When I first heard about UEFI a few years ago I thought it was a great idea. It could make life easier in the long run for developers of full disk encryption to provide advanced authentication and maintenance features for their customers. With this in mind I joined WinMagic up to UEFI.org.  Having implemented pre-boot authentication on Apple Macs, which used EFI, we were already familiar with UEFI’s predecessor.

From UEFI.org: “UEFI stands for “Unified Extensible Firmware Interface”. The UEFI specification defines a new model for the interface between personal-computer operating systems and platform firmware. The interface consists of data tables that contain platform-related information, plus boot and runtime service calls that are available to the operating system and its loader. Together, these provide a standard environment for booting an operating system and running pre-boot applications.“

Historically “IBM compatible” PCs booted up via the BIOS (Basic Input Output System) built into the ROM (Read Only Memory) of almost all PCs.  The BIOS got the job done but it didn’t make it easy for developers who needed to use the capabilities of the machines such as the WAN card or the USB stack for tokens in pre-boot environment.  In the BIOS environment the solution was to develop our own “pre boot mini OS” or boot Linux, perform pre-boot authentication and then boot Windows.

PC OEMs  (e.g. HP, Lenovo, Dell, etc.) have been shipping UEFI capable machines for a long while but with almost all configured to legacy (BIOS) booting mode so it made no difference in practice for pre-boot applications.  This all changed with the release of Windows 8 in late 2012. Microsoft made it a Windows 8 Logo requirement to ship the BIOS in “native” UEFI mode.  Since we had our UEFI pre-boot application implemented utilizing “standard” features from the UEFI specification AND had successfully tested on some Windows 8 logo machines this marked a major milestone.

However there are “standards” and then there are “implementations”.  Often it takes time for the implementations to converge to the standard. We have found that many of the implementations of UEFI just don’t support the UEFI features needed by pre-boot FDE pre-boot applications. As a consequence the number of Windows 8/UEFI platforms that are supported is limited. The good news is that the PC OEMs and BIOS vendors really are committed to delivering on the promise of UEFI and are open to work with ‘application’ writers such as WinMagic. It is going to take some time but as the PC OEMs ship their new PCs with improved UEFI ROMs, the pre-applications written by WinMagic and others are going to benefit from the long journey from BIOS to UEFI. Afterall, ROM wasn’t built in a day.


*1           http://www.uefi.org/home/

*2           http://en.wikipedia.org/wiki/BIOS


Leave a Comment


Garry McCracken

About Garry McCracken /

Garry, a CISSP, has more than 30 years of experience in data communications and information security. He has contributed to the development of WinMagic's full-disk encryption solutions for desktops, laptops, and other mobile devices. When he is not saving the world of data encryption, he takes off his cape to relax and enjoy life at the cottage. Garry writes from a position of technical expertise since we first started SecureSpeak, making him the longest running blogger at WinMagic.
Garry McCracken