{{Short description|Technical specification for firmware architecture}} {{Multiple issues| {{Promotional|date=July 2025}} {{Confusing|date=July 2025}} }} {{Use dmy dates|date=January 2026}} {{Infobox technology standard | title = Unified Extensible Firmware Interface | long_name = | image = Logo of the UEFI Forum.svg | image_size = 100px | alt = | caption = | abbreviation = UEFI | status = Published | year_started = 2006{{efn|Originally started in 1998 as Intel Boot Initiative and later as Extensible Firmware Interface (EFI), which was deprecated in 2005 and replaced by UEFI.}} | first_published = <!-- {{Start date|YYYY|MM|DD|df=y}} --> | version = 2.11<ref>{{cite press release |title=UEFI Forum Releases the UEFI 2.11 Specification and the PI 1.9 Specification To Streamline User Implementations {{!}} Unified Extensible Firmware Interface Forum |url=https://uefi.org/press-release/uefi-forum-releases-uefi-211-specification-and-pi-19-specification-streamline-user |website=uefi.org |publisher=UEFI Forum |access-date=22 December 2024}}</ref> | version_date = 16 December 2024 | preview = | preview_date = | organization = UEFI Forum | committee = | series = | editors = | authors = | base_standards = | related_standards = {{plain list| * ACPI * UEFI Platform Initialization }} | predecessor = BIOS on IBM PC compatible computers{{efn|Part of the BIOS that is required for booting an operating system that is not UEFI-compatible can be implemented as a CSM DXE module, see {{section link||CSM booting}}.}} | domain = Firmware | license = | copyright = | website = {{Official URL}} }} [[File:Lenovo ThinkPad T470 UEFI BIOS 1.75 setup - boot menu selection.JPG|thumb|Boot order selection menu on a Lenovo ThinkPad T470 with both UEFI and BIOS support]] [[File:WD Blue WD5000LPVX - controller - Winbond 25X20CLVIG-0182.jpg|thumb|The UEFI implementation is usually stored on NOR-based flash memory<ref name="BeyondBIOSVincentZimmer">{{cite book | url=https://books.google.com/books?id=wylDDgAAQBAJ | title=Beyond BIOS: Developing with the Unified Extensible Firmware Interface, Third Edition | isbn=978-1-5015-0569-0 | last1=Zimmer | first1=Vincent | last2=Rothman | first2=Michael | last3=Marisetty | first3=Suresh | date=2017 | publisher=Walter de Gruyter GmbH & Co KG }}</ref> located on the motherboard. Various I/O protocols can be used, SPI being the most common.]]
'''Unified Extensible Firmware Interface''' ('''UEFI''', YOU-ee-eff-eye as an initialism){{efn|Historically also written as Unified EFI, when UEFI was the newly introduced successor to EFI.}} is a specification for the firmware architecture of a computing platform. When a computer is powered on, the UEFI implementation typically runs first, before the operating system or any other program is loaded. Examples include AMI Aptio, Phoenix SecureCore, TianoCore EDK II, and InsydeH2O.
UEFI replaces the BIOS that was present in the boot ROM of all personal computers that are IBM PC compatible,<ref name="Intel2000">{{cite web |url=http://systems.cs.colorado.edu/Documentation/IntelDataSheets/xscalemagazine.pdf |title=Solving BIOS Boot Issues with EFI |first=Michael |last=Kinney |date=1 September 2000 |access-date=14 September 2010 |pages=47–50 |archive-date=23 January 2007 |archive-url=https://web.archive.org/web/20070123141151/http://systems.cs.colorado.edu/Documentation/IntelDataSheets/xscalemagazine.pdf |url-status=dead }}</ref><ref name="ElReg1" /> although it can provide backwards compatibility with the BIOS using CSM booting. Unlike its predecessor, BIOS, which is a de facto standard originally created by IBM as proprietary software, UEFI is an open standard maintained by an industry consortium. Like BIOS, most UEFI implementations are proprietary.
Intel developed the original ''Extensible Firmware Interface'' (''EFI'') specification. The last Intel version of EFI was 1.10 released in 2005. Subsequent versions have been developed as UEFI by the UEFI Forum.
UEFI is independent of platform and programming language, but C is used for the reference implementation TianoCore EDKII.
== History == The original motivation for EFI came during early development of the first Intel–HP Itanium systems in the mid-1990s. BIOS limitations had become too restrictive for the larger server platforms for which Itanium was targeted.<ref name = "EmulexUEFI" /> The effort to address these concerns began in 1998 and was initially called ''Intel Boot Initiative''.<ref name="efi-and-uefi">{{citation | url = http://www.intel.com/technology/efi/ | archive-url = https://web.archive.org/web/20100105051711/http://www.intel.com/technology/efi/ | archive-date = 5 January 2010 | title = Extensible Firmware Interface (EFI) and Unified EFI (UEFI) | publisher = Intel}}</ref> It was later renamed to ''Extensible Firmware Interface'' (EFI).<ref>{{citation | first = Dong | last = Wei | title = Beyond BIOS | chapter = foreword | publisher = Intel Press | year = 2006 | isbn = 978-0-9743649-0-2}}</ref><ref name="efi-and-uefi" />
The first open-source UEFI implementation, Tiano, was released by Intel in 2004. Tiano has since then been superseded by EDK<ref>{{Cite web |url=https://github.com/tianocore/edk |title=Git mirror of EDK |website=GitHub |date=19 March 2019}}</ref> and EDK II<ref>{{Cite web |url=https://github.com/tianocore/tianocore.github.io/wiki/EDK-II |title=EDK II |website=GitHub |date=8 August 2019}}</ref> and is now maintained by the TianoCore community.<ref>{{Cite web | url=https://www.tianocore.org/ |title = What is TianoCore?}}</ref>
In July 2008, Intel ceased its development of the EFI specification at version 1.10 and contributed it to the Unified EFI Forum, which has developed the specification as the ''Unified Extensible Firmware Interface'' (UEFI). The original EFI specification remains owned by Intel, which exclusively provides licenses for EFI-based products, but the UEFI specification is owned by the UEFI Forum.<ref name = "EmulexUEFI">{{cite news | url = http://www.emulex.com/artifacts/757d23e7-8acb-41a7-872a-afb733ab0688/elx_tb_all_uefi_ibm.pdf |title=Emulex UEFI Implementation Delivers Industry-leading Features for IBM Systems |publisher=Emulex | access-date =14 September 2010}}</ref><ref>{{citation | url = https://uefi.org/faq | publisher = Unified EFI Forum | title = UEFI FAQs | quote = Q: What is the relationship between EFI and UEFI? A: The UEFI specification is based on the EFI 1.10 specification published by Intel with corrections and changes managed by the Unified EFI Forum. Intel still holds the copyright on the EFI 1.10 specification, but has contributed it to the Forum so that the Forum can evolve it. There will be no future versions of the EFI specification, but customers who license it can still use it under the terms of their license from Intel. The license to the Unified EFI Specification comes from the Forum, not from Intel}}</ref>
Version 2.0 of the UEFI specification was released on 31 January 2006. It added cryptography and security{{vague|date=July 2025}}.{{Citation needed|date=April 2026}}
Version 2.1 of the UEFI specification was released on 7 January 2007. It added network authentication and the user interface architecture ("Human Interface Infrastructure" in UEFI).{{Citation needed|date=April 2026}}
Version 2.3.1 of the UEFI specification was released on 6 April 2011. It added Secure Boot, as well as ARM architecture support.{{Citation needed|date=April 2026}}
In October 2018, Arm announced [https://developer.arm.com/architectures/platform-design/server-systems Arm ServerReady], a compliance certification program for landing the generic off-the-shelf operating systems and hypervisors on Arm-based servers. The program requires the system firmware to comply with Server Base Boot Requirements (SBBR). SBBR requires UEFI, ACPI and SMBIOS compliance. In October 2020, Arm announced the extension of the program to the edge and IoT market. The new program name is [https://developer.arm.com/architectures/system-architectures/arm-systemready Arm SystemReady]. Arm SystemReady defined the Base Boot Requirements ([https://developer.arm.com/documentation/den0044/latest BBR]) specification that currently provides three recipes, two of which are related to UEFI: 1) SBBR: which requires UEFI, ACPI and SMBIOS compliance suitable for enterprise-level operating environments such as Windows, Red Hat Enterprise Linux, and VMware ESXi; and 2) EBBR: which requires compliance to a set of UEFI interfaces as defined in the Embedded Base Boot Requirements ([https://github.com/ARM-software/ebbr EBBR]) suitable for embedded environments such as Yocto. Many Linux and BSD distributions can support both recipes.
In December 2018, Microsoft announced Project Mu, a fork of TianoCore EDK II used in Microsoft Surface and Hyper-V products. The project promotes the idea of firmware as a service.<ref>{{cite web |url=https://betanews.com/2018/12/20/microsoft-project-mu/ |title=Microsoft announces Project Mu, an open-source release of the UEFI core |date=20 December 2018}}</ref>
The latest UEFI specification, version 2.11, was published in December 2024.<ref name="UEFISpec2.11">{{cite tech report |date=21 November 2024 |url=https://uefi.org/sites/default/files/resources/UEFI_Spec_Final_2.11.pdf |title=Unified Extensible Firmware Interface (UEFI) Specification |version=2.11 |website=Uefi.org |publisher=UEFI Forum |access-date=5 January 2026 }}</ref>
== Compatibility ==
=== Processor compatibility<span class="anchor" id="HANDOVER"></span><span class="anchor" id="BOOT-STUB"></span> === UEFI supports processor architectures that are 32-bit or higher. However, only processors with a little-endian mode are supported.<ref name="UEFISpec2.11" />{{Rp|section 1.9.1}} The UEFI specification, version 2.11, has official documentation for the following processor architectures:<ref name="UEFISpec2.11" />{{Rp|section 3.5.1.1}} * x86 (IA-32, x86-64) * Itanium (IA-64) * ARM (AArch32, AArch64) * RISC-V (32-bit, 64-bit, 128-bit) * LoongArch (32-bit, 64-bit) <!-- The UEFI Specification does not specify whether it supports the reduced 32-bit version (LA32R), the standard 32-bit version (LA32S) or both -->
Unofficial UEFI support is under development for POWERPC64 by implementing TianoCore EDK II on top of OPAL,<ref>{{cite web|url=https://github.com/andreiw/ppc64le-edk2|title=GitHub - andreiw/ppc64le-edk2: TianoCore UEFI for OPAL/PowerNV (PPC64/PowerPC64 Little-Endian)|work=GitHub|date=3 May 2021}}</ref> the OpenPOWER abstraction layer, running in little-endian mode.<ref>{{cite web|url=http://firmwaresecurity.com/2015/10/12/tianocore-for-openpower/comment-page-1/|title=Tianocore for OpenPOWER|work=Firmware Security|date=12 October 2015}}</ref> For MIPS, there also exists an unofficial project, based on the original EDK.<ref>{{cite web|url=https://sourceforge.net/projects/efi-mips/|title=EFI-MIPS|author=kontais|work=SourceForge|date=3 September 2015 }}</ref><ref>{{cite web |url=https://github.com/ncroxon/gnu-efi |title=GitHub - ncroxon/gnu-efi:Develop EFI applications for ARM-64, ARM-32, x86_64, IA-64 (IPF), IA-32 (x86), and MIPS platforms using the GNU toolchain and the EFI development environment. |website=GitHub }}</ref> However, both projects have since been abandoned as of November 2016 and September 2015 respectively.
UEFI only allows executing UEFI applications that match the firmware's bit-width, even if the processor supports smaller or larger bit-widths. For example, a 64-bit UEFI firmware may only execute 64-bit UEFI applications, even if the processor has a 32-bit processor mode.<ref name="UEFISpec2.11" />{{rp|sections 2.3.2 and 2.3.4}} Some low-end computers have been shipped with 32-bit UEFI firmware running on 64-bit CPUs.<ref name="Cheap32bitEFI">{{cite web |url=https://software.intel.com/content/www/us/en/develop/blogs/why-cheap-systems-run-32-bit-uefi-on-x64-systems.html |archive-url=https://web.archive.org/web/20201224150025/https://software.intel.com/content/www/us/en/develop/blogs/why-cheap-systems-run-32-bit-uefi-on-x64-systems.html |title=Why Cheap Systems Run 32-bit UEFI on x64 Systems |archive-date=24 December 2020 |url-status=dead |author=James Brian Richardson |date=22 July 2015}}</ref> Once a UEFI application ends the boot services and gets granted full control over the system, it becomes possible to change the processor execution mode.<ref name="UEFISpec2.11" />{{rp|sections 2.3.2 and 2.3.4}} However, calling runtime services requires shortly changing back to the original processor mode,<ref>{{Cite web|url=https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0154416a71c2a84c3746c8dd8ed25287e36934d3 |first=Matt |last=Fleming |website=Linux kernel mailing list |title=x86/efi: Add early thunk code to go from 64-bit to 32-bit - kernel/git/torvalds/linux.git - Linux kernel source tree |date=4 March 2014}}</ref> as runtime services may only be called from the same processor mode as the firmware implementation.<ref name="UEFISpec2.11" />{{rp|sections 2.3.2 and 2.3.4}}
The Linux kernel added support for booting 64-bit kernels on 32-bit UEFI firmware implementations with x86-64 CPUs since version 3.15, requiring the UEFI boot loader to support the EFI handover protocol.<ref>{{cite web | url = http://kernelnewbies.org/Linux_3.15#head-e6cf8178e4d5eafc23b0abda81974d2b71ffecf4 | title = Linux kernel 3.15, Section 1.3. EFI 64-bit kernels can be booted from 32-bit firmware | date = 8 June 2014 | access-date = 15 June 2014 | website = kernelnewbies.org }}</ref> The EFI handover protocol allows UEFI boot loaders to defer the UEFI initialization to the kernel's EFI boot stub, so that only the kernel does the UEFI initialization.<ref>{{cite web | url = https://lwn.net/Articles/507827/ | title = x86, efi: Handover Protocol | date = 19 July 2012 | access-date = 15 June 2014 | publisher = LWN.net }}</ref><ref>{{cite web | url = https://www.kernel.org/doc/Documentation/efi-stub.txt | title = Linux kernel documentation: Documentation/efi-stub.txt | date = 1 February 2014 | access-date = 15 June 2014 | publisher = kernel.org }}</ref><ref>{{cite web |url = https://www.kernel.org/doc/html/next/x86/boot.html#efi-handover-protocol-deprecated |title = 1. The Linux/x86 Boot Protocol |work = The Linux Kernel documentation}}</ref>{{update inline|date=July 2025}}<!-- I couldn't find a lot of information regarding the new protocol and whether it still boots 64-bit kernels on 32-bit UEFIs -->
=== Disk device compatibility<span class="anchor" id="DISKDEVCOMPAT"></span> === {{See also|GUID Partition Table#OSSUPPORT|Protective MBR|l1=GPT § Operating systems support}}
In addition to the standard PC disk partition scheme that uses a master boot record (MBR), UEFI also works with the GUID Partition Table (GPT) partitioning scheme, which is free from many of the limitations of MBR. In particular, the MBR limits on the number and size of disk partitions (up to four primary partitions per disk, and up to 2 TB {{nowrap|(2 × 2<sup>40</sup> bytes)}} per disk) are relaxed. More specifically, GPT allows for a maximum disk and partition size of 8 ZiB {{nowrap|(8 × 2<sup>70</sup> bytes)}} with 512 byte sectors.<ref name=IBMLargeDrivesGPT>{{cite web | url = http://www.ibm.com/developerworks/library/l-gpt/index.html | archive-url = https://web.archive.org/web/20120709032551/http://www.ibm.com/developerworks/library/l-gpt/index.html | archive-date = 9 July 2012 | title = Make the most of large drives with GPT and Linux | first = Roderick W. | last = Smith | publisher = IBM | date = 3 July 2012 | access-date = 25 September 2013}}</ref> The UEFI specification only supports FAT12/16/32<ref name="UEFISpec2.11" />{{rp|section 13.3}} partitions that are on GPT or MBR disks as well as El Torito-formatted optical discs.<ref name="UEFISpec2.11" />{{rp|section 13.3.2}} Although GPT is a part of the UEFI standard, it may also be usable by BIOS PCs to boot an operating system off of.<ref name="IBMLargeDrivesGPT" /><ref name="grub-bios-installation" />
==== Linux ==== {{See also|EFI System partition#Linux}}
Support for GPT in Linux is enabled by turning on the option <code>CONFIG_EFI_PARTITION</code> (EFI GUID Partition Support) during kernel configuration.<ref>{{cite web | url = https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/tree/block/partitions/Kconfig?id=refs/tags/v3.11.1#n247 | title = block/partitions/Kconfig (3.11.1) | work = CONFIG_EFI_PARTITION (line #247) | publisher = kernel.org | access-date = 25 September 2013 }}</ref> This option allows Linux to recognize and use GPT disks after the system firmware passes control over the system to Linux.
For reverse compatibility, Linux can use GPT disks in BIOS-based systems for both data storage and booting, as both GRUB 2 and Linux are GPT-aware. Such a setup is usually referred to as ''BIOS-GPT''.{{Citation needed|date=January 2026}} As GPT incorporates the protective MBR, a BIOS-based computer can boot from a GPT disk using a GPT-aware boot loader stored in the protective MBR's bootstrap code area.<ref name="IBMLargeDrivesGPT" /> In the case of GRUB, such a configuration requires a BIOS boot partition for GRUB to embed its second-stage code due to absence of the post-MBR gap in GPT partitioned disks (which is taken over by the GPT's ''Primary Header'' and ''Primary Partition Table''). Commonly 1 MB in size, this partition's Globally Unique Identifier (GUID) in GPT scheme is {{Mono|21686148-6449-6E6F-744E-656564454649}} and is used by GRUB only in BIOS-GPT setups. From GRUB's perspective, no such partition type exists in case of MBR partitioning. This partition is not required if the system is UEFI-based because no embedding of the second-stage code is needed in that case.<ref name="grub-bios-installation">{{cite web | url = https://www.gnu.org/software/grub/manual/html_node/BIOS-installation.html | title = Installation | work = 3.4 BIOS installation | access-date = 25 September 2013 | publisher = GNU GRUB }}</ref><ref name="IBMLargeDrivesGPT" />
UEFI systems can access GPT disks and boot directly from them, which allows Linux to use UEFI boot methods. Booting Linux from GPT disks on UEFI systems involves creation of an EFI system partition (ESP), which contains UEFI applications such as bootloaders, operating system kernels, and utility software.<ref>{{cite web | url = https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Installation_Guide/s2-grub-whatis-booting-uefi.html | title = E.2.2. GRUB and the boot process on UEFI-based x86 systems | access-date = 14 November 2013 | website = redhat.com }}</ref><ref>{{cite web | url = http://blog.fpmurphy.com/2010/09/uefi-booting-64-bit-redhat-enterprise-linux-6.html | title = UEFI Booting 64-bit Redhat Enterprise Linux 6 | date = September 2010 | access-date = 14 November 2013 | website = fpmurphy.com | archive-date = 12 July 2013 | archive-url = https://web.archive.org/web/20130712020644/http://blog.fpmurphy.com/2010/09/uefi-booting-64-bit-redhat-enterprise-linux-6.html | url-status = dead }}</ref> Such a setup is usually referred to as ''UEFI-GPT'', while ESP is recommended to be at least 512 MB in size and formatted with a FAT32 filesystem for maximum compatibility.<ref name="IBMLargeDrivesGPT" />
For backward compatibility, some UEFI implementations also support booting from MBR-partitioned disks through the Compatibility Support Module (CSM) that provides legacy BIOS compatibility.{{Citation needed|date=January 2026}} In that case, booting Linux on UEFI systems is the same as on legacy BIOS-based systems.
==== Microsoft Windows ==== Some of the EFI's practices and data formats mirror those of Microsoft Windows.{{Explain|date=March 2026|reason=What specifically?}}{{Citation needed|date=April 2026}}
Windows 11, 64-bit versions of Windows Vista SP1/SP2 and 7, and both 32-bit and 64-bit versions of Windows 8, 8.1, and 10 can boot from a GPT disk that is larger than 2 TB.
== Features ==
=== Services<span class="anchor" id="GOP"></span><span class="anchor" id="MM"></span><span class="anchor" id="VARIABLE"></span><span class="anchor" id="TIME"></span> === EFI defines two types of services: ''boot services'' and ''runtime services''. Boot services are available only while the firmware owns the platform (i.e., before the <code>ExitBootServices()</code> call), and they include text and graphical consoles on various devices, and bus, block and file services. Runtime services are still accessible while the operating system is running; they include services such as date, time and NVRAM access.
; Graphics Output Protocol (GOP) services : The ''Graphics Output Protocol'' (GOP) provides runtime services; see also Graphics features section below. The operating system is permitted to directly write to the framebuffer and bit blit provided by GOP during runtime mode.<ref>{{Cite web |title=12. Protocols — Console Support |at=12.9. Graphics Output Protocol |work=UEFI Specification 2.9A documentation |url=https://uefi.org/specs/UEFI/2.9_A/12_Protocols_Console_Support.html#graphics-output-protocol |access-date=12 April 2026}}</ref> ; UEFI memory map services ; SMM services ; ACPI services ; SMBIOS services ; Devicetree services (for RISC processors) ; Variable services : UEFI variables provide a way to store data, in particular non-volatile data. Some UEFI variables are shared between platform firmware and operating systems. Variable namespaces are identified by GUIDs, and variables are key/value pairs. For example, UEFI variables can be used to keep crash messages in NVRAM after a crash for the operating system to retrieve after a reboot.<ref name="theh-brickwindows" /> ; Time services : UEFI provides time services. Time services include support for time zone and daylight saving fields, which allow the hardware real-time clock to be set to local time or UTC.<ref name="UEFISpec2.11" />{{Rp|section 8.3}} On machines using a PC-AT real-time clock, by default the hardware clock still has to be set to local time for compatibility with BIOS-based Windows,<ref name="Matthew Garrett">{{cite web |url=https://www.youtube.com/watch?v=V2aq5M3Q76U#t=14m45s | archive-url=https://ghostarchive.org/varchive/youtube/20211113/V2aq5M3Q76U| archive-date=13 November 2021 | url-status=live|title=EFI and Linux: The Future Is Here, and It's Awful |first=Matthew |last=Garrett |date=19 January 2012 |work=linux.conf.au 2012 |access-date=2 April 2012}}{{cbignore}}</ref> unless using recent versions and an entry in the Windows registry is set to indicate the use of UTC.
=== Applications === {{pic|Efi flowchart extended.svg|upright=1.9|caption=Interaction between the EFI boot manager and EFI drivers|caption position=top|triangle=triangle}}
Beyond loading an OS, UEFI can run ''UEFI applications'', which reside as files on the EFI system partition. They can be executed from the UEFI Shell, by the firmware's boot manager, or by other UEFI applications. ''UEFI applications'' can be developed and installed independently of the original equipment manufacturers (OEMs).
A type of UEFI application is an OS boot loader such as GRUB, rEFInd, systemd-boot, and Windows Boot Manager, which loads some OS files into memory and executes them. Also, an OS boot loader can provide a user interface to allow the selection of another UEFI application to run. Utilities like the UEFI Shell are also UEFI applications.
=== Protocols === EFI defines protocols as a set of software interfaces used for communication between two binary modules. All EFI drivers must provide services to others via protocols. The EFI Protocols are similar to the BIOS interrupt calls.
=== Device drivers<span class="anchor" id="EBC"></span> === In addition to standard instruction set architecture-specific device drivers, EFI provides for a ISA-independent device driver stored in non-volatile memory as ''EFI byte code'' or ''EBC''. System firmware has an interpreter for EBC images. In that sense, EBC is analogous to Open Firmware, the ISA-independent firmware used in PowerPC-based Apple Macintosh and Sun Microsystems SPARC computers, among others.
Some architecture-specific (non-EFI Byte Code) EFI drivers for some device types can have interfaces for use by the OS. This allows the OS to rely on EFI for drivers to perform basic graphics and network functions before, and if, operating-system-specific drivers are loaded.
In other cases, the EFI driver can be filesystem drivers that allow for booting from other types of disk volumes. Examples include ''efifs'' for 37 file systems (based on GRUB2 code),<ref>{{cite web |title=Free Software EFI Drivers |url=https://efi.akeo.ie/}}</ref> used by Rufus for chain-loading NTFS ESPs.<ref>{{cite web |last1=Batard |first1=Pete |title=pbatard/uefi-ntfs |url=https://github.com/pbatard/uefi-ntfs |website=GitHub |date=13 March 2020}}</ref>
=== Graphics features === The EFI 1.0 specification defined a UGA (Universal Graphic Adapter) protocol as a way to support graphics features. UEFI did not include UGA and replaced it with GOP (Graphics Output Protocol).<ref>{{cite web | url = http://www.intel.com/content/www/us/en/intelligent-systems/intel-embedded-graphics-drivers/faq-bios-firmware.html | url-status = dead | archive-url = https://web.archive.org/web/20140519113249/http://www.intel.com/content/www/us/en/intelligent-systems/intel-embedded-graphics-drivers/faq-bios-firmware.html | archive-date = 19 May 2014 | title = Intel Embedded Graphics Drivers FAQ: BIOS and firmware | access-date = 19 May 2014 | publisher = Intel }}</ref>
UEFI 2.1 defined a "Human Interface Infrastructure" (HII) to manage user input, localized strings, fonts, and forms (in the HTML sense). These enable original equipment manufacturers (OEMs) or independent BIOS vendors (IBVs) to design graphical interfaces for pre-boot configuration. UEFI uses UTF-16 to encode strings by default; since at least UEFI 2.4, it allows using ASCII to encode ASCII-only strings.
Most early UEFI firmware implementations were console-based. Today many UEFI firmware implementations are GUI-based.{{citation needed|date=July 2025}}
=== EFI system partition === {{Main|EFI system partition}}
An EFI system partition, often abbreviated to ESP, is a data storage device partition that is used in computers adhering to the UEFI specification. Accessed by the UEFI firmware when a computer is powered up, it stores UEFI applications and the files these applications need to run, including operating system boot loaders. Supported partition table schemes include MBR and GPT, as well as El Torito volumes on optical discs.<ref name="UEFISpec2.11" />{{Rp|section 2.6.2}} For use on ESPs, UEFI defines a specific version of the FAT file system, which is maintained as part of the UEFI specification and independently from the original FAT specification, encompassing the FAT32, FAT16 and FAT12 file systems.<ref name="UEFISpec2.11" />{{Rp|section 13.3}}<ref>{{cite web | url = https://developer.apple.com/library/mac/technotes/tn2166/_index.html#//apple_ref/doc/uid/DTS10003927-CH1-SUBSECTION6 | title = Technical Note TN2166: Secrets of the GPT | date = 6 November 2006 | access-date = 6 May 2015 | website = developer.apple.com }}</ref> The ESP also provides space for a boot sector as part of the backward BIOS compatibility.{{Citation needed|date=January 2026}}
=== Booting === Computers are started up by a process which has been called booting: the computer loads its operating software by means of a very small program built into the hardware, which typically loads a program, still small, to load and start the operating system (OS).
==== UEFI booting<span class="anchor" id="UEFIBOOT"></span><span class="anchor" id="BOOT-MANAGER"></span> ==== Unlike the legacy PC BIOS, UEFI does not rely on boot sectors on the computer's data storage, defining instead a boot manager as part of the UEFI specification. When a computer is powered on, the boot manager checks the boot configuration and, based on its settings, then executes the specified OS boot loader or operating system kernel. The boot configuration is defined by variables stored in the computer's persistent NVRAM storage, including variables that indicate the file system paths to OS loaders or OS kernels.
OS boot loaders can be automatically detected by UEFI, which enables easy booting from removable devices such as USB flash drives. This automated detection relies on standardized file paths to the OS boot loader, with the path varying depending on the computer architecture. The format of the file path is defined as {{Mono|<nowiki><EFI_SYSTEM_PARTITION>\EFI\BOOT\BOOT<MACHINE_TYPE_SHORT_NAME>.EFI</nowiki>}}; for example, the file path to the OS loader on an x86-64 system is {{Mono|\efi\boot\bootx64.efi}},<ref name="UEFISpec2.11" />{{rp|section 3.5.1.1}} and {{Mono|\efi\boot\bootaa64.efi}} on ARM64 architecture.
thumb|541x541px|Boot process
Booting UEFI systems from GPT-partitioned disks is commonly called ''UEFI-GPT booting'', although the UEFI specification requires MBR partition tables to be fully supported.<ref name="UEFISpec2.11" />{{rp|section 13.3.2}} Some UEFI firmware implementations immediately switch to BIOS-based CSM booting depending on the type of the boot disk's partition table, effectively preventing UEFI booting from an EFI System Partition on MBR-partitioned disks;{{Citation needed|date=January 2026}} such a boot scheme is commonly called ''UEFI-MBR''.
It is also common for a boot manager to have a textual user interface to allow the user to select the desired OS (or setup utility) from a list of available boot options.
On PC platforms, the BIOS firmware that supports UEFI boot can be called ''UEFI BIOS'', although it may not support CSM boot method, as modern x86 PCs deprecate use of CSM.
==== CSM booting<span class="anchor" id="CSMBOOT"></span> ==== To ensure backward compatibility, UEFI firmware implementations on PC-class machines could support booting in legacy BIOS mode from MBR-partitioned disks through the Compatibility Support Module (CSM) that provides legacy BIOS compatibility. In this scenario, booting is performed in the same way as on legacy BIOS-based systems, by ignoring the partition table and relying on the content of a boot sector.{{Citation needed|date=January 2026}}
The Compatibility Support Module allows legacy operating systems and some legacy option ROMs that do not support UEFI to still be used.<ref name="intel-csm-r097">{{cite web | url = http://www.intel.com/content/dam/doc/reference-guide/efi-compatibility-support-module-specification-v097.pdf | title = Intel Platform Innovation Framework for EFI | work = Compatibility Support Module Specification (revision 0.97) | date = 4 September 2007 | access-date = 6 October 2013 | publisher = Intel }}</ref> It also provides required legacy System Management Mode (SMM) functionality (CompatibilitySmm) in addition to features provided by the UEFI SMM. An example of such a legacy SMM functionality is providing USB legacy support for keyboard and mouse, by emulating their classic PS/2 counterparts.<ref name="intel-csm-r097" />
In November 2017, Intel announced that it planned to phase out support CSM for client platforms by 2020.<ref>{{Cite news|url=https://arstechnica.com/gadgets/2017/11/intel-to-kill-off-the-last-vestiges-of-the-ancient-pc-bios-by-2020/|title=The PC BIOS will be killed off by 2020 as Intel plans move to pure UEFI|work=Ars Technica|access-date=29 May 2018|language=en-us}}</ref>
In July 2022, Kaspersky Labs published information regarding a Rootkit designed to chain boot malicious code on machines using Intel's H81 chipset and the Compatibility Support Module of affected motherboards.<ref>{{Cite news |url=https://securelist.com/cosmicstrand-uefi-firmware-rootkit/106973/ |title=CosmicStrand: the discovery of a sophisticated UEFI firmware rootkit |work=Securelist by Kaspersky |access-date=4 August 2022 }}</ref>
In August 2023, Intel announced that it planned to phase out CSM support for server platforms by 2024.<ref>{{Cite news |url=https://www.intel.com/content/www/us/en/content-details/630266/removal-of-legacy-boot-support-for-intel-platforms-technical-advisory.html |title=Removal of Legacy Boot Support for Intel Platforms Technical Advisory |publisher=Intel }}</ref>
==== Network booting ==== The UEFI specification includes support for booting over network via the Preboot Execution Environment (PXE). PXE booting network protocols include Internet Protocol (IPv4 and IPv6), User Datagram Protocol (UDP), Dynamic Host Configuration Protocol (DHCP), Trivial File Transfer Protocol (TFTP) and iSCSI.<ref name="UEFISpec2.11" />{{Rp|924–1509}}<ref>{{cite web | url = https://docs.redhat.com/en/documentation/Red_Hat_Enterprise_Linux/6/html/Installation_Guide/s1-netboot-pxe-config-efi.html | work = Red Hat Enterprise Linux 6 Installation Guide | title = 30.2.2. Configuring PXE boot for EFI | access-date = 12 April 2026 | publisher = Red Hat }}</ref>
OS images can be remotely stored on storage area networks (SANs), with Internet Small Computer System Interface (iSCSI) and Fibre Channel over Ethernet (FCoE) as supported protocols for accessing the SANs.<ref name="UEFISpec2.11" />{{page needed|date=July 2025}}<ref>{{cite web | url = https://uefi.org/sites/default/files/resources/UEFI_Summit_July_2013_UEFI2.4_Networking.pdf | title = Advances in Pre-OS Networking in UEFI 2.4 | date = July 2013 | access-date = 12 April 2026 | publisher = Hewlett-Packard | last = El-Haj-Mahmoud | first = Samer }}</ref><ref>{{cite book | url = https://www.redbooks.ibm.com/redbooks/pdfs/sg247986.pdf | title = Storage and Network Convergence Using FCoE and iSCSI | edition = 2nd | first1 = Sangam | last1 = Racherla | first2 = Silvio | last2 = Erdenberger | first3 = Harish | last3 = Rajagopal | first4 = Kai | last4 = Ruth | date = January 2014 | access-date = 12 April 2026 | publisher = IBM Redbooks }}</ref>
Version 2.5 of the UEFI specification adds support for accessing boot images over HTTP.<ref>{{cite web | url = http://firmwaresecurity.com/2015/05/09/new-uefi-http-boot-support-in-uefi-2-5/ | title = New UEFI HTTP Boot support in UEFI 2.5 | date = 9 May 2015 | access-date = 13 August 2015 | website = firmwaresecurity.com }}</ref>
==== Secure Boot<span class="anchor" id="SECURE-BOOT"></span> ==== {{See also|#Secure Boot 2|l1=Secure Boot criticism}} [[File:REFInd 0.14.2 about screen (secure boot active) screenshot (cropped).webp|upright=1.4|thumb|Example of an active Secure Boot as detected by rEFInd boot manager]]
The UEFI specification defines a Secure Boot that can secure the boot process by preventing the loading of UEFI drivers or OS boot loaders that are not signed with an acceptable digital signature. When Secure Boot is enabled, it is initially placed in "setup" mode, which allows a public key known as the "platform key" (PK) to be written to the firmware. Once the key is written, Secure Boot enters "User" mode, where only UEFI drivers and OS boot loaders signed with the platform key can be loaded by the firmware. Additional "key exchange keys" (KEK) can be added to a database stored in memory to allow other certificates to be used, but they must still have a connection to the private portion of the platform key.<ref name=uefi-secureboot>{{cite web | last = Edge | first = Jake | title = UEFI and "secure boot" | url = https://lwn.net/Articles/447381/ | website = LWN.net | date = 15 June 2011 | access-date = 9 September 2012 }}</ref> Secure Boot can also be placed in "Custom" mode, where additional public keys can be added to the system that do not match the private key.<ref name=pcw-ueficontroversy>{{cite web | title = Windows 8 Secure Boot: The Controversy Continues | url = https://www.pcworld.com/article/473693/windows_8_secure_boot_the_controversy_continues.html | first = Katherine | last = Noyes | website = PC World | date = 18 January 2012 | access-date = 12 April 2026}}</ref>
Secure Boot is supported by Windows 8 and 8.1, Windows Server 2012 and 2012 R2, Windows 10, Windows Server 2016, 2019, and 2022, and Windows 11, VMware vSphere 6.5<ref>{{Cite news|url=https://blogs.vmware.com/vsphere/2017/05/secure-boot-esxi-6-5-hypervisor-assurance.html|title=Secure Boot for ESXi 6.5 - Hypervisor Assurance|date=4 May 2017|work=VMware vSphere Blog|access-date=18 August 2017}}</ref> and several Linux distributions including Fedora (since version 18), openSUSE (since version 12.3), RHEL (since version 7), CentOS (since version 7<ref>[https://wiki.centos.org/HowTos/UEFI HowTos/UEFI - CentOS Wiki<!-- Bot generated title -->]</ref>), Debian (since version 10),<ref>{{cite web |url=https://www.phoronix.com/scan.php?page=news_item&px=Debian-UEFI-SecureBoot-2018 |title=Debian Making Progress on UEFI SecureBoot Support in 2018 |last=Larabel |first=Michael |date=30 April 2018 |website=Phoronix |publisher=Phoronix Media |access-date=23 May 2018}}</ref> Ubuntu (since version 12.04.2), Linux Mint (since version 21.3),<ref>{{cite web |first=Matthew |last=Garrett |url=https://mjg59.dreamwidth.org/20522.html |title=Secure Boot distribution support |website=Mjg59.dreamwidth.org |date=27 December 2012 |access-date=12 April 2026}}</ref><ref>{{cite web|title=Linux Mint Secure boot|website=Linux Mint|access-date=12 January 2024|url=https://www.linuxmint.com/rel_virginia_whatsnew.php}}</ref> and AlmaLinux OS (since version 8.4<ref>{{Cite web |title=8.4 {{!}} AlmaLinux Wiki |url=https://wiki.almalinux.org/release-notes/8.4.html |access-date=10 April 2024 |website=wiki.almalinux.org}}</ref>). {{As of|2025|1}}, FreeBSD support is in its planning stage.<ref>{{cite web|title=SecureBoot|url=https://wiki.freebsd.org/SecureBoot|website=FreeBSD Wiki|publisher=FreeBSD|access-date=16 June 2015}}</ref>
=== UEFI shell<span class="anchor" id="SHELL"></span> === thumb|upright=1.4|Example of a UEFI shell 2.2 session
UEFI provides a shell environment, which can be used to execute other UEFI applications, including UEFI boot loaders.{{Citation needed|date=January 2026}} Apart from that, commands available in the UEFI shell can be used for obtaining various other information about the system or the firmware, including getting the memory map (<code>memmap</code>), modifying boot manager variables (<code>bcfg</code>), running partitioning programs (<code>diskpart</code>), loading UEFI drivers, and editing text files (<code>edit</code>).<ref name="EFI-Shells-and-Scripting">{{cite web | url = http://software.intel.com/en-us/articles/efi-shells-and-scripting/ | title = EFI Shells and Scripting | publisher = Intel | access-date = 25 September 2013 | archive-url = https://web.archive.org/web/20190716225955/http://software.intel.com/en-us/articles/efi-shells-and-scripting/ | archive-date = 2019-07-16 | url-status = dead }}</ref><ref name="uefi-shell-spec-2">{{cite web | url = https://uefi.org/sites/default/files/resources/UEFI_Shell_Spec_2_0_Errata_A.pdf | title = UEFI Shell Specification Version 2.0, Errata A | publisher = Unified Extensible Firmware Interface Forum | date = May 2012 | access-date = 12 April 2026 }}</ref>
Source code for a UEFI shell can be downloaded from the Intel's TianoCore UDK/EDK2 project.<ref>{{cite web |title=EDK2: ShellPkg |url=https://github.com/tianocore/tianocore.github.io/wiki/ShellPkg |website=GitHub |access-date=18 March 2020}}</ref> A pre-built ShellBinPkg is also available.<ref>{{cite web |title=tianocore/edk2: releases |url=https://github.com/tianocore/edk2/releases/ |website=GitHub |language=en}}</ref> Shell v2 works best in UEFI 2.3+ systems and is recommended over Shell v1 in those systems. Shell v1 should work in all UEFI systems.<ref>{{cite web | url = https://sourceforge.net/mailarchive/message.php?msg_id=28690732 | title = Email Archive: edk2-devel | work = [edk2] Inclusion of UEFI shell in Linux distro iso | publisher = SourceForge | year = 2012 | access-date = 25 September 2013 | archive-date = 3 October 2013 | archive-url = https://web.archive.org/web/20131003090134/http://sourceforge.net/mailarchive/message.php?msg_id=28690732 | url-status = dead }}</ref><ref>{{cite web | url = https://sourceforge.net/apps/mediawiki/tianocore/index.php?title=Shell_FAQ | url-status = dead | archive-url = https://web.archive.org/web/20131003090139/https://sourceforge.net/apps/mediawiki/tianocore/index.php?title=Shell_FAQ | archive-date = 3 October 2013 | title = TianoCore on SourceForge | work = Shell FAQ | publisher = Intel | access-date = 25 September 2013 }}</ref>
Methods used for launching UEFI shell depend on the manufacturer and model of the system motherboard. Some of them already provide a direct option in firmware setup for launching, e.g. compiled x86-64 version of the shell needs to be made available as <code><EFI_SYSTEM_PARTITION>/SHELLX64.EFI</code>. Some other systems have an already embedded UEFI shell which can be launched by appropriate key press combinations.<ref>{{cite web | url = http://download.intel.com/support/motherboards/server/sb/efi_whitepaper.pdf | title = Basic Instructions for Using EFI for Server Configuration on Intel Server Boards and Intel Server Systems | publisher = Intel | year = 2008 | access-date = 25 September 2013 }}</ref> For other systems, the solution is either creating an appropriate USB flash drive or adding manually (<code>bcfg</code>) a boot option associated with the compiled version of shell.<ref name="uefi-shell-spec-2" />
====Commands==== The following is a list of commands supported by the EFI shell.<ref name="EFI-Shells-and-Scripting" />
{{div col|colwidth=9em}} * alias * attrib * bcfg * cd * cls * comp * cp * date * dblk * dh * dmpstore * echo * Edd30 * EddDebug * edit * err * guid * help * load * ls * map * mem * memmap * mkdir * mm * mode * mount * pause * pci * reset * rm * set * stall * time * type * unload * ver * vol {{div col end}}
=== Extensions === Extensions to UEFI can be loaded from virtually any non-volatile storage device attached to the computer. For example, an original equipment manufacturer (OEM) can distribute systems with an EFI system partition on the hard drive, which would add additional functions to the standard UEFI firmware stored on the motherboard's ROM.
=== UEFI Capsule === UEFI Capsule defines a firmware-to-OS firmware update interface, marketed as modern and secure.<ref>{{cite web |url=https://tianocore-docs.github.io/Understanding_UEFI_Secure_Boot_Chain/draft/secure_boot_chain_in_uefi/boot_chain__putting_it_all_together/signed-capsule-update|title=Signed Capsule Update|website=tianocore-docs.github.io}}</ref> Windows 8, Windows 8.1, Windows 10,<ref>{{Cite web|last=barrygolden|title=Windows UEFI firmware update platform - Windows drivers|url=https://docs.microsoft.com/en-us/windows-hardware/drivers/bringup/windows-uefi-firmware-update-platform|access-date=25 September 2020|website=docs.microsoft.com|language=en-us}}</ref> and Fwupd for Linux each support the UEFI Capsule.
=== Hardware === Like BIOS, UEFI initializes and tests system hardware components, and then loads the boot loader from a mass storage device or through a network connection. In x86 systems, the UEFI firmware is usually stored in the NOR flash chip of the motherboard, and the boot process is more complex, for example PCI Express devices detection and initialization.<ref>{{Cite web|title=Getting Started {{!}} Microchip Technology|url=https://www.microchip.com/en-us/products/memory/serial-and-parallel-flash/getting-started|access-date=24 December 2020|website=www.microchip.com}}</ref><ref>{{cite web | url=https://github.com/FrameworkComputer/Framework-Laptop-16/blob/main/Mainboard/Mainboard_Interfaces_Schematic_Framework_Laptop_16_7040_Series.pdf | title=Framework-Laptop-16/Mainboard/Mainboard_Interfaces_Schematic_Framework_Laptop_16_7040_Series.PDF at main · FrameworkComputer/Framework-Laptop-16 | website=GitHub }}</ref> In some ARM-based Android and Windows Phone devices, the UEFI boot loader is stored in the eMMC or eUFS flash memory.
== Classes == UEFI machines can have one of the following classes, which were used to help ease the transition to UEFI:<ref>{{Cite book |last1=Barry |first1=Peter |title=Modern embedded computing : designing connected, pervasive, media-rich systems |last2=Crowley |first2=Patrick |date=2012 |publisher=Morgan Kaufmann Publishers |isbn=978-0-12-394407-8 |location=Waltham, MA |pages=169 |oclc=810455404}}</ref>
* Class 0: Legacy BIOS * Class 1: UEFI with a CSM interface and no external UEFI interface. The only UEFI interfaces are internal to the firmware. * Class 2: UEFI with CSM and external UEFI interfaces, eg. UEFI Boot. * Class 3: UEFI without a CSM interface and with an external UEFI interface. * Class 3+: UEFI class 3 that has Secure Boot enabled.<ref>{{Cite web |title=Intel schrapt bios-compatibiliteit uefi in 2020 |url=https://tweakers.net/nieuws/131947/intel-schrapt-bios-compatibiliteit-uefi-in-2020.html |access-date=30 December 2022 |website=Tweakers |language=NL}}</ref>
Starting from the 10th Gen Intel Core, Intel no longer provides Legacy Video BIOS for the iGPU (Intel Graphics Technology). Legacy boot with those CPUs requires a Legacy Video BIOS, which can still be provided by a video card.{{Citation needed | date = December 2021}}
== Boot stages == === SEC – Security Phase === This is the first stage of the UEFI boot but may have platform specific binary code that precedes it. (e.g., Intel ME, AMD PSP, CPU microcode). It consists of minimal code written in assembly language for the specific architecture. It initializes a temporary memory (often CPU cache-as-RAM (CAR), or SoC on-chip boot processor) and serves as the system's software root of trust with the option of verifying PEI before hand-off.
==== Responsibilities ==== * Initialization of temporary memory for next stage, PEI. * Root of trust, by the means of verifying the integrity of PEI. * Passing handoff information to the PEI foundation. The information includes the location and size of temporary memory, location and size of stack and state of the platform.
=== PEI – Pre-EFI Initialization === The second stage of UEFI boot consists of a dependency-aware dispatcher that loads and runs PEI modules (PEIMs) to handle early hardware initialization tasks such as main memory initialization (initialize memory controller and DRAM) and firmware recovery operations. Additionally, it is responsible for discovery of the current boot mode and handling many ACPI S3 operations. In the case of ACPI S3 resume, it is responsible for restoring many hardware registers to a pre-sleep state. PEI also uses CAR. Initialization at this stage involves creating data structures in memory and establishing default values within these structures.<ref name="BeyondBIOSVincentZimmer" />
This stage has several components including PEI foundation, PEIMs and PPI. Due to less resources available in this stage, this stage must be minimal and do minimal preparations for the next stage, DXE, which is richer.
==== PEI Foundation ==== After SEC phase hand off, platform responsibility is taken by PEI Foundation. Its responsibilities are: * Successful dispatching of PEIMs (pre-EFI initialization modules). * Initializing permanent memory (RAM). * Handing over to the next stage, DXE. * Facilitating the communication of PEIMs called PPI.
==== PEI Dispatcher ==== This component is responsible for invoking PEIMs and managing their dependencies.
==== Pre-EFI Initialization Modules ==== These are minimal PEI drivers that are responsible for initialization of hardware components, such as permanent memory, CPU, chipset and motherboard. Each of the PEIMs have single responsibilities and focus on single initialization. These drivers come from different vendors.
==== PEIMs-to-PEIMs Interfaces ==== This is a data structure that composed of GUID pairs of pointers. PPIs are discovered by PEIMs through PEI services.
After minimal initialization of the system for DXE, PEI foundation locates and passes control to DXE. The PEI foundation dispatches DXE foundation through special PPI called IPL (Initial Program Load).
=== DXE – Driver Execution Environment === This stage consists of C modules and a dependency-aware dispatcher. With main memory now available, CPU, chipset, mainboard and other I/O devices are initialized in DXE and BDS. Initialization at this stage involves assigning EFI device paths to the hardware connected to the motherboard, and transferring configuration data to the hardware.<ref name="BeyondBIOSVincentZimmer" />
=== BDS – Boot Device Select (Boot Manager) === BDS is a part of the DXE.<ref>{{Cite web|url=https://github.com/tianocore/tianocore.github.io/wiki/PI-Boot-Flow|title=PI Boot Flow · tianocore/Tianocore.github.io Wiki|website=GitHub}}</ref><ref>{{Cite web|url=https://ami.com/en/?Aptio_V_Status_Codes.pdf|title = Engineering Services}}</ref> In this stage, boot devices are initialized, UEFI drivers or Option ROMs of PCI devices are executed according to architecturally defined variables called '''NVRAM''', and the operating system boot loaders (such as Windows Boot Manager) are started.
=== TSL – Transient System Load === This is the stage between boot device selection and hand-off to the OS. At this point one may enter a UEFI shell, or execute a UEFI application such as the OS boot loader.
=== RT – Runtime === The UEFI hands off to the operating system (OS) after {{Mono|ExitBootServices()}} is executed. A UEFI compatible OS is now responsible for exiting boot services triggering the firmware to unload all no longer needed code and data, leaving only runtime services code/data, e.g. SMM and ACPI.<ref>{{Cite web |title=The Unified Extensible Firmware Interface (UEFI) |work=The Linux Kernel documentation |url=https://www.kernel.org/doc/html/latest/arch/arm/uefi.html}}</ref>{{failed verification|date=November 2024}} A typical modern OS will prefer to use its own programs (such as kernel drivers) to control hardware devices.
When a legacy OS is used, CSM will handle this call ensuring the system is compatible with legacy BIOS expectations.
== Usage ==
=== Implementations === [[File:Surface UEFI.png|upright=1.4|thumb|Microsoft Surface UEFI, the UEFI used on all Surface models made after 2015]]
Intel's implementation of EFI is the ''Intel Platform Innovation Framework'', codenamed ''Tiano''. Tiano runs on Intel's XScale, Itanium, IA-32 and x86-64 processors, and is proprietary software, although a portion of the code has been released under the BSD license or Eclipse Public License (EPL) as TianoCore EDK II. TianoCore can be used as a payload for coreboot.<ref name="TianoCoreboot">{{cite web|url=http://www.coreboot.org/TianoCore|title=TianoCore - coreboot|access-date=25 May 2012|archive-date=22 October 2020|archive-url=https://web.archive.org/web/20201022162434/http://www.coreboot.org/TianoCore|url-status=dead}}</ref>
Phoenix Technologies' implementation of UEFI is branded as SecureCore Technology (SCT).<ref>{{cite web|url=http://www.phoenix.com/pages/phoenix-securecore-tiano-tm|title=SecureCore Tiano™|publisher=Phoenix Technologies|access-date=14 September 2010|url-status=dead|archive-url=https://web.archive.org/web/20100906050148/http://www.phoenix.com/pages/phoenix-securecore-tiano-tm|archive-date=6 September 2010}}</ref> American Megatrends offers its own UEFI firmware implementation known as Aptio,<ref>{{cite web |url=https://ami.com/ami_downloads/Aptio_4_Data_Sheet.pdf |url-status=dead |archive-url=https://web.archive.org/web/20180503042430/https://ami.com/ami_downloads/Aptio_4_Data_Sheet.pdf |archive-date=3 May 2018 |title=Aptio: The Complete UEFI Product Solution |publisher=American Megatrends |access-date=2 May 2018}}</ref> while Insyde Software offers InsydeH2O,<ref name="InsydeH2O">{{cite web |url=https://www.insyde.com/company/who-we-are/why-us |title=Why US? |publisher=Insyde Software Corp |access-date=2 May 2018 |archive-date=27 December 2018 |archive-url=https://web.archive.org/web/20181227153322/https://www.insyde.com/company/who-we-are/why-us |url-status=dead }}</ref> and Byosoft offers ByoCore.
In December 2018, Microsoft released an open source version of its TianoCore EDK2-based UEFI implementation from the Surface line, Project Mu.<ref>{{Cite web|url=https://www.phoronix.com/scan.php?page=news_item&px=Microsoft-Project-Mu-UEFI|title=Microsoft Announces "Project Mu" For Open-Source UEFI Alternative To TianoCore |website=Phoronix|access-date=20 December 2018}}</ref>
An implementation of the UEFI API was introduced into the Universal Boot Loader (Das U-Boot) in 2017.<ref name="MarryingU-BootUEFIandGRUB">{{cite web|url=http://events17.linuxfoundation.org/sites/events/files/slides/Marrying%20U-Boot%2C%20UEFI%20and%20grub.pdf|title=Marrying U-Boot UEFI and GRUB|access-date=12 September 2018}}</ref> On the ARMv8 architecture Linux distributions use the U-Boot UEFI implementation in conjunction with GNU GRUB for booting (e.g. SUSE Linux<ref name="SuseU-BootGRUB">{{cite web|url=https://www.suse.com/media/article/UEFI_on_Top_of_U-Boot.pdf|title=UEFI on Top of U-Boot|access-date=12 September 2018|archive-date=11 September 2018|archive-url=https://web.archive.org/web/20180911081903/https://www.suse.com/media/article/UEFI_on_Top_of_U-Boot.pdf|url-status=dead}}</ref>), the same holds true for OpenBSD.<ref name="OpenBSD63onRPi3">{{cite web|url=https://bijanebrahimi.github.io/blog/installing-openbsd-63-on-raspberry-pi-3.html|title=Installing OpenBSD 6.3 on Raspberry 3|access-date=12 September 2018|archive-date=21 November 2018|archive-url=https://web.archive.org/web/20181121075131/http://bijanebrahimi.github.io/blog/installing-openbsd-63-on-raspberry-pi-3.html|url-status=dead}}</ref> For booting from iSCSI iPXE can be used as a UEFI application loaded by U-Boot.<ref name="UBootiPXE">{{cite web|url=https://u-boot.readthedocs.io/en/latest/uefi/iscsi.html|title=iSCSI booting with U-Boot and iPXE|access-date=18 May 2020|archive-date=31 July 2020|archive-url=https://web.archive.org/web/20200731050609/https://u-boot.readthedocs.io/en/latest/uefi/iscsi.html|url-status=dead}}</ref>
=== Platforms === {{More citations needed section|date=July 2025}}
Intel's first Itanium workstations and servers, released in 2000, implemented EFI 1.02.
Hewlett-Packard's first Itanium 2 systems, released in 2002, implemented EFI 1.10. These systems were able to boot Windows, Linux, FreeBSD and HP-UX. OpenVMS added UEFI capability in June 2003.
In January 2006, Apple Inc. shipped its first Intel-based Macintosh computers. These systems used EFI instead of Open Firmware, which had been used on its previous PowerPC-based systems.<ref>Apple Computer. "[https://developer.apple.com/documentation/MacOSX/Conceptual/universal_binary/universal_binary_diffs/chapter_3_section_10.html Universal Binary Programming Guidelines, Second Edition: Extensible Firmware Interface (EFI)] {{webarchive |url=https://web.archive.org/web/20080724213607/http://developer.apple.com/documentation/MacOSX/Conceptual/universal_binary/universal_binary_diffs/chapter_3_section_10.html |date=24 July 2008 }}"</ref> On 5 April 2006, Apple first released Boot Camp, which produces a Windows drivers disk and a non-destructive partitioning tool to allow the installation of Windows XP or Vista without requiring a reinstallation of Mac OS X (now macOS). A firmware update was also released that added BIOS compatibility to its EFI implementation. Subsequent Macintosh models shipped with the newer firmware.<ref>[http://www.mactech.com/articles/mactech/Vol.23/23.05/OpenFirmwareToEFI/index.html Apple's Transition from Open Firmware to Extensible Firmware Interface], mactech, 2007.</ref>
During 2005, more than one million Intel systems shipped with Intel's implementation of UEFI.<ref name="IntelFrameworkOverviewUEFI">{{cite web | url = http://www.intel.com/technology/framework/overview1.htm |title=Intel Platform Innovation Framework for UEFI Overview |publisher=Intel |access-date=14 September 2010}}</ref>{{Failed verification|date=December 2020}} New mobile, desktop and server products, using Intel's implementation of UEFI, started shipping in 2006. For instance, boards that use the Intel 945 chipset series use Intel's UEFI firmware implementation.
Since 2005, EFI has also been implemented on non-PC architectures, such as embedded systems based on XScale cores.<ref name="IntelFrameworkOverviewUEFI" />
The EDK (EFI Developer Kit) includes an NT32 target, which allows EFI firmware and EFI applications to run within a Windows application. However, no direct hardware access is allowed by EDK NT32. This means only a subset of EFI application and drivers can be executed by the EDK NT32 target.
In 2008, more x86-64 systems adopted UEFI. While many of these systems still allow booting only the BIOS-based OSes via the Compatibility Support Module (CSM) (thus not appearing to the user to be UEFI-based), other systems started to allow booting UEFI-based OSes. For example, IBM x3450 server, MSI motherboards with ClickBIOS and HP EliteBook Notebook PCs.
In 2009, IBM shipped System x machines (x3550 M2, x3650 M2, iDataPlex dx360 M2) and BladeCenter HS22 with UEFI capability. Dell shipped PowerEdge T610, R610, R710, M610 and M710 servers with UEFI capability. More commercially available systems are mentioned in a UEFI whitepaper.<ref>{{citation | publisher = UEFI | url = http://www.uefi.org/news/uefi_industry/UEFIEvaluationPlatforms_2011_05.pdf | title = Evaluating UEFI using Commercially Available Platforms and Solutions | date = May 2011 | url-status = dead | archive-url = https://web.archive.org/web/20120322062159/http://www.uefi.org/news/uefi_industry/UEFIEvaluationPlatforms_2011_05.pdf | archive-date = 22 March 2012 | df = dmy-all }}</ref>
In 2011, major vendors (such as ASRock, Asus, Gigabyte, and MSI) launched several consumer-oriented motherboards using the Intel 6-series LGA 1155 chipset and AMD 9 Series AM3+ chipsets with UEFI.<ref name="Asus Motherboard">[http://www.bit-tech.net/hardware/motherboards/2010/11/16/asus-lga1155-motherboard-preview/1 Asus P67 Motherboard Preview].</ref>
With the release of Windows 8 in October 2012, Microsoft's certification requirements now require that computers include firmware that implements the UEFI specification. Furthermore, if the computer supports the "Connected Standby" feature of Windows 8 (which allows devices to have power management comparable to smartphones, with an almost instantaneous return from standby mode), then the firmware is not permitted to contain a Compatibility Support Module (CSM). As such, systems that support Connected Standby are incapable of booting Legacy BIOS operating systems.<ref>{{cite web | publisher = Microsoft | url = http://msdn.microsoft.com/en-us/library/windows/hardware/jj128256.aspx | title = Windows Hardware Certification Requirements for Client and Server Systems | date = January 2013 |quote=System.Fundamentals.Firmware.CS.UEFISecureBoot.ConnectedStandby ... Platforms shall be UEFI Class Three (see UEFI Industry Group, Evaluating UEFI using Commercially Available Platforms and Solutions, version 0.3, for a definition) with no Compatibility Support Module installed or installable. BIOS emulation and legacy PC/AT boot must be disabled.}}</ref><ref name=pcmag-connected>{{cite web|title=Microsoft: All You Need to Know About Windows 8 on ARM|url=https://www.pcmag.com/article2/0,2817,2400059,00.asp|work=PC Magazine|access-date=30 September 2013|archive-date=6 September 2013|archive-url=https://web.archive.org/web/20130906173044/http://www.pcmag.com/article2/0,2817,2400059,00.asp|url-status=dead}}</ref>
In October 2017, Intel announced that it would remove legacy PC BIOS support from all its products by 2020, in favor of UEFI Class 3.<ref>{{Cite web |url=https://uefi.org/sites/default/files/resources/Brian_Richardson_Intel_Final.pdf |title="Last Mile" Barriers to Removing Legacy BIOS |last=Richardson |first=Brian |date=30 October 2017 |access-date=12 April 2023}}</ref> By 2019, all computers based on Intel platforms no longer have legacy PC BIOS support.
=== Operating systems === A operating system that can be booted from (U)EFI is called a (U)EFI-aware operating system, defined by (U)EFI specification. Here the term ''booted from a (U)EFI'' means directly booting the system using a (U)EFI operating system loader stored on any storage device. The default location for the operating system loader is <code><EFI_SYSTEM_PARTITION>/BOOT/BOOT<MACHINE_TYPE_SHORT_NAME>.EFI</code>, where short name of the machine type can be <code>IA32</code>, <code>X64</code>, <code>IA64</code>, <code>ARM</code> or <code>AA64</code>.<ref name="UEFISpec2.11" />{{rp|section 3.5.1.1}} Some operating systems vendors may have their own boot loaders. They may also change the default boot location.
* The Linux kernel has been able to use EFI at boot time since early 2000s,<ref>[https://sourceforge.net/mailarchive/forum.php?thread_name=1077918495.14506.1.camel%40raphael.fc.hp.com&forum_name=elilo-announce Announcement of release 3.5pre1] by maintainer Brett Johnson made on 27 February 2004.</ref> using the elilo EFI boot loader and, more recently, EFI versions of GRUB<ref name="debiangrubexample">{{citation | url = https://packages.debian.org/sid/grub-efi | title = Debian - Details of package grub-efi in ssd | publisher = Debian GNU/Linux | access-date = 12 April 2026}}</ref> or systemd-boot. Grub+Linux also supports booting from a GUID partition table without UEFI.<ref name="grub-bios-installation" /> The distribution Ubuntu added support for UEFI Secure Boot as of version 12.10.<ref name=h-ubuntusecureboot>{{cite web |title=Ubuntu will use GRUB 2 for its Secure Boot implementation |url=http://www.h-online.com/open/news/item/Ubuntu-will-use-GRUB-2-for-its-Secure-Boot-implementation-1714232.html |url-status=dead |archive-url=https://web.archive.org/web/20121029124548/http://www.h-online.com/open/news/item/Ubuntu-will-use-GRUB-2-for-its-Secure-Boot-implementation-1714232.html |archive-date=29 October 2012 |publisher=The H Online |access-date=28 October 2012}}</ref> Furthermore, the Linux kernel can be compiled with the option to run as an EFI bootloader on its own through the EFI boot stub feature. In the Linux kernel, either the ACPI protocol (usually used on PC-compatible machines) or the DeviceTree protocol (usually used on smartphones and tablet computers) can be used with UEFI.<ref>{{Cite web |title=The Unified Extensible Firmware Interface (UEFI) |work=The Linux Kernel documentation |url=https://www.kernel.org/doc/html/v6.3/arm/uefi.html |access-date=2026-03-22}}</ref> * HP-UX has used (U)EFI as its boot mechanism on IA-64 systems since 2002. * OpenVMS has used EFI on IA-64 since its initial evaluation release in December 2003, and for production releases since January 2005.<ref>{{citation | url = http://h71000.www7.hp.com/openvms/os/openvms-release-history.html | publisher = HP | title = OpenVMS Release History | access-date = 16 September 2008 | url-status = dead | archive-url = https://web.archive.org/web/20090105052030/http://h71000.www7.hp.com/openvms/os/openvms-release-history.html | archive-date = 5 January 2009 | df = dmy-all }}</ref> OpenVMS on x86-64 also uses UEFI to boot the operating system.<ref>{{cite web|url=https://vmssoftware.com/pdfs/State_of_Port_20171006.pdf|access-date=9 September 2020|date=6 October 2017|website=vmssoftware.com|title=State of the Port to x86-64|archive-date=22 September 2020|archive-url=https://web.archive.org/web/20200922100900/https://vmssoftware.com/pdfs/State_of_Port_20171006.pdf|url-status=dead}}</ref> * Apple uses EFI for its line of Intel-based Macs. Mac OS X v10.4 Tiger and Mac OS X v10.5 Leopard implements EFI v1.10 in 32-bit mode even on 64-bit CPUs, but full support arrived with OS X v10.8 Mountain Lion.<ref name="appleuefiversion1">{{citation | url = https://refit.sourceforge.net/info/vista.html | title = rEFIt — Windows Vista and EFI | publisher = SourceForge | access-date = 31 May 2008 | archive-date = 5 September 2008 | archive-url = https://web.archive.org/web/20080905112841/http://refit.sourceforge.net/info/vista.html | url-status = dead }}</ref>{{Failed verification|date=July 2025}} * The Itanium versions of Windows 2000 (Advanced Server Limited Edition and Datacenter Server Limited Edition; based on the pre-release Windows Server 2003 codebase) implemented EFI 1.10 in 2002. Windows XP 64-bit Edition, Windows 2000 Advanced Server Limited Edition (pre-release Windows Server 2003) and Windows Server 2003 for IA-64, all of which are for the Intel Itanium family of processors, implement EFI, a requirement of the platform through the DIG64 specification.<ref>{{citation | publisher = Microsoft | title = Windows Server TechCenter | url = http://technet2.microsoft.com/WindowsServer/en/Library/6b03fad7-665e-49f3-8e7d-e1a6a5be9cf01033.mspx | contribution = Extensible Firmware Interface | url-status = dead | archive-url = https://web.archive.org/web/20060830101936/http://technet2.microsoft.com/WindowsServer/en/library/6b03fad7-665e-49f3-8e7d-e1a6a5be9cf01033.mspx | archive-date = 30 August 2006 | df = dmy-all }}</ref> * Microsoft introduced UEFI for x64 Windows operating systems with Windows Vista SP1<ref>[http://download.microsoft.com/download/a/f/d/afdfd50d-6eb9-425e-84e1-b4085a80e34e/sys-t303_wh07.pptx Unified Extensible Firmware Interface (UEFI) Implementation Guidelines]</ref> and Windows Server 2008 however only UGA (Universal Graphic Adapter) 1.1 or Legacy BIOS INT 10h is supported; Graphics Output Protocol (GOP) is not supported. Therefore, PCs running 64-bit versions of Windows Vista SP1, Windows Vista SP2, Windows 7, Windows Server 2008 and Windows Server 2008 R2 are compatible with UEFI Class 2.<ref>{{cite web |last1=Ersek |first1=Laszlo |title=Open Virtual Machine Firmware (OVMF) Status Report |url=https://www.linux-kvm.org/downloads/lersek/ovmf-whitepaper-c770f8c.txt |website=Linux KVM Project |access-date=13 November 2022 |date=January 2015}}</ref><ref>[https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/boot-to-uefi-mode-or-legacy-bios-mode Boot to UEFI Mode or legacy BIOS mode]</ref> 32-bit UEFI was originally not supported since vendors did not have any interest in producing native 32-bit UEFI firmware because of the mainstream status of 64-bit computing.<ref name="WindowsVistaUEFI">{{cite news |url=https://www.betaarchive.com/wiki/index.php?title=Microsoft_KB_Archive/930061 |title=Unified Extended Firmware Interface support in Windows Vista |publisher=Microsoft |date=26 October 2006 |access-date=12 June 2010 |quote=Microsoft determined that vendors would not have any interest in producing native UEFI 32-bit firmware because of the current status of mainstream 64-bit computing and platform costs. Therefore, Microsoft originally did not to ship support for 32-bit UEFI implementations. |archive-date=27 July 2020 |archive-url=https://web.archive.org/web/20200727071229/https://www.betaarchive.com/wiki/index.php?title=Microsoft_KB_Archive/930061 |url-status=dead }}</ref> Windows 8 finally introduced further optimizations for UEFI systems, including Graphics Output Protocol (GOP) support,<ref>[https://docs.microsoft.com/en-us/windows-hardware/drivers/display/microsoft-basic-display-driver Microsoft Basic Display Driver]</ref> a faster startup, 32-bit UEFI support, and Secure Boot support.<ref>{{cite web | url=http://www.winsupersite.com/blog/supersite-blog-39/windows8/microsoft-touts-incredible-windows-8-boot-times-140515 | title=Microsoft Touts Incredible Windows 8 Boot Times | access-date=9 September 2011}}</ref><ref name="Windows8UEFISecureBoot">{{cite news |url=https://arstechnica.com/business/news/2011/09/windows-8-secure-boot-will-complicate-linux-installs.ars |title=Windows 8 secure boot could complicate Linux installs |first=Jon |last=Brodkin |publisher=Ars Technica |date=21 September 2011 |access-date=23 September 2011}}</ref> Since Windows 8, the UEFI firmware with ACPI protocol is a mandatory requirement for ARM-based Microsoft Windows operating systems. Microsoft began requiring UEFI to run Windows with Windows 11,<ref>{{cite web|url=https://www.microsoft.com/en-us/windows/windows-11-specifications|title=Find Windows 11 specs, features, and computer requirements|publisher=Microsoft}}</ref> with IoT Enterprise editions of Windows 11 since version 24H2 exempt from the requirement.<ref>{{Cite web|date=22 May 2024 |title=Minimum System Requirements for Windows IoT Enterprise|url=https://learn.microsoft.com/en-gb/windows/iot/iot-enterprise/Hardware/System_Requirements?tabs=Windows11|access-date=7 June 2024 |website=Microsoft Learn}}</ref> * On 5 March 2013, the FreeBSD Foundation awarded a grant to a developer seeking to add UEFI support to the FreeBSD kernel and bootloader.<ref name=fbsd-uefi>{{cite web |title=FreeBSD to get UEFI support |url=http://www.h-online.com/open/news/item/FreeBSD-to-get-UEFI-support-1816670.html |url-status=dead |archive-url=https://web.archive.org/web/20130308014842/http://www.h-online.com/open/news/item/FreeBSD-to-get-UEFI-support-1816670.html |archive-date=8 March 2013 |publisher=The H |access-date=7 March 2013}}</ref> The changes were initially stored in a discrete branch of the FreeBSD source code, but were merged into the mainline source on 4 April 2014 (revision 264095); the changes include support in the installer as well.<ref name=fbsd-uefi-merge>{{cite web|title=UEFI - FreeBSD Wiki|url=https://wiki.freebsd.org/UEFI|publisher=FreeBSD.org|access-date=19 June 2014}}</ref> UEFI boot support for amd64 first appeared in FreeBSD 10.1 and for arm64 in FreeBSD 11.0.<ref>{{Cite web|title=uefi(8)|url=https://www.freebsd.org/cgi/man.cgi?query=uefi&sektion=8|access-date=11 January 2021|website=www.freebsd.org}}</ref> * NetBSD supports UEFI since version 8.0<ref>{{cite web|title=Announcing NetBSD 8.0 (July 17, 2018)|url=https://www.netbsd.org/releases/formal-8/NetBSD-8.0.html|access-date=8 February 2026|website=www.netbsd.org}}</ref> for i386 and amd64 architectures as well as on various ARM platforms since version 9.0<ref>{{cite web|title=Announcing NetBSD 9.0 (Feb 14, 2020)|url=https://www.netbsd.org/releases/formal-9/NetBSD-9.0.html|access-date=8 February 2026|website=www.netbsd.org}}</ref>. * Oracle Solaris 11.1 and later support UEFI boot for x86 systems with UEFI firmware version 2.1 or later. GRUB 2 is used as the boot loader on x86.<ref name="solaris-uefi">{{cite web | url = https://www.oracle.com/technetwork/server-storage/solaris11/documentation/solaris11-1-whatsnew-1732377.pdf | title = Oracle Solaris 11.1 — What's New | access-date = 12 April 2026 | publisher = oracle.com }}</ref> * OpenBSD 5.9<ref>{{Cite web|url=http://www.openbsd.org/59.html|title=OpenBSD 5.9|website=www.openbsd.org|access-date=11 September 2016}}</ref> introduced UEFI boot support for 64-bit x86 systems using its own custom loader, OpenBSD 6.0 extended that support to include ARMv7.<ref>{{Cite web|url=http://www.openbsd.org/60.html|title=OpenBSD 6.0|website=www.openbsd.org|access-date=11 September 2016}}</ref> * illumos added basic UEFI support in October 2017.<ref>{{Cite web|url=https://www.illumos.org/issues/8422|title=8422 uts: basic UEFI support for illumos|website=www.illumos.org|access-date=17 December 2024}}</ref> * ArcaOS supports UEFI booting since the 5.1 release.<ref>{{Cite web|url=https://www.theregister.com/2023/09/04/arcaos_51/|title=ArcaOS 5.1 gives vintage OS/2 a UEFI facelift for the 21st century|first=Liam|last=Proven|date=4 September 2023|publisher=The Register|language=en|access-date=4 September 2023}}</ref> ArcaOS' UEFI support emulates specific BIOS functionality which the operating system depends on (particularly interrupts INT 10H and INT 13H).<ref>{{cite web|url=https://www.youtube.com/watch?v=X07tnbq8_sM|website=youtube.com|date=8 August 2019|access-date=22 September 2020|title=Booting ArcaOS on UEFI hardware (demonstration)}}</ref><ref>{{cite journal |url=https://www.techrepublic.com/article/modern-os2-distribution-arcaos-adds-support-for-booting-via-uefi/ |url-status=dead |archive-url=https://web.archive.org/web/20191021223549/https://www.techrepublic.com/article/modern-os2-distribution-arcaos-adds-support-for-booting-via-uefi/ |archive-date=21 October 2019 |date=13 August 2019 |access-date=4 September 2023 |first=James |last=Sanders |website=techrepublic.com |title=Modern OS/2 distribution ArcaOS adds support for booting via UEFI}}</ref>
=== With virtualization === * HP Integrity Virtual Machines provides UEFI boot on HP Integrity Servers. It also provides a virtualized UEFI environment for the guest UEFI-aware OSes. * Intel hosts an Open Virtual Machine Firmware project on SourceForge.<ref>{{citation | url = https://sourceforge.net/apps/mediawiki/tianocore/index.php?title=OVMF | publisher = SourceForge | title = Open Virtual Machine Firmware | url-status = dead | archive-url = https://web.archive.org/web/20111006173225/http://sourceforge.net/apps/mediawiki/tianocore/index.php?title=OVMF | archive-date = 6 October 2011 | df = dmy-all }}</ref> * VMware Fusion 3 software for Mac OS X can boot Mac OS X Server virtual machines using UEFI. * VMware Workstation prior to version 11 unofficially supports UEFI, but is manually enabled by editing the .vmx file.<ref>{{cite web|url=https://communities.vmware.com/thread/420405 |title=VMWare Workstation EFI firmware | VMware Communities |date=3 October 2012 |publisher=Communities.vmware.com |access-date=28 February 2014}}</ref> VMware Workstation version 11 and above supports UEFI, independently of whether the physical host system is UEFI-based. VMware Workstation 14 (and accordingly, Fusion 10) adds support for the Secure Boot feature of UEFI.<ref>{{cite web|url=https://communities.vmware.com/docs/DOC-28494 |title=Using EFI/UEFI firmware in a VMware Virtual Machine | VMware Communities |date=6 December 2014 |publisher=Communities.vmware.com |access-date=18 January 2016}}</ref><ref>{{Cite news|url=https://blogs.vmware.com/workstation/2017/08/announcing-vmware-workstation-14.html|title=Announcing VMware Workstation 14 - VMware Workstation Zealot|date=22 August 2017|work=VMware Workstation Zealot|access-date=2 August 2018|language=en-US}}</ref> * The VMware ESXi 5.0 hypervisor officially supports UEFI. Version 6.5 adds support for Secure Boot.<ref>{{cite web |url=https://www.vmware.com/support/vsphere5/doc/vsphere-esx-vcenter-server-50-new-features.html |title=What's New in vSphere 5.0 |publisher=Vmware.com |access-date=28 February 2014 |archive-date=23 January 2014 |archive-url=https://web.archive.org/web/20140123211204/https://www.vmware.com/support/vsphere5/doc/vsphere-esx-vcenter-server-50-new-features.html |url-status=dead }}</ref><ref>{{Cite web|url=https://pubs.vmware.com/Release_Notes/en/vsphere/65/vsphere-esxi-vcenter-server-65-release-notes.html|title=VMware vSphere 6.5 Release Notes|website=pubs.vmware.com|access-date=13 January 2017|archive-date=13 January 2017|archive-url=https://web.archive.org/web/20170113143315/http://pubs.vmware.com/Release_Notes/en/vsphere/65/vsphere-esxi-vcenter-server-65-release-notes.html|url-status=dead}}</ref> * VirtualBox has implemented UEFI since 3.1,<ref>{{citation | url = http://www.virtualbox.org/wiki/Changelog-3.1 | publisher = VirtualBox | title = 3.1 Changelog | url-status = dead | archive-url = https://web.archive.org/web/20100928210932/http://www.virtualbox.org/wiki/Changelog-3.1 | archive-date = 28 September 2010 | df = dmy-all }}</ref> but is limited to Unix/Linux operating systems and Windows 8 and later (does not work with Windows Vista x64 and Windows 7 x64).<ref>{{citation | url = http://www.virtualbox.org/ticket/7702 | publisher = VirtualBox | title = Ticket 7702}}</ref><ref>{{citation | url = https://forums.virtualbox.org/viewtopic.php?f=1&p=183022#p114765 | publisher = VirtualBox | title = Installing with EFI | first = Vasily | last = Levchenko}}</ref> * QEMU/KVM can be used with the Open Virtual Machine Firmware (OVMF) provided by TianoCore.<ref>{{cite web|url=https://fedoraproject.org/wiki/Testing_secureboot_with_KVM |title=Testing secureboot with KVM |publisher=FedoraProject |access-date=28 February 2014}}</ref> * The second generation of the Microsoft Hyper-V virtual machine supports virtualized UEFI.<ref>{{cite web|url=https://technet.microsoft.com/en-us/library/dn282278.aspx |title=What's New in Hyper-V for Windows Server 2012 R2 |publisher=MicrosoftTechNet |access-date=24 June 2013}}</ref> * Google Cloud Platform Shielded VMs support virtualized UEFI to enable Secure Boot.<ref>{{cite web|url=https://cloud.google.com/shielded-vm?gclid=Cj0KCQiA7aPyBRChARIsAJfWCgLq4tbyWeZHT6RrfMxAP5_X6O52Dq64WfAS_3TupIV3_moxFlReSGUaAqz0EALw_wcB|title=Shielded VMs|access-date=16 February 2019}}</ref>
==Vulnerabilities==
UEFI implementation flaws have been exploited to gain persistence, the ability to maintain malicious access to a compromised system even after system reboot, operating system reinstallation, and even partial physical part replacement, such as of corrupted PCI persistent flash storage. There were vulnerabilities in 2023 even with Secure Boot enabled.<ref>{{cite web | title=A Call to Action: Bolster UEFI Cybersecurity Now | publisher=Cybersecurity and Infrastructure Security Agency (CISA)|first1=Jonathan|last1=Spring|first2=Sandra|last2=Radesky|date=3 August 2023 | url=https://www.cisa.gov/news-events/news/call-action-bolster-uefi-cybersecurity-now }}</ref> In 2023 Microsoft published a warning about BlackLotus UEFI malware.<ref>{{cite web | title=Microsoft Releases Guidance for the BlackLotus Campaign |publisher=Cybersecurity and Infrastructure Security Agency (CISA)| date=11 April 2023 | url=https://www.cisa.gov/news-events/alerts/2023/04/11/microsoft-releases-guidance-for-the-blacklotus-campaign}}</ref>
== Applications development<span class="anchor" id="EADK"></span> ==
''EDK2 Application Development Kit'' (EADK) makes it possible to use standard C library functions in UEFI applications. EADK can be freely downloaded from the Intel's TianoCore UDK / EDK2 SourceForge project. As an example, a port of the Python interpreter is made available as a UEFI application by using the EADK.<ref>{{cite web | url = https://sourceforge.net/apps/mediawiki/tianocore/index.php?title=EDKII_EADK | url-status = dead | archive-url = https://web.archive.org/web/20130927142006/https://sourceforge.net/apps/mediawiki/tianocore/index.php?title=EDKII_EADK | archive-date = 27 September 2013 | title = TianoCore on SourceForge: EDK2 Application Development Kit (EADK) | access-date = 25 September 2013 | publisher = Intel }}</ref> The development has moved to GitHub since .UDK2015.<ref>{{cite web |title=Tianocore: UDK |url=https://github.com/tianocore/tianocore.github.io/wiki/UDK |website=GitHub |language=en}}</ref>
== Criticism == Numerous digital rights activists have protested UEFI. Ronald G. Minnich, a co-author of coreboot, and Cory Doctorow, a digital rights activist, have criticized UEFI as an attempt to remove the ability of the user to truly control the computer.<ref name="FosdemInterviewRonaldGMinnich">{{cite web | url = https://archive.fosdem.org/2007/interview/ronald%2bg%2bminnich.html |title = Interview: Ronald G Minnich | publisher = Fosdem | date = 6 February 2007 | access-date =14 September 2010}}</ref><ref>{{citation | url = http://boingboing.net/2011/12/27/the-coming-war-on-general-purp.html | title = The Coming War on General Purpose Computation | first = Cory | last = Doctorow | date = 27 December 2011 | access-date = 25 September 2013}}</ref> It does not solve the BIOS's long-standing problems of requiring two different drivers—one for the firmware and one for the operating system—for most hardware.<ref name="YouTubeCorebootFirmware">{{cite web |url = https://www.youtube.com/watch?v=X72LgcMpM9k | title = coreboot (aka LinuxBIOS): The Free/Open-Source x86 Firmware |publisher=YouTube |date=31 October 2008 |access-date=14 September 2010 }}</ref>
Open-source project TianoCore also provides UEFIs.<ref>{{citation | chapter-url = https://sourceforge.net/apps/mediawiki/tianocore/index.php?title=Welcome | publisher = SourceForge | title = TianoCore | chapter = Welcome | url-status = dead | archive-url = https://web.archive.org/web/20120423101551/http://sourceforge.net/apps/mediawiki/tianocore/index.php?title=Welcome | archive-date = 23 April 2012 | df = dmy-all }}</ref> TianoCore lacks the specialized firmware drivers and modules that initialize chipset functions, but TianoCore is one of many payload options of coreboot. The development of coreboot requires cooperation from chipset manufacturers to provide the specifications needed to develop initialization drivers.
=== Secure Boot<span class="anchor" id="Secure Boot criticism"></span> === {{See also|Windows 8#Reception}} upright=1.4|thumb|Examples of custom Secure Boot public keys upright=1.4|thumb|MokManager, a part of shim bootloader used to enroll Machine Owner Key (MOK) to UEFI system
In 2011, Microsoft announced that computers certified to run its Windows 8 operating system had to ship with Microsoft's public key enrolled and Secure Boot enabled, which implies that using UEFI is a requirement for these devices.<ref>{{cite web | url=https://www.networkworld.com/article/738394/microsoft-subnet-next-gen-boot-spec-could-forever-lock-linux-off-windows-8-pcs.html | title=Next-gen boot spec could forever lock Linux off Windows 8 PCS }}</ref><ref>{{cite web | url=https://arstechnica.com/information-technology/2011/09/windows-8-secure-boot-will-complicate-linux-installs/ | title=Windows 8 secure boot could complicate Linux installs | date=21 September 2011 }}</ref> Following the announcement, the company was accused by critics and free-software/open-source advocates (including the Free Software Foundation) of trying to use the Secure Boot functionality of UEFI to hinder or outright prevent the installation of alternative operating systems such as Linux. Microsoft denied that the Secure Boot requirement was intended to serve as a form of lock-in and clarified its requirements by stating that x86-based systems certified for Windows 8 must allow Secure Boot to enter custom mode or be disabled, but not on systems using the ARM architecture.<ref name=pcw-ueficontroversy/><ref name="cwuk-arm">{{cite web |title=Is Microsoft Blocking Linux Booting on ARM Hardware? |url=http://www.computerworlduk.com/blogs/open-enterprise/is-microsoft-blocking-linux-booting-on-arm-hardware-3569162/ |archive-url=https://web.archive.org/web/20141222152649/http://www.computerworlduk.com/blogs/open-enterprise/is-microsoft-blocking-linux-booting-on-arm-hardware-3569162/ |archive-date=22 December 2014 |access-date=6 March 2012 |publisher=Computerworld UK}}</ref> Windows 10 allows OEMs to decide whether or not Secure Boot can be managed by users of their x86 systems.<ref name=arstechnica-securebootw10>{{cite web |title=Windows 10 to make the Secure Boot alt-OS lock out a reality |url=https://arstechnica.com/information-technology/2015/03/windows-10-to-make-the-secure-boot-alt-os-lock-out-a-reality/ |website=Ars Technica |date=20 March 2015 |access-date=21 March 2015}}</ref>
Other developers raised concerns about the legal and practical issues of implementing support for Secure Boot on Linux systems in general. Former Red Hat developer Matthew Garrett noted that conditions in the GNU General Public License version 3 may prevent the use of the GNU GRand Unified Bootloader without a distribution's developer disclosing the private key (however, the Free Software Foundation has since clarified its position, assuring that the responsibility to make keys available was held by the hardware manufacturer),<ref>{{cite web |title=Free Software Foundation recommendations for free operating system distributions considering Secure Boot |url=https://www.fsf.org/campaigns/secure-boot-vs-restricted-boot/whitepaper-web |website=Free Software Foundation |access-date=18 March 2020}}</ref><ref name=h-ubuntusecureboot/> and that it would also be difficult for advanced users to build custom kernels that could function with Secure Boot enabled without self-signing them.<ref name="cwuk-arm" /> Other developers suggested that signed builds of Linux with another key could be provided, but noted that it would be difficult to persuade OEMs to ship their computers with the required key alongside the Microsoft key.<ref name="ElReg1">{{cite news |url=https://www.theregister.co.uk/2011/09/23/ms_denies_uefi_lock_in/ |title=MS denies secure boot will exclude Linux |publisher=The Register |date=23 September 2011 |access-date=24 September 2011}}</ref>
[[File:REFInd boot manager installation successful screenshot.webp|upright=1.4|alt=Screenshot of a successful installation of rEFInd boot manager, showing detection of shim boot loader, installation into NVRAM, and enrolment of Machine Owner Key (MOK) with a password for the next reboot|thumb|Screenshot of installation of rEFInd boot manager, using shim and Machine Owner Key (MOK) for Secure Boot support]]
Several major Linux distributions have developed different implementations for Secure Boot. Garrett himself developed a minimal bootloader known as a shim, which is a precompiled, signed bootloader that allows the user to individually trust keys provided by Linux distributions.<ref>{{cite web |title=Shimming your way to Linux on Windows 8 PCs |url=https://www.zdnet.com/article/shimming-your-way-to-linux-on-windows-8-pcs/ |publisher=ZDNet |access-date=26 February 2013}}</ref> Ubuntu 12.10 uses an older version of shim{{Which|date=October 2017}} pre-configured for use with Canonical's own key that verifies only the bootloader and allows unsigned kernels to be loaded; developers believed that the practice of signing only the bootloader is more feasible, since a trusted kernel is effective at securing only the user space, and not the pre-boot state for which Secure Boot is designed to add protection. That also allows users to build their own kernels and use custom kernel modules as well, without the need to reconfigure the system.<ref name=h-ubuntusecureboot/><ref name=lwn-efilinux/><ref name=h-mscert>{{cite web |title=No Microsoft certificate support in Linux kernel says Torvalds |url=http://www.h-online.com/open/news/item/No-Microsoft-certificate-support-in-Linux-kernel-says-Torvalds-1811883.html |url-status=dead |archive-url=https://web.archive.org/web/20130228154244/http://www.h-online.com/open/news/item/No-Microsoft-certificate-support-in-Linux-kernel-says-Torvalds-1811883.html |archive-date=28 February 2013 |publisher=The H |access-date=26 February 2013}}</ref> Canonical also maintains its own private key to sign installations of Ubuntu pre-loaded on certified OEM computers that run the operating system, and also plans to enforce a Secure Boot requirement as well{{emdash}}requiring both a Canonical key and a Microsoft key (for compatibility reasons) to be included in their firmware. Fedora also uses shim,{{Which|date=October 2017}} but requires that both the kernel and its modules be signed as well.<ref name=lwn-efilinux>{{cite web |last1=Willis |first1=Nathan |title=Ubuntu details its UEFI Secure Boot plans |date=27 June 2012 |url=https://lwn.net/Articles/503803/ |publisher=Linux Weekly News |access-date=11 September 2012}}</ref> shim has Machine Owner Key (MOK) that can be used to sign locally compiled kernels and other software not signed by distribution maintainer, without changing the Secure Boot mode to setup mode.<ref>{{Cite web |last=Smith |first=Roderick W. |date=4 November 2012 |title=Managing EFI Boot Loaders for Linux: Dealing with Secure Boot (Using the Shim Program) |url=https://www.rodsbooks.com/efi-bootloaders/secureboot.html#shim |access-date=17 January 2025 |website=Roderick W. Smith's Web Page}}</ref><ref>{{Cite news |last=Edge |first=Jake |date=2012-10-17 |title=Another approach to UEFI secure boot |url=https://lwn.net/Articles/519618/ |access-date=2026-02-07 |work=LWN.net |language=en-US}}</ref>
It has been disputed whether the operating-system kernel and its modules must be signed as well; while the UEFI specifications do not require it, Microsoft has asserted that their contractual requirements do, and that it reserves the right to revoke any certificates used to sign code that can be used to compromise the security of the system.<ref name=h-mscert/> In Windows, if Secure Boot is enabled, all kernel drivers must be digitally signed; non-WHQL drivers may be refused to load. In February 2013, another Red Hat developer attempted to submit a patch to the Linux kernel that would allow it to parse Microsoft's authenticode signing using a master X.509 key embedded in PE files signed by Microsoft. However, the proposal was criticized by Linux creator Linus Torvalds, who attacked Red Hat for supporting Microsoft's control over the Secure Boot infrastructure.<ref name=ars-linus>{{cite web |title=Linus Torvalds: I will not change Linux to "deep-throat Microsoft" |date=26 February 2013 |url=https://arstechnica.com/information-technology/2013/02/linus-torvalds-i-will-not-change-linux-to-deep-throat-microsoft/ |publisher=Ars Technica |access-date=26 February 2013}}</ref>
On 26 March 2013, the Spanish free-software development group Hispalinux filed a formal complaint with the European Commission, contending that Microsoft's Secure Boot requirements on OEM systems were "obstructive" and anti-competitive.<ref name=reuters-hispalinuxuefi>{{cite news |title=Exclusive: Open software group files complaint against Microsoft to EU |url=https://www.reuters.com/article/us-microsoft-eu-idUSBRE92P0E120130326 |publisher=Reuters |access-date=26 March 2013 |date=26 March 2013}}</ref>
At the Black Hat conference in August 2013, a group of security researchers presented a series of exploits in specific vendor implementations of UEFI that could be used to exploit Secure Boot.<ref name=itworld-securebootexploit>{{cite web |title=Researchers demo exploits that bypass Windows 8 Secure Boot |url=http://www.itworld.com/endpoint-security/367583/researchers-demo-exploits-bypass-windows-8-secure-boot |work=IT World |access-date=5 August 2013 |archive-date=5 August 2013 |archive-url=https://web.archive.org/web/20130805113138/http://www.itworld.com/endpoint-security/367583/researchers-demo-exploits-bypass-windows-8-secure-boot |url-status=dead}}</ref>
In August 2016 it was reported that two security researchers had found the "golden key" security key Microsoft uses in signing operating systems.<ref>{{cite news |last1=Mendelsohn |first1=Tom |title=Secure Boot snafu: Microsoft leaks backdoor key, firmware flung wide open [Updated] |url=http://arstechnica.co.uk/security/2016/08/microsoft-secure-boot-firmware-snafu-leaks-golden-key/ |access-date=12 August 2016 |publisher=Ars Technica |date=12 August 2016}}</ref> Technically, no key was exposed, however, an exploitable binary signed by the key was. This allows any software to run as though it was genuinely signed by Microsoft and exposes the possibility of rootkit and bootkit attacks. This also makes patching the fault impossible, since any patch can be replaced (downgraded) by the (signed) exploitable binary. Microsoft responded in a statement that the vulnerability only exists in ARM architecture and Windows RT devices, and has released two patches; however, the patches do not (and cannot) remove the vulnerability, which would require key replacements in end-user firmware to fix.{{citation needed|date=October 2017}}
On 1 March 2023, researchers from ESET Cybersecurity Firm reported "The first in-the-wild UEFI bootkit bypassing UEFI Secure Boot" named "BlackLotus" in their public analyses findings describing the theory behind its mechanics exploiting the patches that "do not (and cannot) remove the vulnerability".<ref>{{cite web |last1=Smolár |first1=Martin |title=BlackLotus UEFI bootkit: Myth confirmed |url= https://www.welivesecurity.com/2023/03/01/blacklotus-uefi-bootkit-myth-confirmed/ |access-date=1 March 2023 |website=welivesecurity.com |date=1 March 2023}}</ref><ref>{{cite news |last1=Goodin |first1=Dan |title=Stealthy UEFI malware bypassing Secure Boot enabled by unpatchable Windows flaw |url= https://arstechnica.com/information-technology/2023/03/unkillable-uefi-malware-bypassing-secure-boot-enabled-by-unpatchable-windows-flaw/ |access-date=6 March 2023 |publisher=Ars Technica |date=6 March 2023}}</ref>
upright=1.4|thumb|Example of Secure Boot Advanced Targeting (SBAT) metadata in UEFI applications
In August 2024, the Windows 11 and Windows 10 security updates applied the Secure Boot Advanced Targeting (SBAT) settings to device's UEFI NVRAM, which caused some Linux distributions to fail to load. SBAT is a protocol that supported in new versions of Windows Boot Manager and shim, which refuse buggy or vulnerable intermediate bootloaders (usually older versions of Windows Boot Manager and GRUB) to load in the boot process. The change was reverted the next month.<ref>{{Cite web |last=WindowsCommunications |date=26 August 2024 |title=Windows 11, version 23H2 known issues and notifications |url=https://learn.microsoft.com/en-us/windows/release-health/status-windows-11-23H2 |access-date=3 September 2024 |website=learn.microsoft.com |language=en-us}}</ref>
In June 2025, LWN.net reported that the Microsoft UEFI CA 2011 certificate will be expired in June 2026, which may refuse some Linux to load if Secure Boot is enabled.<ref>{{Cite news |last=Edge |first=Jake |date=16 July 2025 |title=Linux and Secure Boot certificate expiration |url=https://lwn.net/Articles/1029767/ |access-date=12 September 2025 |work=LWN.net |language=en-US}}</ref> However, in TianoCore EDK II as well as many commercial UEFI implementations (such as AMI Aptio), time/date check for Secure Boot certificate is usually disabled by default.<ref>{{Cite web |title=Windows Secure Boot certificate expiration and CA updates - Microsoft Support |url=https://support.microsoft.com/en-us/topic/windows-secure-boot-certificate-expiration-and-ca-updates-7ff40d33-95dc-4c3c-8725-a9b95457578e |access-date=12 September 2025 |website=support.microsoft.com}}</ref>
Many Linux distributions support UEFI Secure Boot {{As of|2025|January|lc=y}}, such as RHEL (RHEL 7 and later), CentOS (CentOS 7 and later<ref>{{Cite web |title=HowTos/UEFI |url=https://wiki.centos.org/HowTos/UEFI |access-date=10 November 2020 |website=CentOS Wiki}}</ref>), Ubuntu, Fedora, Debian (Debian 10 and later<ref>{{Cite web |title=SecureBoot |url=https://wiki.debian.org/SecureBoot |access-date=10 November 2020 |website=Debian Wiki}}</ref>), OpenSUSE, and SUSE Linux Enterprise.<ref>{{Cite web |title=SUSE Linux Enterprise Server 15 SP5: Chapter 17. UEFI (Unified Extensible Firmware Interface) (Administration Guide) |url=https://documentation.suse.com/sles/15-SP5/html/SLES-all/cha-uefi.html |access-date=12 January 2025 |website=documentation.suse.com}}</ref>
=== Firmware problems === The increased prominence of UEFI firmware in devices has also led to a number of technical problems blamed on their respective implementations.<ref name=zdnet-linux8>{{cite web|title=Linux on Windows 8 PCs: Some progress, but still a nuisance|url=https://www.zdnet.com/article/linux-on-windows-8-pcs-some-progress-but-still-a-nuisance/|publisher=ZDNet|access-date=26 February 2013}}</ref>
Following the release of Windows 8 in October 2012, it was discovered that certain Lenovo computer models with Secure Boot had UEFI that was checking for the presence of "Windows Boot Manager" or "Red Hat Enterprise Linux" in the descriptive string of an UEFI-supported operating system, otherwise refusing to load it.<ref name=p-lenovo>{{cite web|title=Lenovo UEFI Only Wants To Boot Windows, RHEL|url=https://www.phoronix.com/scan.php?page=news_item&px=MTIyOTg|publisher=Phoronix|access-date=26 February 2013}}</ref> Other problems were encountered by several Toshiba laptop models with Secure Boot that were missing certain certificates required for its proper operation.<ref name=zdnet-linux8/>
In January 2013 a bug was publicized regarding the UEFI implementation on some Samsung laptops, which caused them to be bricked after installing a Linux distribution in UEFI mode. While potential conflicts with a kernel module designed to access system features on Samsung laptops were initially blamed (also prompting kernel maintainers to disable the module on UEFI systems as a safety measure), Matthew Garrett discovered that the bug was actually triggered by storing too many UEFI variables to memory, and that the bug could also be triggered under Windows under certain conditions. He determined that the offending kernel module had caused kernel message dumps to be written to the firmware, thus triggering the bug.<ref name=theh-brickwindows>{{cite web |title=Samsung UEFI bug: Notebook bricked from Windows |url=http://www.h-online.com/open/news/item/Samsung-UEFI-bug-Notebook-bricked-from-Windows-1801439.html |url-status=dead |archive-url=https://web.archive.org/web/20130301132752/http://www.h-online.com/open/news/item/Samsung-UEFI-bug-Notebook-bricked-from-Windows-1801439.html |archive-date=1 March 2013 |publisher=The H |access-date=27 February 2013}}</ref><ref name=bittech-uefideath>{{cite web|title=Linux acquitted in Samsung laptop UEFI deaths|url=http://www.bit-tech.net/news/bits/2013/02/11/linux-samsung-deaths-2/1|publisher=Bit-tech|access-date=26 February 2013}}</ref><ref name=theh-samsungbrick>{{cite web |title=Booting Linux using UEFI can brick Samsung laptops |url=http://www.h-online.com/open/news/item/Booting-Linux-using-UEFI-can-brick-Samsung-laptops-1793958.html |url-status=dead |archive-url=https://web.archive.org/web/20130308173243/http://www.h-online.com/open/news/item/Booting-Linux-using-UEFI-can-brick-Samsung-laptops-1793958.html |archive-date=8 March 2013 |publisher=The H |access-date=26 February 2013}}</ref>
== See also == * {{Annotated link|ACPI}} * {{Annotated link|Bootloader}} * {{Annotated link|MoonBounce}} * {{Annotated link|OpenBIOS}} * System Management BIOS (SMBIOS) * Trusted Platform Module (TPM) * UEFI Platform Initialization (UEFI PI) * {{Annotated link|UEFITool}}
== Notes == {{Notelist}}
== References == {{Reflist}}
== Further reading == * {{cite web |last1=Zimmer |first1=Vincent |first2=Michael |last2=Rothman |first3=Robert |last3=Hale |title=EFI Architecture |url=http://www.drdobbs.com/embedded-systems/efi-architecture/199500688 |work=Dr. Dobb's Journal |publisher=UBM |access-date=12 October 2012 |date=10 May 2007}} * {{cite web |first=Jonathan |last=de Boyne Pollard |url=http://jdebp.eu./FGA/efi-boot-process.html |title=The EFI boot process |work=Frequently Given Answers |date=11 July 2011 |access-date=12 October 2012}} * {{cite web |first=Jonathan |last=de Boyne Pollard |url=http://jdebp.eu./FGA/windows-nt-6-boot-process.html |title=The Windows NT 6 boot process |work=Frequently Given Answers |date=8 December 2011 |access-date=12 October 2012}} * {{cite web |first=Roderick W. |last=Smith |url=http://rodsbooks.com/bios2uefi/ |title=A BIOS to UEFI Transformation |work=Roderick W. Smith's Web Page |year=2011 |access-date=12 October 2012}} * {{cite web |first=Rajiv |last=Kothari |url=http://www.hardwaresecrets.com/article/UEFI-Just-How-Important-It-Really-Is/1385 |title=UEFI – Just How Important It Really Is |work=Hardware Secrets |date=21 September 2011 |access-date=12 October 2012 |url-status=dead |archive-url=https://web.archive.org/web/20121025093125/http://www.hardwaresecrets.com/article/UEFI-Just-How-Important-It-Really-Is/1385 |archive-date=25 October 2012 }} * {{cite journal |first=Doug |last=Fisher |url=http://noggin.intel.com/technology-journal/2011/151/uefi-today-bootstrapping-continuum |title=UEFI Today: Bootstrapping the Continuum |journal=Intel Technology Journal |publisher=Intel |volume=15 |issue=1 |year=2011 |isbn=9781934053430 |access-date=24 September 2013 |archive-date=27 September 2013 |archive-url=https://web.archive.org/web/20130927155448/http://noggin.intel.com/technology-journal/2011/151/uefi-today-bootstrapping-continuum |url-status=dead }}
== External links == {{Commons category|Extensible Firmware Interface}} * {{Official website}} * [https://uefi.org/specifications UEFI Specifications] * [https://www.tianocore.org/ Intel-sponsored open-source EFI Framework initiative] * [https://www.intel.com/content/www/us/en/architecture-and-technology/unified-extensible-firmware-interface/efi-homepage-general-technology.html Intel EFI/UEFI portal] * [https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-8.1-and-8/hh824898(v=win.10) Microsoft UEFI Support and Requirements for Windows Operating Systems] * [https://www.techrepublic.com/blog/windows-and-office/how-windows-8-hybrid-shutdown-fast-boot-feature-works/ How Windows 8 Hybrid Shutdown / Fast Boot feature works] * [https://docs.microsoft.com/en-us/windows/security/information-protection/secure-the-windows-10-boot-process Securing the Windows 10 Boot Process] * [https://www.welivesecurity.com/2018/09/27/lojax-first-uefi-rootkit-found-wild-courtesy-sednit-group/ LoJax: First UEFI rootkit found in the wild, courtesy of the Sednit group] * [https://github.com/tianocore/edk2-libc/blob/master/AppPkg/Applications/Python/Python-3.6.8/Py368ReadMe.txt Python Interpreter for UEFI Shell]
{{Firmware and booting}}
Category:Unified Extensible Firmware Interface Category:Articles with example C code