- ~~~~~~~ "A Brief Explanation" ~~~~~~~
This Topic is a brief explaination for Linux systems concerning "Secure/Fast/Ultra fast boot & Fast Startup".
--- What is, "Secure Boot", "Fast Boot", "Ultra fast boot" & "Fast Startup". ---
- BIOS/UEFI Fast boot: Bypasses certain hardware initialization processes during startup.
- UEFI Secure Boot: Verifies the signature checks on item for authentisiity.(Kernel,Drivers)
- Windows Fast Startup: Stores "Last State" instance's, On Startup, Booting back to Last State (like hibernation/Suspend).(Lock the partition)
Note: If you boot into another OS and then access or change anything on the hard disk/partition that the hibernating Windows installation uses. It can cause corruption.
- Secure Boot:
Secure Boot is a security process of the UEFI to prevent malicious code's, from being run at boot time.(by checking signatures for registered & forbidden components, against a database).
Ultra Fast Boot.
- A slightly advanced UEFI feature, That also bypasses the POST Screen, (logo & BIOS access).
Note:- This means, if you need to get into the BIOS/UEFI, there are ways to do this & may depend on the motherboard manufacture.
Method to enter BIOS/UEFI with Ultra Fast boot disabled
If you have windows running, Hold down the "Left Shift" Key, while selecting "restart", This will boot to the BIOS/UEFI.
Hold down the F2 Key, while Starting the pc. This will boot into the BIOS/UEFI.
If all else fails some motherboards have a button the reset the BIOS/UEFI or you need to remove the CMOS battery, this will reset the BIOS/UEFI allowing you access again.
With Fast startup, "Enabled"
It will use a cache file to save your last state (this file will increase to as much as your RAM capacity over time)
It will disable booting from any, optical/network or removable devices.
It Disables "Wake-On LAN".
Windows locks the Hard disk/partition
"When Dual Booting"
Itβs best to "Disable" "Fast Startup" & "Fast boot"
You "Do Not" need to "Disable", "Secure Boot" for dual booting on most of the modern distros.
-: ~~~ "Summary" ~~~~ :-
"Dual Booting":
- "Disabled". "Fast Startup" & "Fast boot".
- "Enabled". "Secure Boot".
For a Clean Installation,
Enable-Both, "Secure Boot" & "Fast Boot"
Note:
Some conditions warrant Disabling both other either, when needed.
------ An elaboration on the above Topic--------
First lets start with their names:
- The below item's are part of the Motherboard.
- BIOS/UEFI Fast boot
- UEFI Secure boot
- UEFI Ultra fast boot
- UEFI TPM (Not Included)
- The below list are located within the Windows OS.
- Windows Fast Startup
- Windows Trusted boot (Not Included)
- Windows Measured boot (Not Included)
- Windows ELAM (Early Anti-Maleware) (Not Included)
------- What is BIOS/UEFI -------
UEFI. (Unified Extensible Firmware Interface) Is a specification for firmware interfaces that is designed as a replacement for the traditional BIOS (Basic Input/Output System) firmware interface found in older computer systems. UEFI provides a modern and standardized interface between the firmware and the operating system. BIOS/UEFI are part of the Motherboard's management system.
------ UEFI background ------
UEFI was not invented by a single individual but rather developed collaboratively by a group of technology companies known as the UEFI Forum. The UEFI Forum is a consortium of industry-leading companies, including major computer hardware manufacturers such as Intel, AMD, Microsoft, Apple, IBM, and many others.
The development of UEFI began in the late 1990s as a successor to the traditional BIOS firmware interface used in older computer systems. The goal was to overcome the limitations of BIOS and provide a more modern, flexible, and extensible firmware interface.
UEFI was designed to address the growing complexity of modern computer systems, including support for larger storage capacities, advanced hardware configurations, and new software requirements. It provides a standardized firmware interface that enables hardware initialization, firmware-level services, and boot management, allowing the operating system and firmware to communicate and work together effectively.
UEFI offers various advantages over BIOS, such as support for larger hard drives, faster boot times, improved security features including Secure Boot, and enhanced compatibility with modern operating systems.
------ BIOS/UEFI fast boot ------
BIOS Fast Boot is a feature found in some computer systems that aims to reduce the boot time of the system by skipping certain hardware initialization processes during startup. It is typically available in traditional BIOS firmware, as opposed to UEFI firmware.
When BIOS Fast Boot is enabled, the system bypasses some of the (POST) and hardware initialization procedures that are normally performed during the boot process. This allows the system to start up more quickly, as it skips certain time-consuming checks and configurations.
However, it's important to note that enabling BIOS Fast Boot can have some trade-offs. By skipping certain initialization procedures, it may result in some devices or peripherals not being detected or functioning properly. For example, USB devices, network adapters, or certain expansion cards may not be recognized if their initialization is bypassed.
------- UEFI Secure boot -------
UEFI Secure Boot, is the generic term for the security mechanism implemented in UEFI firmware. It verifies the digital signatures of the firmware and operating system components before they are loaded during the boot process. UEFI Secure Boot helps prevent the loading of unauthorized or malicious software, protecting the system against bootkits and other types of firmware or boot-level attacks.
---- Secure boot dB signed off by ------
Linux operating systems can support UEFI Secure Boot, but the implementation can vary depending on the specific distribution and configuration. UEFI Secure Boot is not exclusive to Windows systems and can be used by other operating systems, including various Linux distributions.
When it comes to UEFI Secure Boot, the signing process is handled by the hardware manufacturer or the organization responsible for providing the UEFI firmware. The firmware typically includes a key database that contains trusted keys used to verify the digital signatures of the boot loaders and operating system components.
For Windows systems, Microsoft provides a signing service known as the Microsoft Windows Hardware Developer Center (WHDC) Dashboard. This service allows vendors to obtain digital certificates to sign their boot loaders and drivers. These signed components are then verified during the Secure Boot process on Windows systems.
For Linux systems, there are different approaches to UEFI Secure Boot. Some Linux distributions, such as Ubuntu, Fedora, and openSUSE, have worked to ensure compatibility with Secure Boot. They have enrolled their own digital certificates in the firmware's key database or have relied on Microsoft's signing services. This allows the boot loaders and kernel modules signed by these distributions to be loaded and verified during the Secure Boot process.
However, it's important to note that Secure Boot and its key management are ultimately controlled by the firmware and hardware manufacturers. Some manufacturers may have stricter or more lenient requirements for the keys and signatures, which can impact the compatibility and signing process for Linux distributions.
------- UEFI Ultra fast boot ------
Some motherboards come with Ultra fast boot, When "Enabled" it Bypasses the POST screen, (logo & BIOS access), this only saves maybe 2sec off bootup time, however it makes it hard if you need to enter the BIOS.
-------------Windows Fast startup -------------
Enabled by default on most clean installations of Windows 10, Fast Startup essentially hibernates the Windows kernel and loaded drivers to help slash startup times. It all sounds great, but Fast Startup may not be quite as good as you think. Not only can it seriously mess up dual-boot systems, it may also interfere with the installation of updates, and could cause problems with encryption software.
---- Dual booting, secure/fast boot & fast startup recommendations ----
When dual booting with Windows and another operating system, such as Linux, it is recommended to consider the following guidelines regarding UEFI Secure Boot, UEFI Fast Boot, and Windows Fast Startup:
UEFI Secure Boot
UEFI Secure Boot is a security feature that ensures only trusted software, signed with valid digital signatures, can run during the boot process. It prevents unauthorized operating systems or bootloaders from running on your system. When dual booting, it is advisable to keep UEFI Secure Boot Enabled unless your secondary operating system does not support it. Many Linux distributions now provide signed bootloaders and drivers that are compatible with UEFI Secure Boot, allowing you to dual boot with this feature enabled.UEFI Fast Boot
UEFI Fast Boot is a feature that reduces the time taken by the system to complete the boot process. It achieves this by skipping certain system initialization steps. While UEFI Fast Boot can improve boot times, it can also cause compatibility issues with certain operating systems or devices. It is generally recommended to Disable Fast Boot when dual booting to ensure better compatibility and avoid potential issues.Windows Fast Startup
Windows Fast Startup, also known as Hybrid Boot, is a feature in Windows 8 and later versions that combines the features of a cold shutdown and hibernation. It saves the system state to a hibernation file, allowing for faster startup times. However, this feature can interfere with the boot process of other operating systems as it Locks the Windows partition, particularly when accessing shared partitions or filesystems. It is advisable to Disable Windows Fast Startup to avoid data corruption or boot issues when dual booting with another operating system.
----- Clean/Fresh Installation ------
Both UEFI Secure/Fast boot, can be "Enabled".
