United Extensible Firmware Interface (UEFI) firmware requirements

Article
02/08/2023

When the devices starts, the firmware interface controls the booting process of the PC, and then passes control to Windows or another operating system. UEFI is a replacement for the older BIOS firmware interface and the Extensible Firmware Interface (EFI) 1.10 specifications. More than 140 leading technology companies participate in the Unified EFI Forum, including AMD, AMI, Apple, Dell, HP, IBM, Insyde, Intel, Lenovo, Microsoft, and Phoenix Technologies.

UEFI benefits

Firmware that meets the UEFI 2.3.1 specifications provides the following benefits:

Ability to support Windows 10 security features like Secure Boot, Microsoft Defender Credential Guard, and Microsoft Defender Exploit Guard. All require UEFI firmware.
Faster boot and resume times.
Ability to more easily support large hard drives (more than 2 terabytes) and drives with more than four partitions.
Support for multicast deployment, which allows PC manufacturers to broadcast a PC image that can be received by multiple PCs without overwhelming the network or image server.
Support for UEFI firmware drivers, applications, and option ROMs.

Media installation considerations

To download Windows, see the Windows 10 download page. If you want to use media like a USB flash drive, a DVD, or an ISO, dowload the Windows Media creation tool.

Boot and miminum security requirements

As the OEM, you must provide support for the features outlined in Windows Hardware Compatibility Program Specifications and Policies, specifically the following items that are divided into two groups: boot requirements and minimum security requirements.

UEFI Runtime requirements

Various versions of Windows require some or all of the following UEFI Runtime Services. It is recommended that they all be implemented for maximum compatibility:

GetTime
SetTime
UpdateCapsule
ResetSystem

Hibernation State (S4) transition requirements

Platform firmware must ensure that operating system physical memory is consistent across S4 sleep state transitions, in both size and location. Operating system physical memory is defined according to the ACPI 3.0 specification as any memory that is described by the firmware system address map interface with a memory type other than AddressRangeReserved [2], AddressRangeUnusable [5], or Undefined [any value greater than 5].

On a UEFI platform, firmware runtime memory must be consistent across S4 sleep state transitions, in both size and location. Runtime memory is defined according to the UEFI specification as any memory that is described by the GetMemoryMap() boot service, with the attribute EFI_MEMORY_RUNTIME.

Windows 10 S security features and requirements for OEMs

Additional resources

Documentation

Windows 10 S security features and requirements for OEMs

Provides guidance on what Windows 10 S provides and what is required
Secure boot

Provides guidance on what an OEM should do to enable Securely booting a device
Secure Boot - Windows drivers

Secure boot
Windows Hardware Compatibility Program Specifications and Policies

When products meet the minimum requirements as defined in the below documents, it ensures that applications and devices are compatible.
Trusted Plaform Module (TPM) 2.0

Provides guidance on what an OEM should know about TPM 2.0 and the features that require it
Disabling Secure Boot

Disabling Secure Boot
Secure the Windows boot process

This article describes how Windows security features help protect your PC from malware, including rootkits and other applications.
Factory Encrypted Drives

Factory Encrypted Drives

Training

Module

Examine and Configure Surface Security Options - Training

Learn about advanced firmware and security features of Microsoft Surface devices, Surface UEFI, Project Mu, configuring Virtualization-based Security and Memory Integrity in Windows, and Firmware Attack Surface Reduction.

Certification

Microsoft 365 Certified: Endpoint Administrator Associate - Certifications

Plan and execute an endpoint deployment strategy, using essential elements of modern management, co-management approaches, and Microsoft Intune integration.

Share via