Current location - Quotes Website - Personality signature - What is the secure boot in UEFI bios?
What is the secure boot in UEFI bios?
UEFI has a firmware verification process (called "secure boot"), which is defined in Chapter 27 of UEFI 2.3. 1 specification. Secure boot defines how the platform firmware manages the security certificate, how to verify the firmware, and defines the interface (protocol) between the firmware and the operating system. To put it bluntly, the hardware is verified by the onboard TPM chip and then started.

When the computer is turned on, it will start the code execution process and configure the processor, memory and hardware peripherals to prepare for the execution of the operating system. No matter what kind of silicon architecture (x86, ARM, etc.). ) is based on the fact that this process is the same on all platforms.

After that, the system will be started, and before switching to the operating system loader, the firmware will check the signature of the firmware code in hardware peripherals (such as network cards, storage devices or graphics cards). This device code is called "optional ROM", and the configuration process continues by ensuring that the device is ready to switch to the operating system.

In this part of the startup process, the firmware will check the signature embedded in the firmware module (much like an application), and if the signature matches the signature database in the firmware, the module will be allowed to execute. These signatures are stored in the database of firmware. These databases contain allow and prohibit lists to determine whether the startup process can continue.

Extended data

Compatibility is different from BIOS. The driver of UEFI system is not composed of code running directly on CPU, but written in EFI bytecode. Java exists in the form of "bytecode", and it is this one-step intermediate mechanism that makes Java run on various platforms.

UEFI has also learned from similar methods. EFI bytecode is a set of virtual machine instructions driven by UEFI, which must be interpreted and run in the UEFI driver running environment, so as to ensure complete backwards compatibility.

An expansion device with UEFI driver can be installed in both Android-based systems and new PC systems that support UEFI, and its UEFI driver does not need to be rewritten, so there is no need to consider the compatibility issue after system upgrade. The execution mechanism based on interpretation engine also greatly reduces the complex threshold of UEFI driver writing, and all PC component providers can participate.

Mouse operation UEFI has built-in graphics driver function, which can provide high-resolution color graphics environment. Users can click to adjust their configuration after entering, and everything is as simple as operating application software under Windows system.

Scalability, UEFI will adopt modular design, which is logically divided into two parts: hardware control and OS (operating system) software management. Hardware control belongs to all UEFI versions, and OS software management is actually a programmable open interface. With this interface, motherboard manufacturers can realize a variety of rich functions.

UEFI can realize various backup and diagnosis functions, and motherboard or firmware manufacturers can take them as a big selling point of their products. UEFI also provides a powerful networking function, and other users can reliably diagnose your host remotely without entering the operating system.

References:

UEFI official network -UEFI 2.3. 1C specification

References:

Baidu encyclopedia -UEFI