ltstudiooo - Fotolia
Citrix's guest Unified Extensible Firmware Interface boot is a feature that makes it possible to boot Windows in UEFI mode when running as a guest OS in a Citrix Hypervisor VM, which brings advanced capabilities such as faster boot times, advanced management options and increased security to the Windows boot process.
Citrix guest UEFI boot was introduced with the release of Citrix Hypervisor 8.0 in April 2019. The feature helps support system boot-ups based on the UEFI specification published by the UEFI Forum.
Unfortunately, UEFI boot is still only an experimental feature, and Citrix has provided no indication when IT administrators can expect the real thing. Yet, Citrix is no doubt motivated to make this happen, especially considering VMware has supported guest UEFI for quite some time now.
A UEFI-based interface provides a standard environment for booting the OS and executing preboot applications. It includes multiple data tables for storing platform-specific information and provides boot and runtime service calls that the OS and its boot loader can use. The UEFI specification defines an architectural model for creating an interface between a computer's firmware and the OS running on that computer.
The UEFI specification was first introduced to the UEFI Forum -- a group of hardware, chipset, system, firmware and OS vendors -- in 2005, and its release in 2006 sought to address limitations inherent in the basic input/output system (BIOS), the traditional firmware used to boot PC computers. At that time, the UEFI specification was known as Intel's EFI 1.10. But, over the years, the UEFI Forum has continued to update and improve the specification, which is now at version 2.8.
The UEFI specification essentially offers a way for OSes to communicate with the system's firmware. Hardware vendors implement the specification as a software program, which is installed during manufacturing. And once the computer powers on, the UEFI program is the first one to run. The program wakes the connected hardware components and then hands control over to the OS.
The UEFI interface also includes a firmware validation process, called Secure Boot, which reduces the risk of targeted boot loader attacks. Secure Boot determines how the firmware manages security certificates and validates firmware images before they can run. Secure Boot can also define a protocol for enabling communications between the firmware and the OS.
The end of BIOS
Prior to UEFI, BIOS served as the existing firmware interface for booting up Windows PCs. But BIOS was not designed for modern computers, and it comes with a number of limitations, such as the inability to recognize all hardware types, ensure adequate sizing of hard-disk partitions and protect against malware, all of which can lead to a decrease in speed when performing certain tasks.
UEFI boot addressed many of these limitations, offering faster boot and resume times, while also providing greater control and management over the system boot process. It also supports larger hard-disk partitions and additional hardware types, such as graphic cards, network adapters and USB ports.
One advantage of UEFI is its programmability, which makes it possible to add boot-time applications and services to the boot process. UEFI is also much more secure than BIOS, supporting different features such as Secure Boot and factory-encrypted drives.
Microsoft's UEFI requirement and boot process
Microsoft requires UEFI boot firmware for its more recent Windows OSes, including Windows 10 and Windows Server 2019. To support the UEFI process, Windows includes several UEFI-based components, such as drivers, protocols, applications and Windows Boot Manager.
The Windows UEFI boot process includes a few steps. When the computer powers on, it runs the system's firmware boot loaders. Once the boot loaders initialize the hardware, admins should start up the UEFI environment and give control to the UEFI applications provided by Microsoft and the hardware vendors. The UEFI environment will then launch Windows Boot Manager, which boots to the main OS under normal operations.
The Windows version must match the computer's architecture to use UEFI mode. For example, if admins use a 64-bit computer, they must run a 64-bit version of Windows.
Citrix support for UEFI boot
With the release of Citrix Hypervisor 8.0, Citrix added support for the guest UEFI boot mode for newly created VMs running 64-bit versions of Windows 10, Windows Server 2016 or Windows Server 2019. Citrix recommends that each VM include at least two virtual CPUs to support UEFI boot.
Admins can use XenCenter or the xe command-line interface to enable UEFI boot. In either case, admins must specify UEFI as the boot mode when configuring the VM. However, admins can specify UEFI only if the selected VM template supports UEFI boot. Admins operating the New VM wizard in XenCenter won't see the UEFI Boot option if the selected VM template doesn't support UEFI boot.
Citrix guest UEFI boot is a separate feature from Citrix Hypervisor's support for UEFI mode on host systems. Host UEFI support enables easier installation of Citrix Hypervisor on host systems where UEFI boot is enabled. This feature is a part of the generally available (GA) release of Citrix Hypervisor, and admins can use the guest UEFI boot in a production environment.
Admins should remember that the guest UEFI boot is still an experimental feature and, therefore, isn't always suitable for a production environment. Admins risk having to re-create VMs when they upgrade the host if they used the guest UEFI boot in a production environment. Citrix has warned admins against using it for production purposes and makes no guarantees for a future addition of the feature to a GA release of Citrix Hypervisor.