Windows 8 Secure Boot and EUFI Deep Dive, How It Works

Here’s how Secure Boot works to protect your system — implementing the EUFI system in Windows 8. – For years one of the biggest security issues in Microsoft Windows involved the Windows Basic Input and Output System (BIOS) and its software interrupts for input and output functionality. The system allowed flash drives, bootable discs and other bootloaders to operate at startup. This allowed for the possibility of malware — rootkits, to use one example — to potentially infect the computer during the boot process. Windows 8 Secure Boot fixes this — here’s a deep dive into how the new Unified Extensible Firmware Interface works.

What is UEFI?

UEFI — the Unified Extensible Firmware Interface in Windows 8 — refers to an open source standard specification.

If for some reason you want to continue running Windows 8 on a BIOS system, that option is still available. But to take advantage of Windows 8 advanced security functionality and faster boot time, you must have a UEFI-enabled computer.

Every Windows 8 computer you purchase today will be EUFI enabled, so no worries.

Secure Boot
Here’s how the new secure boot feature meets EUFI in terms of protecting your system before the operating system loads. Here’s a diagram Microsoft provides.

Image credit: Microsoft

Secure Boot, implementing EUFI, defines how the platform firmware manages validation of firmware, security certificates and the interface between firmware and the operating system.
In other words, Windows 8 utilizes Secure Boot to ensure that the pre-OS environment is secure.
Image credit: Microsoft Windows 8

A lot of people are confused by the new Secure Boot system. They think that the system makes it impossible to dual boot a Windows 8 system. This is not true. Secure Boot doesn’t lock out other operating system loaders. Instead it is a policy that requires firmware to validate authenticity of components. You can install additional operating systems, but there are extra steps in doing so.

  1. Although, I don’t recommend it, you can turn Secure Boot off in any non-ARM system (Windows 8 ARM tablets, like most other tablets, have locked boot loaders). This can be done by booting to the UEFI firmware settings and choosing the advanced options.
  2. If installing a Linux distribution, you can choose one that has been verified by Verisign, the Certificate Authority that Microsoft uses.
  3. You can create a bootable UEFI USB flash drive to be used during installation of the second operating system. There are third-party software programs that will help you do this.

The Windows 8 Secure Boot feature has received a bit of bad publicity. Some users see it as Microsoft’s way to “lock out” other operating systems. In actuality, it is Microsoft’s attempt to combat the advanced malware that has become prevalent in today’s world.

Based in Pinehurst, North Carolina, Sandy Berger is a veteran tech journalist and senior editor at covering tech tips and tricks, apps, gadgets, and consumer electronics. Email her at Follow her on Twitter @sandyberger, +SandyBerger on Google+, and on Facebook.