UEFI (Unified Extensible Firmware Interface) is the modern replacement for legacy BIOS firmware on PC-compatible systems. Originating as Intel's EFI in the late 1990s for Itanium, it was generalised and standardised by the UEFI Forum and is now ubiquitous on x86 and ARM servers and desktops. UEFI runs in long mode (64-bit), supports large disks via GPT partitioning, provides a proper driver model, and offers a standardised interface that operating-system bootloaders can use without resorting to BIOS-era tricks.
UEFI introduces the EFI System Partition (ESP), a FAT32 partition (usually mounted at /boot/efi on Linux) that holds EFI executables like grubx64.efi, shimx64.efi, or systemd-bootx64.efi. The firmware maintains a list of boot entries in NVRAM, which the efibootmgr command can inspect and manipulate:
efibootmgr -v # list current entries
efibootmgr -c -d /dev/sda -p 1 \\
-L "Linux" -l '\\EFI\\linux\\grubx64.efi'
UEFI also brings Secure Boot, which cryptographically verifies bootloaders against a trust chain stored in firmware. On Linux, this is handled via a "shim" signed by Microsoft's UEFI CA, which in turn verifies a distribution-signed bootloader. Secure Boot is controversial—some see it as a lock-in risk, others as a meaningful defence against bootkits—and most distributions support both enabled and disabled configurations.
Related terms: BIOS, GRUB, systemd-boot
Discussed in:
- Chapter 3: The Linux Kernel — The Boot Process
Also defined in: Textbook of Linux