What is UEFI and why do I need it?

You probably have started hearing the term UEFI a lot more lately along with all of the Windows 10 news, but what exactly is UEFI and why do you need it? UEFI stands for Unified Extensible Firmware Interface and is the next generation interface between the operating system and platform firmware. It replaces the antiquated legacy Basic Input/Output System, aka BIOS, that has been around for years. The UEFI standard was created by the UEFI consortium which consists of over 140 technology companies. UEFI was developed to allow support for new technologies during the booting process before the operating system loads. It is based on the EFI 1.10 specification that was originally published by Intel®.

BIOS has significant limitations as it relates to modern hardware. It is limited to only 16-bit processor mode and 1 MB of addressable memory. UEFI on the other hand supports either 32-bit or 64-bit processor mode and can access all of the system’s memory. BIOS uses a Master Boot Record (MBR) for the disk partitioning scheme, whereas UEFI uses a newer partitioning scheme called GUID Partition Table (GPT) which overcomes certain limitation of MBR. UEFI is able to support disk sizes greater than 2 TB, with a maximum disk and partition size of 8 Zebibytes (Zib).

BIOS disk partitioning1:

Default BIOS/MBR Disk Partitions

UEFI disk partitioning2:

Default UEFI/GPT drive partitions

However, converting an operating system’s drive partition from MBR to GPT is a destructive process, in which the new partitioning scheme needs to be formatted and the operating system needs to be completely reinstalled. Without the right process and tools, this can be an expensive manual effort.

There are also several security benefits to running UEFI over BIOS on Windows 10 systems. Secure Boot3: protects the pre-boot process against root kits/boot kits and requires no additional configuration (other than switching it on once the system is running UEFI). Once enabled, only signed boot loaders will be able to run. Other advantages of UEFI that your end users will appreciate is faster startup times, faster shutdown times, faster sleep times and faster resuming times compared to BIOS based systems.

Lastly, some other key Windows 10 security features that require UEFI are: Credential Guard, Device Guard, Early Launch Anti-malware driver and Measured Boot. With the amount of attacks and data breaches happening today’s age, now is the time to get as secure as possible and take advantage (or at least put your environment in a position to take advantage) of all the security features that Windows 10 offers. Start today by migrating to Windows 10 and switching to UEFI as part of the process and leave BIOS where it belongs – in the past.

1 https://technet.microsoft.com/en-us/library/hh825146.aspx
2 https://technet.microsoft.com/en-us/library/hh824839.aspx
3 Secure Boot requires UEFI 2.3.1 Errata C or higher

Mike Terrill
Mike’s career has been focused around systems management (ConfigMgr) and operating system deployment for almost 20 years (ever since SMS v1.2). He founded and runs the Arizona Systems Management User Group (www.azsmug.org). He specializes in the design, architecture and installation of System Center Configuration Manager and also Windows operating system deployments. Mike has designed, architected and deployed System Center Configuration Manager in several Fortune 100 companies and has worked with some of the world's largest organizations (400K+ seats). Mike is now a Technology Architect at 1E. In this role, he provides technical direction for 1E technologies as they relate to Configuration Manager and operating system deployment. You can find him on twitter (@miketerrill) and read his personal blog at https://miketerrill.net.