Posted by: Ed Tittel
UEFI offers improved boot security, UEFI PCs and notebooks not widely available until 2012
Microsoft’s UEFI boot sequence diagram from “Building Windows 8″ blog post
The BW8 (Building Windows 8 ) blog struck gold again yesterday (9/22/2011) with a new post entitled “Protecting the pre-OS environment with UEFI,” a discussion of how the Unified Extensible Firmware Interface creates a secure boot environment for PCs modern enough to include this latest-generation collection of “…chipset, hardware, system, firmware, and operating system…” components in their makeup.
I’ve been curious about UEFI for a long time now, having read about it in numerous books, articles, and discussions of PC architecture and BIOS replacement technologies. This blog post goes a long way toward filling in the gaps in my knowledge base, and can probably do the same for you, in explaining what UEFI is, how it works, and how it helps to define a firmware validation process better known as “secure boot.” The big issue is that before the OS loads, older BIOS based systems can be hijacked by malicious boot loader programs that work outside security coverage built into an operating system or antimalware software, simply because this permits malware to take up residence in a system before any of these protective or palliative measures can be brought to bear on the security situation.
The only problem here is that motherboard makers for desktop or notebook PCs have been slow to release UEFI-based systems (MSI demo’ed an X79 motherboard with UEFI at IDF on September 19, 2011; and AMI announced its supportfor the UEFI BIOS at the recent MS BUILD conference on September 15, 2011). I don’t think we’re going to see widespread desktop/notebook support for this technology until 2012, but of course that means Windows 8 will be able to support it–but only on systems new enough to include built-in UEFI. If you ask me this strikes another interesting blow at the notion that “any system that runs Windows 7 can also run Windows 8″ that MS has bruited about from time to time. Given the recent Hyper-V disclosures (which require SLAT support in the processor to run the hypervisor) and now this, it looks like that while older Windows 7 PCs may be able to run Windows 8, they will most assuredly not be able to take advantage of some of its most interesting and advanced features.
To learn more about UEFI, check out the BW8 blog link at the head of this post. You may also want to consult the following resources as well:
“UEFI-Just How Important It Really Is” (Hardwaresecrets.com, 9/21/2011)
“Unified Extensible Firmware Interface” (Wikipedia, references materials dated as recently as 9/20/2011, and includes a great “External Links” section with pointers to other references)