About Boot Modes

When a computer or a virtual machine (VM) boots, the first software ran is responsible for setting up the hardware and providing an Operating System (OS).

The boot mode of a VM is based on the OUTSCALE Machine Image (OMI) used to create a VM. Depending on the OS of the OMI, the supported boot modes can be Unified Extensible Firmware Interface (UEFI), Legacy BIOS (Basic Input/Output System) or both. For more information, see About OMIs.

You can use the ReadImages OUTSCALE API method to get the boot mode of an OMI. For more information, see Getting Information About Your OMIs.

General Information

When creating an OMI, you can set the boot mode to either legacy and/or uefi:

Legacy BIOS (Basic Input/Output System) is the traditional firmware used to boot a computer.
UEFI (Unified Extensible Firmware Interface) is a modern standardized interface that replaces the BIOS (Basic Input/Output System).

Both modes initialize hardware during the boot process and launch the OS.

Mode	Booting	Secure Boot Compatibility	UEFI Context	OS Compatibility
UEFI	Fast boot	Compatible with Secure Boot	Contains keys and variables	Not compatible with older OSes
BIOS	Mainly slow boot	Not compatible with Secure Boot	No UEFI context	All OSes

Mode

Booting

Secure Boot Compatibility

UEFI Context

OS Compatibility

UEFI

Fast boot

Compatible with Secure Boot

Contains keys and variables

Not compatible with older OSes

BIOS

Mainly slow boot

Not compatible with Secure Boot

No UEFI context

All OSes

Once an OMI is created, you cannot modify its boot mode. If you need another type of boot mode, you must:

create a new OMI ;
or copy one and modify the boot modes.

For more information, see OUTSCALE Machine Images (OMIs).

UEFI and Secure Boot

UEFI Context

Secure boot is one of UEFI key features. It is designed to protect against rootkit and bootkit malware, and helps to prevent attacks by ensuring that all components and configurations involved in the boot chain are trusted.

A UEFI context is available in all OMIs that are compatible with UEFI. This context contains all the necessary variables and their values to activate and use secure boot.

The UEFI context is composed of:

a Platform Key (PK),
Key Exchange Keys (KEK),
a database of authorized signatures and certificates (db),
a database of non-authorized signatures and certificates (dbx).

Official OMIs contains a set of factory keys that are provided by Microsoft.

However, it is possible to use custom keys instead of those provided by the official OMIs. For more information on key management and customization, see the Arch Linux Secure Boot documentation.

Secure boot is available only with VM compatible with UEFI. If the VM you created does not support UEFI, secure boot cannot be enabled.

For more information, see About Secure Boot.

UEFI Context Propagation

The UEFI context can be propagated, for example, when creating VMs and OMIs. The UEFI context is inherited by the target resource based on the source resource:

When creating a VM from an OMI: the UEFI context of the OMI is propagated to the VM.
When creating an OMI from a VM: the UEFI context of the VM is propagated to the OMI.
When copying an OMI: the UEFI context of the source OMI is propagated to the copy. Any changes made when copying have no impact on the source OMI.

The UEFI context of a resource is propagated only if it is present in the source resource and if the target is compatible with UEFI.

If there is no UEFI context, factory keys are added to the UEFI context.

Related Pages