# EFI shell version?



## Phishfry (Jul 21, 2016)

I have been boning up on UEFI/EFI and a simple question dawned on me. What version is the shell and what OS is it using?
There is no uname.
Seems odd to have an underlaying OS on my motherboard and so little details.

How did all this gravitate twords servers with so little scrutiny? A bios with a network stack, database, fs0 for storage and a command prompt.

Makes me want to scream and this is supposed to be my enjoyable hobby.


----------



## SirDice (Jul 21, 2016)

It's not a shell like sh(1) or similar. It's a specific UEFI shell. There's no OS either, it's UEFI. 

http://www.uefi.org/sites/default/files/resources/UEFI_Shell_Spec_2_0.pdf


----------



## kpa (Jul 21, 2016)

BIOS is no different really, it just doesn't offer a command line interface to inspect the configured settings or influence them. UEFI is really just a firmware that implements only the bare minimum of services that are needed to initialize the hardware and implement booting.

For a similar firmware that has existed for years before anyone even started talking about UEFI on PC hardware there's the OpenFirmware as found on at least PowerPC Macs and other hardware that uses PowerPC CPUs:

https://en.wikipedia.org/wiki/Open_Firmware


----------



## Phishfry (Jul 21, 2016)

Using the term database above was questionable for me. Early BIOS was nothing more than a set of registers with values assigned. You could easily call it a "collection of data" or database. I still find many of the features marked as untasteful and with SecureBoot lurking I am suspicious.

Would you not consider a Command Interpreter a component of an operating system?

I do see a version command in the EFI shell.


----------



## SirDice (Jul 21, 2016)

kpa said:


> BIOS is no different really, it just doesn't offer a command line interface to inspect the configured settings or influence them.


I think an UEFI shell is probably more like command.com/io.sys, the old MS-DOS command prompt. All it does is provide a couple of commands that basically call functions in the BIOS. An UEFI shell is just a Busybox type application that's able to call UEFI functions.


----------



## Phishfry (Jul 21, 2016)

I guess you could look at the "Operating System" version as the UEFI version. For example UEFI 2.1 shell commands should all act the same.
Not all vendors will use all features but UEFI 2.1 shell is the same across vendors if implemented.
I am reading the Tianocore stuff now

Reading the misconceptions paper here did little to help.
http://www.uefi.org/learning_center/papers
(Misconception#9)


----------



## cyrano (Jul 21, 2016)

I don't know if you can call it an OS, but it has a complete network stack, including DHCP, file system, aliases, a permission system, profiles, scripting, drivers, logs, an API...

I also don't know anything about the implementation on PC hardware, but Apple's EFI implementation can boot the computer,even when the Intel CPU is faulty, and do a complete hardware diagnostic. 

The latest models (from 2012 on, I think) need to connect to Apple's AST servers to run diagnostics. These machines will send a complete diagnostic report to the AST server. There's a separate 32 bit processor, called the SMC to do all of that.

Sounds almost like an OS to me.


----------



## Murph (Jul 21, 2016)

kpa said:


> For a similar firmware that has existed for years before anyone even started talking about UEFI on PC hardware there's the OpenFirmware as found on at least PowerPC Macs and other hardware that uses PowerPC CPUs:
> 
> https://en.wikipedia.org/wiki/Open_Firmware



Originally a Sun Microsystems thing, called OpenBoot (new for SPARC / sun4 architecture, I think, although might have made an appearance on some very late model sun3s, possibly).  They just kindly pushed it out as a true open standard (IEEE 1275) for the benefit of the world, as was their way before things took a much darker turn in more recent years.  It can also be found on some specialised x86 hardware, such as some NetApp filers.  Note that it's an open standard (i.e. interfaces, etc), not open source (although there might be an open source implementation of the standard somewhere, I guess).


----------



## SirDice (Jul 22, 2016)

cyrano said:


> I don't know if you can call it an OS, but it has a complete network stack, including DHCP, file system, aliases, a permission system, profiles, scripting, drivers, logs, an API...


It's probably just a matter of time until someone writes malware for it. There's enough to create some interesting things. But as with everything, it can be used for good, like Apple's AST, but it can also be used for bad things.


----------



## cyrano (Jul 22, 2016)

SirDice said:


> It's probably just a matter of time until someone writes malware for it. There's enough to create some interesting things. But as with everything, it can be used for good, like Apple's AST, but it can also be used for bad things.



I've already seen a couple of discussions on the subject. Apparently, it isn't simple. First, following Apple tradition, there are no docs. Secondly, there's a vast number of keys involved and nobody reverse engineered those. Even in the Apple camp, nobody seems to have a clue.

The processor itself isn't special. There's ample documentation for it. But Apple's implementation is euh... different? Obscure? Safe?

You can of course, mess with the EFI partition on disk, as you can read/write that. But it is linked to keys in other places, like NVRAM. And as soon as these are not available, key links break. That's why some disk cloning programs don't always work well when transferring a system from one disk to another.

And it is also why people who buy a 2nd hand Mac sometimes have problems with authentication for the appstore, itunes store, or developer area. Apple is working hard to put a single authentication system in place.

Also, I don't know if AST is a good thing, as it will prevent 3rd party repair.


----------



## Phishfry (Jul 22, 2016)

cyrano said:


> can boot the computer,even when the Intel CPU is faulty,


I wonder what minimum hardware requirement is. Obviously for AST an ethernet conection, but is system RAM needed? Surely a Power Supply is needed. I would guess this is a form of BMC?


----------



## cyrano (Jul 22, 2016)

Of course, a working PSU is needed. I suspect it even works when the PSU is partially broken, as the SMC only needs one supply. Sorry, forgot if it's 5V or 3,3V.

But no network, screen, main CPU or even ram are needed. The SMC processor has it's own ram and rom. In fact, SMC failure and complete PSU failure is the only thing that prevents automated diagnostics.

And you still need a working keyboard to issue commands. Or a working USB to attach a keyboard, or a network to do it remotely. The only thing you need to boot into EFI mode is a working power button.


----------

