Difference between revisions of "Unified Extensible Firmware Interface"
m (→Create UEFI bootable USB from ISO)
|Line 325:||Line 325:|
=== Create UEFI bootable USB from ISO ===
=== Create UEFI bootable USB from ISO ===
=== Remove UEFI boot support from ISO ===
=== Remove UEFI boot support from ISO ===
Revision as of 07:54, 21 November 2013
Unified Extensible Firmware Interface (or UEFI for short) is a new type of firmware that was initially designed by Intel (known as EFI then) mainly for its Itanium based systems. It introduces new ways of booting an OS that is distinct from the commonly used "MBR boot code" method followed for BIOS systems. It started as Intel's EFI in versions 1.x and then a group of companies called the UEFI Forum took over its development from which it was called Unified EFI starting with version 2.0. As of 24 July 2013, UEFI Specification 2.4 (released July 11, 2013) is the most recent version.
- 1 BIOS
- 2 UEFI
- 3 Linux Kernel Config options for UEFI
- 4 UEFI Variables
- 5 EFI System Partition
- 6 UEFI Shell
- 7 UEFI Linux Hardware Compatibility
- 8 UEFI Bootable Media
- 9 Testing UEFI in systems without native support
- 10 Troubleshooting
- 11 See also
A BIOS or Basic Input-Output System is the very first program (firmware) that is executed once the system is switched on. In most cases it is stored in a flash memory in the motherboard itself and independent of the system storage. BIOS launches the first 440 bytes (Master Boot Record) of the first disk in the BIOS disk order. Since very little can be achieved by a program that fits into the 440-byte boot code area, usually a common boot loader like GRUB or Syslinux or LILO would be loaded by the BIOS, and it would load an operating system by either chain-loading or directly loading the kernel. See Arch Boot Process for more details.
UEFI has support for reading both the partition table as well as understanding filesystems. Hence it is not limited by 440 byte code limitation (MBR boot code) as in BIOS systems. It does not use the MBR boot code at all.
The commonly used UEFI firmwares support both MBR and GPT partition table. EFI in Apple-Intel Macs are known to also support Apple Partition Map besides MBR and GPT. Most UEFI firmwares have support for accessing FAT12 (floppy disks), FAT16 and FAT32 filesystems in HDDs and ISO9660 (and UDF) in CD/DVDs. EFI in Intel Macs can also access HFS/HFS+ filesystems, in addition to the mentioned ones.
UEFI does not launch any boot code in the MBR whether it exists or not. Instead it uses a special partition in the partition table called EFI System Partition in which files required to be launched by the firmware are stored. Each vendor can store its files under
<EFI SYSTEM PARTITION>/EFI/<VENDOR NAME>/ folder and can use the firmware or its shell (UEFI shell) to launch the boot program. An EFI System Partition is usually formatted as FAT32 or (less commonly) FAT16.
Under UEFI, every program whether it is an OS loader or a utility (e.g. a memory testing app or recovery tool), should be a UEFI Application corresponding to the EFI firmware bitness/architecture. The vast majority of UEFI firmwares, including recent Apple Macs, use x86_64 EFI firmware. The only known devices that use IA32 (32-bit) EFI are older (pre 2008) Apple Macs, some Intel Cloverfield ultrabooks and some older Intel Server boards are known to operate on Intel EFI 1.10 firmware.
An x86_64 EFI firmware does not include support for launching 32-bit EFI apps (unlike x86_64 Linux and Windows versions which include such support). Therefore the UEFI application must be compiled for that specific firmware processor bitness/architecture.
Boot Process under UEFI
- System switched on - Power On Self Test, or POST process.
- UEFI firmware is loaded. Firmware initializes the hardware required for booting.
- Firmware then reads its Boot Manager data to determine which UEFI application to be launched and from where (i.e. from which disk and partition).
- Firmware then launches the UEFI application as defined in the boot entry in the firmware's boot manager.
- The launched UEFI application may launch another application (in case of UEFI Shell or a boot manager like rEFInd) or the kernel and initramfs (in case of a boot loader like GRUB) depending on how the UEFI application was configured.
Multibooting in UEFI
Since each OS or vendor can maintain its own files within the EFI System Partition without affecting the other, multi-booting using UEFI is just a matter of launching a different UEFI application corresponding to the particular OS's bootloader. This removes the need for relying on chainloading mechanisms of one boot loader to load another to switch OSes.
Booting Microsoft Windows
64-bit Windows Vista (SP1+), Windows 7 and Windows 8 versions support booting using x86_64 EFI firmware. Windows forces type of partitioning depending on the firmware used, i.e. if Windows is booted in UEFI mode, it can be installed only to a GPT disk. If the Windows is booted in Legacy BIOS mode, it can be installed only to a MBR disk. This is a limitation enforced by Windows installer. Thus Windows supports either UEFI-GPT boot or BIOS-MBR boot only, not UEFI-MBR or BIOS-GPT boot.
Such a limitation is not enforced by the Linux kernel, but can depend on how the bootloader is configured. The Windows limitation should be considered if the user wishes to boot Windows and Linux from the same disk, since setting up the bootloader itself depends on the firmware type and disk partitioning used. In case where Windows and Linux dual boot from the same disk, it is advisable to follow the method used by Windows, either go for UEFI-GPT boot or BIOS-MBR boot only, not the other two cases.
32-bit Windows versions only support BIOS-MBR booting. So, in case of Linux and 32-bit Windows booting from the same disk, the disk has to use MBR. See http://support.microsoft.com/kb/2581408 for more info.
Detecting UEFI Firmware bitness
Check whether the dir
/sys/firmware/efi exists, if it exists it means the kernel has booted in EFI mode. In that case the UEFI bitness is same as kernel bitness. (ie. i686 or x86_64)
Pre-2008 Macs mostly have i386-efi firmware while >=2008 Macs have mostly x86_64-efi. All Macs capable of running Mac OS X Snow Leopard 64-bit Kernel have x86_64 EFI 1.x firmware.
To find out the arch of the efi firmware in a Mac, type the following into the Mac OS X terminal:
ioreg -l -p IODeviceTree | grep firmware-abi
If the command returns EFI32 then it is IA32 (32-bit) EFI firmware. If it returns EFI64 then it is x86_64 EFI firmware. Most of the Macs do not have UEFI 2.x firmware as Apple's EFI implementation is not fully compliant with UEFI 2.x Specification.
Linux Kernel Config options for UEFI
The required Linux Kernel configuration options for UEFI systems are :
CONFIG_RELOCATABLE=y CONFIG_EFI=y CONFIG_EFI_STUB=y CONFIG_FB_EFI=y CONFIG_FRAMEBUFFER_CONSOLE=y
UEFI Runtime Variables Support (efivarfs filesystem -
/sys/firmware/efi/efivars). This option is important as this is required to manipulate UEFI Runtime Variables using tools like
/usr/bin/efibootmgr. The below config option has been added in kernel 3.10 and above.
UEFI Runtime Variables Support (old efivars sysfs interface -
/sys/firmware/efi/vars). This option should be disabled.
GUID Partition Table GPT config option - mandatory for UEFI support
UEFI defines variables through which an operating system can interact with the firmware. UEFI Boot Variables are used by the boot-loader and used by the OS only for early system start-up. UEFI Runtime Variables allow an OS to manage certain settings of the firmware like the UEFI Boot Manager or managing the keys for UEFI Secure Boot Protocol etc. You can get the list using
$ efivar -l
UEFI Variables Support in Linux Kernel
Linux kernel exposes EFI variables data to userspace via 2 interfaces:
- OLD sysfs-efivars interface (CONFIG_EFI_VARS) - populated by
efivarskernel module at
/sys/firmware/efi/vars- 1024 byte maximum per-variable data size limitation, no UEFI Secure Boot variables support (due to the size limitation) and not recommended by kernel upstream anymore. Still supported by kernel upstream but completely disabled in Arch's official kernels.
- NEW efivarfs (EFI VARiable FileSystem) interface (CONFIG_EFIVAR_FS) - mounted using
efivarfskernel module at
/sys/firmware/efi/efivars- replacement for the OLD sysfs-efivars interface, has no maximum per-variable size limitation, supports UEFI Secure Boot variables and recommended by kernel upstream. Introduced in kernel 3.8 and NEW
efivarfsmodule split from OLD
efivarskernel module in kernel 3.10 .
Inconsistency between efivarfs and sysfs-efivars
Enabling both OLD sysfs-efivars and NEW efivarfs can cause data inconsistency issues (see See https://lkml.org/lkml/2013/4/16/473 for more info). Due to this OLD sysfs-efivars is completely disabled in Arch's official kernels (since core/ -3.11 and core/ -3.10) and only NEW efivarfs is enabled/supported going forward. All the UEFI Variables related tools and utilities in official repositories support efivarfs as of 01 October 2013.
If you have both interfaces enabled, you need to disable one of them, and disable and re-enable the other interface (to refresh the data, to prevent inconsistencies) before accessing the EFI VAR data using any userspace tool:
To disable sysfs-efivars and refresh efivarfs:
# modprobe -r efivars # umount /sys/firmware/efi/efivars # modprobe -r efivarfs # modprobe efivarfs # mount -t efivarfs efivarfs /sys/firmware/efi/efivars
To disable efivarfs and refresh sysfs-efivars:
# umount /sys/firmware/efi/efivars # modprobe -r efivarfs # modprobe -r efivars # modprobe efivars
Requirements for UEFI Variables support to work properly
- EFI Runtime Services support should be present in the kernel (
CONFIG_EFI=y, check if present with
zgrep CONFIG_EFI /proc/config.gz).
- Kernel processor bitness/arch and EFI processor bitness/arch should match
- Kernel should be booted in EFI mode (via EFISTUB or any EFI boot loader, not via BIOS/CSM or Apple's "bootcamp" which is also BIOS/CSM)
- EFI Runtime Services in the kernel SHOULD NOT be disabled via kernel cmdline, i.e.
noefikernel parameter SHOULD NOT be used
efivarfsfilesystem should be mounted at
/sys/firmware/efi/efivars, otherwise follow #Mount efivarfs section below.
efivarshould list (option
-l) the EFI Variables without any error. For sample output see #Sample_List_of_UEFI_Variables.
If EFI Variables support does not work even after the above conditions are satisfied, try the below workarounds:
- If any userspace tool is unable to modify efi variables data, check for existence of
/sys/firmware/efi/efivars/dump-*files. If they exist, delete them, reboot and retry again.
- If the above step does not fix the issue, try booting with
efi_no_storage_paranoiakernel parameter to disable kernel efi variable storage space check that may prevent writing/modification of efi variables.
efivarfs is not automatically mounted at
/sys/firmware/efi/efivars by systemd during boot, then you need to manually mount it to expose UEFI Variable support to the userspace tools like
# mount -t efivarfs efivarfs /sys/firmware/efi/efivars
It is also a good idea to auto-mount
efivarfs during boot via
/etc/fstab as follows:
efivarfs /sys/firmware/efi/efivars efivarfs defaults 0 0
There are few tools that can access/modify the UEFI variables, namely
- efivar - Library and Tool to manipulate UEFI Variables (used by vathpela's efibootmgr) - https://github.com/vathpela/efivar - or AUR
- efibootmgr - Tool to manipulate UEFI Firmware Boot Manager Settings. Upstream (http://linux.dell.com/git/efibootmgr.git) efibootmgr code does not support efivarfs. A fork of efibootmgr by Fedora's Peter Jones (vathpela) supports both efivarfs and sysfs-efivars. It is currently used in official core/ pkg and AUR pkg AUR - https://github.com/vathpela/efibootmgr/tree/libefivars
- uefivars - Dumps list of EFI variables with some additional PCI related info (uses efibootmgr code internally) - https://github.com/fpmurphy/Various/tree/master/uefivars-2.0 supports only efivarfs and https://github.com/fpmurphy/Various/tree/master/uefivars-1.0 supports only sysfs-efivars . AUR package AUR
- efitools - Tools to Create and Setup own UEFI Secure Boot Certificates, Keys and Signed Binaries (requires efivarfs) - AUR
- Ubuntu's Firmware Test Suite - https://wiki.ubuntu.com/FirmwareTestSuite/ - AUR (along with AUR) or AUR
Assuming the boot-loader file to be launched is
/boot/efi/EFI/refind/refind_x64.efi can be split up as
/boot/efi is the mountpoint of the EFI System Partition, which is assumed to be
Y are just placeholders for the actual values - eg:- in
To determine the actual device path for the EFI System Partition (assuming mountpoint
/boot/efi for example) (should be in the form
/dev/sdXY), try :
# findmnt /boot/efi TARGET SOURCE FSTYPE OPTIONS /boot/efi /dev/sdXY vfat rw,flush,tz=UTC
Verify that uefi variables support in kernel is working properly by running:
# efivar -l
If efivar lists the uefi variables without any error, then you can proceed. If not, check whether all the conditions in #Requirements for UEFI Variables support to work properly are met.
Then create the boot entry using efibootmgr as follows:
# efibootmgr -c -d /dev/sdX -p Y -l /EFI/refind/refind_x64.efi -L "rEFInd"
In the above command
/boot/efi/EFI/refind/refind_x64.efi translates to
/EFI/refind/refind_x64.efi which in turn translate to drive
/dev/sdX -> partition
Y -> file
The 'label' is the name of the menu entry shown in the UEFI boot menu. This name is user's choice and does not affect the booting of the system. More info can be obtained from efibootmgr GIT README .
FAT32 filesystem is case-insensitive since it does not use UTF-8 encoding by default. In that case the firmware uses capital 'EFI' instead of small 'efi', therefore using
\efi\refind\refind_x64.efi does not matter (this will change if the filesystem encoding is UTF-8).
EFI System Partition
The EFI System Partition (also called ESP or EFISYS) is a FAT32 formatted physical partition (in the main partition table of the disk, not LVM or software raid etc.) from where the UEFI firmware launches the UEFI bootloader and application. It is a OS independent partition that acts as the storage place for the EFI bootloaders and applications which the firmware launches them. It is mandatory for UEFI boot. It should be marked as EF00 or ef00 type code in gdisk, or boot flag in case of GNU Parted (only for GPT disk). It is recommended to keep ESP size at 512 MiB although smaller/larger sizes are fine (smaller sizes provided it is higher than the minimum FAT32 FS partition size limit (as mandated by FAT32 specification from Microsoft). For more info visit link.
GPT partitioned disks
- Create a partition with partition type
EF00using gdisk (from pkg). Then format that partition as FAT32 using
mkfs.fat -F32 /dev/<THAT_PARTITION>
- Create a FAT32 partition and in GNU Parted set/activate the
legacy_bootflag) on that partition
MBR partitioned disks
Create a partition with partition type
0xEF using fdisk (from pkg). Then format that partition as FAT32 using
mkfs.fat -F32 /dev/<THAT_PARTITION>
The UEFI Shell is a shell/terminal for the firmware which allows launching uefi applications which include uefi bootloaders. Apart from that, the shell can also be used to obtain various other information about the system or the firmware like memory map (memmap), modifyiang boot manager variables (bcfg), running partitioning programs (diskpart), loading uefi drivers, editing text files (edit), hexedit etc.
Obtaining UEFI Shell
You can download a BSD licensed UEFI Shell from Intel's Tianocore UDK/EDK2 Sourceforge.net project.
- AUR AUR pkg (recommended) - provides x86_64 Shell in x86_64 system and IA32 Shell in i686 system - compiled directly from latest Tianocore EDK2 SVN source
- Precompiled x86_64 UEFI Shell v2 binary (may not be up-to-date)
- Precompiled x86_64 UEFI Shell v1 binary (not updated anymore upstream)
- Precompiled IA32 UEFI Shell v2 binary (may not be up-to-date)
- Precompiled IA32 UEFI Shell v1 binary (not updated anymore upstream)
Shell v2 works best in UEFI 2.3+ systems and is recommended over Shell v1 in those systems. Shell v1 should work in all UEFI systems irrespective of the spec. version the firmware follows. More info at ShellPkg and this mail
Launching UEFI Shell
Few Asus and other AMI Aptio x86_64 UEFI firmware based motherboards (from Sandy Bridge onwards) provide an option called
"Launch EFI Shell from filesystem device" . For those motherboards, download the x86_64 UEFI Shell and copy it to your EFI System Partition as
Systems with Phoenix SecureCore Tiano UEFI firmware are known to have embedded UEFI Shell which can be launched using either
Important UEFI Shell Commands
UEFI Shell commands usually support
-b option which makes output pause after each page.
map lists recognized filesystems (
fs0, ...) and data storage devices (
blk0, ...). Run
help -b to list available commands.
BCFG command is used to modify the UEFI NVRAM entries, which allow the user to change the boot entries or driver options. This command is described in detail in page 83 (Section 5.3) of "UEFI Shell Specification 2.0" PDF document.
bcfgcommand. You can download a modified UEFI Shell v2 binary which may work in UEFI pre-2.3 firmwares.
To dump a list of current boot entries:
Shell> bcfg boot dump -v
To add a boot menu entry for rEFInd (for example) as 4th (numbering starts from zero) option in the boot menu:
Shell> bcfg boot add 3 fs0:\EFI\refind\refind_x64.efi "rEFInd"
fs0: is the mapping corresponding to the EFI System Partition and
fs0:\EFI\refind\refind_x64.efi is the file to be launched.
To remove the 4th boot option:
Shell> bcfg boot rm 3
To move the boot option #3 to #0 (i.e. 1st or the default entry in the UEFI Boot menu):
Shell> bcfg boot mv 3 0
For bcfg help text:
Shell> help bcfg -v -b
Shell> bcfg -? -v -b
EDIT command provides a basic text editor with an interface similar to nano text editor, but slightly less functional. It handles UTF-8 encoding and takes care or LF vs CRLF line endings.
To edit, for example rEFInd's
refind.conf in the EFI System Partition (
fs0: in the firmware)
Shell> fs0: FS0:\> cd \EFI\arch\refind FS0:\EFI\arch\refind\> edit refind.conf
Ctrl-E for help.
UEFI Linux Hardware Compatibility
See HCL/Firmwares/UEFI for the main article.
UEFI Bootable Media
Create UEFI bootable USB from ISO
Remove UEFI boot support from ISO
Most of the 32-bit EFI Macs and some 64-bit EFI Macs refuse to boot from a UEFI(X64)+BIOS bootable CD/DVD. If one wishes to proceed with the installation using optical media, it might be necessary to remove UEFI support first.
Mount the official installation media and obtain the
archisolabel as shown in the previous section.
Rebuild the ISO using
xorriso from :
$ xorriso -as mkisofs -iso-level 3 \ -full-iso9660-filenames\ -volid "ARCH_201212" \ -appid "Arch Linux CD" \ -publisher "Arch Linux <https://www.archlinux.org>" \ -preparer "prepared like a BAWSE" \ -eltorito-boot isolinux/isolinux.bin \ -eltorito-catalog isolinux/boot.cat \ -no-emul-boot -boot-load-size 4 -boot-info-table \ -isohybrid-mbr "/mnt/iso/isolinux/isohdpfx.bin" \ -output "~/archiso.iso" "/mnt/iso/"
~/archiso.iso to optical media and proceed with installation normally.
Testing UEFI in systems without native support
OVMF for Virtual Machines
OVMF  is a tianocore project to enable UEFI support for Virtual Machines. OVMF contains a sample UEFI firmware for QEMU.
You can build OVMF (with Secure Boot support) from AURAUR and run it as follows:
$ qemu-system-x86_64 -enable-kvm -net none -m 1024 -bios /usr/share/ovmf/x86_64/bios.bin
DUET for BIOS only systems
DUET is a tianocore project that enables chainloading a full UEFI environment from a BIOS system, in a way similar to BIOS OS booting. This method is being discussed extensively in http://www.insanelymac.com/forum/topic/186440-linux-and-windows-uefi-boot-using-tianocore-duet-firmware/. Pre-build DUET images can be downloaded from one of the repos at https://gitorious.org/tianocore_uefi_duet_builds. Specific instructions for setting up DUET is available at https://gitorious.org/tianocore_uefi_duet_builds/tianocore_uefi_duet_installer/blobs/raw/master/Migle_BootDuet_INSTALL.txt.
You can also try http://sourceforge.net/projects/cloverefiboot/ which provides modified DUET images that may contain some system specific fixes and is more frequently updated compared to the gitorious repos.
Windows 7 will not boot in UEFI Mode
If you have installed Windows to a different harddisk with GPT partitioning and still have a MBR partitioned harddisk in your computer, then it is possible that the UEFI BIOS is starting it's CSM support (for booting MBR partitions) and therefor Windows will not boot. To solve this merge your MBR harddisk to GPT partitioning or disable the SATA port where the MBR harddisk is plugged in or unplug the SATA connector from this harddisk.
Mainboards with this kind of problem:
Gigabyte Z77X-UD3H rev. 1.1 (UEFI BIOS version F19e)
- UEFI BIOS option for booting UEFI Only does not pretend the UEFI BIOS from starting CSM
- Wikipedia:EFI System partition
- Linux Kernel x86_64 UEFI Documentation
- UEFI Forum - contains the official UEFI Specifications - GUID Partition Table is part of UEFI Specification
- Intel's Tianocore Project for Open-Source UEFI firmware which includes DuetPkg for direct BIOS based booting and OvmfPkg used in QEMU and Oracle VirtualBox
- Intel UEFI Community Resource Center
- Intel's page on EFI
- FGA: The EFI boot process
- Microsoft's Windows and GPT FAQ - Contains info on Windows UEFI booting also
- Convert Windows Vista SP1+ or 7 x86_64 boot from BIOS-MBR mode to UEFI-GPT mode without Reinstall
- Create a Linux BIOS+UEFI and Windows x64 BIOS+UEFI bootable USB drive
- Rod Smith - A BIOS to UEFI Transformation
- UEFI Boot problems on some newer machines (LKML)
- EFI Shells and Scripting - Intel Documentation
- UEFI Shell - Intel Documentation
- UEFI Shell - bcfg command info
- UEFI Shell v2 binary with bcfg modified to work with UEFI pre-2.3 firmware - from Clover efiboot
- LPC 2012 Plumbing UEFI into Linux
- LPC 2012 UEFI Tutorial : part 1
- LPC 2012 UEFI Tutorial : part 2