UEFI Boot
UEFI stands for Unified Extensible Firmware Interface. It stores all device initialization and start-up data in a .efi file on a special disk partition called the EFI System Partition (ESP). The ESP also holds the bootloader responsible for booting the operating system.
The primary purpose of creating UEFI is to overcome the limitations of BIOS and shorten system boot time. UEFI uses the GPT partitioning scheme and supports drive sizes that are much larger.
In addition, UEFI provides better security with the Secure Boot feature, preventing unauthorized applications from booting. However, the downside is that Secure Boot prevents dual booting because it treats other operating systems as unsigned applications.
UEFI runs in 32-bit or 64-bit mode, providing a graphical user interface.
UEFI Secure Boot
Secure Boot is a Unified Extensible Firmware Interface (UEFI) feature that provides a verification mechanism for ensuring the device boots using only authorized firmware and software. It prevents running unauthorized, untrusted code. Without Secure Boot, malicious code can easily be executed, and Gigamon platforms can be easily compromised.
The following table provides the details of the platforms that support UEFI boot and UEFI secure boot:
Platforms |
UEFI Boot |
UEFI Secure Boot |
---|---|---|
AWS |
Yes |
Yes |
Azure |
Yes |
Yes |
Microsoft Hyper-V |
Yes |
Yes |
OpenStack |
Yes |
Yes |
Nutanix |
Yes |
Yes |
KVM |
Yes |
Yes |
GCP |
Yes |
Yes |
GigaVUE-FM Hardware Appliance (GFM-HW1-FM010, GFM-HW1-FM001-HW, and GFM-HW2-FM001-HW) |
Yes |
Yes |
VMware ESXi |
Yes |
Yes |
Rules and Notes
Fresh installations only support UEFI boot on any platform. |
Image upgrade deployments do not change the boot mode of a GigaVUE-FM system. |
BIOS boot systems remain as BIOS boot |
UEFI boot systems remain as UEFI boot. |
You can change a BIOS boot installation to UEFI boot by using the snapshot upgrade method, which is recommended only on AWS, and Azure platforms. |
Disabling UEFI Secure boot after deploying GigaVUE‑FM in UEFI Secure boot mode is not recommended. |
Secure Boot in VMware ESXi is supported by virtual hardware version 13 or later. |
FMHA formation with a combination of UEFI Secure Boot GigaVUE Fabric Managers and Non-UEFI Secure Boot GigaVUE Fabric Managers of the same versions is allowed. However, the FMHA cluster cannot be named as a UEFI Secure Boot cluster. |
Configuring UEFI boot in GigaVUE‑FM
Refer to the sections in the table to learn about how to configure UEFI boot in GigaVUE‑FM in the following platforms:
Platforms |
Refer to |
---|---|
AWS |
You should change the instance from m4.xlarge to m5.xlarge . UEFI boot supports only m5.xlarge. For more information, refer to Recommended Instance Types for AWSin the sectionInstalling GigaVUE‑FM on AWS |
Azure |
No changes in the configuration procedure. |
Microsoft Hyper-V |
You must specify the option Generation 2 in Specify Generation page. UEFI boot supports only Generation 2. For more information, refer toInstall GigaVUE‑FM for Microsoft Hyper-V |
OpenStack |
OpenStack supports UEFI from the Wallaby version and RHSOP 17.01. The train version of OpenStack does not support UEFI boot. You must specify hw_firmware_type=uefi in the image property for GigaVUE‑FM deployment in UEFI mode. For more information, refer to Installing GigaVUE‑FM on OpenStack |
Nutanix |
You need to switch to UEFI mode when deploying the GigaVUE‑FM. For more information, refer to Installing GigaVUE‑FM on Nutanix |
KVM |
You need to switch to UEFI mode when deploying the GigaVUE‑FM. For more information, refer to Installing GigaVUE‑FM on KVM. |
GCP |
In GCP, you must set the flag: --guest-os-features='UEFI_COMPATIBLE'. For more information, refer to Install GigaVUE-FM on GCP. |
VMware ESXi |
Support vSphere 6.5, virtual hardware version 13 or later. For more information, refer to Installing GigaVUE‑FM on VMware ESXi. For information related to troubleshooting ESXi 7.0, refer to Troubleshooting section in Install GigaVUE‑FM using OVA file on VMware vCenter. |