

Demystifying UEFI, the long-overdue BIOS replacement - mrsebastian
http://www.extremetech.com/computing/96985-demystifying-uefi-the-long-overdue-bios-replacement

======
drv
The article seems a bit misinformed.

All of the UEFI systems I have encountered have native UEFI firmware in flash.
On top of the UEFI environment, most shipping systems have a compatibility
layer (CSM) that exposes a legacy BIOS emulation to allow traditional MBR-
style booting. It is possible to load an EFI environment on top of a legacy
BIOS (UEFI DUET), but that isn't usually how it is done.

There is no special bootloader; OS bootloaders are just UEFI applications in a
specially-named path on each drive that the firmware finds and lists as boot
options.

The mouse-driven GUI is a feature of some specific implementations, not part
of UEFI itself.

------
joenathan
If indeed some systems come locked down(secure boot) without an option to
disable, couldn't Microsoft just make something like Apple's Bootcamp to boot
alternative operating systems?

~~~
ajross
Would have to be the system vendor, not Microsoft. Or rather, if MS could do
it then the whole scheme is a sham, the authentication is supposed to be at
the firmware level, not in the OS.

UEFI is turning into a huge mess. I'd look to the Coreboot stuff being
pushed/supported by AMD as a much better path to the future, and try to think
of ways to club Intel's NIH-adled brain into getting on board.

~~~
joenathan
The firmware checks the OS for a signature - Couldn't MS make a tool that
booted a signed bootloader or whatever pieces the firmware needs to
authenticate and then passes the boot process off to the alternate OS...

~~~
aquayellow
Not just the bootloader, from what I understand, the whole OS needs to be
signed : drivers in particular or anything else that could talk to the
firmware. So, they need to be signed too. With OSes such as Linux, I don't
even know if it's technically possible to do that from a license point of
view.

~~~
drivebyacct2
No, it is just the bootloader (same way the Android phones work), though MS
could craft their signed bootloader to also verify the NT kernel (which would
make sense).

The other problem is, in the original article that was published on this
topic, that apparently the Linux/grub boot process will be changing so that
the "kernel is part of the bootloader", so I think that adds to the complexity
of the idea of signing either the bootloader or "the whole OS" (whatever that
means anyway.

~~~
aquayellow
Yes, you are right. Actually, it's just the bootloader. So, technically
Microsoft can come up with a bootloader (GPLed) that can boot Linux or modify
the current one. My bad!

Regarding the "kernel is part of the bootloader" idea, I think that was just
an idea :) That's not happening anytime soon, although you can give Linux as a
stage 2 payload directly to coreboot currently.

