What Is Network Stack In UEFI/BIOS

Network Stack allows you to boot from a PXE server over the network but can make your PC vulnerable to outside threats. This can be enabled or disabled from the UEFI/BIOS settings.

BIOS Network Stack

If you have ever configured your system’s BIOS or UEFI settings, you may have come across the option “Network Stack,” more specifically “Enable Network Stack.” Even though this option has been there for many years, many of home users are confused about this feature and whether it should be enabled or disabled.

To put this confusion to an end once and for all, today we are going to be discussing Network Stack; what it is, how it works, and when one should enable or disable it.

What is Network Stack

Network Stack, also referred to as Network Boot, is a feature that allows the computer to boot from the network, instead of the local hard drive or a bootable USB drive.

This feature is used by devices that usually do not have a local hard drive installed and want to boot from a device at a remote location over the network. It can also be used by IT professionals for mass operating system deployments in a corporate environment.

The Network Stack option allows booting from a Preboot Execution Environment (PXE) server. This is the server that hosts the operating system or contains the OS deployment images, depending on what it is being used for.

By default, Network Stack is enabled on most client computers. However, it has recently come to our attention that some machines now have it disabled, according to a Reddit post.

Different OEMs provide different Network Stack settings in the UEFI/BIOS settings. Normally, you see the settings given in the table below. This table lists the Network Stack settings, their values, and what each of them is used for.

Note: The highlighted value is the default value for the network setting.

Network StackEnable
Enable or disable UEFI Network Stack.
IPv4 PXE SupportEnable
Enable IPv4 PXE Boot Support. If this item is disabled, the IPv4 PXE boot option will not be created.
IPv4 HTTP SupportEnable
Enable IPv4 HTTP Boot Support. If this item is disabled, the IPv4 HTTP boot option will not be created.
IPv6 PXE SupportEnable
Enable IPv6 PXE Boot Support. If this item is disabled, the IPv6 PXE boot option will not be created.
IPv6 HTTP SupportEnable
Enable IPv6 HTTP Boot Support. If this item is disabled, the IPv6 HTTP boot option will not be created.
IPSEC CertificateEnable
It is supported to enable/disable the IPSEC certificate for Ikev.
PXE boot wait time0Set the wait time for you to press the ESC key to abort the PXE boot.
Use either +/- or numeric keys to set the value, which is counted in seconds.
Media detect count1The number of times the presence of media will be checked.
Use either +/- or numeric keys to set the value.
Network Stack settings in UEFI/BIOS

Now, let us take a look at how this technology works before determining whether it should be enabled or disabled.

How PXE Boot Works

The Preboot Execution Environment (PXE) is a client-server network interface that allows a device to boot from a remote device. If you are running an operating system over the local network, it would seem like it is running locally. However, the process is not so simple, since the client and the server first need to discover one another.

For the PXE boot to work, there are some protocols the network much support, which include Dynamic Host Configuration Protocol (DHCP) and Trivial File Transfer Protocol (TFTP).

When the computer boots up, an IP address is assigned to it from the DHCP server. For that, the client computer broadcasts a “discover” packet over the network, to which the DHCP server responds with an “offer” packet. After accepting the offer, an IP address is assigned.

Now, the client PC will notify the DHCP server that it is using the PXE boot server, to which the DHCP server will reply by sending the IP address of the boot server and the boot file name to the client. Now, the client PC will make direct communication with the boot server and request the boot files.

The PXE boot server will now send over the boot files using TFTP, using which the client PC will boot the operating system.

This concludes the brief process of how PXE boot works in a closed network.

Should Network Stack be Enabled or Disabled

The purpose of explaining how PXE boot works were to give insight into the decision on whether Network Stack should be enabled or disabled in your UEFI/BIOS settings.

As you already know now, the process of booting from a PXE server requires some packets going back and forth, and some broadcasting. This makes the devices vulnerable to outside threats as an attacker can pose as a potential PXE server and feed false information to the client device.

Therefore, it is advised that Network Stack should be disabled, provided that you are not using it.

However, if your computer does not have a local hard drive and requires you to boot your operating system over the network from the PXE server, then you have no choice but to keep Network Stack enabled.

Also, if you are an IT administrator performing a mass OS deployment, then enabling the Network Stack would allow you to connect to the Windows Deployment Server (WDS) and perform the OS installations quickly.

Let us now show you how to make changes to Network Stack from system UEFI/BIOS settings.

How to Enable or Disable Network Stack

Follow these steps to enable/disable the network stack from UEFI/BIOS settings:

  1. Start/Restart your computer and use the designated hotkey to enter BIOS.

  2. Look for the Integrated NIC option and here you shall find the “Enable UEFI/BIOS Network Stack” option. Check or uncheck the box next to it to enable or disable Network Stack.

    When done, save the changes by clicking Apply and then exit the UEFI/BIOS settings.

    Network Stack in UEFI
    Network Stack in UEFI

As you can see in the image above, the NIC can be “Disabled,” “Enabled,” or “Enabled with PXE.” When you select “Enabled with PXE,” it means that the computer can now boot from a PXE server over the network. However, for that to work, you must also enable Network Stack.

Closing Words

As we mentioned earlier, many client PCs have Network Stack enabled by default. Moreover, sometimes with the Network Stack enabled, the computer tries to boot from the network, even when the locally-installed hard drive has a perfectly running operating system on it.

This happens when the network card is on top of the other bootable devices in the boot order. You can also change the boot order from the system BIOS and still keep Network Stack enabled when needed.

Also see:

Subhan Zafar is an established IT professional with interests in Windows and Server infrastructure testing and research, and is currently working with Itechtics as a research consultant. He has studied Electrical Engineering and is also certified by Huawei (HCNA & HCNP Routing and Switching).

Leave a Reply

You have to agree to the comment policy.