What Is UEFI And How Does It Keep You More Secure?

Affiliate Disclosure: By buying the products we recommend, you help keep the lights on at MakeUseOf. Read more.

Advertisement

When you first start up your computer, you’ll see a bunch of text scrolling past on the screen. Most people just ignore this and wait for the Windows login screen to appear. But if you ever need to do troubleshooting or to tweak some settings on your computer, there’s a really useful tool you can access from here called UEFI.

What Is UEFI?

UEFI Security - UEFI

UEFI is a type of firmware that comes with your motherboard. It’s what prepares your system to boot up your operating system, such as Windows. UEFI is a more modern version of an older piece of firmware called BIOS.

To enter UEFI, you hit a designated button on your keyboard while your system is booting up. Which button depends on your hardware, but it’s typically Esc, F2, F10, or Delete. Look in the text that appears on screen when your computer powers on to see which your system requires.

When you hit that button, instead of booting straight into your operating system, your computer will open UEFI. From here, you can make changes to your system such as determining the boot order How to Change the Boot Order on Your PC (So You Can Boot From USB) How to Change the Boot Order on Your PC (So You Can Boot From USB) Learn how to change the boot order of your computer. It's important for troubleshooting issues and tweaking settings, and it's a lot easier than you think. Read More . That means you can select whether you want your computer to boot from a hard drive, an SSD, or an optical drive first.

You can also make other changes like adjusting the speed of your fans or overclocking your processor Overclocking For Gamers: Everything You Need To Know Overclocking For Gamers: Everything You Need To Know Here’s every a gamer needs to know about overclocking – and how to do it. Read More . UEFI is very handy for troubleshooting as you can see what hardware is connected to your system. Even if your operating system is corrupted, you can still use UEFI to access your computer.

What’s the Difference Between UEFI and BIOS?

UEFI Security - BIOS
Image credit: Toniperis/Wikimedia Commons

If you’ve used older computers, you might have seen an earlier firmware than UEFI, called BIOS. Like UEFI, BIOS is software which lives on your motherboard and helps prepare your system to boot up its operating system. Also like UEFI, you can use BIOS to make changes to your computer like tweaking the fan speeds or changing the system time and date.

There are some key differences between the two though. The first difference you’ll notice is visual. BIOS is very visually simple, using only a few colors and no graphics. It also doesn’t support the use of a mouse, so you need to use a keyboard to navigate and make changes. UEFI, on the other hand, is more graphically sophisticated with images and many colors, and can be controlled by both keyboard and mouse.

BIOS is also more basic in its functions than UEFI. In BIOS, you can change essential settings of your system like device boot order. In UEFI, you can do much more. UEFI can support functions like remote diagnostics and calibration of fan curves.

It even supports automatic overclocking wizards where you just add information about your processor, select your cooling components, and it will set an overclock for you.

Overall, UEFI is more user-friendly than BIOS. It also generally boots faster, so you won’t have to wait so long for your PC to be ready to use when you turn it on.

Is UEFI More Secure Than BIOS?

UEFI Security - Secure Boot

That brings us to the big question: Is UEFI more secure than BIOS? In general, the answer is yes, due to a function called Secure Boot.

Secure Boot is a part of UEFI which restricts which type of applications can be used at boot to those which are signed. This is a helpful and generally flexible security measure to stop malicious code being run on your machine.

Basically, it stops the machine from booting up an operating system unless it has a recognized key. A recognized key is one that shows where the operating system has come from and ensures that it’s trusted. This means that Secure Boot stops malware from interfering with your computer’s boot process.

Secure Boot was required to be supported in order for a PC to be certified as Windows 8 compatible. So there was a lot of interest focused on the Secure Boot feature when Windows 8 was released in 2012.

This caused a lot of controversy when it was first announced. People thought that UEFI was Microsoft software (it’s not) and that UEFI would prevent users from loading other operating systems like Linux (it doesn’t).

At first, there were real concerns about how Secure Boot could interfere with the installation of Linux systems. But Linux distributions have found ways to work with Secure Boot, and now Ubuntu, Fedora, Red Hat Enterprise Linux, and openSUSE all support Secure Boot without any problems.

UEFI Does Have Security Risks

UEFI Security - Malware

Unfortunately, no piece of software is free for security threats; the same is true for UEFI. Hackers have targeted UEFI with malware in the past.

One example was detailed in a report by ESET Research in 2018. There is a piece of malware called Sednit, or also known as APT28, Sofacy, Strontium, or Fancy Bear, which has been around since at least 2004. And there’s another trojan built to attack anti-theft software called LoJack, which is called LoJax. When used together, Sednit and LoJax can target UEFI and BIOS. These tools can spy on UEFI firmware and in some cases could even overwrite system memory. That allows hackers to install a malicious version of UEFI so they can access the system and spy on the contents or make changes.

The scary thing about this hack is that it continues to work even if Windows is re-installed. Because it attacks the UEFI instead of the operating system, it can’t be removed by wiping Windows. It can even survive having a system’s hard drive replaced. This is because the malware lives on the motherboard and not on the hard drive.

Malware which targets UEFI is not only hard to remove, it’s also hard to spot. Users may have no idea that their systems have been infected. Although attacks on UEFI are relatively rare, it’s worth being aware that they can happen.

Learn More About UEFI and BIOS

Despite some controversies related to its use in Windows 8, UEFI is a more useful and more secure alternative to BIOS. Through the Secure Boot function you can ensure that only approved operating systems can run on your machine. However, there are some security vulnerabilities which can still affect UEFI.

We’ve only scratched the surface here of all the things that you can do with UEFI and BIOS. To learn more about how to access BIOS and how to use it, see our guide on how to enter the BIOS on Windows 10 How to Enter the BIOS on Windows 10 (And Older Versions) How to Enter the BIOS on Windows 10 (And Older Versions) To get into the BIOS, you usually press a specific key at the right time. Here's how to enter the BIOS on Windows 10. Read More and earlier versions of Windows too.

Explore more about: BIOS, UEFI, Windows Tips.

Whatsapp Pinterest

Enjoyed this article? Stay informed by joining our newsletter!

Enter your Email

Leave a Reply

Your email address will not be published. Required fields are marked *

  1. Ravi
    May 18, 2014 at 4:34 pm

    It's good article, but manufacturers of UEFI should provide all possible options for user customization as per users need. Monopoly leads nowhere.

  2. Some guy
    February 17, 2014 at 6:01 pm

    I'm not a big fan of changing technologies for the purpose of "it's new" For those of us who can do without a pretty interface, and don't have much of a need to access the system remotely without an OS it seems to cause more headaches than anything for anyone looking to dual boot or even reload an OS from scratch.

    We're still using technology from the early 19th century. Why? Because it's still effective! I'm reffering to the pen that has it's own ink resevoir. It sounds like this technology is more for larger corporations, not small companies, end users, or education. The only advantage I can see for them is faster boot times which is a plus in my book.

  3. Oded
    December 15, 2013 at 3:00 pm

    It seems like the bulk of the review is based on the premise that UEFI will allow prettier pre-boot configuration screens with more options - which is patently false: There are many BIOS implementations on the market that support mouse mode as well as nice graphics. Basically any serious PC mobo ships an alternative to the outdated AMI bios for the past 5 years.

    A few other mistakes: GPL is not a guide line - its a set of licensing terms, and you are welcome to ignore them at your own peril (see the Busybox lawsuit for details); Linux-based operating system supporting secure boot do so inspite of the GPL by using a BSD licensed "1st stage" boot loader before the GPL boot loader as GPL forbids preventing users from replacing GPLed software (which secure boot does).

    UEFI will make things better, but by adding actual features such as a pre-boot environment, customizable booting process, support for the higher performance GPT disk format and more. Secure boot is a good feature that have been abused by Microsoft to make Microsoft the gate-keeper for all operating systems (any OS needs Microsoft to sign their boot loaders because Microsoft to get OEMs to only have their keys on the mobos), and should be disabled until an open, international, secure and impartial organization can be set up to manage secure boot keys.

  4. J. Nygren
    December 12, 2013 at 1:03 am

    Ooooh, Pretty colors!

    And providing remote access to my machine, with or without an OS, is more secure ... How?

    • Danny S
      December 31, 2013 at 11:50 pm

      That part doesn't increase security -- it aids manufacturers with support. Supposedly.

  5. J. Nygren
    December 12, 2013 at 12:58 am

    Does UEFI prevent downgrading a system to Windows 7? Are there some operating systems that can not be installed on a UEFI system?

    • Danny S
      December 31, 2013 at 11:49 pm

      Windows 7 is compatible with UEFI. Any operating system should be installable as long as it supports UEFI, or if the motherboard supports BIOS emulation mode.

  6. Zhong J
    December 10, 2013 at 5:43 pm

    Are you guys going to review Moto G that's coming out?