EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

06.06.13

UEFI ‘Secure’ Boot is Not About Security, Insyde Software’s Business Model is Misguided and Dangerous

Posted in GNU/Linux, Kernel, Security at 9:10 am by Dr. Roy Schestowitz

Corporate insecurity for Insyde Software, corporate security for Microsoft

UEFI

Summary: Promotion of bad ideas by Insyde Software merits another discussion about what UEFI actually means to ordinary GNU/Linux users

The main problem with UEFI is its effect on freedom. It’s not just about restricted boot but also patents and other issues covered in the criticism section in Wikipedia.

A new press release from Taiwan describes UEFI as a security mechanism, but this is utter fiction. Last month I spoke for over an hour with the president of the UEFI Forum, covering in length the aspect of security. He too was led to agreeing with me that security is hardly improved by UEFI, which can have its barriers bypassed and ignored. The press release says something like this:

Insyde Software, a leading provider of Unified Extensible Firmware Interface (UEFI) BIOS, today announced the availability of new UEFI security features including Secure Boot and secure firmware update for leading Linux distributions.

No, thanks. Linux does not need UEFI for security. Even Torvalds rejects the 'security' claim (he dislikes ‘secure’ boot in general [1, 2]). So the above is a marketing gimmick, that’s all. Insyde Software will boost flawed claims of ‘security’, so we should all be prepared to rebut.

Dr. Garrett, an expert in this field and occasional apologist, demonstrated that UEFI with Linux can brick hardware [1, 2, 3]. So much for security, eh? He is supporting it, sadly enough, based on very weak grounds. He should have antagonised it instead. Earlier this week he posted an update on the bricking issue:

Meanwhile, Samsung got back to us and let us know that their systems didn’t require more than 5KB of nvram space to be available, which meant we could get rid of the 50% value and replace it with 5KB. The hope was that any system that booted with only 5KB of space available in nvram would trigger a garbage collection run. Unfortunately, it turned out that that wasn’t true – some systems will only trigger garbage collection if the OS actually makes an attempt to write a variable that won’t otherwise fit.

So the search for a solution goes on under the false pretences that buggy, experimental UEFI sometimes adds something for GNU/Linux users to enjoy. The practical benefits of UEFI are very minor to ordinary desktop users. UEFI is good for two monopolies: the Intel/x86 monopoly and the Windows monopoly.

Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Reddit
  • co.mments
  • DZone
  • email
  • Google Bookmarks
  • LinkedIn
  • NewsVine
  • Print
  • Technorati
  • TwitThis
  • Facebook

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

What Else is New

  1. Microsoft's and Bill Gates' Biggest Patent Troll (Intellectual Ventures) Suffers Setback and Nokia is Dead While Patents Scattered to Microsoft Patent Proxies

    Microsoft's patent collectors (trolls) are to have a feast with Nokia patents while Intellectual Ventures, Microsoft's largest patent proxy, continues to attack companies including Motorola

  2. Patent Racketeering Continues With Nadella: Motorola the Latest to Join the FUD Campaign

    Nadella continues Ballmer's campaign of intimidation and alienation, showing that nothing has changed at Microsoft, not even the FUD

  3. Links 23/4/2014: GNOME Maps Application, LG in Headlines

    Links for the day

  4. Links 22/4/2014: More GNU/Linux Gains, Syria Updates

    Links for the day

  5. Links 21/4/2014: New Games for GNU/Linux, Some NatSec Politics

    Links for the day

  6. Site Focus for The Remainder of the Year

    What we plan for the rest of 2014 and why

  7. Links 20/4/2014: EFF FOSS, Easter Drone Strikes, Copyright Industry Fear of Google

    Links for the day

  8. Links 19/4/2014: Slow Easter News Day

    Links for the day

  9. Links 18/4/2014: New KDE, Kubuntu, and More

    Links for the day

  10. Some Perspective on Heartbleed®

    Our views on the whole Heartbleed® bonanza, which seems like partly a PR stunt (for multiple stakeholders)

  11. Microsoft is Leaving Windows -- Including Vista 8.1 -- Vulnerable to Non-Government Crackers, Not Only to NSA

    Microsoft makes it ever more evident that securing users of Windows is not at all a priority, and perhaps not even a desire

  12. Links 17/4/2014: Android RDP, New Ubuntu, RHEL 7 Milestone

    Links for the day

  13. Racing to 1984: Mass Surveillance, Cracking, 'Targeted' Assassinations, and Illegal Torture

    Links for the day

  14. More Microsoft Subsidies to Patent Troll Intellectual Ventures

    Microsoft hands money to Bill Gates' close friend who is the world's largest patent troll

  15. Aiding Microsoft Under the Disguise of 'Pro-FOSS'

    Not everything which is FOSS necessary becomes, by virtue of existence, a positive contribution, as we are constantly reminded by projects that help proprietary software and/or restrictions get a strong grip on FOSS

  16. Links 16/4/2014: Red Hat PR, Ubuntu LTS Imminent

    Links for the day

  17. Links 15/4/2014: Lots of PCLinuxOS Releases, Ukraine Updates

    Links for the day

  18. Apple and Microsoft Actively Lobbying Against Patent Reform in the US

    Apple and Microsoft are reportedly intervening/interfering with US law in order to ensure that the law is Free/libre software-hostile

  19. Lawsuit by Microsoft Shareholder Targets Fine for Crimes Rather Than the Crimes Themselves

    A new lawsuit by a Microsoft shareholder shows everything that's wrong with today's model of accountability, where those who are responsible for crimes are accused of not avoiding fines rather than committing the crimes

  20. Public Institutions Must Dump PRISM-Associated Software

    Another reminder that taxpayers-subsidised services should refuse, as a matter of principle, to pay anything for -- let alone deploy -- proprietary software with back doors

  21. GNU/Linux News: The Opportunities Amid XP EOL

    Links for the day

  22. Microsoft Gets Its Money's Worth From Xamarin: PlayStation 4 Now Polluted by Microsoft

    The Trojan horse of Microsoft, Xamarin, is pushing .NET into Microsoft's console competitor

  23. After Brendan Eich Comes Chris Beard

    Having removed Brendan Eich using bullying and blackmail tactics, his foes inside Mozilla achieved too little as we have yet another man (coming from inside Mozilla) acting as CEO

  24. Healthcare News: Free Software in Health, Humanitarian Causes

    Links for the day

  25. Links 14/4/2014: MakuluLinux, Many Games, More Privacy News and Pulitzer Prize for NSA Revelations

    Links for the day

  26. TechBytes Episode 87: Catching up With Surveillance (NSA, GCHQ et al.)

    The first audio episode in a very long time covers some of the latest happenings when it comes to privacy and, contrariwise, mass surveillance

  27. Server News: KVM, ElasticHosts, Other GNU/Linux Items, and Open Network Linux

    Links for the day

  28. Hardware News: Freedom, Modding, Hackability on the Rise

    Links for the day

  29. Distributions News: GNU/Linux Distros

    Links for the day

  30. GNOME News: Financial Issues, Mutter-Wayland, West Coast Summit, Community Participation

    Links for the day

CoPilotCo

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

CoPilotCo

Recent Posts