02.07.13
Adventures in UEFI Mischief and Selective Criticism of Google
Summary: Some of the latest stories about so-called ‘secure’ boot, which is all about restricting the use of hardware
Microsoft is trying to become a hardware company [1, 2, 3, 4, 5, 6] and catch up with Google in many areas. Using UEFI in Vista 8 Microsoft was hoping to altogether block Linux in ARM, but Google too uses this restriction. Microsoft has new hardware which already receives negative reviews, as summarised here:
And there we are – the Surface Pro reviews are in. Reading through them all, there’s clearly a common theme, and it’s not particularly positive. We’re a few months in now, so I think we can finally call it: Windows 8 and Surface are the wrong way to go.
Interesting is this observation that Linux is no longer blocked as before, just suppressed.
Microsoft likes to say it’s all for “security”, but the company is not even able to get certified for Windows AV. Here is some news:
The independent German lab behind AV-Test, which tests the effectiveness of endpoint security products, has pulled its seal of approval for Microsoft Security Essentials.
According to AV-Test, from September to October 2012, the effectiveness of Security Essentials at spotting zero-day malware attacks — including viruses, worms, and Trojan horses — dropped from 69% to 64%, compared with an industry average of 89%. For detecting malware that’s been discovered in the past few months, Security Essentials fared better, with a 90% detection rate, but that’s still below the 97% average for the industry.
Torvalds remarked on the excuse of "security" as exclusively use to sell restricted boot. Jack Wallen calls for “hardware neutrality” because, as he puts it: “The latest UEFI snafu involved the bricking of Samsung laptops. It’s time that hardware vendors knew consumers and IT pros demand the right to hardware neutrality.”
Our freedom from artificial barriers and restrictions depends in part on abolishing UEFI altogether, or putting users — not big vendors — in control over it. There may be workarounds, but they are too complicated for most users.
The other day we saw this thread which says:
I just bought a Acer Aspire M5 481t-6617 ultrabook and I cant stand this win8 bullshit, so my first option is my desktop distro (slack)..
The response from Slackware’s founder was:
The features are all likely to work fine. If you have Windows 8 and want to keep it, start by hitting (windows key) + X, select the disk management program, and resize the windows drive to make some free space for the Slackware installation. Boot the x86_64 Slackware install disc under the legacy boot mode and with Secure Boot turned off (probably you’ll want to leave it off anyway). The installer handles GPT fine, so make your partitions using cgdisk. If you made a swap partition, run mkswap on it before running setup, and then proceed to install as usual. Skip the LILO installation.
Then it gets too technical, with code even. To be fair to Dr. Garrett, he does pressure Google over this issue, but why not chastise Microsoft? All the work he has been doing recently is enormously useful to Microsoft.
As LWN summarises it:
Matthew Garrett calls out Google for not allowing users to install their own keys on Chromebook systems.
Here is the original. Where was he when Microsoft-imposed UEFI bricked Linux hardware? Why denounce just Google? █
