WCA-B337 Replacing BIOS with a UEFI Deployment

advertisement
Session Agenda
Designed to address BIOS Limitations
• Needed for the larger server platforms (Intel-HP Itanium)
• First called Intel Boot Initiative then renamed to EFI
• Specification and Source Code encouraged the UEFI forum
Provides support for newer hardware
• Addresses the need to support x64 bit system
• Streamlines the boot process into the OS
• Simplifies the integration with 3rd party components
UEFI encourages industry
participation
• 11 Promoters
• 20+ Contributors
• 70+ Adopters
Divided by working groups
• USWFG
• UTWG
• PIWG
• ICWG
Why UEFI?
Enables Innovation
Support for Large Disks
CPU-Independent Architect
Flexible pre-OS Environment
Scenario
Min Server
version
Min WinPE
version
Min Boot program Notes
version
X64 UEFI
2008
2008
2008
X64 feature UEFI support
introduced in 2008
X64 UEFI
2.3.1
2008
2012
2012
2.3.1 support added in 2012
X86 UEFI
2012
2012
2012
Support for x86 UEFI added
in 2012
UEFI PXE IPv6 2012
2012
2012
Support for IPv6 added in
2012
version of the Windows PE boot files must match the computer architecture. An x64-based UEFI computer can boot
* The
by using only Windows PE x64 boot files. An x86-based computer can boot by using only Windows PE x86 boot files.
Windows OS
ACPI driver
Win32/NT APIs
UEFI OS Loader
BIOS OSUEFI
loader
BIOS mode
UEFI mode
UEFI Runtime
Compatibility
SupportServices
Module (CSM)
Legacy BIOS
Platform Specific UEFI Firmware
ACPI
registers
Firmware
System hardware
ACPI BIOS
ACPI tables
Application Software
Operating System Software
Firmware
Drivers
Hardware
Hard
Disk
ROM
PC
UEFI
Pre Verifier
Interfaces
PEI
Core
CPU
Init
Chipset Init
OS-Absent
App
UEFI Shell
Device, Bus,
or Service
Driver
Transient OS Boot
Loader
Board Init
EFI Driver Dispatcher
Architectural Protocols
Security (SEC)
Power on
Pre-EFI Initialization
(PEI)
Driver Execution
Environment (DXE)
Platform initialization
OS-Present
Application
Boot Manager
Boot Dev
Select
(BDS)
Final OS Boot Loader
Final OS Environment
Transient
System Load
Run Time
(TSL)
Operating system (OS) boot
(RT)
Shutdown
LBA 0
LBA z
If a computer is in “Legacy” or “Mixed” mode it is NOT in native
UEFI mode
Default UEFI/GPT drive partitions
Disk 0
Windows
RE tools
MSR
Recommended UEFI/GPT drive partitions
Disk 0
Windows
RE tools
MSR
Recovery
Image
Creating a Bootable USB Drive
Option #1:
Option #2: Create Multiple Partition on a WTG USB
Drive
Option #3: Create your image using two USB sticks
Option #4: Boot straight from the Windows OS USB
Explorer ready
Windows 7
Windows 8
POST
POST
OS initialization
Service & app
initialization
Explorer ready
Service & app
init
Device initialization
Hiberfile read
•
•
•
•
Looks and feels like a regular shutdown / boot
Leverages Hibernate technology to cache the core system
Enabled by default
Delivers considerable improvements:
• Boots more than twice as fast on SSD-based netbooks, including POST
• Need partners to continue work to reduce POST times
Can you really tell the difference?
• Native boot: 40 seconds (to initial MDT wizard)
• Native boot: 40 seconds (to initial MDT wizard)
• Native Boot: 27 seconds
• Native Boot: 27 seconds
Secure Boot Process
Secure boot is a UEFI specification, not a Microsoft product!
•
•
•
•
•
Only executes signed UEFI binary
images
Includes Option ROMs, pre-boot
utilities and OS loaders.
Benefit: Helps prevent malicious
code before the OS loads
Benefit: Provides Time-authenticated
variables
Benefit: Allows stronger keys for
encryption
Measured Boot
Hash of next item(s)
TPM
[PCR Data]
[AIK pub]
[Signature]
Boot Log
Early Launch Anti-Malware (ELAM)
Windows 7
• Malware is able to start before Windows and Anti-malware
Windows 8
• Trusted Boot starts Anti-Malware early in the boot process
Windows Support for UEFI
Current Windows-Specific UEFI Highlights
• Multicast Deployment
• Fast boot and resume from hibernation
Future UEFI Capabilities
• Rootkit prevention
• Network Authentication
Deployment
Server
Key Objectives Covered
Windows Enterprise: windows.com/enterprise
windows.com/ITpro
microsoft.com/mdop
microsoft.com/dv
microsoft.com/windows/wtg
tryoutlook.com
http://channel9.msdn.com/Events/TechEd
www.microsoft.com/learning
http://microsoft.com/technet
http://microsoft.com/msdn
For More Information
System Center 2012 Configuration Manager
http://technet.microsoft.com/enus/evalcenter/hh667640.aspx?wt.mc_id=TEC_105_1_33
Windows Intune
http://www.microsoft.com/en-us/windows/windowsintune/try-and-buy
Windows Server 2012
http://www.microsoft.com/en-us/server-cloud/windows-server
Windows Server 2012 VDI and
Remote Desktop Services
http://technet.microsoft.com/enus/evalcenter/hh670538.aspx?ocid=&wt.mc_id=TEC_108_1_33
http://www.microsoft.com/en-us/server-cloud/windows-server/virtualdesktop-infrastructure.aspx
More Resources:
microsoft.com/workstyle
microsoft.com/server-cloud/user-device-management
Download