Linked by Thom Holwerda on Mon 4th Feb 2013 22:10 UTC
Google "People are, unsurprisingly, upset that Microsoft have imposed UEFI Secure Boot on the x86 market. A situation in which one company gets to determine which software will boot on systems by default is obviously open to abuse. What's more surprising is that many of the people who are upset about this are completely fine with encouraging people to buy Chromebooks. Out of the box, Chromebooks are even more locked down than Windows 8 machines." Good point.
Permalink for comment 551437
To read all comments associated with this story, please click here.
Repeat a lie until it becomes the truth
by saso on Tue 5th Feb 2013 00:01 UTC
saso
Member since:
2007-04-18

This whole UEFI business is just a wonderful example of how when you repeat a lie long enough, it becomes accepted truth. UEFI SecureBoot never was about boot viruses, though yes, it does make them very hard or near impossible. The whole point of this technology has always been to shift control over the software users install over to the hardware vendor.

MBR viruses have been a dead horse for at least 10-15 years now, ever since the web browser and its plugins became a much more lucrative target for malware. Please note that SecureBoot in no way prevents rootkits or kernel exploits - it's still the responsibility of the OS to verify all code it loads.

UEFI is just a whole bunch of new ways for your machine to fail or misbehave. If you think ACPI was bad enough, wait till you get a load of UEFI firmware bugs, such as DMA'ing network packets over a region of memory where it wasn't supposed to (causing random OS crashes), or, as in the case of Samsung, bricking your machine because some OS had the audacity to follow Samsung's own declared APIs. One Linux user of the samsung UEFI driver also reported that due to a UEFI firmware bug, installing Ubuntu caused Samsung's UEFI to overwrite its "Setup" boot entry with Ubuntu, blocking access to the firmware setup menu. On servers, it's an even worse plague - IBM servers with UEFI configuration menus now require mouse input in order to set up properly (it's still possible via the keyboard, but it's about as pleasant as walking over broken glass). And forget about serial console redirection - text terminals can't handle GUIs, so no remote recovery for you!

The BIOS was crap, but at least it was simple. It loaded into predictable locations, and all we needed was a simple set of BIOS extensions in well specified regions to provide new features. Instead, this UEFI crap was concieved of, with the spec itself over a motherfucking 2200 pages long. FFS, all parts of MPEG-2 are together less than 1000 pages long (the core systems+video+audio tech is < 500 pages), and that's a fully-fledged multimedia system. With a spec this long, it's no wonder firmware vendors (who are crap at producing even workable BIOSes) will produce terrible implementations.

Reply Score: 16