UEFI BIOS, MBR GPT disks and multi boot

PHubb
PHubb Member Posts: 3 New User
edited March 2023 in 2014 Archives

Greetings Acer community; After purchasing an Acer Aspire E1-510 laptop for my wife with pre-installed Win 8, I've been through both a journey and learning process about the old MBR BIOS and the new UEFI BIOS.

1: The two are, apparantly, totally incompatible. You can not boot from a UEFI BIOS onto an older MBR boot hard drive, USB stick, or CD/DVD drive, although Windows will read and write both MBR and GPT disks as data.

2: UEFI has many 'features' the old MBR BIOS doesn't like 'secure boot', support for large hard disks over 2 gigs (up to 128 xabytes in Windows).

3: UEFI is suppposed to be a better, more modern BIOS (which may be true eventually), but right now, it is apparently poorly implimented - see the many criticsms on net, especially from the Linux community.

4: UEFI has the potential to be abused by OEMs - that is: they can impliment setups that lock in certain OSes (Windows on the desktop for instance), while cutting out alternatives (Linux for example).

5: UEFI is a modular, extensible, BIOS that can, in theory, make all devices more secure (blocking root-kits for example) while NOT substantially affecting 95% of users computing experience. Problems can become huge for the other 5% of us who like to tinker, install 2 or more OSes, and generally modify our software implimentations on various hardware (i.e. make it more functional and to our liking). It's like what the NSA claims when they spy on us. If you want more security, you have to give up rights, privacy, and freedom by letting us rumage around in your personal stuff. I've never bought into that *****. MS, UEFI, and the OEMs are saying the same thing. We will impose a more secure BIOS and OS, but you have to give up tinkering, modifying, etc.

5: Windows 8 is the only MS product that fully supports all the features and requirements of UEFI BIOS. Windows 7 64bit will install on a UEFI BIOS on GPT disks, but does NOT support 'secure boot'. Various Linux distros are catching up fast and many now support UEFI and secure boot, but an interesting side note is that the Linux community was NOT generally consulted during the roll out. MS, in conjunction with the OEMs control and manage all of the secure boot stores, certificates and implimentations. Since 'secure boot' is fundamentally based upon a 'trusted' computing model, is UEFI secure boot actually more secure? We'll have to wait and see. Watch this excellent video from the Linux conference in Australia - The EFI and Linux: The Future is Here and it is Awful- Linux conference

6: Another complication to all of this is that Intel has implimented another security system called the 'Trusted Execution Technology/Engine' which it hard codes into some of its processors, starting with the Itanium, but now moving into the PC, laptop/tablet, and device spaces as well.

So, bottom line, the relatively open, easy to modify PC world we've all come to know is fast becoming a thing of the past.

There is a new UEFI world and we have to accomodate to it. The giant corporate forces that are at the center of this change are committed and pushing it on, a mostly unaware public, whether we want it or not.

UEFI ONLY supports GPT disks for booting and requires a small FAT32 boot partition to store the boot files and drivers to start up the PC. Flash drives and CD/DVDs have to be formatted accordingly - Fat (32) GPT for UEFI boot up and MBR (either Fat, NTFS, for traditional BIOS. GPT has been around for many years and is a response that addresses large hard drives (over 2 terrabytes). It is actually superior to the old MBR scheme on disks. It supports more than 4 primary partitions and has many other advantages over the old MBR disks. That's all fine. Hardware has improved and the software has to catch up. Where it gets tricky is when GPT meets UEFI for boot up purposes. Fundamentally a BIOS, in firmware (non volatile memory) has two jobs: emunerate and activate initial hardware (chipsets, processors, hard disks, memory), load the OS kernal into RAM, and finally hand off the system to the OS. MBR based BIOS had become pretty good at performing these tasks. OEMs routinely issue updates that address short comings, add new features, etc. and 'bricking' a system has become less problematic. Recovering even completely dead BIOS chips is relatively easy for educated users. UEFI is emmensely more complicated, especially with 'secure boot' added into the mix. 'Secure boot' locks down software (OS) to hardware in a 'trusted' computing environment.

Further, each hardware vendor (OEM) is left to impliment its own versions of UEFI (similar to the old MBR BIOS), but since UEFI impliments security features (secure boot) it is much more vendor specific. Another complicating factor is UEFI's support for TPM (Trusted Platform Modules) - separate chips (hardware) that control and further lockdown software (OS) to hardware. Fortunately, so far, TPM hasn't been implimented in the consumer computing space because it adds expense to the hardware platforms. OEMs are competing in very narrow price ranges for products. Another aspect of UEFI is that the OEMs can store product keys and (Windows) activation info in the BIOS. We pay for a device with a legal copy of Windows, but have no way of clean re-installing that OS on the exact same hardware because the product key is now unavailable to us (hidden in the UEFI BIOS). We have to accept all of the bloatware (malware) that is routinely installed on OEM products.

Some rules:

1: To boot a computer/device, you have to use the appropriate disk partioning scheme - GPT for UEFI and MBR for old BIOS. This applies to hard drives, USB flash drives and CD/DVDs.

Windows 8 is the ONLY MS desktop OS/product that fully supports UEFI and 'secure boot', although Windows 8 can be installed on MBR disks based on a traditional BIOS as well. It just won't impliment 'secure boot' in such a scenario.

Windows 7 supports installation on both MBR disks (32 and 64 bit) and GPT disks (64 bit ONLY), so it can be installed on a UEFI system. Windows 7 does NOT support 'secure boot' on any system though. Various Linux distros support both MBR and UEFI and some even support 'secure boot' as well.

UEFI boot files on hard drives are contained in the root, in a folder named EFI on a separate FAT (32) partition called the ESP partition. The ESP partition is usually hidden, locked tight, and inaccessable. The actual OSes reside in GPT data partitions on the rest of the drive. The file system for data is irrelevent as a far as UEFI is concerned. It can be FAT, NTFS, ext3/4, or MAC ext or whatever - that is the lookout of the OS. OEMs often put hidden recovery partitions on their drives just like they did with the old MBR system.
On USB sticks, DVDs, the same applies except there are no separate partitions - the whole drive is GPT FAT (32) and the EFI folder is, naturally, in the root.

UEFI standards have some rules (although not all OEMs follow them). UEFI likes to call itself 'open' but since MS, Intel and the OEMs were so integral to its development, what they say and do goes. One of the rules is that OEMs have to implement backwards compatibility with the old MBR BIOS (legacy or CSM), although as we seen, it's uneven across the industry. That comptability is NOT easily visible to the average user either. It requires entering UEFI setup utility, setting a password to DISABLE secure boot, and changing the system from UEFI to legacy or CSM. Once done, the old MBR system disks can be used for boot purposes.

This makes dual, tripple, or whatever booting on a single hard drive or multiple drives on the same system difficult. 32 bit OSes are locked out of UEFI and while 64 bit OSes are nominally supported, getting them to play nice with UEFI can be very tricky. More later
PHubb

Answers