Why, UEFI? Hi, everyone! Leo Notenboom for askleo.com. One of the really common frustrations I hear
from people are their attempt to reboot their computer from something other than its internal
hard disk – CD or DVD or more recently, USB sticks. The issue is with newer machines that come
with what’s called the UEFI BIOS replacement. Technically, it’s just UEFI but I think
everybody more or less refers to it as the UEFI BIOS. BIOS is the software that is actually on your
machine the instant you turn it on. It’s the software that is in charge of starting
the thing up; booting the machine; knowing how to load the initial operating machine
or whatever. UEFI is a replacement for the original BIOS
that’s been with us for probably a quarter of a century. UEFI allows the manufacturers to take more
advantage of the capabilities of their machine; capabilities that just didn’t exist 25 years
ago. So, one of the things that they’ve done,
actually, a couple of the things that they’ve done, have been to increase the security associated
with rebooting your machine. It boils down to a couple of different problems. The most interesting problem, the most risky
problem if you want to call it that is that with an older BIOS, or with a UEFI configured
to run in what’s called “Legacy” mode to mimic the behavior of an older BIOS, anybody
can walk up to your computer, turn it off, insert a USB stick, CD, or DVD, reboot it
and then have complete control over your machine. In other words, physical presence is all they
need to be able to access pretty much anything on your machine through one means or another. What UEFI does is it restricts what happens
when you reboot your machine. You may notice that on newer machines that
come with things like Windows 8 or Windows 10, the process to get into the BIOS, the
process to get into the different settings that may be present in the UEFI, is different. You don’t do it by holding down a key when
you reboot the machine. Instead, you actually have to reboot the machine
into Windows and then using the Windows settings app, go through and have it then reboot into
whatever your manufacturer provides. What that means, and the reason that’s done
is that insures that only people who actually have administrative access to the machine
can in fact, reboot into the UEFI configuration. Somebody can’t just walk up to your machine
and do things like change the boot order. By restricting UEFI access to going through
this path where you have to go through Windows or the installed operating system in order
to be able to see those settings, you basically increased the security of the machine. One of the other settings that comes into
play is this thing called secure boot. What that does is it prevents you from booting
into something that isn’t authorized, if you will. Something that isn’t an official signed,
allowed copy of an operating system. Now many people think that this is a Windows
thing but Microsoft is all about this, but that’s not the case. This is actually something that’s implemented
by the hardware manufacturers that is something that is implement in the BIOS that is in the
all of these machines in UEFI BIOS that’s in all these machines. But in reality, it has nothing to do with
Windows specifically. Windows just happens to be one of the operating
systems that conforms to this specification. It does mean that when it comes time to reboot
your machine, if secure boot is turned on, it won’t boot from just anything. It will actually only boot from things that
it is allowed to boot from, which means you can’t just download a random operating system
from the internet and expect your machine to boot into if secure boot is turned on. So, unfortunately, what most people then ask
is, “Great, how do I turn secure boot off? How do I return my machine to a configuration
that allows me to do the things I need to do to that machine?” The answer is, as so many times comes, it
depends. You may not be able to. That’s a situation I’m in as far as I
can tell with my original Microsoft Surface Pro. For the life of me, I cannot get it to boot
from anything other than its internal hard disk. The UEFI BIOS is configured for this secure
boot mode. It is configured in such a way that I do not
have access to the actual UEFI settings and that’s a choice that the computer manufacturer
(Microsoft in this case) happened to make. That’s the way that machine works. If that machine’s hard disk fails, to be
honest, I’m not sure what I’ll do. In other cases, it depends, again, on exactly
the permissions that your computer manufacturer has given you. You would start with the settings app but
where you go will depend on exactly what your computer manufacturer has allowed for and
pre-configured. Even then, when you reboot into the UEFI settings,
like the BIOS before it, UEFI varies from machine to machine, from manufacturer to manufacturer. It’s incredibly capable. They’re many things you can do with it but
exactly which UEFI implementation is being used by your computer manufacturer will vary. What that really boils down to, the bottom
line here is that I can’t tell you for your machine exactly what steps you need to take
undo or to go back to a Legacy type scenario or to a not secure boot scenario. You need to check with the documentation that
came with your computer or you need to check with the computer manufacturer to find out
what capabilities are available to you and then exactly what steps you need to take to
make the configuration changes that will allow you to do what you want. So, UEFI, it really is all about protecting
you from random, what I’ll call “drive-by reboots” where someone can just walk up
to your machine and take control by rebooting it randomly into whatever they happen to have
in their pocket. Is that a good thing? In some environments it is. In home environments – maybe not so much. It’s hard to say. What do you do? How do you react to all of this security that’s
being implemented by UEFI? Is it an issue for you? If it is an issue for you, how have you been
working around it? Have you been working around it? Let me know. As always, here’s a link to this article
posted on Ask Leo! That’s where all the comments are read;
that’s where all the comments are moderated. I’d love to hear your experience with UEFI. Again, until next time, I’m Leo Notenboom
for askleo.com. Remember, stay safe, have fun, and don’t
forget to back up. I’ll see you again next week. Take care. Hey, if you found this video valuable, I could
use your support. Visit patreon.com/askleo and pledge a couple
of bucks a month or more depending on what kind of a reward you like. Yep, there’s rewards associated with it
and what it will allow me to do is to focus on creating more valuable content like the
video you just saw. Regardless of whether you do or not, thanks
again for watching. I’m Leo Notenboom for askleo.com.
