Placeholder Image

Subtitles section Play video

  • Why, UEFI?

  • Hi, everyone!

  • Leo Notenboom for askleo.com.

  • One of the really common frustrations I hear from people are their attempt to reboot their

  • computer from something other than its internal hard diskCD or DVD or more recently,

  • USB sticks.

  • The issue is with newer machines that come with what's called the UEFI BIOS replacement.

  • Technically, it's just UEFI but I think everybody more or less refers to it as the

  • UEFI BIOS.

  • BIOS is the software that is actually on your machine the instant you turn it on.

  • It's the software that is in charge of starting the thing up; booting the machine; knowing

  • how to load the initial operating machine or whatever.

  • UEFI is a replacement for the original BIOS that's been with us for probably a quarter

  • of a century.

  • UEFI allows the manufacturers to take more advantage of the capabilities of their machine;

  • capabilities that just didn't exist 25 years ago.

  • So, one of the things that they've done, actually, a couple of the things that they've

  • done, have been to increase the security associated with rebooting your machine.

  • It boils down to a couple of different problems.

  • The most interesting problem, the most risky problem if you want to call it that is that

  • with an older BIOS, or with a UEFI configured to run in what's calledLegacymode

  • to mimic the behavior of an older BIOS, anybody can walk up to your computer, turn it off,

  • insert a USB stick, CD, or DVD, reboot it and then have complete control over your machine.

  • In other words, physical presence is all they need to be able to access pretty much anything

  • on your machine through one means or another.

  • What UEFI does is it restricts what happens when you reboot your machine.

  • You may notice that on newer machines that come with things like Windows 8 or Windows

  • 10, the process to get into the BIOS, the process to get into the different settings

  • that may be present in the UEFI, is different.

  • You don't do it by holding down a key when you reboot the machine.

  • Instead, you actually have to reboot the machine into Windows and then using the Windows settings

  • app, go through and have it then reboot into whatever your manufacturer provides.

  • What that means, and the reason that's done is that insures that only people who actually

  • have administrative access to the machine can in fact, reboot into the UEFI configuration.

  • Somebody can't just walk up to your machine and do things like change the boot order.

  • By restricting UEFI access to going through this path where you have to go through Windows

  • or the installed operating system in order to be able to see those settings, you basically

  • increased the security of the machine.

  • One of the other settings that comes into play is this thing called secure boot.

  • What that does is it prevents you from booting into something that isn't authorized, if

  • you will.

  • Something that isn't an official signed, allowed copy of an operating system.

  • Now many people think that this is a Windows thing but Microsoft is all about this, but

  • that's not the case.

  • This is actually something that's implemented by the hardware manufacturers that is something

  • that is implement in the BIOS that is in the all of these machines in UEFI BIOS that's

  • in all these machines.

  • But in reality, it has nothing to do with Windows specifically.

  • Windows just happens to be one of the operating systems that conforms to this specification.

  • It does mean that when it comes time to reboot your machine, if secure boot is turned on,

  • it won't boot from just anything.

  • It will actually only boot from things that it is allowed to boot from, which means you

  • can't just download a random operating system from the internet and expect your machine

  • to boot into if secure boot is turned on.

  • So, unfortunately, what most people then ask is, “Great, how do I turn secure boot off?

  • How do I return my machine to a configuration that allows me to do the things I need to

  • do to that machine?”

  • The answer is, as so many times comes, it depends.

  • You may not be able to.

  • That's a situation I'm in as far as I can tell with my original Microsoft Surface

  • Pro.

  • For the life of me, I cannot get it to boot from anything other than its internal hard

  • disk.

  • The UEFI BIOS is configured for this secure boot mode.

  • It is configured in such a way that I do not have access to the actual UEFI settings and

  • that's a choice that the computer manufacturer (Microsoft in this case) happened to make.

  • That's the way that machine works.

  • If that machine's hard disk fails, to be honest, I'm not sure what I'll do.

  • In other cases, it depends, again, on exactly the permissions that your computer manufacturer

  • has given you.

  • You would start with the settings app but where you go will depend on exactly what your

  • computer manufacturer has allowed for and pre-configured.

  • Even then, when you reboot into the UEFI settings, like the BIOS before it, UEFI varies from

  • machine to machine, from manufacturer to manufacturer.

  • It's incredibly capable.

  • They're many things you can do with it but exactly which UEFI implementation is being

  • used by your computer manufacturer will vary.

  • What that really boils down to, the bottom line here is that I can't tell you for your

  • machine exactly what steps you need to take undo or to go back to a Legacy type scenario

  • or to a not secure boot scenario.

  • You need to check with the documentation that came with your computer or you need to check

  • with the computer manufacturer to find out what capabilities are available to you and

  • then exactly what steps you need to take to make the configuration changes that will allow

  • you to do what you want.

  • So, UEFI, it really is all about protecting you from random, what I'll calldrive-by

  • rebootswhere someone can just walk up to your machine and take control by rebooting

  • it randomly into whatever they happen to have in their pocket.

  • Is that a good thing?

  • In some environments it is.

  • In home environmentsmaybe not so much.

  • It's hard to say.

  • What do you do?

  • How do you react to all of this security that's being implemented by UEFI?

  • Is it an issue for you?

  • If it is an issue for you, how have you been working around it?

  • Have you been working around it?

  • Let me know.

  • As always, here's a link to this article posted on Ask Leo!

  • That's where all the comments are read; that's where all the comments are moderated.

  • I'd love to hear your experience with UEFI.

  • Again, until next time, I'm Leo Notenboom for askleo.com.

  • Remember, stay safe, have fun, and don't forget to back up.

  • I'll see you again next week.

  • Take care.

  • Hey, if you found this video valuable, I could use your support.

  • Visit patreon.com/askleo and pledge a couple of bucks a month or more depending on what

  • kind of a reward you like.

  • Yep, there's rewards associated with it and what it will allow me to do is to focus

  • on creating more valuable content like the video you just saw.

  • Regardless of whether you do or not, thanks again for watching.

  • I'm Leo Notenboom for askleo.com.

Why, UEFI?

Subtitles and vocabulary

Click the word to look it up Click the word to find further inforamtion about it