So what’s the topic? Something that I started talking about almost 10 years ago, the Unified Extensible Firmware Interface (UEFI). Back then, it was more of a warning: the way you deploy Windows is going to change. Now, it’s a way of life (and fortunately, it no longer sucks like it did back in 2010 when we first started working with it).
I don’t want to rehash the “why’s” behind UEFI because frankly, you no longer have much of a choice: all new Windows 10 devices ship with UEFI enabled by default (and if you are turning it off, shame on you). Instead, I want to focus much more on how it works and what’s going on behind the scenes.
A really in-depth article about UEFI – you have to be a certain kind of person to enjoy stuff like this. The article’s about a year old, but still entirely relevant.
> you have to be a certain kind of person to enjoy stuff like this
Well said! I did not like any of it, so I bought my hardware with Libreboot instead. It costs a lot of money and the amount of available hardware is limited and outdated for many people, but the advantages won me over.
The hardware is refurbished, so better for the environment and certified to assure that the vendor does not have a hidden agenda, but respects my freedom.
Compared to UEFI, Libreboot will boot straight into GRUB, which saved me from legacy BIOS plus from learning new stuff as GRUB is known territory 🙂
Had an X200 that I modded with Libreboot but I found it rather restricting, you were pretty much locked to Linux/BSD after that operation. For a more rounded experience try coreboot + SeaBIOS.
Yep, I have an X200 as well. The operating systems I use are all based on Linux nowadays, so this limitation is not really restricting me.
We had EFI support on the IA64 platform too, long before it became widely available on x86 or arm.
After making my first UEFI+SecureBoot+EFISTUB setup, keeping things updated is a no brainer 🙂
https://nwildner.com/posts/2020-07-04-secure-your-boot-process/
It was a hell of a learning process to make all this thing work without a bootloader and signing my kernel EFI stack with my own keys.
I’ve started years ago by dipping my toes into using EFI as a daily basis on my desktop. After that, migrating to a laptop made me turn the key on how i could make it more secure and the boot process verifiable/signed.
Hey,
Thanks for the article, It’s interesting to see how UEFI is tackled on exotic platforms like Windows.
I’m little disappointed the author disabled SecureBoot instead of enrolling his own keys.