In previous blogs I’ve written about the Unified Extensible Firmware Interface, a 21st century, mostly 64-bit replacement for and upgrade to the 16-bit BIOS (Basic Input-Output System) that goes all the back to the first IBM PC, circa 1981 or thereabouts. Now that Windows 8 is embracing UEFI technology to help secure and manage the boot process, and fend off pre-boot-based malware and attacks, it’s time for lots of people — including me — to get more serious about UEFI and start putting it to work.
I’m learning, slowly but surely, with lots of trial and error, that using UEFI as Windows 8 wants it to be used, isn’t quite as easy as I’d hoped or thought it might be. As I’m learning and figuring things out, here are some interesting realizations I’ve uncovered along the way:
1. If you want to use UEFI with Windows operating systems (including Windows 7 and Windows 8 ) you must perform a UEFI install of the operating system. This requires a completely different install approach and disk layout from taking the BIOS route. So far, I’ve purchased two UEFI-based notebooks (both from Lenovo) and both continue to come with BIOS based Windows installs rather than UEFI install. Switching over to UEFI disk layout essentially blows away the built in recovery layout and capability, and probably voids the warranty, too. When Windows 8 goes commercial, that’s gonna have to change! For a sense of what’s going on, see this TechNet Blog post “Installing Windows 7 on UEFI based computer.”
2. Although the UEFI supports a pre-boot command shell with a rich set of commands and capabilities, getting to that shell is proving a little more difficult than I’d expected it to be. Despite numerous claims about required directory structures and specific files (for example shellx64.efi as the right name for the shell file) I’m still grappling with booting into UEFI and gaining access to the shell. My next move is to buy and read the Intel publication “Harnessing the UEFI Shell” which purports to be both a reference and how-to for all things related to the UEFI shell to figure out exactly what to do and how to do it.
3. Once I master these basics I should then be able to start digging into Windows 8’s UEFI security features, and understand how they are invoked, and how they may best be used. Hopefully, getting past items #1 and #2 won’t take too terribly long, so I can start digging into these meatier topics.
Count on me to keep reporting on this subject as I learn more, along with how-to’s on how to grab and use this stuff for yourself. Nothing irks me more than when seemingly straightforward things turn more tortuous in practice than in theory, so it will be my pleasure to try to make this material more approachable and understandable. Stay tuned!
For the record, here are my previous UEFI blog posts
9/23/2011: Great UEFI Post Appears on “Building Windows 8″ blog
12/2/2011: UEFI Rears Its Lovely Head Once Again for Windows 8