Explaining UEFI Firmware for Linux Users
Today let’s take a loot at the firmware of our computer. Specifically, we will focus on BIOS and UEFI.
UEFI BIOS or just UEFI?
You will see online that many people refer to it as UEFI BIOS. Strictly speaking, this is wrong, because BIOS is not a generic term for firmware. BIOS is a specific firmware for IBM compatible PC, so we should call the newer firmware UEFI.
Why do we need BIOS?
BIOS stands for Basic Input/Output System. It’s responsible for the following tasks.
- Initialize CPU and RAM.
- POST (Power On Self Test)
- Initialize the LAN, PCIe.
- Start the boot loader from hard drive, USB stick or LAN.
Once it finishes its work, BIOS passes the control to the operating system.
What does Legacy BIOS Mean?
BIOS is 38 years old. It’s was invented in 1981. Legacy refers to old interfaces or mechanisms such as PS/2 keyboards, floppy disk. Today, very few people use these old stuff but the code which deals with these old stuff is still in the Legacy BIOS.
What is UEFI?
UEFI cames from EFI which stands for extensible firmware interface. It’s started by Intel in the late 90s. Intel was developing a 64-bit processor back then. The legacy BIOS runs only in 16-bit mode and can’t use all the capabilities of the new processor. So they want to get rid of the old BIOS mechanism. They released the first version of EFI in 2002. In 2005, UEFI Forum was born. UEFI stands for unified extensible firmware interface.
UEFI is a firmware specification, not a firmware implementation. Anyone can take the UEFI specification and write his/her own UEFI compatible firmware. For example, Proxmox uses OVMF (Open Virtual Machine Firmware), which is a port of Intel’s open-source TianoCore UEFI implementation, to enable UEFI support for Virtual Machines.
Differences Between BIOS and UEFI
They are mainly 4 differences that I want to talk about in this article.
Programming Language
BIOS is programmed using assembly language whereas UEFI firmware is 99% C language code. C language is much easier to read, maintain and add new functions for programmers. And it’s very easy to remove old functions.
OptionROMs vs Drivers
OptionROM comes with BIOS. optionROM has a size limitation of 64KB. It can not be loaded on hard disk, or USB drive. In addition, OptionROM has to be fit for every hardware. So if you change your hardware, you must also change the code of OptionROMs.
With UEFI firmware, you don’t have optionROM any more. Instead, programmers write drivers. Drivers do not have the limitations of optionROM mentioned above.
MBR vs. GPT
With BIOS, the hard disk utilizes a partition style called MBR which stands for Master Boot Record. You couldn’t access hard disk that is more than 2TB with the MBR partition style. MBR also doesn’t allow more than 4 primary partitions.
With UEFI firmware, the hard disk uses the GPT partition style, which stands for GUID Partition Table. GPT allows up to 128 primary partitions and can access a hard disk of more than 2TB.
BIOS still provides some services after it has finished initializing the hardware and POST. UEFI is pre-boot and boot time only. After initializing the hardware, UEFI passes the control completely to the operating system.
Single Boot Loader vs Multiple Boot Loaders
BIOS allows only one boot loader, which is stored in the master boot record. UEFI allows you to install multiple bootloaders in the EFI partition on the hard disk. This means you can install Linux and Windows on the same hard disk in UEFI mode without wiping out the Grub boot loader or the Windows boot loader.
UEFI Shell
UEFI shell looks like a Linux terminal window or DOS window, it gives you to ability to run some UEFI applications. It has its own syntax.
Boot Mode
Some UEFI firmware has a compatibility support module (CSM). CSM allows the system to fallback to legacy BIOS. A system like this has three different boot modes.
- BIOS mode
- BIOS and UEFI hybrid mode
- UEFI native mode
Note that hybrid mode is not native UEFI mode. If you really want to use UEFI, then you must enable UEFI only and do not enable BIOS. Computers have faster boot time in native UEFI mode because the BIOS does not need to be loaded.
OS Support
Microsoft Windows only support UEFI with GPT hard disk. Linux can boot in UEFI mode with GPT or MBR hard disk. Mac’s EFI implementation is a mix of EFI 1.x and UEFI 2.x. This kind of firmware is not a standard UEFI firmware.
UEFI Firmware Processor Architecture
Most Intel platforms support both 32-bit and 64-bit architecture, as well as 8086/80286 16 bit code. So UEFI firmware on these platforms can be compiled in either 32 or 64-bit mode.
UEFI specification requires the boot loader architecture matches the firmware architecture to reduce problems. In other words, 32-bit UEFI can only run a 32-bit boot loader and 64-bit UEFI can only run a 64-bit boot loader. However, you can run 64-bit OS with 32-bit UEFI and 32-bit OS with 64-bit UEFI.
How do I know my computer has 32-bit or 64-bit UEFI firmware?
On Linux run the following command.
cat /sys/firmware/efi/fw_platform_size
As you can see, my computer has 64 bit UEFI firmware. Most new PCs come with 64 bit UEFI firmware.
How do I know if Linux is installed in UEFI mode?
On Debian-based Linux distros, there are two versions of Grub boot manger.
- grub-efi
- grub-pc
If your Linux is installed in UEFI mode, then it comes with grub-efi
instead of grub-pc
.
Grub-efi
is for UEFI firmware whereas grub-pc
is for BIOS.
How do I know if my computer is booted in UEFI mode
First, you can disable legacy BIOS in your firmware and set it to be UEFI native mode to ensure your computer is booted in UEFI mode.
If you are using Linux, then you can check if your system has a /sys/firmware/efi/
directory. If this directory exists, then your computer is booted in UEFI mode.
EFI System Partition
UEFI requires the hard disk having an EFI system partition, or ESP for short. It’s formated with FAT32, FAT16 or vFAT file system and it’s recommended to keep at least 512MB space for ESP. It’s a storage place for UEFI bootloaders. ESP partition must be mounted at /boot/efi
on Linux. It has a boot and esp flag in Gparted. It does not have to be the first partition.
Secure Boot
Secure Boot is an extension to UEFI. Although most Linux distributions such as Debian, Ubuntu, Fedora, OpenSUSE support secure boot, I don’t recommend enabling secure boot because when you install graphics drivers, wireless card drivers, Virtualbox drivers on your Linux system, there are modules added to the Linux kernel, so Secure Boot wouldn’t recognize your Linux system anymore.
Next Step
You may also want to read:
- How to Use Linux efibootmgr command to manage UEFI Boot Menu
- How to Boot ISO Files From Grub2 Boot Loader (Without Creating a live USB)
I hope this tutorial helped you understand UEFI. As always, if you found this post useful, then subscribe to our free newsletter to get more tips and tricks 🙂
Asa newbie i appreciate this background info. Thank you
Really good explanation. I sincerely appreciate. I was attempting to gain more understanding and clarification of the security implications of moving to UEFI.
Thanks 🙂
Very good text… Can you add some Nutshell experiences (situations) for different PC scenarios? For e.g when one should add another boot loader to EFI partition in Dual/Multi boot and when to a separate partition… etc… 🍻
You should always install boot loaders into the EFI partition. You can set a default boot loader with the efibootmgr command-line utility.