- Most USB thumb drives can be reprogrammed to silently infect computers
- Attackers exploit remote access tools to compromise retail systems
- Judge rules against Microsoft in email privacy case
- Twitter reports a rise in government data requests
- Tor points finger at US researchers after possible compromise of service
Are You Ready for UEFI on Your x86 Servers?
Your data centre is in the midst of the biggest server firmware upgrade ever, and you might not realise it. The update is called UEFI, and it doesn’t actually bring a lot of new features. Instead, it’s a long-overdue, industry-wide "bug fix" for x86.
Unified Extensible Firmware Interface (UEFI) is a new industry standard for the main firmware on an x86 server, replacing the venerable BIOS. Adopting UEFI is a big development effort for vendors, but it's not a revolutionary change for server admins, or even slick new technology. It’s a better-engineered version of something you already have.
Since IBM’s first x86 PC, all software on x86 computers has run on top of a layer of code called the BIOS. The BIOS is a clunky quilt of pieced-together firmware that initializes all of the subsystems on an x86 PC or server. It gets everything set up so that an off-the-shelf operating system like Windows can get its bearings and take over.
The problem is that this hodge-podge of boot code and interrupt handlers was designed in an era of floppy drives and monochrome monitors. Computer makers have run out of tricks to stretch BIOS to cover newer technologies. So, in a Spock-like mind meld, hardware makers and OS vendors collectively agreed on a logical, extensible replacement for BIOS. (The vendors even meet regularly to test that everyone is implementing the new stuff correctly -- one such 'plugfest' is going on this week in Redmond.)
UEFI benefits to vendors:
- Cuts firmware development time
- Reduces OS patching to recognize new components
- Allows greater interoperability of hardware
Most benefits of UEFI are to the vendors, but there are end-user advantages too. For example, it allows a computer to boot to a hard drive partition that's greater than 2 TB, something BIOS can't do. Microsoft uses UEFI to implement a kind of multicast over-the-network boot, and has discussed using UEFI to enable future OSes to do pre-OS user authentication. The biggest plus for users, though, is that it allows much more complex utilities to be embedded in servers.
The best example of this is Dell's Unified Server Configurator. USC is a UEFI application embedded on Dell's iDRAC management subsystem. It contains complex utilities, like OS deployment tools and firmware download wizards that used to require booting to Utility CDs with customized operating systems and drivers. The magic: Because of UEFI, USC runs entirely from system firmware, without an OS.
Another example of this kind of pre-boot utility is the UEFI Shell, an application that IBM has included in their UEFI-capable System x servers. The shell is a command-line interface -- think DOS window -- executing straight from firmware.
UEFI-enabled x86 servers and operating systems today:
- Dell 11G PowerEdge servers
- IBM System x (since 2009)
- Cisco UCS C-Series rack servers
- 64-bit versions of Microsoft Windows Server 2008
- SLES 11 (SP1)
There are a couple of minor downsides to UEFI. First, since its new code, there will be bugs as vendors get their code mature. (Dell's first UEFI-enabled PowerEdge servers had about a third more revisions to base firmware than their BIOS-only predecessors, for example; and IBM had to tweak its initial round of UEFI firmware to address reports of slow boot times in System x servers.)
Second, because the configuration settings stored on boot devices are different between BIOS and UEFI, hard drives and USB sticks created under BIOS generally won't boot on a server with UEFI enabled. That means you may run into problems trying to swap drives between servers.
Third, you may have to maintain different OS deployment processes, one for traditional BIOS and the other for UEFI. Server admins might also need to re-learn some bare-metal setup procedures, since the boot sequence and configuration menus on a UEFI server will be different than a BIOS-based server. (UEFI-based setup utilities should be more user-friendly than BIOS-based ones, though.)
UEFI Boot Process
UEFI doesn't entirely replace system-specific firmware. There must still be custom code to handle activities like memory testing and getting UEFI itself started. Also, because not all operating systems understand UEFI yet, x86 server implementations today (including those from Dell and IBM) contain both UEFI and a traditional BIOS, and allow server admins to toggle between them.
Overall, UEFI is a great fix to some long-standing problems with the boot process for x86 servers, and it’s a good example of vendors working together to ensure a better experience for all their customers.
By Daniel Bowers, Ideas International
Ideas International Limited (IDEAS, IDE:ASX) is an analyst company that provides enterprise IT research, insight, analysis, and tools to both the buy and sell sides of the industry, counting as clients many large technology vendors and major blue-chip global IT users. More information at www.ideasinternational.com