The UEFI specification defines a "boot manager", a firmware policy engine that is in charge of loading the
OS loader and all necessary drivers. The boot configuration is controlled by a set of global NVRAM variables,
including boot variables that indicate the paths to the loaders.
OS loaders are a class of UEFI applications. As such, they are stored as files on a file system that can be
accessed by the firmware. Supported file systems include FAT32, FAT16 and FAT12. Supported partition table
schemes include MBR and GPT. UEFI does not rely on a boot sector.
Boot loaders can also be auto-detected by firmware, to enable booting on removable devices. Auto-detection
relies on a standardized file path to the OS loader, depending on the actual architecture to boot
(\EFI\BOOT\BOOT[architecture name].EFI, e.g. \EFI\BOOT\BOOTx64.EFI).
It is common for UEFI firmware to include a user interface to the boot manager, to allow the user to select
and load the operating system among the possible options.
The UEFI 2.2 specification adds a protocol known as Secure boot, which can secure the boot process by
preventing the loading of drivers or OS loaders that are not signed with an acceptable digital signature.
When secure boot is enabled, it is initially placed in "Setup" mode, which allows a public key known as
the "Platform key" (PK) to be written to the firmware. Once the key is written, secure boot enters "User"
mode, where only drivers and loaders signed with the platform key can be loaded by the firmware. Additional
"Key Exchange Keys" (KEK) can be added to a database stored in memory to allow other certificates to be
used, but they must still have a connection to the private portion of the Platform key. Secure boot can
also be placed in "Custom" mode, where additional public keys can be added to the system that do not match
the private key.
The CSM provides additional functionality to UEFI. This additional functionality permits the loading of
a traditional OS or the use of a traditional OpROM.
The CSM operates in two distinct environments:
Booting a traditional or non-EFI-aware OS.
Loading a UEFI-aware OS a device that is controlled by a traditional Option ROM.
The first operation, booting a traditional or non-EFI-aware OS, is the traditional environment.
It is expected that traditional OpROMs will be around long after traditional OSs have been replaced
by EFI-aware OSs. The code that is required to load a UEFI-aware OS is a subset of the code that is
required to boot a traditional (non-EFI-aware) OS.
Thank you. Very helpful.