What Happened to BIOS? Understanding UEFI and TPM
For years, computers used something called the BIOS to get everything going when you pressed the power button. It did the job—but it was old. Really old. Like, 1980s old.
As computers got faster and more powerful, BIOS started showing its age. It couldn’t handle big hard drives, took longer to start up, and didn’t offer much protection against modern threats. For one thing, it had no way to check if something sneaky was hiding in your system before Windows or Linux even started. That meant certain kinds of malware could sneak in early and stay hidden.
That’s what ushered in a new system called UEFI. It’s faster, smarter, and more secure. And today, most modern computers use UEFI instead of BIOS—even if you’ve never heard of either one.
What is BIOS?
BIOS stands for Basic Input/Output System. It handles the most basic communication between the computer’s hardware and software. BIOS is the first thing that kicks up at startup. It runs a Power On Self Test (POST), initializes the hardware, and runs a small program called the bootloader. The bootloader’s job is to start up the operating system.
BIOS has been around since the early days of personal computers. IBM first introduced it in 1981 as part of the original IBM PC. Back then, computers needed a simple way to wake up the hardware, check that everything was working, and start loading the operating system from a floppy disk or hard drive. The engineers built a small program into the computer’s motherboard that would handle these basic tasks—hence the name Basic Input/Output System.
The engineers built BIOS for its time. Then those engineers made so many advances in the capabilities of the hardware that the hardware outgrew BIOS. BIOS used very old code that could only handle small chunks of data at a time. That bootloader, in a small size, worked fine when operating systems didn’t do much. Today’s operating systems are much more sophisticated, and the bootloader has a much heavier set of tasks to perform to get the operating system off the ground.
It’s easy to ask why we don’t just make the bootloader beefier. The answer gets into the size limitations of the code in the BIOS. All that code had to fit into a limited amount of space. Making the bootloader do more would mean that something else wasn’t going to happen. BIOS was starting to reach the limits of its capabilities in the early 2000s, but the tipping point came around 2010.
Enter UEFI – The Modern Replacement
Unified Extensible Firmware Interface – UEFI – answered not only the existing conditions, but brought in additional measures that represented great strides forward for functionality and security. UEFI is administered from a graphical interface rather than a menu navigated using the arrow keys. It’s got a much faster boot time, support for larger hard drives, and it even has a backward compatibility mode.
If that wasn’t enough, UEFI also offers much better support for Solid State Drives (SSDs). BIOS could support them, but it treated them like a spinning drive, not able to optimize communications with SSDs. UEFI also adds Secure Boot, which prevents malware from loading at startup, and it adds support for a Trusted Platform Module (TPM).
Trusted Platform Module and UEFI Security
TPMs are separate hardware chips that store cryptographic keys and help with things like disk encryption (Bitlocker). TPM and Secure Boot make sure that only trusted software — like the operating system — is allowed to load when the computer starts up. The TPM stores hashes of different components of the startup process and compares those hashes to the stuff that wants to run. The requesting program’s hash has to match the stored hash in order to get by the gatekeeper. In order to really understand how hashes help with security, this post on passwords contains a section on how hashes work.
Windows 11 was written to use not just any TPM, but TPM 2.0 and UEFI. We know that newer operating systems don’t often run very well on older hardware, but Microsoft put a kink in the upgrade plans of a lot of people and organizations by requiring the newer TPM in order to install and run Windows 11. We’re at a point in modern history that we really do need these security measures, but people who had purchased a computer recently found themselves unable to perform a Windows 11 upgrade. Some of the systems didn’t include a TPM chip, and some contained an earlier version of a TPM chip. Some had the newer chip, but it was disabled in the UEFI firmware settings, the successor to the BIOS settings.
UEFI and Linux
Most modern Linux distributions (or “distros”) do support UEFI boot, but early adoption did present some challenges. Linux is not a corporate-produced operating system at the kernel level (the very core of the operating system), and some of the versions of the kernel weren’t signed with a digital signature. Some of the Linux bootloaders like the GRand Unified Bootloader (GRUB) didn’t work with it at first without some tweaking. Since then, there have been great improvements in implementation, but some distros may still require disabling Secure Boot. Overall, using Linux isn’t a barrier to using UEFI.
A Word About Macs
Apple doesn’t use TPMs the way PC’s (Windows and Linux systems) do. Instead, Apple’s Intel-based computers use a System Management Controller and EFI firmware. The newer Apple Silicon Macs have Apple Secure Enclave built into a chip on the motherboard. As a matter of fact, most of the motherboard components are built into a System on a Chip (SoC) on the motherboard, including the Secure Enclave.
Why This Matters To You
This is what’s really important, because if you can’t make use of this information, it’s just words. At some point, if you use a computer, you’ll need a newer one, and you can only go so long without a TPM. It’s part of every newer system. Windows is still the most prominent operating system globally, and within the United States, so there’s a fair chance that if you own a computer, the news about Windows 11 does or will eventually apply to you. You’ll probably never have to mess with the UEFI settings, but knowing that you get to them the same way you used to get to the BIOS settings can be a handy thing to know. If you have to do some troubleshooting, at least you know what it is and where to find it.
Your Turn
It can be interesting to poke around in the UEFI settings and see what configurations it holds. If you’re a novice or don’t care to get too deep in learning about it, don’t make any changes without consulting an expert. My last computer didn’t have a TPM or UEFI, but my current one does. I haven’t needed to adjust anything in those settings.
What did you think when you first heard about the Windows 11 requirements, and the problems people were having upgrading? Scroll down past the “Related Posts” section and drop a comment about it.
My photography shops are https://www.oakwoodfineartphotography.com/ and https://oakwoodfineart.etsy.com, my merch shops are https://www.zazzle.com/store/south_fried_shop and https://society6.com/southernfriedyanqui.
Check out my New and Featured page – the latest photos and merch I’ve added to my shops! https://oakwoodexperience.com/new-and-featured/
Curious about safeguarding your digital life without getting lost in the technical weeds? Check out ‘Your Data, Your Devices, and You’—a straightforward guide to understanding and protecting your online presence. Perfect for those who love tech but not the jargon. Available now on Amazon:
https://www.amazon.com/Your-Data-Devices-Easy-Follow-ebook/dp/B0D5287NR3
