SOLVED: In Simple Terms, What Do The Advanced Settings In A BIOS Do?

What is BIOS?

BIOS is the acronym for Basic Input Output System.  A BIOS is the firmware (meaning that it is changable code stored in a physical chip) that tells the operating system SOFTware what the physical HARDware is capable of.  Without a UEFI / BIOS, Windows, Linux, Android, MacOS, iOS… would not know if the system needs a keyboard, has a touch screen, has unused memory slots, requires the hard drive to be decrypted on boot up…

old bios vs new uefi - which would you rather use

What is UEFI?

UEFI is the acronym for ‘Unified Extensible Firmware Interface’ which is just the next generation of BIOS.  It is much more accurate to say that UEFI is todays generation of BIOS as very few computers still run an old school BIOS.  UEFI is a very stripped down operating systems that developed by Intel to allow:

  1. the OPTION of a graphical interface including mouse
  2. support 64bit memory addressing to support much larger amounts of RAM
  3. ‘secure boot’ which verifies the boot process has not been tampered with
  4. can be easily extended and added on to by hardware manufacturers to include setting they want to add (i.e. perhaps a boot up logo).
  5. much more.

What is a TPM?

TPM is the acronym for a ‘Trusted Platform Module’ and it tiny physical computer chip soldered onto your computers motherboard to help encrypt things.  For instance Microsoft’s disk encryption feature, BitLocker, requires a TPM to generate and store secret codes (just strings of near numbers and letters).  The TPM lets the disk encryption products (BitLocker in our example) know PART of the secret code (public decryption key) but keeps the rest for itself.  The disk can only be decrypted with the both parts of the secret (the public and private key).  This stops a hacker from removing the hard drive from your computer and trying to access its data by putting into another computer.

Not all computers have TPM chips (mostly corporate computers and less so home computers) and the ones that have a TMP usually have a setting to turn it off.

Virtually all TPM’s produced today follow the TPM 2.0 standard which will only work with 64 bit operating systems.

As you can see in the pictures below, some motherboards allow TPM chips to be added on:

tpm trusted platform modules

What is fTPM?

fTPM is an acronym for ‘Firmware implemented Trusted Platform Module’ which was developed by Microsoft.  fTPM is just version of TPM (see above) that does not use a physical chip, but rather generates its secret keys in the main UEFI / BIOS chip.  TPM chips add weight, complexity, money and consume valuable space on tiny motherboards so have a virtual “F”TPM is a good choice for many low and mid-range computers.

What is PTT?

PTT is an acronym for ‘Platform Trust Technology’ developed by Intel as a lower cost alternative to a TPM Trusted Platform Module and is a form of fTPM.  PTT is not a physical chip but rather it uses the Intel CPU already on the board to handle encruption keys.  It is capable of acting like a full TPM 2.0 chip.

What is Network Stack or PXE Boot?

PXE is the acronym for ‘Pre-eXecution Environment’ and some systems call that a ‘Network Stack’.  PXE booting allows computers to boot up using files downloaded from a server rather than from a the local drive storage.  The most common example of where this is used is in corporate settings in which an IT administrator wants to wipe out the harddrive and load a fresh “image” he/she has stored on a server.  For 99.9999% of users this setting can be disabled.

pxe boot example

What is Secure Boot?

Secure Boot blocks malware from tampering with boot files.  It is one of the new features of UEFI and is not available in old “BIOS” based systems.  Secure Boot requires changes to the UEFI system and operating system boot files to be digitally signed by the developer.  This substantially reduces the ability of hackers to covertly take over control of your computer during the next boot process.

What are Intel Software Guard Extensions?

Intel SGX is an acronym for ‘Software Guard Extensions’ which creates encrypted memory spaces (aka ‘enclaves’) that the Intel CPU can validate before using.  SGX has only been around since 2015 and was focsed on server CPU’s to make sure software like Virutal Machines were not being tampered with.  However, their application quickly expanded to include SOME Intel ‘Core’ series CPU’s for the desktop market starting with the i5-6400 chip.

What is Virtualization Support?

Virtualization Support allows special add-on code built into the hardware of the CPU to support the use of ‘hypervisors’.  A hypervisor (like Microsoft HyperV and VMWare’s vSphere) is the platform on which virtual machines run.  Virtualization Support applies to AMD (with AMD-V) and Intel (with VT-x).  For 99.999% of desktop users, hypervisors are not used so the setting can be turned off if you wish.

windows 10 features hyperv

Questions or Comments?