Session Agenda

Designed to address BIOS Limitations Needed for the larger server platforms (Intel-HP Itanium) First called Intel Boot Initiative then renamed to EFI Specification and Source Code encouraged the UEFI forum Provides support for newer hardware Addresses the need to support x64 bit system Streamlines the boot process into the OS Simplifies the integration with 3 rd party components

Divided by working groups USWFG UTWG PIWG ICWG UEFI encourages industry participation 11 Promoters 20+ Contributors 70+ Adopters

Enables Innovation Support for Large Disks CPU-Independent Architect Flexible pre-OS Environment Modular Design Why UEFI?

ScenarioMin Server version Min WinPE version Min Boot program version Notes X64 UEFI2008 X64 feature UEFI support introduced in 2008 X64 UEFI support added in 2012 X86 UEFI2012 Support for x86 UEFI added in 2012 UEFI PXE IPv Support for IPv6 added in 2012 The version of the Windows PE boot files must match the computer architecture. An x64-based UEFI computer can boot by using only Windows PE x64 boot files. An x86-based computer can boot by using only Windows PE x86 boot files. *

UEFI Version or newer

Firmware Platform Specific UEFI Firmware Windows OS System hardware UEFI Runtime Services UEFI OS Loader ACPI BIOS ACPI registers ACPI tables ACPI driver UEFI Win32/NT APIs Compatibility Support Module (CSM) BIOS OS loader BIOS mode Legacy BIOS UEFI mode

Power onPlatform initialization Operating system (OS) boot Shutdown Run Time (RT) OS-Present Application Final OS Environment Final OS Boot Loader Driver Execution Environment (DXE) Boot Dev Select (BDS) Transient System Load (TSL) OS-Absent App UEFI Shell Transient OS Boot Loader Boot Manager Device, Bus, or Service Driver UEFI Interfaces EFI Driver Dispatcher Architectural Protocols Pre-EFI Initialization (PEI) CPU Init Chipset Init Board Init verify Security (SEC) PEI Core Pre Verifier

Fat32 LBA 0 LBA z

If a computer is in “Legacy” or “Mixed” mode it is NOT in native UEFI mode

Default UEFI/GPT drive partitions Disk 0 MSR Windows RE tools

Recommended UEFI/GPT drive partitions Disk 0 Windows RE tools MSR Recovery Image

Creating a Bootable USB Drive Option #2: Create Multiple Partition on a WTG USB Drive Option #3: Create your image using two USB sticks Option #4: Boot straight from the Windows OS USB

Looks and feels like a regular shutdown / boot Leverages Hibernate technology to cache the core system Enabled by default Delivers considerable improvements: Boots more than twice as fast on SSD-based netbooks, including POST Need partners to continue work to reduce POST times POST OS initialization Service & app initialization Service & app init Hiberfile read Device initialization Explorer ready Windows 7 Windows 8

Can you really tell the difference?

Secure Boot Process Only executes signed UEFI binary images Includes Option ROMs, pre-boot utilities and OS loaders. Benefit: Helps prevent malicious code before the OS loads Benefit: Provides Time-authenticated variables Benefit: Allows stronger keys for encryption Secure boot is a UEFI specification, not a Microsoft product!

Secure Boot

Measured Boot TPM [PCR Data] [AIK pub] [Signature] Boot Log Hash of next item(s)

Windows 7 Windows 8 Malware is able to start before Windows and Anti-malware Trusted Boot starts Anti-Malware early in the boot process Early Launch Anti-Malware (ELAM)

Current Windows-Specific UEFI Highlights Multicast Deployment Fast boot and resume from hibernation Future UEFI Capabilities Rootkit prevention Network Authentication Deployment Server

Key Objectives Covered

Windows Enterprise: windows.com/enterprisewindows.com/enterprise

System Center 2012 Configuration Manager us/evalcenter/hh aspx?wt.mc_id=TEC_105_1_33 Windows Intune Windows Server Windows Server 2012 VDI and Remote Desktop Services us/evalcenter/hh aspx?ocid=&wt.mc_id=TEC_108_1_33 desktop-infrastructure.aspx More Resources: microsoft.com/workstyle microsoft.com/server-cloud/user-device-management For More Information