When you turn on your computer, a primitive system that dates back more than 30 years, the basic input/output system (BIOS), turns your cold hardware into a functioning system that your operating system can then boot from. Alas, it's sadly out of date. PC makers have slowly been replacing BIOS with the Unified Extensible Firmware Interface (UEFI
). That's all well and good, but one UEFI feature, Secure Boot, could be used to lock PCs into being only able to boot one operating system
: Windows 8.
Is UEFI just a way for Microsoft and its most loyal original equipment manufacturers (OEMs) to keep Linux and other alternative operating systems out or is it more than that?
BIOS has been terribly outdated for decades. For example, a BIOS only has 1,024KB (kilobytes) of executable space. That, in turn means, a BIOS has trouble starting up the multiple peripheral interfaces (USB, eSATA
, etc.) devices, ports, and controllers on a modern PC. Just as annoying, the BIOS was never meant to initialize more than a handful of devices so even if you can get all devices ready to go it will take up to 30 seconds after you turn the switch on before your PC is ready to start booting.
The first thing you'll notice about UEFI systems is that they boot faster and you can have even larger primary drives. The BIOS is unable to boot from hard disks with more than 2.2TB (terabytes). That's a hard limit set in the Master Boot Record (MBR) that you can't fix. In the BIOS MBR, the maximum space for a drive is determined by the formula: 2 to the 32nd times 512 bits. This is an old hard drive addressing scheme. What it means in practice is that all but the most up-to-date computers can't boot with hard drives that are larger than 2.2TB. With 3TB drives now becoming common
, OEMs have no choice but to move to UEFI on high-end PCs.
Today, if a PC can't be booted, a technician has to be onsite to fix the PC. BIOS simply doesn't support networking, never mind basic, remote troubleshooting and maintenance tools. With UEFI, an OEM can built in networking functionality and basic repair tools. For business use, a properly featured UEFI PC will be far cheaper to support over its lifespan than its older BIOS brother.
Exactly what else you'll get from UEFI depends on how your chip vendor, PC OEM, and operating system vendors implement it. At the least, though, you can expect to see secure boot systems, easier network booting, and instant-on access to all your hardware. It's also possible that some vendors will implement basic operating system interoperability, such as access to a Web browser, without ever needing to actually "boot" the computer into an operating system.
Microsoft didn't support UEFI. Even now, 32-bit Windows doesn't support booting from a UEFI system. Without Microsoft's full support, OEMs were reluctant to commit to UEFI.
In addition, UEFI is just a framework. If an OEM wants to offer full support for all the possible hardware that might be available on a given motherboard and offer diagnostic tools, it has to create them. That's not cheap. Apple, HP, and IBM have made the commitment, but other vendors have been biding their time.
A UEFI-based system doesn't require that its designer provide diagnostic tools and system controls in a GUI, but some OEMs, like Asus, are providing that kind of functionality.
Now that Microsoft is insisting that Windows 8 PCs must support UEFI-secure boot -- a sub-system designed to make sure that a PC only boots a legitimate operating system -- you can be sure almost all 2012/13 PCs will be using UEFI as at least a basic BIOS replacement.
Linux developers have no problem with secure boot. Indeed, as The Linux Foundation white paper, Making UEFI Secure Boot Work With Open Platforms
(PDF), states, "Linux and other open operating systems will be able to take advantage of secure boot if it is implemented properly in the hardware."
The key is that Microsoft continues to dodge the question of how they'll implement secure boot.
The Linux Foundation has made its own response
to the potential problem of UEFI secure boot being required for any device authorized to run Windows 8 with a technical whitepaper that describes how the problem can be avoided.
The Linux Foundation is not the only organization putting their two cents in. Interestingly, Red Hat and Canonical also released a joint whitepaper of their own at the same time Friday morning. The Red Hat/Canonical whitepaper
makes similar and more specific recommendations, and is authored by James Bottomley, Matthew Garrett, and Canonical's Jeremy Kerr. The whitepaper itself is not a hard-and-fast solution: it contains recommendations for hardware manufacturers and users. And at least one of these recommendations may call for the creation of something the Linux world has never had: a vendor-neutral certificate authority.