Documentation Index
Fetch the complete documentation index at: https://mintlify.com/Rikitav/Unified.Firmware/llms.txt
Use this file to discover all available pages before exploring further.
GlobalFirmwareEnvironment is a subclass of FirmwareEnvironment that is pre-configured for the UEFI global variable namespace. It uses the vendor GUID 8BE4DF61-93CA-11D2-AA0D-00E098032B8C (FirmwareVendors.GlobalVariable), which is the EFI_GLOBAL_VARIABLE namespace defined in the UEFI specification. Every property maps directly to a standardised UEFI variable name and handles the necessary marshalling — callers work with idiomatic .NET types (bool, ushort, string, Guid[]) rather than raw buffers. The canonical way to obtain the singleton instance is through the FirmwareEnvironment.Global static property, which lazily creates and caches the object backed by FirmwareInterface.CurrentBackend.
Namespace: Unified.Firmware.EnvironmentVendor
Base class: FirmwareEnvironment
Vendor GUID: 8BE4DF61-93CA-11D2-AA0D-00E098032B8C (EFI_GLOBAL_VARIABLE)
Access via: FirmwareEnvironment.Global
Properties
AuditMode
Whether the system is currently operating in Secure Boot Audit Mode. In Audit Mode the firmware does not enforce signature checks, enabling key enrollment and testing. Becomes permanently read-only after ExitBootServices() is called.
| |
|---|
| Type | bool |
| Access | read-only |
| UEFI attributes | BS, RT |
BootCurrent
The boot option index that was selected for the current boot. This value identifies which Boot#### variable the firmware used when starting the system and is valid only during the current boot session.
| |
|---|
| Type | ushort |
| Access | read-only |
| UEFI attributes | BS, RT |
BootNext
A one-time boot option override. When set, the boot manager uses this option for the next boot only, then clears the variable. Useful for single-shot boot redirection without permanently altering BootOrder.
| |
|---|
| Type | ushort |
| Access | read/write |
| UEFI attributes | NV, BS, RT |
BootOrder
The ordered list of boot option indices. The boot manager iterates this array in order, attempting each Boot#### entry in turn. Modifying this array changes the persistent boot priority.
| |
|---|
| Type | ushort[] |
| Access | read/write |
| UEFI attributes | NV, BS, RT |
BootOptionSupport
A bitmask describing the categories of boot options the firmware’s boot manager supports (for example, keyboard input, boot app support, or count limit). Should generally be treated as read-only.
| |
|---|
| Type | uint |
| Access | read/write |
| UEFI attributes | BS, RT |
DeployedMode
Whether the system is in Secure Boot Deployed Mode. Once Deployed Mode is active (true) the variable becomes read-only until the next platform reset. Becomes permanently read-only after ExitBootServices().
| |
|---|
| Type | bool |
| Access | read-only |
| UEFI attributes | BS, RT |
DevAuthBoot
Whether the platform firmware is operating in Device Authentication Boot mode. In this mode the firmware authenticates each device driver image before execution. Should be treated as read-only.
| |
|---|
| Type | bool |
| Access | read-only |
| UEFI attributes | BS, RT |
The underlying UEFI variable name for DevAuthBoot is "devAuthBoot" (lowercase d) as defined in the UEFI specification.
DriverOrder
The ordered list of driver load option indices. The boot manager loads driver images in the order specified by this array before processing boot options.
| |
|---|
| Type | ushort[] |
| Access | read/write |
| UEFI attributes | NV, BS, RT |
HwErrRecSupport
Identifies the level of hardware error record persistence supported by the platform. A value of 0 means no support; 1 means UEFI hardware error record persistence is supported. This variable is only modified by firmware and is read-only to the OS.
| |
|---|
| Type | ushort |
| Access | read-only |
| UEFI attributes | NV, BS, RT |
Lang
The ISO 639-2 language code the system is configured for (for example, "eng"). Deprecated — use PlatformLang instead. Kept for compatibility with older UEFI firmware.
| |
|---|
| Type | string |
| Access | read/write |
| UEFI attributes | NV, BS, RT |
LangCodes
A semicolon-separated list of ISO 639-2 language codes supported by the firmware. Deprecated — use PlatformLangCodes instead. Kept for compatibility with older firmware.
| |
|---|
| Type | string |
| Access | read/write |
| UEFI attributes | BS, RT |
OsIndications
The bitmask through which the operating system requests specific actions from the firmware on the next boot. Read the current flags, OR in the desired flag, then write back. The firmware clears consumed bits after processing them.
| |
|---|
| Type | OsIndications |
| Access | read/write |
| UEFI attributes | NV, BS, RT |
| Flag | Value | Description |
|---|
BOOT_TO_FW_UI | 0x01 | Boot to the firmware setup UI on next restart |
TIMESTAMP_REVOCATION | 0x02 | Enable timestamp-based Secure Boot revocation |
FILE_CAPSULE_DELIVERY_SUPPORTED | 0x04 | Trigger capsule delivery from mass storage |
FMP_CAPSULE_SUPPORTED | 0x08 | Enable Firmware Management Protocol capsule updates |
CAPSULE_RESULT_VAR_SUPPORTED | 0x10 | Report deferred capsule processing results |
START_OS_RECOVERY | 0x20 | Start OS-defined recovery on next boot |
START_PLATFORM_RECOVERY | 0x40 | Start platform-defined recovery on next boot |
JSON_CONFIG_DATA_REFRESH | 0x80 | Refresh JSON configuration data on next boot |
OsIndicationsSupported
The bitmask of OsIndications flags that the current firmware actually supports. Read this before setting any flag in OsIndications to confirm the firmware will honour the request.
| |
|---|
| Type | OsIndications |
| Access | read-only |
| UEFI attributes | BS, RT |
OsRecoveryOrder
An ordered list of OS recovery option indices specifying the order in which OS-defined recovery options should be attempted.
| |
|---|
| Type | ushort[] |
| Access | read/write |
| UEFI attributes | NV, BS, RT, AT |
The RFC 4646 language tag the system is currently configured for (for example, "en-US" or "fr-FR"). This is the modern replacement for the deprecated Lang variable.
| |
|---|
| Type | string |
| Access | read/write |
| UEFI attributes | NV, BS, RT |
A semicolon-separated list of RFC 4646 language tags supported by the firmware (for example, "en-US;fr-FR"). This is the modern replacement for the deprecated LangCodes variable.
| |
|---|
| Type | string |
| Access | read/write |
| UEFI attributes | BS, RT |
SecureBoot
Whether Secure Boot enforcement is currently active. When true, the firmware verifies the digital signature of every boot image against the authorised signature database (db) and refuses to load untrusted images.
| |
|---|
| Type | bool |
| Access | read-only |
| UEFI attributes | BS, RT |
SetupMode
Whether the system is in Setup Mode. The system is in Setup Mode when SetupMode == true, AuditMode == false, and DeployedMode == false. In Setup Mode, authenticated variable operations are not enforced, allowing key enrollment.
| |
|---|
| Type | bool |
| Access | read-only |
| UEFI attributes | BS, RT |
SignatureSupport
An array of GUIDs representing the signature types supported by the platform’s Secure Boot implementation. Should be treated as read-only — it is populated by the firmware during initialisation.
| |
|---|
| Type | Guid[] |
| Access | read-only |
| UEFI attributes | BS, RT |
Timeout
The boot manager timeout in seconds. After this many seconds, if the user has not selected a boot option, the firmware automatically starts the first entry in BootOrder. A value of 0xFFFF disables the timeout entirely.
| |
|---|
| Type | ushort |
| Access | read/write |
| UEFI attributes | NV, BS, RT |
VendorKeys
Whether the system’s Secure Boot key database contains only keys provided by the platform vendor (OEM). When true, no user-enrolled keys are present. Should be treated as read-only.
| |
|---|
| Type | bool |
| Access | read-only |
| UEFI attributes | BS, RT |
Code Example
using System;
using Unified.Firmware;
using Unified.Firmware.EnvironmentVendor;
// Access the global environment through the shared singleton
GlobalFirmwareEnvironment global = FirmwareEnvironment.Global;
// --- Secure Boot status ---
Console.WriteLine($"Secure Boot active : {global.SecureBoot}");
Console.WriteLine($"Setup Mode : {global.SetupMode}");
Console.WriteLine($"Audit Mode : {global.AuditMode}");
Console.WriteLine($"Deployed Mode : {global.DeployedMode}");
// --- Boot manager timeout ---
Console.WriteLine($"Current timeout : {global.Timeout}s");
// Extend the timeout to 10 seconds
global.Timeout = 10;
Console.WriteLine("Timeout updated to 10 seconds.");
// --- Boot order ---
ushort[] bootOrder = global.BootOrder;
Console.Write("Boot order: ");
Console.WriteLine(string.Join(" → ", Array.ConvertAll(bootOrder, i => $"Boot{i:X4}")));
// Move the second entry to the front
if (bootOrder.Length >= 2)
{
(bootOrder[0], bootOrder[1]) = (bootOrder[1], bootOrder[0]);
global.BootOrder = bootOrder;
Console.WriteLine("Boot order updated.");
}
// --- OsIndications: check before writing ---
if (global.OsIndicationsSupported.HasFlag(OsIndications.BOOT_TO_FW_UI))
{
global.OsIndications |= OsIndications.BOOT_TO_FW_UI;
Console.WriteLine("Firmware UI boot scheduled for next restart.");
}
else
{
Console.WriteLine("Firmware UI boot is not supported on this platform.");
}
// --- Signature support ---
Guid[] sigTypes = global.SignatureSupport;
Console.WriteLine($"Supported signature GUIDs ({sigTypes.Length}):");
foreach (Guid g in sigTypes)
Console.WriteLine($" {g}");
All properties in GlobalFirmwareEnvironment delegate to ReadVariable, ReadStringVariable, ReadArrayVariable, WriteVariable, WriteStringVariable, or WriteArrayVariable on the base FirmwareEnvironment class. Elevated privileges (Administrator / root) are required for all NVRAM reads and writes.