BIOS vs UEFI: 7 Key Differences, Secure Boot, and GPT vs MBR

BIOS and UEFI are both firmware interfaces that initialize computer hardware before the operating system loads. BIOS (Basic Input/Output System) was the standard from 1975 through the early 2000s. UEFI (Unified Extensible Firmware Interface) replaced BIOS as the standard starting in 2010.

What is Secure Boot and How Does it Work?

Secure Boot is a UEFI security feature that verifies the digital signature of the bootloader before allowing it to execute. If the bootloader’s signature does not match a trusted key stored in the UEFI firmware, the system refuses to boot. Secure Boot prevents rootkits and unauthorized operating systems from loading during startup.

Microsoft introduced Secure Boot with Windows 8 in 2012. Windows 11 requires Secure Boot as a mandatory installation prerequisite. The UEFI firmware stores 4 key databases:

• PK (Platform Key): The root key installed by the motherboard manufacturer
• KEK (Key Exchange Key): Keys authorized to modify the signature databases
• db (Signature Database): Trusted bootloader signatures — Microsoft signs the Windows Boot Manager and the Linux shim bootloader
• dbx (Forbidden Signatures Database): Revoked or compromised bootloaders blocked from execution

Major Linux distributions (Ubuntu, Fedora, Debian) use a shim bootloader signed by Microsoft, enabling installation without disabling Secure Boot. Some distributions without a signed shim require disabling Secure Boot in UEFI settings. Access: UEFI settings → Security or Boot tab → Secure Boot → Disabled.

How to Access and Navigate UEFI Settings?

UEFI settings are accessible by pressing a specific key immediately after powering on the computer, during the POST phase. The key varies by manufacturer:

• MSI: Delete
• ASUS: Delete or F2
• Gigabyte: Delete
• ASRock: F2
• HP: F10
• Dell: F2
• Lenovo: F1 or F2

Key UEFI settings and their locations:

• Boot order: Boot tab — sets which device the system attempts to boot from first
• XMP/EXPO profile: AI Overclock Tuner or D.O.C.P. setting — enables RAM to run at its rated speed above JEDEC default (e.g., 3200 MT/s instead of 2133 MT/s)
• Secure Boot: Security or Boot tab — toggle for OS compatibility
• CSM (Compatibility Support Module): Boot tab — enables legacy BIOS mode for older operating systems and GPUs without UEFI GOP firmware
• Fan curves: Hardware Monitor or Q-Fan Control — sets temperature-to-RPM relationships for each fan header

Save UEFI settings with F10 or the Save & Exit option. Reset to factory defaults with the Load Optimized Defaults option. Clear UEFI settings by shorting the CMOS clear jumper on the motherboard (hold 10 seconds with the system unplugged) or by removing the CR2032 CMOS battery for 30 seconds.

What Is BIOS?

BIOS is firmware stored on a ROM chip that initializes hardware and loads the OS bootloader from the Master Boot Record (MBR) of the boot disk. Gary Kildall developed BIOS concepts in CP/M in 1975. IBM PC BIOS debuted in 1981 on the original IBM PC with an Intel 8086 processor.

BIOS runs in 16-bit real mode with a 1MB addressable memory limit. BIOS stores configuration in a 256-byte CMOS RAM chip powered by a 3V coin cell battery. BIOS boots only from MBR disks, limiting boot partition support to the first 2.2TB of a drive.

What Is UEFI?

UEFI is a modern firmware specification that replaces BIOS with a 32-bit or 64-bit execution environment, graphical interface, and support for GPT partition tables and drives larger than 2TB. Intel developed the Extensible Firmware Interface (EFI) specification in 1998 for the Intel Itanium (IA-64) server platform. The UEFI Forum published the unified UEFI 2.0 specification in 2006.

UEFI stores boot entries and configuration in NVRAM on the motherboard. UEFI reads bootloader files (.efi files) from the FAT32-formatted EFI System Partition (ESP). All consumer motherboards shipped after 2012 use UEFI, though many include a Compatibility Support Module (CSM) for legacy BIOS mode.

7 Key Differences: BIOS vs UEFI

MBR vs GPT Partition Tables

MBR (Master Boot Record) and GPT (GUID Partition Table) are the 2 partition table formats that BIOS and UEFI use respectively.

MBR stores partition data in the first 512 bytes of the disk. MBR supports a maximum of 4 primary partitions or 3 primary plus 1 extended partition containing logical partitions. MBR uses 32-bit LBA addressing, limiting disk capacity to 2^32 x 512 bytes = 2.19TB.

GPT stores partition data in the first 34 sectors of the disk with a backup copy in the last 34 sectors. GPT supports up to 128 partitions on Windows (configurable higher on Linux).

GPT uses 64-bit LBA addressing, supporting 2^64 x 512 bytes = 9.4 zettabytes. GPT includes a CRC32 checksum for partition table integrity verification.

Secure Boot

Secure Boot is a UEFI feature that verifies the digital signature of each bootloader and OS kernel against a database of trusted certificates stored in UEFI NVRAM.

Secure Boot uses 3 certificate databases: PK (Platform Key, 1 certificate from the OEM), KEK (Key Exchange Keys, trusted signing authorities), and DB (allowed bootloader/driver signatures). A fourth database, DBX, contains revoked signatures. Microsoft requires Secure Boot for Windows 11 installation.

Linux distributions including Ubuntu 20.04+ use a signed shim bootloader (shimx64.efi) to boot with Secure Boot enabled. Disabling Secure Boot allows unsigned bootloaders but removes protection against bootkit malware that loads before the OS.

How to Access UEFI Settings

UEFI settings are accessible by pressing a specific key during the boot sequence before the OS loads. The key varies by manufacturer:

• Delete or F2: Most ASUS, Gigabyte, and MSI motherboards.
• F2 or F10: Most HP and Lenovo systems.
• F1: IBM and older Lenovo ThinkPad systems.
• F10 or Escape: Most HP desktops and laptops.
• F12: Dell systems (also opens boot menu directly).

Windows 10 and 11 provide a software path to UEFI: Settings > System > Recovery > Advanced startup > Restart now > Troubleshoot > Advanced options > UEFI Firmware Settings. This path works when the POST screen is too fast to catch with a keyboard press.

When Legacy BIOS Still Appears

Legacy BIOS mode still exists in 3 scenarios on modern hardware.

• CSM (Compatibility Support Module): UEFI boards with CSM enabled emulate a BIOS environment for older operating systems or bootloaders that lack UEFI support.
• Industrial and embedded systems: Devices running custom firmware or legacy operating systems on x86 hardware maintain BIOS compatibility for software certification reasons.
• MBR boot disks on UEFI systems: A UEFI system with CSM enabled boots an MBR disk using the legacy BIOS path, which disables Secure Boot and GPT features for that device.

Windows 11 requires UEFI with Secure Boot enabled. Legacy BIOS mode is incompatible with Windows 11 installation regardless of hardware capability.

UEFI Boot Speed Advantage

UEFI boots faster than BIOS for 3 technical reasons. UEFI loads 64-bit drivers in parallel during the DXE phase rather than sequentially. UEFI stores hardware enumeration results and skips re-enumeration on subsequent boots via the Fast Boot option.

UEFI reads bootloader files directly from the FAT32 ESP partition using a filesystem driver, eliminating the 1-stage MBR code execution step. UEFI Fast Boot reduces boot time from 10 seconds to 5 seconds by skipping USB device initialization and POST memory tests on every boot.

Key Takeaways

• BIOS is a 16-bit firmware standard from 1975 that boots from MBR and supports a 2.2TB disk limit.
• UEFI is a 32/64-bit firmware standard from 2006 that boots from the EFI System Partition and supports 9.4ZB disks via GPT.
• UEFI boots in 5 to 10 seconds versus BIOS at 20 to 30 seconds due to parallel driver loading and cached enumeration.
• Secure Boot validates bootloader signatures against NVRAM certificate databases; BIOS has no equivalent security feature.
• GPT supports 128 partitions and 64-bit LBA addressing; MBR supports 4 primary partitions and 32-bit LBA addressing.
• Windows 11 requires UEFI with Secure Boot; Windows 10 supports both BIOS and UEFI installations.

Last Thoughts on BIOS vs UEFI

UEFI is the required firmware standard for all modern operating systems and drives larger than 2.2TB. BIOS exists only in legacy CSM mode on modern boards or in embedded systems requiring backward compatibility.

Converting an existing BIOS/MBR Windows installation to UEFI/GPT requires the MBR2GPT tool (Windows 10 1703+) or a fresh installation. Enabling Secure Boot after OS installation requires verifying that all installed bootloaders carry valid UEFI signatures before enabling the feature.