Windows 8: UEFI Support
UEFI Support
My Top-2 UEFI Support
The new UEFI Support in Windows 8 especially the UEFI version 2.3.1 enables a lot of new functionality in terms of security and better hardware support. For instance, on devices running Windows RT the new security features (my Top-3) do protect your device even if it has been stolen. A thief cannot do anything with it! All data is protected by Device Encryption and even the hardware is unusable without your logon. In addition, Windows cannot be installed from any media. So, better the evil guys know about that and don’t try to steal such a device – it would be worthless. J
UEFI Support
While Windows has had support for the Unified Extensible Firmware Interface (UEFI) prior to Windows 8, most consumer computers have continued to boot using BIOS firmware.
This changes with Windows 8, as UEFI firmware mode is now a Windows 8 client logo requirement. UEFI is also required to enable several features and improvements, such as:
· GUID Partition Table (GPT) disk partitioning - GPT partitions enable larger partitions, and are supported by UEFI.
· Boot from large disk drives - GPT and native 4K sector disk support in Windows 8 enables support for >2.2 TB boot drives.
· Secure Boot - Signature checks on early boot components, helping to protect pre-boot manager components from tampering.
· Measured Boot - Works with the TPM to log startup components and activities.
· Early Launch Anti-Malware - Registering and loading an anti-malware driver as a trusted boot-critical driver to help protect the system earlier in the boot process than with previous architectures.
· Trusted Boot - A combination of Secure Boot, Measured Boot and Early Launch Anti-Malware that helps establish that the system is in a trusted state.
· Boot on computer with no VGA Support - UEFI removes the need for VGA support, enabling Windows 8 to be installed on computers that do not use this legacy video technology.
Some of these features are targeted for use in a business setting, so they are not covered here. Instead, we will examine UEFI support in general, and any support considerations for UEFI enabled computers in a consumer setting.
UEFI Overview
Windows support for UEFI was first introduced in 64-bit editions of Microsoft Windows Server® 2008 and Windows Vista® Service Pack 1. Windows 7 and Windows Server 2008 R2 continued to support UEFI. The main reason for early adoption was for GPT and large boot disk support.
Many computers built prior to Windows 8 took advantage of UEFI architecture to reduce costs and standardize firmware stacks, but were still used in BIOS mode to remain compatible with existing factory processes, tools, legacy operating systems, drivers, option ROMs, and some applications. These UEFI computers are called “Class Two” UEFI as defined by Intel. This means that they have the capability to boot into native UEFI mode, but in practice most computers boot into legacy BIOS mode using a Compatibility Support Module (CSM). The figure below demonstrates boot flows for Class 2 systems.
Figure 1: UEFI Startup Paths
The gold elements in the diagram indicate legacy BIOS-style startup. The green arrows show native UEFI mode boot. The blue arrow indicates a system that attempts to boot into UEFI mode to an OS that does not support it. UEFI configured with CSM enabled reverts the boot process to BIOS mode via the CSM. This is called “progressive boot.”
UEFI and Windows 8
It is expected that there will be more Class 2 systems designed for use with Windows 8 that boot into native UEFI mode with the CSM disabled – this is represented by the crossed-out CSM path in the diagram below. This enables the use of Secure Boot, and compatibility with the Windows 8 Logo requirements.
Figure 2: Native UEFI Mode with CSM support
So on a Windows 8 UEFI computer, there are three likely configurations:
· Computer with native UEFI startup. CSM is not used. Green arrows above.
o Improved Boot Performance: Yes
o Secure Boot: Yes
· UEFI computer boots into native UEFI mode, but still loads the CSM for legacy device or OS support: Green arrows. Some interaction with gold component remains.
o Improved Boot Performance: Some improvement vs. BIOS configuration
o Secure Boot: Yes
· UEFI computer boots via the CSM into BIOS mode: Boot via legacy path shown in Figure 1.
o Improved Boot Performance: No improvement
o Secure Boot: No
Architecture Requirements
One new requirement introduced with UEFI native boot support is that it uses a specific bit-ness. This means that a UEFI 32 firmware core must be used to install a 32-bit OS and likewise UEFI 64 for a 64-bit OS. It is possible to have support for both 32-bit and 64-bit UEFI in one BIOS, but it requires additional work and ROM space, so this may not be commonly implemented.
This is only an issue in consumer scenarios if a customer wants to install a replacement or retail copy of Windows 8 on their OEM UEFI computer. In such a scenario, help the customer identify their current architecture (32-bit or 64-bit), and help direct them on a good path to reach their desired goal. They may need to contact the OEM in order to determine whether this potential limitation applies to their computer.
There are a lot more specific details here, if anyone wants to go deeper:
https://msdn.microsoft.com/en-us/windows/hardware/gg463149
Niehus, Microsoft