传统bios和UEFI bios启动流程分析
Modern c omputers such as desktop and laptop computers contain program code that facilitates the
hardware initialization process. The code is stored in non- volatile memory and is commonly referred to as
boot firmware. The prim ary f irmware used to initialize the s ystem is called the Basic Input/Output
System (BIOS) or the system BIOS. This section provides background information on the system BIOS
and its role in the boot process using the conventional BIOS and Unified Extensible Firmware Interface
(UEFI) BIOS as examples. It identifies the primary methods used for updating the system BIOS, and
security issues and threats to the system BIOS.
System BIOS
The system BIOS is the first piece of software executed on the main central processing unit (CPU) when a
computer is powered on. While the system BIOS was originally responsible for providing operating
systems access to hardware, its primary role on modern machines is to initialize and test hardware
components and load th e operating system. In addition, the BIOS loads and initializes important system
management functions, such as power and thermal management. The system BIOS may also load CPU
microcode patches during the boot process.
There are several different types o f BIOS firmware. Some computers use a16- bit conventional BIOS,
while many newer systems use boot firmware based on the UEFI specifications [UEFI]. In this document
we refer to all types of boot firmware as BIOS firmware, the system BIOS, or simply BIOS. When
necessary, we differentiate conventional BIOS firmware from UEFI firmware by calling them the
conventional BIOS and UEFI BIOS, respectively.
System BIOS is typically developed by both original equipment manufacturers (OEMs) and independent
BIOS vendors, and is distributed to end users with computer hardware. Manufacturers frequently update
system firmware to fix bugs, patch vulnerabilities, and support new hardware. The system BIOS is
typically stored on electrically erasable programmable read- only memory (EEPROM) or other forms of
flash memory, and is modifiable by end users. Typically, system BIOS firmware is updated using a
utility or tool that has special knowledge of the non - volatile storage components in which the BIOS is
stored.
A given computer system can have BIOS in several different locations. In addition to the motherboard,
BIOS can be found on hard drive controllers, video cards, network cards and other add- in cards. This
additional firmware generally takes the form of Option ROMs (containing conventional BIOS and/or
UEFI drivers) . These are loaded and executed by the system firmware during the boot process. Other
system devices, such as hard drives and optical drives, may have their own microcontrollers and other
types of firmware.
As noted in Section 1.2, the guidelines in this document apply BIOS firmware stored in the system flash.
This includes Option ROMs and UEFI drivers that are stored with the system BIOS firmware and are
updated by the same mechanism. It does not apply to Option ROMs, UEFI drivers, and firmware stored
elsewhere in a computer system.
Role of System BIOS in the Boot Process
The primary function of the system BIOS is to initialize important hardware components and to load the
operating system. This process is known as booting. The boot process of the system BIOS typically
executes in the following stages:
1. Execute Core Root of Trust: The system BIOS may include a small core block of firmware that
executes first and is capable of verifying the integrity of other firmware components. This has
traditionally been called the BIOS Boot Block . For trusted computing applications, it may also
contain the Core Root of Trust for Measurement (CRTM) .
2. Initialize and Test Low - Level Hardware: Very early in the boot process the system BIOS
initializes and tests key pieces of hardware on the computer system, including the motherboard,
chipset, memory and CPU.
3. Load and Execute Additional Firmware Modules: The system BIOS executes additional
pieces of firmware that either extend the capabilities of the system BIOS or initialize other
hardware components necessary for booting the system. These additional modules may be stored
within the same flash memory as the system BIOS or they may be stored in the hardware devices
they initialize (e.g., video card, local area network card).
4. Select Boot Device: After system hardware has been configured, the system BIOS searches for a
boot device (e.g., hard drive, optical drive, USB drive) and executes the boot loader stored on that
device.
5. Load Operating System: While the system BIOS is still in control of the computer, the boot
loader begins to load and initialize the operating system kernel. Once the kernel is functional,
primary control of the computer system transfers from the system BIOS to the operating system.
In addition, the system BIOS loads system management interrupt ( SMI ) handlers (also known as System
Management Mode (SMM) code) and initializes Advanced Configuration and Power Interface (ACPI)
tables and code. These provide important system management functions for the running computer
system, such as power and thermal management.
This section describes the boot process in conventional BIOS - based systems and the boot process in
UEFI- based systems. While conventional BIOS is used in many desktop and laptop computers deployed
today, the industry has begun transitioning to UEFI BIOS.
Conventional BIOS Boot Process
Figure 1 shows a typical boot process for x86- compatible systems running a conventional BIOS. The
conventional BIOS often executes in 16- bit real mode, although some more recent implementations
execute in protected mode. Some conventional BIOS - based firmware has a small block of BIOS
firmware — known as the BIOS boot block — that is logically separate f rom the rest of the BIOS. On
these computer systems, the boot block is the first firmware executed during the boot process. The boot
block is responsible for checking the integrity of the remaining BIOS code, and may provide mechanisms
for recovery if th e main system BIOS firmware is corrupted. On most trusted computing architectures,
the BIOS boot block serves as the computer system’s CRTM because this firmware is implicitly trusted to
bootstrap the process of building a measurement chain for subsequent attestation of other firmware and
software that is executed on the machine [TCG05].
The boot block executes the part of the conventional BIOS that initializes most hardware components—
the Power - on- Self - Test (POST) code. During POST, key low - level hardware on the computer system is
initialized, including the chipset, CPU, and memory. The system BIOS initializes the video card, which
may load and execute its own BIOS to initialize graphics processors and memory.
![]()
Figure 1 : Conventional BIOS Boot Process
Next, the system BIOS searches for other peripherals and microcontrollers, and executes any Option
ROMs on these components necessary to initialize them. Option ROMs execute very early in the boot
process and can add a variety of features to the boot process. For example, the Option ROM on a network
adapter could load the Preboot Execution Environment (PXE), which allows a computer to boot over the
network.
Next, the system BIOS scans the computer system for storage devices that have been identified as boot
devices. In a typical case, the BIOS attempts to boot from the first boot device it finds that has a valid
master boot record (MBR). The MBR points to a boot loader stored on the hard drive, which in turn
starts the p rocess of loading the operating system.
During the boot process the system BIOS loads SMI handlers and initializes ACPI tables and code. SMI
handlers run in a special high - privilege mode on the CPU known as System Management Mode, a 32 - bit
mode that is capable of bypassing many of the hardware security mechanisms of protected mode, such as
memory segmentation and page protections.
UEFI Boot Process
At a high level, the UEFI boot process, shown in Figure 2, follows a similar flow to the conventional
BIOS boot process. One difference is that UEFI code runs in 32 - or 64- bit protected mode on the CPU,
not in 16 - bit real mode as is often the case with conventional BIOS. Most UEFI - based platforms start
with a small core block of code that has the primary responsibility of authenticating subsequent code
executed on the computer system. This is very similar to the role of the boot block in conventional BIOS.
This part of the boot process is known as the Security (SEC) phase, and it serves as the core root of trust
in the computer system.
![]()
![]()
Figure 2 : UEFI BIOS Boot Process
The next phase of the UEFI boot process is the Pre - EFI Initialization (PEI) Phase. The PEI phase is
intended to initialize key system components, such as the processor, chipset and motherboard. In some
cases, the code in the Security Phase and the PEI Phase comprise the core root of trust in a UEFI system.
The purpose of the PEI Phase is to prepare the system for the Driver Execution Environment (DXE)
phase. The DXE phase is where most system initialization is performed. The firmware executed in this
phase is responsible for searching for and executing drivers that provide device support during the boot
process, or provide additional features. During this p hase the UEFI BIOS may execute conventional
option ROMs, which have a similar purpose.
The PEI and DXE phases of the UEFI boot process lay the foundation to load an operating system. The
final tasks necessary to load an operating system are performed in the Boot Device Selection (BDS)
phase. This phase initializes console devices for simple input/output operations on the system. These
console devices include local text or graphical interfaces, as well as remote interfaces, such as Telnet or
remote displays over HTTP. The BDS phase also loads any additional drivers necessary to manage
console or boot devices. Finally, the firmware loads the boot loader from the first MBR or GUID
Partition Table (GPT) formatted boot device, and loads the operating system.
During the boot process the UEFI BIOS loads SMI handlers and initializes ACPI tables and code.
The Run Time phase of the UEFI boot process begins when the operating system is ready to take control
from the UEFI BIOS. UEFI runtime services are availab le to the operating system during this phase.
FI BIOS. UEFI runtime services are availab le to the operating system during this phase.
hardware initialization process. The code is stored in non- volatile memory and is commonly referred to as
boot firmware. The prim ary f irmware used to initialize the s ystem is called the Basic Input/Output
System (BIOS) or the system BIOS. This section provides background information on the system BIOS
and its role in the boot process using the conventional BIOS and Unified Extensible Firmware Interface
(UEFI) BIOS as examples. It identifies the primary methods used for updating the system BIOS, and
security issues and threats to the system BIOS.
System BIOS
The system BIOS is the first piece of software executed on the main central processing unit (CPU) when a
computer is powered on. While the system BIOS was originally responsible for providing operating
systems access to hardware, its primary role on modern machines is to initialize and test hardware
components and load th e operating system. In addition, the BIOS loads and initializes important system
management functions, such as power and thermal management. The system BIOS may also load CPU
microcode patches during the boot process.
There are several different types o f BIOS firmware. Some computers use a16- bit conventional BIOS,
while many newer systems use boot firmware based on the UEFI specifications [UEFI]. In this document
we refer to all types of boot firmware as BIOS firmware, the system BIOS, or simply BIOS. When
necessary, we differentiate conventional BIOS firmware from UEFI firmware by calling them the
conventional BIOS and UEFI BIOS, respectively.
System BIOS is typically developed by both original equipment manufacturers (OEMs) and independent
BIOS vendors, and is distributed to end users with computer hardware. Manufacturers frequently update
system firmware to fix bugs, patch vulnerabilities, and support new hardware. The system BIOS is
typically stored on electrically erasable programmable read- only memory (EEPROM) or other forms of
flash memory, and is modifiable by end users. Typically, system BIOS firmware is updated using a
utility or tool that has special knowledge of the non - volatile storage components in which the BIOS is
stored.
A given computer system can have BIOS in several different locations. In addition to the motherboard,
BIOS can be found on hard drive controllers, video cards, network cards and other add- in cards. This
additional firmware generally takes the form of Option ROMs (containing conventional BIOS and/or
UEFI drivers) . These are loaded and executed by the system firmware during the boot process. Other
system devices, such as hard drives and optical drives, may have their own microcontrollers and other
types of firmware.
As noted in Section 1.2, the guidelines in this document apply BIOS firmware stored in the system flash.
This includes Option ROMs and UEFI drivers that are stored with the system BIOS firmware and are
updated by the same mechanism. It does not apply to Option ROMs, UEFI drivers, and firmware stored
elsewhere in a computer system.
Role of System BIOS in the Boot Process
The primary function of the system BIOS is to initialize important hardware components and to load the
operating system. This process is known as booting. The boot process of the system BIOS typically
executes in the following stages:
1. Execute Core Root of Trust: The system BIOS may include a small core block of firmware that
executes first and is capable of verifying the integrity of other firmware components. This has
traditionally been called the BIOS Boot Block . For trusted computing applications, it may also
contain the Core Root of Trust for Measurement (CRTM) .
2. Initialize and Test Low - Level Hardware: Very early in the boot process the system BIOS
initializes and tests key pieces of hardware on the computer system, including the motherboard,
chipset, memory and CPU.
3. Load and Execute Additional Firmware Modules: The system BIOS executes additional
pieces of firmware that either extend the capabilities of the system BIOS or initialize other
hardware components necessary for booting the system. These additional modules may be stored
within the same flash memory as the system BIOS or they may be stored in the hardware devices
they initialize (e.g., video card, local area network card).
4. Select Boot Device: After system hardware has been configured, the system BIOS searches for a
boot device (e.g., hard drive, optical drive, USB drive) and executes the boot loader stored on that
device.
5. Load Operating System: While the system BIOS is still in control of the computer, the boot
loader begins to load and initialize the operating system kernel. Once the kernel is functional,
primary control of the computer system transfers from the system BIOS to the operating system.
In addition, the system BIOS loads system management interrupt ( SMI ) handlers (also known as System
Management Mode (SMM) code) and initializes Advanced Configuration and Power Interface (ACPI)
tables and code. These provide important system management functions for the running computer
system, such as power and thermal management.
This section describes the boot process in conventional BIOS - based systems and the boot process in
UEFI- based systems. While conventional BIOS is used in many desktop and laptop computers deployed
today, the industry has begun transitioning to UEFI BIOS.
Conventional BIOS Boot Process
Figure 1 shows a typical boot process for x86- compatible systems running a conventional BIOS. The
conventional BIOS often executes in 16- bit real mode, although some more recent implementations
execute in protected mode. Some conventional BIOS - based firmware has a small block of BIOS
firmware — known as the BIOS boot block — that is logically separate f rom the rest of the BIOS. On
these computer systems, the boot block is the first firmware executed during the boot process. The boot
block is responsible for checking the integrity of the remaining BIOS code, and may provide mechanisms
for recovery if th e main system BIOS firmware is corrupted. On most trusted computing architectures,
the BIOS boot block serves as the computer system’s CRTM because this firmware is implicitly trusted to
bootstrap the process of building a measurement chain for subsequent attestation of other firmware and
software that is executed on the machine [TCG05].
The boot block executes the part of the conventional BIOS that initializes most hardware components—
the Power - on- Self - Test (POST) code. During POST, key low - level hardware on the computer system is
initialized, including the chipset, CPU, and memory. The system BIOS initializes the video card, which
may load and execute its own BIOS to initialize graphics processors and memory.
Figure 1 : Conventional BIOS Boot Process
Next, the system BIOS searches for other peripherals and microcontrollers, and executes any Option
ROMs on these components necessary to initialize them. Option ROMs execute very early in the boot
process and can add a variety of features to the boot process. For example, the Option ROM on a network
adapter could load the Preboot Execution Environment (PXE), which allows a computer to boot over the
network.
Next, the system BIOS scans the computer system for storage devices that have been identified as boot
devices. In a typical case, the BIOS attempts to boot from the first boot device it finds that has a valid
master boot record (MBR). The MBR points to a boot loader stored on the hard drive, which in turn
starts the p rocess of loading the operating system.
During the boot process the system BIOS loads SMI handlers and initializes ACPI tables and code. SMI
handlers run in a special high - privilege mode on the CPU known as System Management Mode, a 32 - bit
mode that is capable of bypassing many of the hardware security mechanisms of protected mode, such as
memory segmentation and page protections.
UEFI Boot Process
At a high level, the UEFI boot process, shown in Figure 2, follows a similar flow to the conventional
BIOS boot process. One difference is that UEFI code runs in 32 - or 64- bit protected mode on the CPU,
not in 16 - bit real mode as is often the case with conventional BIOS. Most UEFI - based platforms start
with a small core block of code that has the primary responsibility of authenticating subsequent code
executed on the computer system. This is very similar to the role of the boot block in conventional BIOS.
This part of the boot process is known as the Security (SEC) phase, and it serves as the core root of trust
in the computer system.
Figure 2 : UEFI BIOS Boot Process
The next phase of the UEFI boot process is the Pre - EFI Initialization (PEI) Phase. The PEI phase is
intended to initialize key system components, such as the processor, chipset and motherboard. In some
cases, the code in the Security Phase and the PEI Phase comprise the core root of trust in a UEFI system.
The purpose of the PEI Phase is to prepare the system for the Driver Execution Environment (DXE)
phase. The DXE phase is where most system initialization is performed. The firmware executed in this
phase is responsible for searching for and executing drivers that provide device support during the boot
process, or provide additional features. During this p hase the UEFI BIOS may execute conventional
option ROMs, which have a similar purpose.
The PEI and DXE phases of the UEFI boot process lay the foundation to load an operating system. The
final tasks necessary to load an operating system are performed in the Boot Device Selection (BDS)
phase. This phase initializes console devices for simple input/output operations on the system. These
console devices include local text or graphical interfaces, as well as remote interfaces, such as Telnet or
remote displays over HTTP. The BDS phase also loads any additional drivers necessary to manage
console or boot devices. Finally, the firmware loads the boot loader from the first MBR or GUID
Partition Table (GPT) formatted boot device, and loads the operating system.
During the boot process the UEFI BIOS loads SMI handlers and initializes ACPI tables and code.
The Run Time phase of the UEFI boot process begins when the operating system is ready to take control
from the UEFI BIOS. UEFI runtime services are availab le to the operating system during this phase.
FI BIOS. UEFI runtime services are availab le to the operating system during this phase.