What Is UEFI And How Does It Keep You More Secure?

Computers with Windows 8 preinstalled on them no longer have a BIOS — instead, they use what is called a UEFI, or “Unified Extensible Firmware Interface”. A UEFI is far more capable than an old BIOS, plus it helps keep your computer more secure.

What Does UEFI Do?

A UEFI can perform the same functions as a BIOS, but in a much more modern fashion. Instead of a clunky 16-color interface as found in a BIOS, a UEFI has a more advanced user interface which provides you with more options and displays them in a far more appealing manner. It is based on the EFI implementation developed by Intel and used by Apple for the past several years.

uefi menu   What Is UEFI And How Does It Keep You More Secure?

UEFI systems are capable of plenty of additional features that BIOS systems cannot. For example, while configuring a system using UEFI, you are able to use your mouse instead of just your keyboard. UEFI systems can also support remote diagnostics and repair of computers, even when there isn’t an operating system installed.

You also control the voltages to various systems far more easily (provided the manufacturer offers those settings — they most likely do for high-end motherboards meant for overclocking).

In fact, when choosing a boot order, you can finally see the names of installed operating systems rather than just the names of attached hard drives!

All of these improvements, as well as decreased boot time, are all possible thanks to the advancements to the technical framework of the UEFI system.

Most UEFI systems have a legacy BIOS mode which works with older setups and operating systems. However, to avoid BIOS mode and use UEFI to its full potential, you’ll need to run a 64-bit operating system and have your hard drive partitioned in a GPT style rather than the MS-DOS style. This is really only important if you built your system yourself and will be installing Windows 8 manually.

Why It’s More Secure

   What Is UEFI And How Does It Keep You More Secure?

A primary reason why Windows 8-certified computers come with UEFI is because UEFI offers a feature that Microsoft use heavily — Secure Boot. This feature requires the operating system, its kernel, and the kernel’s modules to be signed with a recognized key so that the system knows that the code it is about to run actually originates from the source it claims to come from. This makes your system more secure because then it won’t be loading questionable code that it doesn’t know if it’s safe or not. And yes, this is important even during boot-up because malicious code can infect the BIOS/UEFI.

Since new computers with Windows 8 installed are more locked down, it may be more difficult to access the UEFI settings.

Despite the requirement for Secure Boot to be enabled on new Windows 8-certified computers, Windows 8 can still be installed on computers that only have a BIOS. If it is installed in BIOS-mode, there is also a way to change it in-place to UEFI-mode.

Criticism

There has been a lot of criticism about the Secure Boot feature, as some manufacturers don’t offer an option in the UEFI to disable the feature. This in turn would possibly prevent users from installing an alternative operating system, such as Linux. Since then, common Linux distributions have included their own implementations that make it possible to be booted on a Secure Boot-enabled system, as well as follow the guidelines set out in the GPL license — the most common license used for open source software.

dual ubuntu efi partitions   What Is UEFI And How Does It Keep You More Secure?
Installing Linux on a Windows 8 system with UEFI has become much easier, and we have a guide that can walk you through the steps.

Conclusion

Ultimately, UEFI provides many benefits that all PC users can make use of. For those who want to install operating systems besides Windows, the Secure Boot complicate things slightly, but ultimately it will provide for a safer, virus-free computing experience. To get UEFI, just buy a Windows 8-certified computer, or if you’re building your system, get a motherboard with UEFI.

Does your computer have UEFI? Do you have any praises or complaints about it? Let us know in the comments!

Image Credit: Extremetech

The comments were closed because the article is more than 180 days old.

If you have any questions related to what's mentioned in the article or need help with any computer issue, ask it on MakeUseOf Answers—We and our community will be more than happy to help.

8 Comments -

0 votes

Zhong J

Are you guys going to review Moto G that’s coming out?

0 votes

J. Nygren

Does UEFI prevent downgrading a system to Windows 7? Are there some operating systems that can not be installed on a UEFI system?

0 votes

Danny S

Windows 7 is compatible with UEFI. Any operating system should be installable as long as it supports UEFI, or if the motherboard supports BIOS emulation mode.

0 votes

J. Nygren

Ooooh, Pretty colors!

And providing remote access to my machine, with or without an OS, is more secure … How?

0 votes

Danny S

That part doesn’t increase security — it aids manufacturers with support. Supposedly.

0 votes

Oded

It seems like the bulk of the review is based on the premise that UEFI will allow prettier pre-boot configuration screens with more options – which is patently false: There are many BIOS implementations on the market that support mouse mode as well as nice graphics. Basically any serious PC mobo ships an alternative to the outdated AMI bios for the past 5 years.

A few other mistakes: GPL is not a guide line – its a set of licensing terms, and you are welcome to ignore them at your own peril (see the Busybox lawsuit for details); Linux-based operating system supporting secure boot do so inspite of the GPL by using a BSD licensed “1st stage” boot loader before the GPL boot loader as GPL forbids preventing users from replacing GPLed software (which secure boot does).

UEFI will make things better, but by adding actual features such as a pre-boot environment, customizable booting process, support for the higher performance GPT disk format and more. Secure boot is a good feature that have been abused by Microsoft to make Microsoft the gate-keeper for all operating systems (any OS needs Microsoft to sign their boot loaders because Microsoft to get OEMs to only have their keys on the mobos), and should be disabled until an open, international, secure and impartial organization can be set up to manage secure boot keys.

0 votes

Some guy

I’m not a big fan of changing technologies for the purpose of “it’s new” For those of us who can do without a pretty interface, and don’t have much of a need to access the system remotely without an OS it seems to cause more headaches than anything for anyone looking to dual boot or even reload an OS from scratch.

We’re still using technology from the early 19th century. Why? Because it’s still effective! I’m reffering to the pen that has it’s own ink resevoir. It sounds like this technology is more for larger corporations, not small companies, end users, or education. The only advantage I can see for them is faster boot times which is a plus in my book.

0 votes

Ravi

It’s good article, but manufacturers of UEFI should provide all possible options for user customization as per users need. Monopoly leads nowhere.