Unified Extensible Firmware Interface (UEFI)
统一可扩展固件接口(UEFI)
What is Unified Extensible Firmware Interface (UEFI)?
统一可扩展固件接口(UEFI)是连接计算机固件和操作系统(OS)的软件程序规范。UEFI 预计将最终取代基本输入/输出系统(BIOS),但与之兼容。该规范最常用的发音是字母 U-E-F-I。
Unified Extensible Firmware Interface (UEFI) is a specification for a software program that connects a computer's firmware to its operating system (OS). UEFI is expected to eventually replace basic input/output system (BIOS) but is compatible with it. The specification is most often pronounced by naming the letters U-E-F-I.
UEFI 通过安装在电脑主板上的特殊固件运行。与 BIOS 一样,UEFI 也是在生产时安装的,是启动计算机时运行的第一个程序。它检查哪些硬件组件已连接,唤醒这些组件,然后将它们交给操作系统。新规范解决了 BIOS 的几个限制,包括对硬盘分区大小的限制和 BIOS 执行任务所需的时间。
UEFI functions via special firmware installed on a computer's motherboard. Like BIOS, UEFI is installed at the time of manufacturing and is the first program that runs when booting a computer. It checks to see which hardware components are attached, wakes up the components and hands them over to the OS. The new specification addresses several limitations of BIOS, including restrictions on hard disk partition size and the amount of time BIOS takes to perform its tasks.
尽管英特尔公司(Intel Corp. )已表示打算逐步取消较新个人电脑(PC)的 BIOS 支持,但大多数现代计算机系统都配备了支持传统 BIOS 和 UEFI 的设备。
Most modern computer systems are equipped to support traditional BIOS, as well as UEFI, although Intel Corp. has stated its intention to phase out BIOS support in newer personal computers (PCs).
What does UEFI do?
UEFI 定义了操作系统和平台固件通信的新方法,提供了一种轻量级 BIOS 替代方案,只使用启动操作系统启动过程所需的信息。此外,UEFI 还提供增强的计算机安全功能,并支持大多数现有的 BIOS 系统,具有向后兼容性。
UEFI defines a new method by which OSes and platform firmware communicate, providing a lightweight BIOS alternative that uses only the information needed to launch the OS boot process. In addition, UEFI provides enhanced computer security features and supports most existing BIOS systems with backward compatibility.
UEFI 包含平台相关的数据表以及操作系统加载器使用的启动和运行时服务调用。这些信息共同定义了支持 UEFI 的固件和硬件设备必须实现的接口和结构。UEFI 是可编程的,使原始设备制造商开发人员能够添加应用程序和驱动程序,并使 UEFI 发挥轻量级操作系统的作用。
UEFI contains platform-related data tables and boot and runtime service calls used by the OS loader. Taken together, this information defines the required interfaces and structures that must be implemented for firmware and hardware devices to support UEFI. UEFI is programmable, enabling original equipment manufacturer developers to add applications and drivers and UEFI to function as a lightweight OS.
一般来说,BIOS 被认为是早期计算机的残余,而 UEFI 则被认为是未来的潮流。不过,为了便于理解,一些信息技术用户将这两个程序统称为 UEFI BIOS,尽管它们之间存在着本质区别。
In general, BIOS is considered a vestige from earlier computing, whereas UEFI is regarded as the wave of the future. However, for ease of understanding, some information technology users refer to the processes collectively as UEFI BIOS, despite their substantial differences.
UEFI's evolution from EFI (
UEFI 从 EFI 演进而来
)
自 20 世纪 70 年代中期磁盘操作系统计算机问世以来,BIOS 就一直在使用。1981 年,IBM 成为第一家将 BIOS 集成到个人电脑中的厂商,此举促使 BIOS 被业界广泛采用。UEFI 的出现与现代应用工作负载所使用的硬盘密度的增加并行不悖。
BIOS has been in use since the advent of disk OS computers in the mid-1970s. In 1981, IBM was the first vendor to incorporate BIOS in PCs, a move that prompted broad industry adoption. The emergence of UEFI parallels the increased drive densities used for modern application workloads.
英特尔公司在 20 世纪 90 年代开发了可扩展固件接口(EFI),作为其 64 位 Itanium 服务器架构的衍生技术,该技术是与计算机制造商惠普公司(HP)共同开发的。业界认为 EFI 是解决 X86 服务器架构中 BIOS 内存和处理限制的一种方法。这些限制包括 16 位计算模式、有限的系统内存和繁琐的汇编语言编程。
Intel developed the Extensible Firmware Interface (EFI) as an outgrowth of its 64-bit Itanium server architecture in the 1990s, a technology codeveloped with computer maker Hewlett Packard (HP). The industry perceived EFI as a way to address the memory and processing limitations of BIOS in X86 server architectures. Those limitations included 16-bit computing mode, bounded system memory and tedious assembly language programming.
EFI 后来更名为 Intel Boot Initiative,虽然在 2005 年 EFI 1.10 版发布后,英特尔停止了对该规范的单独开发,但从技术上讲,它仍然是英特尔的财产。(当时,英特尔公司由于产品延期和其他原因,也逐步淘汰了其 Itanium 处理器产品线)。英特尔向 UEFI 论坛提供了 EFI 1.10 版本,UEFI 论坛是一个由芯片组、硬件、系统、固件和操作系统供应商组成的联盟。
EFI, subsequently renamed Intel Boot Initiative, technically remains the property of Intel, although the vendor ceased sole development of the specification following the release of EFI version 1.10 in 2005. (By then, Intel had also phased out its Itanium processor line, following product delays and other hiccups.) Intel contributed EFI 1.10 to the UEFI Forum, an alliance of chipset, hardware, system, firmware and OS vendors.
该行业联盟负责管理 UEFI 规范标准的开发。最新标准 UEFI 2.9 于 2021 年 3 月公开发布。
The industry consortium manages the development of UEFI specification standards. The latest standard, UEFI 2.9, was made publicly available in March 2021.
Booting up: BIOS vs. UEFI
打开电脑,在操作系统加载前,会触发一系列事件。固件唤醒计算机的子系统,执行一系列测试并定位引导加载器,进而启动操作系统内核。
Turning on a computer kick-starts a chain of events that occurs before the OS is loaded. Firmware rouses the computer's subsystem to execute a series of tests and locates the boot loader, which, in turn, starts the OS kernel.
BIOS 和 UEFI 都使用底层软件来管理操作系统启动前的启动功能,只是使用的技术不同。
BIOS and UEFI both use low-level software to manage startup functions prior to booting an OS, albeit using different techniques.
BIOS 位于机器主板上的芯片中,负责初始化中央处理器、随机存取存储器、PCI Express 卡和网络设备。BIOS 运行开机自检(POST)诊断序列。开机自检可确保硬件配置正确,所有组件按预期运行。
BIOS resides on a chip on the machine's motherboard and initializes the central processing unit, random access memory, Peripheral Component Interconnect Express cards and network devices. BIOS runs a power-on self-test (POST) diagnostic sequence. POST ensures that hardware is configured properly and all components are functioning as intended.
BIOS 仅在 16 位处理器模式下运行,这就限制了固件在同一时间可执行的软件命令数量。BIOS 分配给可执行任务的内存为 1 兆字节。因此,接口和设备都是按顺序初始化的,这可能会导致启动缓慢。
BIOS runs only in 16-bit processor mode, which limits the number of software commands the firmware is able to execute at any one time. BIOS allots 1 megabyte of memory in which tasks can be executed. Interfaces and devices thus are initialized sequentially, which can contribute to a sluggish startup.
为了完成任务,BIOS 会查询主引导记录 (MBR),以确定操作系统的位置并启动引导加载程序。MBR 使用 32 位值来描述分区的偏移量和长度,因此 BIOS 系统只能使用 2 TB(兆字节)硬盘和不超过四个分区。
To accomplish its task, BIOS consults the Master Boot Record (MBR) to locate the OS and launch the boot loader. MBR uses 32-bit values to describe the offset and length of a partition, thus limiting BIOS systems to 2 terabyte (TB) drives and no more than four partitions.
UEFI 就像一个微型操作系统,位于固件和操作系统之间。它在启动时执行与 BIOS 相同的诊断,但灵活性更高。操作系统直接在 UEFI 中启动。这样就不需要像启动 BIOS 那样反复按切换键了。
UEFI behaves like a like a miniaturized OS that sits between firmware and the OS. It performs the same diagnostics as BIOS at startup but offers more flexibility. The OS boots directly in UEFI. This eliminates the need to repeatedly press toggle keys, as is required to boot BIOS.
UEFI 将初始化数据存储在非易失性闪存中的 EFI 文件分区中,而不是固件中。UEFI 还能在启动时从硬盘或网络共享加载。UEFI 还部署了比 MBR 更灵活的分区方案,即全球唯一标识符分区表(GPT)。作为 EFI 的一部分,GPT 也是由英特尔创建的。GPT 使用 64 位值,可创建多达 128 个分区,从 2 TB 或更大硬盘启动的系统需要使用 GPT。EFI 分区使用文件分配表,包括 FAT16、FAT32 或虚拟 FAT。
UEFI stores initialization data in an EFI file partition in nonvolatile flash memory, rather than in the firmware. UEFI also can load during boot from a drive or a network share. UEFI also deploys a more flexible partitioning scheme than MBR, known as a Globally Unique Identifier Partition Table, or GPT. GPT was also created by Intel as part of EFI. GPT uses 64-bit values to enable the creation of up to 128 partitions and is required for systems launched from 2 TB drives and larger. The EFI partition uses the file allocation table, including FAT16, FAT32 or virtual FAT.
大多数新台式电脑、笔记本电脑和一些平板电脑都捆绑了 UEFI 固件,可在兼容支持模式下运行旧版 32 位 Windows。预计计算机制造商近期将继续支持 BIOS,但向 UEFI 的过渡正在顺利进行。2013 年,高级配置和电源接口(ACPI)的监护权移交给了 UEFI 论坛。
Most new desktop PCs, laptops and some tablets bundle UEFI firmware that runs in compatibility support mode for older 32-bit Windows. Computer manufacturers are expected to support BIOS in the near term, but the transition to UEFI is well underway. In 2013, custody of the Advanced Configuration and Power Interface (ACPI) was transferred to UEFI Forum.
ACPI 最初由惠普、英特尔、微软、凤凰科技和东芝合作开发,是 BIOS 的开放式标准,用于控制向每个外围设备提供的功率。
Originally developed collaboratively by HP, Intel, Microsoft, Phoenix Technologies and Toshiba, ACPI is an open standard for BIOS that governs how much power is delivered to each peripheral device.
访问 UEFI/BIOS 的主板或系统专用实用程序因供应商而异,外观也各不相同,但功能差别不大。
Motherboard- or system-specific utilities for accessing UEFI/BIOS differ from vendor to vendor and how they appear but vary little in terms of functionality.
Advantages of UEFI
与 BIOS 相比,UEFI 提供了许多重要的增强功能,包括以下内容:
-
启动模式。微软 Windows 用户可以运行 32 位 UEFI 或 64 位 UEFI,但专家建议操作系统位模式和固件位模式应相同,以避免运行时出现通信问题。
-
驱动器。 据 UEFI 论坛称,UEFI 支持 2.2 TB 或更大容量的启动硬盘,包括理论容量为 9.4 ZB 的硬盘。这远远超过了目前可用硬盘的最大容量。
-
驱动程序。UEFI 支持独立的驱动程序,而 BIOS 驱动程序支持存储在只读存储器中,因此在更换或更改驱动程序时,必须对其进行兼容性调整。
-
图形用户界面(GUI)。UEFI 可以更方便地在图形用户界面中添加新模块,包括主板硬件和附加外围设备的设备驱动程序。
-
支持多个操作系统。BIOS 允许使用单个引导加载器,而 UEFI 则允许用户在同一个 EFI 系统分区中安装基于 Debian 的 Ubuntu 和其他 Linux 变种的加载器,以及 Windows 操作系统加载器。
-
编程。UEFI 固件主要用 C 语言编写,与用汇编语言(有时与 C 语言结合使用)编写的 BIOS 相比,用户只需较少的编程就能添加或删除功能。
-
安全性。安全启动是 Windows 8 或更高版本 Windows 的 UEFI 协议。安全启动使系统固件成为验证设备和系统完整性的信任根。这样做的目的是防止黑客在启动和切换到操作系统之间的时间内安装 rootkit。安全启动还能让授权用户远程配置网络和排除故障,而 BIOS 管理员必须亲自到场才能做到这一点。
随着计算机制造商逐渐放弃 BIOS,他们通常会在现代设备中集成与兼容支持模块(CSM)一起运行的 UEFI 固件。尽管 CSM 并非长期解决方案,但它能让基于 UEFI 的计算机以传统 BIOS 模式启动,从而与旧版本的 Windows 和其他操作系统兼容。不过,用户可能会发现最好升级到最新版本的操作系统,以实现 UEFI 的价值。
UEFI provides many significant enhancements over BIOS, including the following:
* Boot mode. Microsoft Windows users can run 32-bit UEFI or 64-bit UEFI, although experts recommend that the OS bit mode and the firmware bit mode should be the same to avoid communication issues during runtime.
* Drives. According to UEFI Forum, UEFI supports boot drives of 2.2 TB and higher capacities, including drives with theoretical capacity of 9.4 zettabytes. That far exceeds the maximum drive capacities currently available.
* Drivers. UEFI supports discrete drivers, whereas BIOS drive support is stored in read-only memory, which necessitates tuning it for compatibility when drives are swapped out or changes are made.
* Graphical user interface (GUI). UEFI enables new modules to be added to the GUI more easily, including device drivers for motherboard hardware and attached peripheral devices.
* Multiple OS support. Whereas BIOS allows a single boot loader, UEFI lets users install loaders for Debian-based Ubuntu and other Linux variants, along with Windows OS loaders, in the same EFI system partition.
* Programming. UEFI firmware is written predominantly in C language, which enables users to add or remove functions with less programming than BIOS, which is written in an assembler language, sometimes in combination with C.
* Security. Secure Boot is a UEFI protocol for Windows 8 or later Windows versions. Secure Boot makes a system's firmware the root of trust to verify device and system integrity. The goal is to prevent hackers from installing rootkits in the time between bootup and handoff to the OS. Secure Boot also enables an authorized user to configure networks and troubleshoot issues remotely, something a BIOS administrator must be physically present to do.
As computer makers gradually move away from BIOS, they typically integrate UEFI firmware that runs with Compatibility Support Module (CSM) in modern devices. Although not intended as a long-term solution, CSM enables UEFI-based machines to launch in legacy BIOS mode to work with older Windows versions and other OSes. However, users may find it preferable to upgrade to the latest version of the OS to realize the value of UEFI.
UEFI disadvantages, or when to boot from BIOS
软件总是威胁发起者的攻击目标,UEFI 也不例外。2020 年 12 月,一种名为 TrickBot 的攻击浮出水面。TrickBot 恶意软件试图窥探设备固件,从而允许恶意行为者颠覆启动过程并访问操作系统。
Software is always a target for threat actors, and UEFI is no exception. One such attack, dubbed TrickBot, surfaced in December 2020. TrickBot malware works by attempting to spy on device firmware, which could permit malicious actors to subvert the boot process and gain access to the OS.
在 TrickBot 事件之前,斯洛伐克信息安全界的媒体 ESET Research 在 2018 年也有发现,声称在野外发现了一种 rootkit,可能使黑客能够监控 UEFI 固件并安装恶意代码。
The TrickBot episode came on the heels of 2018 findings by ESET Research, a Slovak outlet for the information security community, which claimed to have discovered a rootkit in the wild that potentially enabled hackers to surveil UEFI firmware and install malicious code.
除了安全问题,改用 UEFI 的企业可能会产生与从闪存启动有关的成本。虽然这比从硬盘启动更快,但旧系统可能需要改造,即在主板上安装更大的闪存芯片。
Aside from security issues, organizations switching to UEFI may incur a cost related to booting from flash. While this is faster than booting from hard disk drives, older systems may require a retrofit, namely a larger flash die on the motherboard.
另一个潜在的缺点是 UEFI 依赖于由操作系统维护的 FAT 文件格式。较大的硬盘分区可能会增加过多的系统开销,从而失去一些性能优势。在这种情况下,BIOS 可能是更有用的选择,尤其是对于运行旧版操作系统和较小启动盘的计算机。
Another potential drawback is UEFI's reliance on the FAT file format, which is maintained by the OS. Larger drive partitions can add too much system overhead, thus defeating some of the performance advantages. This is an example in which BIOS can be a more useful option, especially for a computer running an older OS version and smaller boot disks.
UEFI accessibility /
UEFI 可用性
用户可从 UEFI 论坛网站下载 UEFI 规范。最新版本 UEFI 2.9 具有以下几个增强功能:
-
支持基于新的 Compute Express Link 互连的设备;
-
支持发布 Linux 设备树 Blob 二进制格式文件,以识别 UEFI 配置表中的计算机组件;以及
-
明确了在某些高级精简指令集计算器服务器上如何进行基于 UEFI 的更新运行时调用
Users can download the UEFI specification from the UEFI Forum website. The most recent version, UEFI 2.9, features several enhancements, including the following:
* supports devices based on the new Compute Express Link interconnect;
* supports publishing Linux Device Tree Blob binary format files that identify computer components in the UEFI configuration table; and
* clarifies how UEFI-based update runtime calls are made on certain Advanced Reduced Instruction Set Computing Machine server
要确定计算机是从 BIOS 还是 UEFI 启动,请按键盘上的 Windows 和 R 键启动 "运行 "配置框。在对话框中键入 MSInfo32,然后按 Enter 键。系统摘要屏幕就会出现。查找标题为 "BIOS 模式 "的条目,并记下相应的值。如果值为 Legacy,则表示系统具有 BIOS。否则,UEFI 将出现在值域中。
To determine whether a computer boots from BIOS or UEFI, press the Windows and R keys on the keyboard to launch the Run configuration box. Type MSInfo32 in the dialog box, and hit the Enter key. A system summary screen appears. Look for the entry entitled BIOS Mode, and make note of the corresponding value. If the value says Legacy, the system has BIOS. Otherwise, UEFI will appear in the value field.
Windows 用户可以通过搜索栏中的 PC 设置选项访问 UEFI。路径是 PC 设置 > 更新和安全 > 恢复 > 高级启动,然后选择立即重启选项。从菜单中选择故障排除 > 高级选项 > UEFI 固件设置,然后再次重启。
Windows users can access UEFI via the PC Settings option in the search bar. The path is PC Settings > Update & Security > Recovery > Advanced Startup, and select the Restart Now option. From the menu, select Troubleshoot > Advanced Options > UEFI Firmware Settings, and restart again.
安装了 UEFI 的 Linux 机器将在 sys/firmware/efi 目录中显示。这也将反映在 Linux Grand Unified Bootloader 启动管理器中,即 grub-efi,而不是 BIOS 的 grub-pc。
Linux machines with UEFI installed will show it in the sys/firmware/efi directory. This will also be reflected in the Linux Grand Unified Bootloader boot manager as grub-efi, rather than grub-pc for BIOS.
Coreboot and UEFI
随着业界逐步淘汰 BIOS,UEFI 作为继承者受到了广泛关注。然而,开放源代码 Coreboot 是另一种替代传统 BIOS 的选择,其支持者声称它比 UEFI 更快。Coreboot的前身是LinuxBIOS,据称能够取代专有BIOS和UEFI固件--其基本优势包括极高的性能、启动机器所需的最少资源,以及包括最小可信计算基础和虚拟启动盘在内的安全措施。
With the industry gradually phasing BIOS out, UEFI receives most of the attention as the heir apparent. However, open source Coreboot is another option vying to replace legacy BIOS, and its proponents claim it is faster than UEFI. Coreboot, formerly known as LinuxBIOS, is purportedly able to replace proprietary BIOS and UEFI firmware -- with underlying benefits of extreme performance, minimal resources to boot machines and security measures that include a minimal trusted computing base and virtual boot disk.
Coreboot 代码于 1999 年首次推出,这个基于社区的开发项目的支持者包括谷歌,谷歌的 Chromebook 设备从第一代开始就用 Coreboot 取代了 BIOS。不过,Coreboot 的市场渗透速度一直很慢,原因是需要制造商做大量工作。由于 Coreboot 只能初始化裸机,设备制造商需要努力将代码移植到芯片和主板中。
Coreboot code was first introduced in 1999, and the community-based development project's supporters include Google, whose Chromebook devices replaced BIOS with Coreboot since the first generation. Coreboot's market penetration has been slow, however, due to the work it entails on the part of manufacturers. Since Coreboot initializes only Bare metal, device makers need to make the effort to port the code for integration in chips and motherboards.
参考:
1, TechTarget
扫一扫
1万+
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
