The Secure Boot Controversy: What does it mean to IT?Introduction
There has been much ado in the tech press lately about the Secure Boot feature in Windows 8
; with some calling it a wonderful boon to security and others convinced it's evil incarnate, designed for the sole purpose of locking out the possibility of installing Linux on computers that come with Windows 8. Many computer hobbyists are up in arms about it, but what are the implications - both good and bad - for businesses? That's what we'll talk about in this article. UEFI: This is not your father’s BIOS
Before you can understand Secure Boot and how it works, you have to understand UEFI, the Unified Extensible Firmware Interface. And before you can understand EUFI, you need to have an understanding of how the BIOS (Basic Input/Output System) worked in computers of the past, because the UEFI was created as a replacement for and improvement on the old BIOS.
We’re getting deeply into hardware territory here, but as an IT pro, you’ve likely had more than a passing acquaintance with the BIOS over the years, as the BIOS settings often have to be modified to enable features that you might want to use on your company’s servers and workstations. The BIOS is the first system software that runs when the computer starts up, and it runs the POST (Power On Self-Test) that checks all the system components to verify that they’re present and working correctly. The BIOS software is installed in a chip on the motherboard. It’s called “firmware” because it is rarely modified. In early computers, the BIOS was stored in Read Only Memory (ROM) and couldn’t be changed. On later systems, it’s stored in Erasable Programmable ROM (EPROM) or flash memory, and can be updated (“flashing the BIOS”) to add functionality.
The EUFI was originally created by Intel to address the limitations of the traditional BIOS (they first called it the Intel Boot Initiative) as part of their Itanium servers. It later became the Extensible Firmware Interface (EFI), which evolved into UEFI and the specification is a standard that’s handled by a non-profit organization with representatives of Intel, AMD, Microsoft, Apple, Dell, HP, IBM and others, called the Unified EFI Forum.
The UEFI performs the same functions as the BIOS but it differs from the BIOS in that it provides faster boot times and its use of a GUID Partition Table (GPT) for booting from disks more than 2 TB in size, as well as networking prior to loading of the operating system, and architecture and drivers that are not dependent on the processor. The UEFI supports 32 and 64 bit processors and can be used with Itanium, x86, x64 and ARM processors. WindowsSecurity.