modules must be signed as well; while the UEFI specifications do not require it, Microsoft has asserted that their contractual requirements do, and that it reserves the right to revoke any certificates used to sign code that can be used to compromise the security of the system.<ref name=h-mscert/> In February 2013, another Red Hat developer attempted to submit a patch to the Linux kernel that would allow it to parse Microsoft's authenticode signing using a master [[X.509]] key embedded in [[Portable Executable|PE]] files signed by Microsoft. However, the proposal was criticized by Linux creator [[Linus Torvalds]], who attacked Red Hat for supporting Microsoft's control over the secure boot infrastructure.<ref name=ars-linus>{{cite web|title=Linus Torvalds: I will not change Linux to "deep-throat Microsoft"|url=https://arstechnica.com/information-technology/2013/02/linus-torvalds-i-will-not-change-linux-to-deep-throat-microsoft/|publisher=Ars Technica|accessdate=26 February 2013}}</ref>
On 26 March 2013, the [[Spain|Spanish]] free software development group Hispalinux filed a formal complaint with the [[European Commission]], contending that Microsoft's secure boot requirements on OEM systems were "obstructive" and [[anti-competitive practices|anti-competitive]].<ref name=reuters-hispalinuxuefi>{{cite news|title=Exclusive: Open software group files complaint against Microsoft to EU|url=https://www.reuters.com/article/2013/03/26/us-microsoft-eu-idUSBRE92P0E120130326|publisher=Reuters|accessdate=26 March 2013|date=26 March 2013}}</ref>
At the [[Black Hat Briefings|Black Hat conference]] in August 2013, a group of security researchers presented a series of exploits in specific vendor implementations of UEFI that could be used to exploit secure boot.<ref name=itworld-securebootexploit>{{cite web|title=Researchers demo exploits that bypass Windows 8 Secure Boot|url=http://www.itworld.com/endpoint-security/367583/researchers-demo-exploits-bypass-windows-8-secure-boot|work=IT World|accessdate=5 August 2013}}</ref>
In August 2016 it was reported that two security researchers had found the "golden key" security key Microsoft uses in signing operating systems.<ref>{{cite news|last1=MENDELSOHN|first1=Tom|title=Secure Boot snafu: Microsoft leaks backdoor key, firmware flung wide open [Updated]|url=http://arstechnica.co.uk/security/2016/08/microsoft-secure-boot-firmware-snafu-leaks-golden-key/|accessdate=12 August 2016|publisher=Ars Technica|date=12 August 2016}}</ref> Technically, no key was exposed, however, an exploitable binary signed by the key was. This allows any software to run as though it was genuinely signed by Microsoft and exposes the possibility of [[rootkit]] and [[bootkit]] attacks. This also makes patching the fault impossible, since any patch can be replaced (downgraded) by the (signed) exploitable binary. Microsoft responded in a statement that the vulnerability only exists in [[ARM architecture]] and [[Windows RT]] devices, and has released two patches; however, the patches do not (and cannot) remove the vulnerability, which would require key replacements in end user firmware to fix.{{citation needed|date=October 2017}}
=== Firmware problems ===
The increased prominence of UEFI firmware in devices has also led to a number of technical problems blamed on their respective implementations.<ref name=zdnet-linux8>{{cite web|title=Linux on Windows 8 PCs: Some progress, but still a nuisance|url=http://www.zdnet.com/linux-on-windows-8-pcs-some-progress-but-still-a-nuisance-7000010697/|publisher=ZDNet|accessdate=26 February 2013}}</ref>
Following the release of Windows 8 in late 2012, it was discovered that certain [[Lenovo]] computer models with secure boot had firmware that was hardcoded to allow only executables named "[[Windows Boot Manager]]" or "[[Red Hat Enterprise Linux]]" to load, regardless of any other setting.<ref name=p-lenovo>{{cite web|title=Lenovo UEFI Only Wants To Boot Windows, RHEL|url=https://www.phoronix.com/scan.php?page=news_item&px=MTIyOTg|publisher=Phoronix|accessdate=26 February 2013}}</ref> Other problems were encountered by several [[Toshiba]] laptop models with secure boot that were missing certain certificates required for its proper operation.<ref name=zdnet-linux8/>
In January 2013, a bug surrounding the UEFI implementation on some [[Samsung]] laptops was publicized, which caused them to be [[Brick (electronics)|bricked]] after installing a Linux distribution in UEFI mode. While potential conflicts with a kernel module designed to access system features on Samsung laptops were initially blamed (also prompting kernel maintainers to disable the module on UEFI systems as a safety measure), Matthew Garrett discovered that the bug was actually triggered by storing too many UEFI variables to memory, and that the bug could also be triggered under Windows under certain conditions. In conclusion, he determined that the offending kernel module had caused kernel message dumps to be written to the firmware, thus triggering the bug.<ref name=theh-brickwindows>{{cite web|title=Samsung UEFI bug: Notebook bricked from Windows|url=http://www.h-online.com/open/news/item/Samsung-UEFI-bug-Notebook-bricked-from-Windows-1801439.html|publisher=The H|accessdate=27 February 2013}}</ref><ref name=bittech-uefideath>{{cite web|title=Linux acquitted in Samsung laptop UEFI deaths|url=http://www.bit-tech.net/news/bits/2013/02/11/linux-samsung-deaths-2/1|publisher=Bit-tech|accessdate=26 February 2013}}</ref><ref name=theh-samsungbrick>{{cite web|title=Booting Linux using UEFI can brick Samsung laptops|url=http://www.h-online.com/open/news/item/Booting-Linux-using-UEFI-can-brick-Samsung-laptops-1793958.html|publisher=The H|accessdate=26 February 2013}}</ref>
== See also ==
* [[OpenBIOS]]
* [[UEFI Platform Initialization]] (UEFI PI)
* [[System Management BIOS]] (SMBIOS)
* [[Trusted Platform Module]] (TPM)
== Notes ==
{{Notelist}}
== References ==
{{reflist|30em}}
== Further reading ==
*{{cite web |last1=Zimmer |first1=Vincent |first2=Michael |last2=Rothman |first3=Robert |last3=Hale |title=EFI Architecture |url=http://www.drdobbs.com/embedded-systems/efi-architecture/199500688 |work=[[Dr. Dobb's Journal]] |publisher=[[UBM plc|UBM]] |accessdate=12 October 2012 |date=10 May 2007}}
*{{cite web |first=Jonathan |last=de Boyne Pollard |url=http://jdebp.eu./FGA/efi-boot-process.html |title=The EFI boot process |work=Frequently Given Answers |date=11 July 2011 |accessdate=12 October 2012}}
*{{cite web |first=Jonathan |last=de Boyne Pollard |url=http://jdebp.eu./FGA/windows-nt-6-boot-process.html |title=The Windows NT 6 boot process |work=Frequently Given Answers |date=8 December 2011 |accessdate=12 October 2012}}
*{{cite web |first=Roderick W. |last=Smith |url=http://rodsbooks.com/bios2uefi/ |title=A BIOS to UEFI Transformation |work=Roderick W. Smith's Web Page |year=2011 |accessdate=12 October 2012}}
*{{cite web |first=Rajiv |last=Kothari |url=http://www.hardwaresecrets.com/article/UEFI-Just-How-Important-It-Really-Is/1385 |title=UEFI – Just How Important It Really Is |work=Hardware Secrets |date=21 September 2011 |accessdate=12 October 2012 |url-status=dead |archiveurl=https://web.archive.org/web/20121025093125/http://www.hardwaresecrets.com/article/UEFI-Just-How-Important-It-Really-Is/1385 |archivedate=25 October 2012 }}
*{{cite journal |first=Doug |last=Fisher |url=http://noggin.intel.com/technology-journal/2011/151/uefi-today-bootstrapping-continuum |title=UEFI Today: Bootstrapping the Continuum |journal=Intel Technology Journal |publisher=Intel |volume=15 |issue=1 |year=2011 |isbn=9781934053430 |accessdate=24 September 2013}}
== External links ==
{{Commons category|Extensible Firmware Interface}}
* {{Official website|https://uefi.org/}}
*[https://uefi.org/specifications UEFI Specifications]
*[https://www.tianocore.org/ Intel-sponsored open-source EFI Framework initiative].
*[https://www.intel.com/content/www/us/en/architecture-and-technology/unified-extensible-firmware-interface/efi-homepage-general-technology.html Intel EFI/UEFI portal]
*[https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-8.1-and-8/hh824898(v=win.10) Microsoft UEFI Support and Requirements for Windows Operating Systems]
*[https://www.techrepublic.com/blog/windows-and-office/how-windows-8-hybrid-shutdown-fast-boot-feature-works/ How Windows 8 Hybrid Shutdown / Fast Boot feature works]
* [https://technet.microsoft.com/en-us/windows/dn168167.aspx Securing the Windows 8 Boot Process]
* [http://www.uefi.tech UEFI Development Community]
* [https://www.welivesecurity.com/2018/09/27/lojax-first-uefi-rootkit-found-wild-courtesy-sednit-group/ LoJax: First UEFI rootkit found in the wild, courtesy of the Sednit group]
[[Category:Unified Extensible Firmware Interface| ]]' |
Unified diff of changes made by edit ($1) (edit_diff) | '@@ -135,4 +135,5 @@
=== {{Anchor|GOP|VARIABLE}}Services ===
EFI defines two types of services: ''boot services'' and ''runtime services''. Boot services are available only while the firmware owns the platform (i.e., before the <code>ExitBootServices</code> call), and they include text and graphical consoles on various devices, and bus, block and file services. Runtime services are still accessible while the operating system is running; they include services such as date, time and [[Non-volatile random-access memory|NVRAM]] access.
+<code>ExitBootServices</code> is used by the [[CIA]] as a hook to inject their trojan code even before the Operating System is loaded.<ref name="Vault7">{{cite web|url=https://wikileaks.org/ciav7p1/cms/page_36896783.html | title=ExitBootServices Hooking |website=wikileaks.org |date= |accessdate=2017-03-20}}</ref>
In addition, the ''Graphics Output Protocol'' (GOP) provides limited runtime services support; see also [[#Graphics features|Graphics features]] section below. The operating system is permitted to directly write to the framebuffer provided by GOP during runtime mode. However, the ability to change video modes is lost after transitioning to runtime services mode until the OS graphics driver is loaded.
' |
New page size ($1) (new_size) | 80339 |
Old page size ($1) (old_size) | 80024 |
Size change in edit ($1) (edit_delta) | 315 |
Lines added in edit ($1) (added_lines) | [
0 => '<code>ExitBootServices</code> is used by the [[CIA]] as a hook to inject their trojan code even before the Operating System is loaded.<ref name="Vault7">{{cite web|url=https://wikileaks.org/ciav7p1/cms/page_36896783.html | title=ExitBootServices Hooking |website=wikileaks.org |date= |accessdate=2017-03-20}}</ref>'
] |
Lines removed in edit ($1) (removed_lines) | [] |
All external links added in the edit ($1) (added_links) | [
0 => 'https://wikileaks.org/ciav7p1/cms/page_36896783.html'
] |
All external links in the new text ($1) (all_links) | [
0 => 'http://systems.cs.colorado.edu/Documentation/IntelDataSheets/xscalemagazine.pdf',
1 => 'https://www.theregister.co.uk/2011/09/23/ms_denies_uefi_lock_in/',
2 => 'https://web.archive.org/web/20130626000135/http://h30565.www3.hp.com/t5/Feature-Articles/The-30-year-long-Reign-of-BIOS-is-Over-Why-UEFI-Will-Rock-Your/ba-p/198',
3 => 'http://h30565.www3.hp.com/t5/Feature-Articles/The-30-year-long-Reign-of-BIOS-is-Over-Why-UEFI-Will-Rock-Your/ba-p/198',
4 => 'https://www.cl.cam.ac.uk/~mgk25/mswish/ut-rtc.html',
5 => 'https://www.youtube.com/watch?v=V2aq5M3Q76U#t=14m45s',
6 => 'http://www.emulex.com/artifacts/757d23e7-8acb-41a7-872a-afb733ab0688/elx_tb_all_uefi_ibm.pdf',
7 => 'https://web.archive.org/web/20100105051711/http://www.intel.com/technology/efi/',
8 => 'http://www.intel.com/technology/efi/',
9 => 'http://www.intel.com/technology/efi/main_specification.htm',
10 => 'http://www.uefi.org/about/',
11 => 'http://www.uefi.org/specifications',
12 => 'https://github.com/tianocore/edk',
13 => 'https://github.com/tianocore/tianocore.github.io/wiki/EDK-II',
14 => 'https://www.tianocore.org/',
15 => 'https://betanews.com/2018/12/20/microsoft-project-mu/',
16 => 'http://www.microsoft.com/whdc/system/platform/firmware/UEFI_Windows.mspx',
17 => 'https://www.gnu.org/software/grub/manual/html_node/BIOS-installation.html',
18 => 'https://github.com/andreiw/ppc64le-yedk2',
19 => 'http://firmwaresecurity.com/2015/10/12/tianocore-for-openpower/comment-page-1/',
20 => 'http://sourceforge.net/projects/efi-mips/',
21 => 'http://www.lowrisc.org/',
22 => 'http://www.bit-tech.net/hardware/storage/2010/06/01/are-we-ready-for-3tb-hard-disks/2',
23 => 'https://web.archive.org/web/20101009214219/http://community.edc.intel.com/t5/New-to-Intel-Architecture-Blog/Ask-a-BIOS-Guy-quot-Why-UEFI-quot/ba-p/2781',
24 => 'http://community.edc.intel.com/t5/New-to-Intel-Architecture-Blog/Ask-a-BIOS-Guy-quot-Why-UEFI-quot/ba-p/2781',
25 => 'https://web.archive.org/web/20140104004546/http://download.microsoft.com/download/5/e/6/5e66b27b-988b-4f50-af3a-c2ff1e62180f/cor-t605_wh08.pptx',
26 => 'http://download.microsoft.com/download/5/e/6/5e66b27b-988b-4f50-af3a-c2ff1e62180f/cor-t605_wh08.pptx',
27 => 'http://kernelnewbies.org/Linux_3.15#head-e6cf8178e4d5eafc23b0abda81974d2b71ffecf4',
28 => 'https://lwn.net/Articles/507827/',
29 => 'https://www.kernel.org/doc/Documentation/efi-stub.txt',
30 => 'http://www.uefi.org/sites/default/files/resources/UEFI_Drive_Partition_Limits_Fact_Sheet.pdf',
31 => 'http://www.uefi.org/learning_center/UEFI_MBR_Limits_v2.pdf',
32 => 'http://www.ibm.com/developerworks/library/l-gpt/index.html',
33 => 'https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/tree/block/partitions/Kconfig?id=refs/tags/v3.11.1#n247',
34 => 'https://wiki.archlinux.org/index.php/GRUB#BIOS_systems',
35 => 'https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Installation_Guide/s2-grub-whatis-booting-uefi.html',
36 => 'http://blog.fpmurphy.com/2010/09/uefi-booting-64-bit-redhat-enterprise-linux-6.html',
37 => 'https://wiki.archlinux.org/index.php/UEFI_Bootloaders',
38 => 'https://wiki.archlinux.org/index.php/Unified_Extensible_Firmware_Interface#EFI_System_Partition',
39 => 'https://bbs.archlinux.org/viewtopic.php?id=142637',
40 => 'https://wikileaks.org/ciav7p1/cms/page_36896783.html',
41 => 'http://www.h-online.com/open/news/item/Samsung-UEFI-bug-Notebook-bricked-from-Windows-1801439.html',
42 => 'http://www.intel.com/content/www/us/en/intelligent-systems/intel-embedded-graphics-drivers/faq-bios-firmware.html',
43 => 'http://www.uefi.org/sites/default/files/resources/UEFI%202_5.pdf#page=536',
44 => 'https://developer.apple.com/library/mac/technotes/tn2166/_index.html#//apple_ref/doc/uid/DTS10003927-CH1-SUBSECTION6',
45 => 'http://www.intel.com/content/dam/doc/reference-guide/efi-compatibility-support-module-specification-v097.pdf',
46 => 'https://arstechnica.com/gadgets/2017/11/intel-to-kill-off-the-last-vestiges-of-the-ancient-pc-bios-by-2020/',
47 => 'https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Installation_Guide/s1-netboot-pxe-config-efi.html',
48 => 'http://www.uefi.org/sites/default/files/resources/UEFI_Summit_July_2013_UEFI2.4_Networking.pdf',
49 => 'http://www.redbooks.ibm.com/redbooks/pdfs/sg247986.pdf',
50 => 'http://firmwaresecurity.com/2015/05/09/new-uefi-http-boot-support-in-uefi-2-5/',
51 => 'https://technet.microsoft.com/en-us/library/hh824987.aspx',
52 => 'https://lwn.net/Articles/447381/',
53 => 'https://www.pcworld.com/article/248342/windows_8_secure_boot_the_controversy_continues.html',
54 => 'https://blogs.vmware.com/vsphere/2017/05/secure-boot-esxi-6-5-hypervisor-assurance.html',
55 => 'https://wiki.centos.org/HowTos/UEFI',
56 => 'https://www.phoronix.com/scan.php?page=news_item&px=Debian-UEFI-SecureBoot-2018',
57 => 'http://mjg59.dreamwidth.org/20522.html',
58 => 'https://wiki.freebsd.org/SecureBoot',
59 => 'https://wiki.archlinux.org/index.php/Unified_Extensible_Firmware_Interface#UEFI_Shell',
60 => 'http://software.intel.com/en-us/articles/efi-shells-and-scripting/',
61 => 'https://web.archive.org/web/20131003090136/http://sourceforge.net/apps/mediawiki/tianocore/index.php?title=Welcome_to_TianoCore',
62 => 'http://sourceforge.net/apps/mediawiki/tianocore/index.php?title=Welcome_to_TianoCore',
63 => 'http://sourceforge.net/mailarchive/message.php?msg_id=28690732',
64 => 'http://sourceforge.net/apps/mediawiki/tianocore/index.php?title=Shell_FAQ',
65 => 'https://wiki.archlinux.org/index.php/Unified_Extensible_Firmware_Interface#Launching_UEFI_Shell',
66 => 'http://download.intel.com/support/motherboards/server/sb/efi_whitepaper.pdf',
67 => 'https://wiki.archlinux.org/index.php/Unified_Extensible_Firmware_Interface#bcfg',
68 => 'https://wiki.archlinux.org/index.php/GRUB_EFI_Examples#Asus',
69 => 'http://www.coreboot.org/TianoCore',
70 => 'https://web.archive.org/web/20100906050148/http://www.phoenix.com/pages/phoenix-securecore-tiano-tm',
71 => 'http://www.phoenix.com/pages/phoenix-securecore-tiano-tm',
72 => 'https://ami.com/ami_downloads/Aptio_4_Data_Sheet.pdf',
73 => 'https://www.insyde.com/company/who-we-are/why-us',
74 => 'https://www.phoronix.com/scan.php?page=news_item&px=Microsoft-Project-Mu-UEFI',
75 => 'http://events17.linuxfoundation.org/sites/events/files/slides/Marrying%20U-Boot,%20UEFI%20and%20grub.pdf',
76 => 'https://www.suse.com/media/article/UEFI_on_Top_of_U-Boot.pdf',
77 => 'https://bijanebrahimi.github.io/blog/installing-openbsd-63-on-raspberry-pi-3.html',
78 => 'http://git.denx.de/?p=u-boot.git;a=blob;f=doc/README.iscsi;h=faee63626424e8842822f3dd6b1e2f23e0129ae9;hb=HEAD',
79 => 'https://developer.apple.com/documentation/MacOSX/Conceptual/universal_binary/universal_binary_diffs/chapter_3_section_10.html',
80 => 'https://web.archive.org/web/20080724213607/http://developer.apple.com/documentation/MacOSX/Conceptual/universal_binary/universal_binary_diffs/chapter_3_section_10.html',
81 => 'http://www.mactech.com/articles/mactech/Vol.23/23.05/OpenFirmwareToEFI/index.html',
82 => 'http://www.intel.com/technology/framework/overview1.htm',
83 => 'https://web.archive.org/web/20120322062159/http://www.uefi.org/news/uefi_industry/UEFIEvaluationPlatforms_2011_05.pdf',
84 => 'http://www.uefi.org/news/uefi_industry/UEFIEvaluationPlatforms_2011_05.pdf',
85 => 'http://www.bit-tech.net/hardware/motherboards/2010/11/16/asus-lga1155-motherboard-preview/1',
86 => 'http://msdn.microsoft.com/en-us/library/windows/hardware/jj128256.aspx',
87 => 'https://www.pcmag.com/article2/0,2817,2400059,00.asp',
88 => 'http://www.uefi.org/sites/default/files/resources/Brian_Richardson_Intel_Final.pdf',
89 => 'http://sourceforge.net/mailarchive/ [email protected]&forum_name=elilo-announce',
90 => 'http://packages.debian.org/sid/grub-efi',
91 => 'http://www.h-online.com/open/news/item/Ubuntu-will-use-GRUB-2-for-its-Secure-Boot-implementation-1714232.html',
92 => 'https://web.archive.org/web/20090105052030/http://h71000.www7.hp.com/openvms/os/openvms-release-history.html',
93 => 'http://h71000.www7.hp.com/openvms/os/openvms-release-history.html',
94 => 'http://refit.sourceforge.net/info/vista.html',
95 => 'https://web.archive.org/web/20060830101936/http://technet2.microsoft.com/WindowsServer/en/library/6b03fad7-665e-49f3-8e7d-e1a6a5be9cf01033.mspx',
96 => 'http://technet2.microsoft.com/WindowsServer/en/Library/6b03fad7-665e-49f3-8e7d-e1a6a5be9cf01033.mspx',
97 => 'http://support.microsoft.com/kb/930061',
98 => 'http://www.winsupersite.com/blog/supersite-blog-39/windows8/microsoft-touts-incredible-windows-8-boot-times-140515',
99 => 'https://arstechnica.com/business/news/2011/09/windows-8-secure-boot-will-complicate-linux-installs.ars',
100 => 'http://www.h-online.com/open/news/item/FreeBSD-to-get-UEFI-support-1816670.html',
101 => 'https://wiki.freebsd.org/UEFI',
102 => 'http://www.oracle.com/technetwork/server-storage/solaris11/documentation/solaris11-1-whatsnew-1732377.pdf',
103 => 'http://www.openbsd.org/59.html',
104 => 'http://www.openbsd.org/60.html',
105 => 'https://web.archive.org/web/20111006173225/http://sourceforge.net/apps/mediawiki/tianocore/index.php?title=OVMF',
106 => 'http://sourceforge.net/apps/mediawiki/tianocore/index.php?title=OVMF',
107 => 'https://communities.vmware.com/thread/420405',
108 => 'https://communities.vmware.com/docs/DOC-28494',
109 => 'https://blogs.vmware.com/workstation/2017/08/announcing-vmware-workstation-14.html',
110 => 'https://www.vmware.com/support/vsphere5/doc/vsphere-esx-vcenter-server-50-new-features.html',
111 => 'https://pubs.vmware.com/Release_Notes/en/vsphere/65/vsphere-esxi-vcenter-server-65-release-notes.html',
112 => 'https://web.archive.org/web/20100928210932/http://www.virtualbox.org/wiki/Changelog-3.1',
113 => 'http://www.virtualbox.org/wiki/Changelog-3.1',
114 => 'http://www.virtualbox.org/ticket/7702',
115 => 'http://forums.virtualbox.org/viewtopic.php?f=1&p=183022#p114765',
116 => 'https://fedoraproject.org/wiki/Testing_secureboot_with_KVM',
117 => 'https://technet.microsoft.com/en-us/library/dn282278.aspx',
118 => 'https://cloud.google.com/shielded-vm?gclid=Cj0KCQiA7aPyBRChARIsAJfWCgLq4tbyWeZHT6RrfMxAP5_X6O52Dq64WfAS_3TupIV3_moxFlReSGUaAqz0EALw_wcB',
119 => 'http://sourceforge.net/apps/mediawiki/tianocore/index.php?title=EDKII_EADK',
120 => 'https://archive.fosdem.org/2007/interview/ronald+g+minnich.html',
121 => 'http://boingboing.net/2011/12/27/the-coming-war-on-general-purp.html',
122 => 'https://www.youtube.com/watch?v=X72LgcMpM9k',
123 => 'https://web.archive.org/web/20120423101551/http://sourceforge.net/apps/mediawiki/tianocore/index.php?title=Welcome',
124 => 'http://sourceforge.net/apps/mediawiki/tianocore/index.php?title=Welcome',
125 => 'http://www.computerworlduk.com/blogs/open-enterprise/is-microsoft-blocking-linux-booting-on-arm-hardware-3569162/',
126 => 'https://arstechnica.com/information-technology/2015/03/windows-10-to-make-the-secure-boot-alt-os-lock-out-a-reality/',
127 => 'http://www.zdnet.com/shimming-your-way-to-linux-on-windows-8-pcs-7000008246/',
128 => 'https://lwn.net/Articles/503803/',
129 => 'http://www.h-online.com/open/news/item/No-Microsoft-certificate-support-in-Linux-kernel-says-Torvalds-1811883.html',
130 => 'https://arstechnica.com/information-technology/2013/02/linus-torvalds-i-will-not-change-linux-to-deep-throat-microsoft/',
131 => 'https://www.reuters.com/article/2013/03/26/us-microsoft-eu-idUSBRE92P0E120130326',
132 => 'http://www.itworld.com/endpoint-security/367583/researchers-demo-exploits-bypass-windows-8-secure-boot',
133 => 'http://arstechnica.co.uk/security/2016/08/microsoft-secure-boot-firmware-snafu-leaks-golden-key/',
134 => 'http://www.zdnet.com/linux-on-windows-8-pcs-some-progress-but-still-a-nuisance-7000010697/',
135 => 'https://www.phoronix.com/scan.php?page=news_item&px=MTIyOTg',
136 => 'http://www.bit-tech.net/news/bits/2013/02/11/linux-samsung-deaths-2/1',
137 => 'http://www.h-online.com/open/news/item/Booting-Linux-using-UEFI-can-brick-Samsung-laptops-1793958.html',
138 => 'http://www.uefi.org/sites/default/files/resources/UEFI_Spec_2_7.pdf',
139 => 'http://www.drdobbs.com/embedded-systems/efi-architecture/199500688',
140 => 'http://jdebp.eu./FGA/efi-boot-process.html',
141 => 'http://jdebp.eu./FGA/windows-nt-6-boot-process.html',
142 => 'http://rodsbooks.com/bios2uefi/',
143 => 'https://web.archive.org/web/20121025093125/http://www.hardwaresecrets.com/article/UEFI-Just-How-Important-It-Really-Is/1385',
144 => 'http://www.hardwaresecrets.com/article/UEFI-Just-How-Important-It-Really-Is/1385',
145 => 'http://noggin.intel.com/technology-journal/2011/151/uefi-today-bootstrapping-continuum',
146 => 'https://uefi.org/',
147 => 'https://uefi.org/specifications',
148 => 'https://www.intel.com/content/www/us/en/architecture-and-technology/unified-extensible-firmware-interface/efi-homepage-general-technology.html',
149 => 'https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-8.1-and-8/hh824898(v=win.10)',
150 => 'https://www.techrepublic.com/blog/windows-and-office/how-windows-8-hybrid-shutdown-fast-boot-feature-works/',
151 => 'https://technet.microsoft.com/en-us/windows/dn168167.aspx',
152 => 'http://www.uefi.tech',
153 => 'https://www.welivesecurity.com/2018/09/27/lojax-first-uefi-rootkit-found-wild-courtesy-sednit-group/'
] |
Links in the page, before the edit ($1) (old_links) | [
0 => 'http://arstechnica.co.uk/security/2016/08/microsoft-secure-boot-firmware-snafu-leaks-golden-key/',
1 => 'http://blog.fpmurphy.com/2010/09/uefi-booting-64-bit-redhat-enterprise-linux-6.html',
2 => 'http://boingboing.net/2011/12/27/the-coming-war-on-general-purp.html',
3 => 'http://community.edc.intel.com/t5/New-to-Intel-Architecture-Blog/Ask-a-BIOS-Guy-quot-Why-UEFI-quot/ba-p/2781',
4 => 'http://download.intel.com/support/motherboards/server/sb/efi_whitepaper.pdf',
5 => 'http://download.microsoft.com/download/5/e/6/5e66b27b-988b-4f50-af3a-c2ff1e62180f/cor-t605_wh08.pptx',
6 => 'http://events17.linuxfoundation.org/sites/events/files/slides/Marrying%20U-Boot,%20UEFI%20and%20grub.pdf',
7 => 'http://firmwaresecurity.com/2015/05/09/new-uefi-http-boot-support-in-uefi-2-5/',
8 => 'http://firmwaresecurity.com/2015/10/12/tianocore-for-openpower/comment-page-1/',
9 => 'http://forums.virtualbox.org/viewtopic.php?f=1&p=183022#p114765',
10 => 'http://git.denx.de/?p=u-boot.git;a=blob;f=doc/README.iscsi;h=faee63626424e8842822f3dd6b1e2f23e0129ae9;hb=HEAD',
11 => 'http://h30565.www3.hp.com/t5/Feature-Articles/The-30-year-long-Reign-of-BIOS-is-Over-Why-UEFI-Will-Rock-Your/ba-p/198',
12 => 'http://h71000.www7.hp.com/openvms/os/openvms-release-history.html',
13 => 'http://jdebp.eu./FGA/efi-boot-process.html',
14 => 'http://jdebp.eu./FGA/windows-nt-6-boot-process.html',
15 => 'http://kernelnewbies.org/Linux_3.15#head-e6cf8178e4d5eafc23b0abda81974d2b71ffecf4',
16 => 'http://mjg59.dreamwidth.org/20522.html',
17 => 'http://msdn.microsoft.com/en-us/library/windows/hardware/jj128256.aspx',
18 => 'http://noggin.intel.com/technology-journal/2011/151/uefi-today-bootstrapping-continuum',
19 => 'http://packages.debian.org/sid/grub-efi',
20 => 'http://refit.sourceforge.net/info/vista.html',
21 => 'http://rodsbooks.com/bios2uefi/',
22 => 'http://software.intel.com/en-us/articles/efi-shells-and-scripting/',
23 => 'http://sourceforge.net/apps/mediawiki/tianocore/index.php?title=Welcome_to_TianoCore',
24 => 'http://sourceforge.net/apps/mediawiki/tianocore/index.php?title=Shell_FAQ',
25 => 'http://sourceforge.net/apps/mediawiki/tianocore/index.php?title=OVMF',
26 => 'http://sourceforge.net/apps/mediawiki/tianocore/index.php?title=EDKII_EADK',
27 => 'http://sourceforge.net/apps/mediawiki/tianocore/index.php?title=Welcome',
28 => 'http://sourceforge.net/mailarchive/ [email protected]&forum_name=elilo-announce',
29 => 'http://sourceforge.net/mailarchive/message.php?msg_id=28690732',
30 => 'http://sourceforge.net/projects/efi-mips/',
31 => 'http://support.microsoft.com/kb/930061',
32 => 'http://systems.cs.colorado.edu/Documentation/IntelDataSheets/xscalemagazine.pdf',
33 => 'http://technet2.microsoft.com/WindowsServer/en/Library/6b03fad7-665e-49f3-8e7d-e1a6a5be9cf01033.mspx',
34 => 'http://www.bit-tech.net/hardware/motherboards/2010/11/16/asus-lga1155-motherboard-preview/1',
35 => 'http://www.bit-tech.net/hardware/storage/2010/06/01/are-we-ready-for-3tb-hard-disks/2',
36 => 'http://www.bit-tech.net/news/bits/2013/02/11/linux-samsung-deaths-2/1',
37 => 'http://www.computerworlduk.com/blogs/open-enterprise/is-microsoft-blocking-linux-booting-on-arm-hardware-3569162/',
38 => 'http://www.coreboot.org/TianoCore',
39 => 'http://www.drdobbs.com/embedded-systems/efi-architecture/199500688',
40 => 'http://www.emulex.com/artifacts/757d23e7-8acb-41a7-872a-afb733ab0688/elx_tb_all_uefi_ibm.pdf',
41 => 'http://www.h-online.com/open/news/item/Booting-Linux-using-UEFI-can-brick-Samsung-laptops-1793958.html',
42 => 'http://www.h-online.com/open/news/item/FreeBSD-to-get-UEFI-support-1816670.html',
43 => 'http://www.h-online.com/open/news/item/No-Microsoft-certificate-support-in-Linux-kernel-says-Torvalds-1811883.html',
44 => 'http://www.h-online.com/open/news/item/Samsung-UEFI-bug-Notebook-bricked-from-Windows-1801439.html',
45 => 'http://www.h-online.com/open/news/item/Ubuntu-will-use-GRUB-2-for-its-Secure-Boot-implementation-1714232.html',
46 => 'http://www.hardwaresecrets.com/article/UEFI-Just-How-Important-It-Really-Is/1385',
47 => 'http://www.ibm.com/developerworks/library/l-gpt/index.html',
48 => 'http://www.intel.com/content/dam/doc/reference-guide/efi-compatibility-support-module-specification-v097.pdf',
49 => 'http://www.intel.com/content/www/us/en/intelligent-systems/intel-embedded-graphics-drivers/faq-bios-firmware.html',
50 => 'http://www.intel.com/technology/efi/',
51 => 'http://www.intel.com/technology/efi/main_specification.htm',
52 => 'http://www.intel.com/technology/framework/overview1.htm',
53 => 'http://www.itworld.com/endpoint-security/367583/researchers-demo-exploits-bypass-windows-8-secure-boot',
54 => 'http://www.lowrisc.org/',
55 => 'http://www.mactech.com/articles/mactech/Vol.23/23.05/OpenFirmwareToEFI/index.html',
56 => 'http://www.microsoft.com/whdc/system/platform/firmware/UEFI_Windows.mspx',
57 => 'http://www.openbsd.org/59.html',
58 => 'http://www.openbsd.org/60.html',
59 => 'http://www.oracle.com/technetwork/server-storage/solaris11/documentation/solaris11-1-whatsnew-1732377.pdf',
60 => 'http://www.phoenix.com/pages/phoenix-securecore-tiano-tm',
61 => 'http://www.redbooks.ibm.com/redbooks/pdfs/sg247986.pdf',
62 => 'http://www.uefi.org/about/',
63 => 'http://www.uefi.org/learning_center/UEFI_MBR_Limits_v2.pdf',
64 => 'http://www.uefi.org/news/uefi_industry/UEFIEvaluationPlatforms_2011_05.pdf',
65 => 'http://www.uefi.org/sites/default/files/resources/UEFI_Summit_July_2013_UEFI2.4_Networking.pdf',
66 => 'http://www.uefi.org/sites/default/files/resources/UEFI%202_5.pdf#page=536',
67 => 'http://www.uefi.org/sites/default/files/resources/UEFI_Spec_2_7.pdf',
68 => 'http://www.uefi.org/sites/default/files/resources/Brian_Richardson_Intel_Final.pdf',
69 => 'http://www.uefi.org/sites/default/files/resources/UEFI_Drive_Partition_Limits_Fact_Sheet.pdf',
70 => 'http://www.uefi.org/specifications',
71 => 'http://www.uefi.tech',
72 => 'http://www.virtualbox.org/ticket/7702',
73 => 'http://www.virtualbox.org/wiki/Changelog-3.1',
74 => 'http://www.winsupersite.com/blog/supersite-blog-39/windows8/microsoft-touts-incredible-windows-8-boot-times-140515',
75 => 'http://www.zdnet.com/linux-on-windows-8-pcs-some-progress-but-still-a-nuisance-7000010697/',
76 => 'http://www.zdnet.com/shimming-your-way-to-linux-on-windows-8-pcs-7000008246/',
77 => 'https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Installation_Guide/s2-grub-whatis-booting-uefi.html',
78 => 'https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Installation_Guide/s1-netboot-pxe-config-efi.html',
79 => 'https://ami.com/ami_downloads/Aptio_4_Data_Sheet.pdf',
80 => 'https://archive.fosdem.org/2007/interview/ronald+g+minnich.html',
81 => 'https://arstechnica.com/business/news/2011/09/windows-8-secure-boot-will-complicate-linux-installs.ars',
82 => 'https://arstechnica.com/gadgets/2017/11/intel-to-kill-off-the-last-vestiges-of-the-ancient-pc-bios-by-2020/',
83 => 'https://arstechnica.com/information-technology/2013/02/linus-torvalds-i-will-not-change-linux-to-deep-throat-microsoft/',
84 => 'https://arstechnica.com/information-technology/2015/03/windows-10-to-make-the-secure-boot-alt-os-lock-out-a-reality/',
85 => 'https://bbs.archlinux.org/viewtopic.php?id=142637',
86 => 'https://betanews.com/2018/12/20/microsoft-project-mu/',
87 => 'https://bijanebrahimi.github.io/blog/installing-openbsd-63-on-raspberry-pi-3.html',
88 => 'https://blogs.vmware.com/vsphere/2017/05/secure-boot-esxi-6-5-hypervisor-assurance.html',
89 => 'https://blogs.vmware.com/workstation/2017/08/announcing-vmware-workstation-14.html',
90 => 'https://cloud.google.com/shielded-vm?gclid=Cj0KCQiA7aPyBRChARIsAJfWCgLq4tbyWeZHT6RrfMxAP5_X6O52Dq64WfAS_3TupIV3_moxFlReSGUaAqz0EALw_wcB',
91 => 'https://communities.vmware.com/docs/DOC-28494',
92 => 'https://communities.vmware.com/thread/420405',
93 => 'https://developer.apple.com/documentation/MacOSX/Conceptual/universal_binary/universal_binary_diffs/chapter_3_section_10.html',
94 => 'https://developer.apple.com/library/mac/technotes/tn2166/_index.html#//apple_ref/doc/uid/DTS10003927-CH1-SUBSECTION6',
95 => 'https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-8.1-and-8/hh824898(v=win.10)',
96 => 'https://fedoraproject.org/wiki/Testing_secureboot_with_KVM',
97 => 'https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/tree/block/partitions/Kconfig?id=refs/tags/v3.11.1#n247',
98 => 'https://github.com/andreiw/ppc64le-yedk2',
99 => 'https://github.com/tianocore/edk',
100 => 'https://github.com/tianocore/tianocore.github.io/wiki/EDK-II',
101 => 'https://lwn.net/Articles/447381/',
102 => 'https://lwn.net/Articles/503803/',
103 => 'https://lwn.net/Articles/507827/',
104 => 'https://pubs.vmware.com/Release_Notes/en/vsphere/65/vsphere-esxi-vcenter-server-65-release-notes.html',
105 => 'https://technet.microsoft.com/en-us/library/hh824987.aspx',
106 => 'https://technet.microsoft.com/en-us/library/dn282278.aspx',
107 => 'https://technet.microsoft.com/en-us/windows/dn168167.aspx',
108 => 'https://uefi.org/',
109 => 'https://uefi.org/specifications',
110 => 'https://web.archive.org/web/20060830101936/http://technet2.microsoft.com/WindowsServer/en/library/6b03fad7-665e-49f3-8e7d-e1a6a5be9cf01033.mspx',
111 => 'https://web.archive.org/web/20080724213607/http://developer.apple.com/documentation/MacOSX/Conceptual/universal_binary/universal_binary_diffs/chapter_3_section_10.html',
112 => 'https://web.archive.org/web/20090105052030/http://h71000.www7.hp.com/openvms/os/openvms-release-history.html',
113 => 'https://web.archive.org/web/20100105051711/http://www.intel.com/technology/efi/',
114 => 'https://web.archive.org/web/20100906050148/http://www.phoenix.com/pages/phoenix-securecore-tiano-tm',
115 => 'https://web.archive.org/web/20100928210932/http://www.virtualbox.org/wiki/Changelog-3.1',
116 => 'https://web.archive.org/web/20101009214219/http://community.edc.intel.com/t5/New-to-Intel-Architecture-Blog/Ask-a-BIOS-Guy-quot-Why-UEFI-quot/ba-p/2781',
117 => 'https://web.archive.org/web/20111006173225/http://sourceforge.net/apps/mediawiki/tianocore/index.php?title=OVMF',
118 => 'https://web.archive.org/web/20120322062159/http://www.uefi.org/news/uefi_industry/UEFIEvaluationPlatforms_2011_05.pdf',
119 => 'https://web.archive.org/web/20120423101551/http://sourceforge.net/apps/mediawiki/tianocore/index.php?title=Welcome',
120 => 'https://web.archive.org/web/20121025093125/http://www.hardwaresecrets.com/article/UEFI-Just-How-Important-It-Really-Is/1385',
121 => 'https://web.archive.org/web/20130626000135/http://h30565.www3.hp.com/t5/Feature-Articles/The-30-year-long-Reign-of-BIOS-is-Over-Why-UEFI-Will-Rock-Your/ba-p/198',
122 => 'https://web.archive.org/web/20131003090136/http://sourceforge.net/apps/mediawiki/tianocore/index.php?title=Welcome_to_TianoCore',
123 => 'https://web.archive.org/web/20140104004546/http://download.microsoft.com/download/5/e/6/5e66b27b-988b-4f50-af3a-c2ff1e62180f/cor-t605_wh08.pptx',
124 => 'https://wiki.archlinux.org/index.php/GRUB#BIOS_systems',
125 => 'https://wiki.archlinux.org/index.php/GRUB_EFI_Examples#Asus',
126 => 'https://wiki.archlinux.org/index.php/UEFI_Bootloaders',
127 => 'https://wiki.archlinux.org/index.php/Unified_Extensible_Firmware_Interface#EFI_System_Partition',
128 => 'https://wiki.archlinux.org/index.php/Unified_Extensible_Firmware_Interface#UEFI_Shell',
129 => 'https://wiki.archlinux.org/index.php/Unified_Extensible_Firmware_Interface#Launching_UEFI_Shell',
130 => 'https://wiki.archlinux.org/index.php/Unified_Extensible_Firmware_Interface#bcfg',
131 => 'https://wiki.centos.org/HowTos/UEFI',
132 => 'https://wiki.freebsd.org/SecureBoot',
133 => 'https://wiki.freebsd.org/UEFI',
134 => 'https://www.cl.cam.ac.uk/~mgk25/mswish/ut-rtc.html',
135 => 'https://www.gnu.org/software/grub/manual/html_node/BIOS-installation.html',
136 => 'https://www.insyde.com/company/who-we-are/why-us',
137 => 'https://www.intel.com/content/www/us/en/architecture-and-technology/unified-extensible-firmware-interface/efi-homepage-general-technology.html',
138 => 'https://www.kernel.org/doc/Documentation/efi-stub.txt',
139 => 'https://www.pcmag.com/article2/0,2817,2400059,00.asp',
140 => 'https://www.pcworld.com/article/248342/windows_8_secure_boot_the_controversy_continues.html',
141 => 'https://www.phoronix.com/scan.php?page=news_item&px=MTIyOTg',
142 => 'https://www.phoronix.com/scan.php?page=news_item&px=Microsoft-Project-Mu-UEFI',
143 => 'https://www.phoronix.com/scan.php?page=news_item&px=Debian-UEFI-SecureBoot-2018',
144 => 'https://www.reuters.com/article/2013/03/26/us-microsoft-eu-idUSBRE92P0E120130326',
145 => 'https://www.suse.com/media/article/UEFI_on_Top_of_U-Boot.pdf',
146 => 'https://www.techrepublic.com/blog/windows-and-office/how-windows-8-hybrid-shutdown-fast-boot-feature-works/',
147 => 'https://www.theregister.co.uk/2011/09/23/ms_denies_uefi_lock_in/',
148 => 'https://www.tianocore.org/',
149 => 'https://www.vmware.com/support/vsphere5/doc/vsphere-esx-vcenter-server-50-new-features.html',
150 => 'https://www.welivesecurity.com/2018/09/27/lojax-first-uefi-rootkit-found-wild-courtesy-sednit-group/',
151 => 'https://www.youtube.com/watch?v=V2aq5M3Q76U#t=14m45s',
152 => 'https://www.youtube.com/watch?v=X72LgcMpM9k'
] |
Whether or not the change was made through a Tor exit node ($1) (tor_exit_node) | false |
Unix timestamp of change ($1) (timestamp) | 1583605421 |
