Summary: UEFI makes computers more prone to infections, according to some security experts
THE abusive Intel spreads UEFI to help the abusive Microsoft by means of lockout (there have been many articles about that as of late). It serves to protect the Windows monopoly and protect Intel’s monopoly (with UEFI patents that we highlighted previously). Our posts about UEFI contain a lot of examples of that. UEFI ‘secure’ boot is not really about security and in some ways it makes security even worse, as we showed on numerous occasions before. UEFI can enable espionage agencies (such as GCHQ, NSA and so on) to remotely brick PCs, rendering them unbootable (no matter the operating system). Remember Stuxnet.
There are several new reports which say that UEFI has got additional ways in which it makes computers less secure. To quote the British media: “The high amount of code reuse across UEFI BIOSes means that BIOS infection can be automatic and reliable.”
To quote some US media: “Though such “voodoo” hacking will likely remain a tool in the arsenal of intelligence and military agencies, it’s getting easier, Kallenberg and Kovah believe. This is in part due to the widespread adoption of UEFI, a framework that makes it easier for the vendors along the manufacturing chain to add modules and tinker with the code.”
Next time Intel or Microsoft insist that UEFI is needed for ‘security’ we should have stronger arguments with which to debunk such myths. It’s marketing of monopolies disguised as “advancement”. █
Send this to a friend
To what extent do the ideas of free software extend to hardware? Is it a moral obligation to make our hardware designs free, just as it is to make our software free? Does maintaining our freedom require rejecting hardware made from nonfree designs?
Free software is a matter of freedom, not price; broadly speaking, it means that users are free to use the software and to copy and redistribute the software, with or without changes. More precisely, the definition is formulated in terms of the four essential freedoms.
- The freedom to run the program as you wish, for any purpose.
- The freedom to study the program’s source code, and change it so it does your computing as you wish.
- The freedom to make exact copies and give them or sell them to others.
- The freedom to make copies of your modified versions and give them or sell them to others.
Applying the same concept directly to hardware, free hardware means hardware that you are free to use and to copy and redistribute with or without changes. But, since there are no copiers for hardware, aside from keys, DNA, and plastic objects’ exterior shapes, is the concept of free hardware even possible? Well, most hardware is made by fabrication from some sort of design. The design comes before the hardware.
Thus, the concept we really need is that of a free hardware design. That’s simple: it means a design that permits users to use the design (i.e., fabricate hardware from it) and to copy and redistribute it, with or without changes. The design must provide the same four freedoms that define free software. Then “free hardware” means hardware with an available free design.
People first encountering the idea of free software often think it means you can get a copy gratis. Many free programs are available for zero price, since it costs you nothing to download your own copy, but that’s not what “free” means here. (In fact, some spyware programs such as Flash Player and Angry Birds are gratis although they are not free.) Saying “libre” along with “free” helps clarify the point.
For hardware, this confusion tends to go in the other direction; hardware costs money to produce, so commercially made hardware won’t be gratis (unless it is a loss-leader or a tie-in), but that does not prevent its design from being free/libre. Things you make in your own 3D printer can be quite cheap, but not exactly gratis since you will have to pay for the raw materials. In ethical terms, the freedom issue trumps the price issue totally, since a device that denies freedom to its users is worth less than nothing.
The terms “open hardware” and “open source hardware” are used by some with the same concrete meaning as “free hardware,” but those terms downplay freedom as an issue. They were derived from the term “open source software,” which refers more or less to free software but without talking about freedom or presenting the issue as a matter of right or wrong. To underline the importance of freedom, we make a point of referring to freedom whenever it is pertinent; since “open” fails to do that, let’s not substitute it for “free”.
Is Nonfree Hardware an Injustice?
Ethically, software must be free; a nonfree program is an injustice. Should we take the same view for hardware designs?
We certainly should, in the fields that 3D printing (or, more generally, any sort of personal fabrication) can handle. Printer patterns to make a useful, practical object (i.e., functional rather than decorative) must be free because they are works made for practical use. Users deserve control over these works, just as they deserve control over the software they use.
Distributing a nonfree functional object design is as wrong as distributing a nonfree program.
Be careful to choose 3D printers that work with exclusively free software; the Free Software Foundation endorses such printers. Some 3D printers are made from free hardware designs, but Makerbot’s hardware designs are nonfree.
Must we reject nonfree digital hardware?
Is a nonfree digital hardware(*) design an injustice? Must we, for our freedom’s sake, reject all digital hardware made from nonfree designs, as we must reject nonfree software?
Due to the conceptual parallel between hardware designs and software source code, many hardware hackers are quick to condemn nonfree hardware designs just like nonfree software. I disagree because the circumstances for hardware and software are different.
Present-day chip and board fabrication technology resembles the printing press: it lends itself to mass production in a factory. It is more like copying books in 1950 than like copying software today.
Freedom to copy and change software is an ethical imperative because those activities are feasible for those who use software: the equipment that enables you to use the software (a computer) is also sufficient to copy and change it. Today’s mobile computers are too weak to be good for this, but anyone can find a computer that’s powerful enough.
Moreover, a computer suffices to download and run a version changed by someone else who knows how, even if you are not a programmer. Indeed, nonprogrammers download software and run it every day. This is why free software makes a real difference to nonprogrammers.
How much of this applies to hardware? Not everyone who can use digital hardware knows how to change a circuit design, or a chip design, but anyone who has a PC has the equipment needed to do so. Thus far, hardware is parallel to software, but next comes the big difference.
You can’t build and run a circuit design or a chip design in your computer. Constructing a big circuit is a lot of painstaking work, and that’s once you have the circuit board. Fabricating a chip is not feasible for individuals today; only mass production can make them cheap enough. With today’s hardware technology, users can’t download and run John H Hacker’s modified version of a digital hardware design, as they could run John S Hacker’s modified version of a program. Thus, the four freedoms don’t give users today collective control over a hardware design as they give users collective control over a program. That’s where the reasoning showing that all software must be free fails to apply to today’s hardware technology.
In 1983 there was no free operating system, but it was clear that if we had one, we could immediately use it and get software freedom. All that was missing was the code for one.
In 2014, if we had a free design for a CPU chip suitable for a PC, mass-produced chips made from that design would not give us the same freedom in the hardware domain. If we’re going to buy a product mass produced in a factory, this dependence on the factory causes most of the same problems as a nonfree design. For free designs to give us hardware freedom, we need future fabrication technology.
We can envision a future in which our personal fabricators can make chips, and our robots can assemble and solder them together with transformers, switches, keys, displays, fans and so on. In that future we will all make our own computers (and fabricators and robots), and we will all be able to take advantage of modified designs made by those who know hardware. The arguments for rejecting nonfree software will then apply to nonfree hardware designs too.
That future is years away, at least. In the meantime, there is no need to reject hardware with nonfree designs on principle.
*As used here, “digital hardware” includes hardware with some analog circuits and components in addition to digital ones.
We need free digital hardware designs
Although we need not reject digital hardware made from nonfree designs in today’s circumstances, we need to develop free designs and should use them when feasible. They provide advantages today, and in the future they may be the only way to use free software.
Free hardware designs offer practical advantages. Multiple companies can fabricate one, which reduces dependence on a single vendor. Groups can arrange to fabricate them in quantity. Having circuit diagrams or HDL code makes it possible to study the design to look for errors or malicious functionalities (it is known that the NSA has procured malicious weaknesses in some computing hardware). Furthermore, free designs can serve as building blocks to design computers and other complex devices, whose specs will be published and which will have fewer parts that could be used against us.
Free hardware designs may become usable for some parts of our computers and networks, and for embedded systems, before we are able to make entire computers this way.
Free hardware designs may become essential even before we can fabricate the hardware personally, if they become the only way to avoid nonfree software. As common commercial hardware is increasingly designed to subjugate users, it becomes increasingly incompatible with free software, because of secret specifications and requirements for code to be signed by someone other than you. Cell phone modem chips and even some graphics accelerators already require firmware to be signed by the manufacturer. Any program in your computer, that someone else is allowed to change but you’re not, is an instrument of unjust power over you; hardware that imposes that requirement is malicious hardware. In the case of cell phone modem chips, all the models now available are malicious.
Some day, free-design digital hardware may be the only platform that permits running a free system at all. Let us aim to have the necessary free digital designs before then, and hope that we have the means to fabricate them cheaply enough for all users.
If you design hardware, please make your designs free. If you use hardware, please join in urging and pressuring companies to make hardware designs free. █
Copyright 2015 Richard Stallman. Released under Creative Commons Attribution No Derivatives 3.0 license.
Send this to a friend
Summary: The Trojan horse that Microsoft uses to cement its monopoly on desktops and laptops (making it hard or impossible to install and run GNU/Linux) is also being misused to block Coreboot
LAST WEEK we saw numerous reports about UEFI being used to attack, impede — or whatever one wishes to call it — Coreboot. It’s an attack on computing freedom at the very core, but given the long history of Intel crimes, we were hardly shocked by it. We included relevant links in our daily links, but citing , the biggest UEFI apologist writes  that this is justified in the name of ‘security’, erroneously assuming that it was ever about security rather than domination and control over the user. We have already shown, on numerous occasions in fact (even earlier this year), that UEFI achieves the very opposite of security, enabling even remote bricking of entire motherboards (Intel seems more interested in intel’ agencies than in actual purchasers of hardware). As the apologist is cited by FOSS sites we just thought it is worth pointing out again. People whose job is to write code for UEFI (and a lot of money is being paid for this) have a bit of an undeclared conflict of interest when writing about UEFI.
One solution, as we have pointed out before, is to avoid UEFI, which still helps Microsoft attack GNU/Linux. One effective way to achieve this is to boycott Intel, which deserves a boycott for many other reasons (much bigger and more compelling reasons than this). █
Related/contextual items from the news:
Even if you’re rocking the most open of open-source operating systems, chances are your laptop isn’t really that “free,” betrayed by closed firmware binaries lurking deep within the hardware itself.
Modern UEFI firmware is a closed-source, proprietary blob of software baked into your PC’s hardware. This binary blob even includes remote management and monitoring features, which make it a potential security and privacy threat.
You might want to replace the UEFI firmware and get complete control over your PC’s hardware with Coreboot, a free software BIOS alternative—but you can’t in PCs with modern Intel processors, thanks to Intel’s Boot Guard and the “Verified Boot” mode PC manufacturers choose.
PC World wrote an article on how the use of Intel Boot Guard by PC manufacturers is making it impossible for end-users to install replacement firmware such as Coreboot on their hardware. It’s easy to interpret this as Intel acting to restrict competition in the firmware market, but the reality is actually a little more subtle than that.
UEFI Secure Boot as a specification is still unbroken, which makes attacking the underlying firmware much more attractive. We’ve seen several presentations at security conferences lately that have demonstrated vulnerabilities that permit modification of the firmware itself. Once you can insert arbitrary code in the firmware, Secure Boot doesn’t do a great deal to protect you – the firmware could be modified to boot unsigned code, or even to modify your signed bootloader such that it backdoors the kernel on the fly.
Send this to a friend
Summary: How journalists, analysts and even developers carry water for Intel, usually in exchange for some monetary incentives
MANY of Intel‘s crimes have been covered here in Techrights at one point or another. The company has excellent PR operations that help conceal a great level of abuse and corruption. It’s the same with IBM. Watch this disgusting new puff piece from The Verge and this necessary response to it (“Delusional Media Hypes Intel Partnership With Anita Sarkeesian”) which says: “The Verge lies about us all the time. Hell, as I always cite, one of their former workers actually threatened to go GamerGate hunting at Comic Con. Unsurprisingly, he never caught any flack. Anti-GamerGate has gotten away with everything short of the high crimes like murder and rape, but I’m pretty sure the media would turn a blind eye towards that as well. Because after I just saw Intel co-sign Anita Sarkeesian and IGDA, I’m certain that I’m living on a different planet than these people.”
Intel’s role in GamerGate has already caused one of the leading Linux developers, who was clearly the face of UEFI on Linux, to boycott Intel and cease development of anything Intel-related.
“UEFI can be used for remote bricking (hardware sabotage) by the NSA and the likes of it.”Not only people like Anita Sarkeesian are potentially bribed by Intel for positive publicity that fools the public. Once upon a time the Gartner Group was used as marketing for Intel (false prophecies disguised as recommendations) and Gartner is now seeing the Wintel monopoly on the dive. Only a small portions of computers that are shipped are desktops or laptops with x86 chipsets, so Robert Pogson has visualised some numbers:
Gartner has built their business on Wintel and now they see 8% growth for the competition as something hopeful… Meanwhile, smartphones have explosive growth and thin clients are doing well too.
In order to further reinforce the Wintel monopoly Intel has made UEFI restricted boot. UEFI can be used for remote bricking (hardware sabotage) by the NSA and the likes of it [1, 2, 3]. Some involved developers deem it necessary to state that they are now working for the government, perhaps realising how controversial their work is. As one put it last year: “At no point have I been contacted with warrants of any kind, or any similar instrument, or in any way, from governmental or non-governmental entities, about inclusion of any kind of malware or backdoor in Fedora’s signed secure boot binaries, including shim, grub2, the kernel, and pesign, nor have I at any time been approached about disclosure of our signin keys. I am also not aware of anyone else involved in our signing that has been contacted with warrants of any kind, or any similar instrument, or in any way, from governmental or non-governmental entities, about inclusion of any kind of malware or backdoor in Fedora’s signed secure boot binaries, including shim, grub2, the kernel, and pesign, nor have I at any time been approached about disclosure of our signing keys.”
In a better world, this whole idiotic ‘secure’ boot would not exist. People don’t need it and the risk introduced by it (sabotage or prevention of access to one’s own PC) is great. As always, we urge readers to boycott UEFI and, where possible, also avoid Intel. █
Send this to a friend
Alternative (dirty) business models on the rise
Summary: The Wintel press, which is bribed by companies that it covers, is challenged by prominent developers and Microsoft continues to plant its patent propaganda in the Wintel-centric (and paid) press
Things are changing for the better as GNU/Linux, usually on non-x86 platforms, continues to gain. The Wintel monoculture is trying to use patents, lockdown (‘secure’ boot), bribes and other forms of abuse to maintain revenue.
“With some exceptions, especially desktops (not necessarily laptops), x86 can now be abandoned.”The many crimes of Intel have not, until very recently, bothered the UEFI apologists, notably Garrett, who now hates Intel (see “Actions have consequences (or: why I’m not fixing Intel’s bugs any more)”. UEFI is bad for several reasons that we mentioned here before and FreeBSD accepts it nonetheless. It is becoming part of an operating system that does not even need x86 because:
A new Beta version has been made available for the FreeBSD 10.1 branch, an operating system for x86, ARM, IA-64, PowerPC, PC-98, and UltraSPARC architectures. Users can now download and test it.
Who needs x86 anyway? With some exceptions, especially desktops (not necessarily laptops), x86 can now be abandoned. Samsung makes its own processors now and it has a thriving business based on Linux (Android and Tizen). When Samsung tried messing about with UEFI it ended up making a machine that was remotely brickable (a real problem that the NSA may exploit). Bricking is only one among numerous problems with UEFI. Our main concern about UEFI is that it’s designed to secure the monoculture known as Wintel.
“Microsoft does not receive a billion dollars per year from Samsung for Android; the deal works in two directions and the PR stunt is attempting to portray Android as very expensive.”Speaking of Samsung, the company is finally fighting Microsoft over patents (rather than sign secret patent deals) and The Mukt explained the insignificance of the latest news spin. As we noted at the time, not only Microsoft boosters relayed the deception but even some FOSS blogs repeated it (probably because of the former group, based on their links), including GNU/Linux advocates such as Robert Pogson and Steven J. Vaughan-Nichols. Microsoft does not receive a billion dollars per year from Samsung for Android; the deal works in two directions and the PR stunt is attempting to portray Android as very expensive. This is propaganda that mostly (originally) comes from pro-Microsoft circles such as CBS and IDG. █
Send this to a friend
Summary: More anti-competitive aspects are revealed inside UEFI, which helps merginalise GNU/Linux
Boycotting Intel is not hard to justify. The company is deeply corrupt. We spent over two years explaining why its UEFI antifeatures too should face a boycott and Silviu Stahie provides yet another reason in this article about a new petition. It says: “The Intel Atom Bay Trail tablets have been out for a few months already, but none of the hardware vendors is providing 64-bit firmware builds for them, which means that you can’t install any Linux distros.”
Here’s more: “In fact, you can’t install Linux on any 32-bit UEFI PC, because the boot loader only supports 64-bit, and this is a major issue for people who really want to used their Intel Atom Bay Trail-powered devices with a Linux OS.”
The solution is quite simple; avoid Intel, potentially dodge x86 (where practically possible), and definitely avoid anything with UEFI on any kind of device. It is not only a patent trap but also means for securing Microsoft’s monopoly. In addition, it’s a potential back door for bricking computers remotely. Intel should be shamed of itself. █
Send this to a friend
Yet another reason to boycott Intel
Summary: The dark hearts of computers, with a lot of secrets and circuitry whose behaviour cannot be verified, are also convenient back doors, even without additional bugs (implanted en route)
THE FSF has this interesting new article about “Active Management Technology”. It was written by Ward Vandewege, Matthew Garrett, and Richard M. Stallman, who awarded Garrett for his work on UEFI.
One year ago, around the same time that Snowden leaked some NSA documents, we warned that UEFI could be used to remotely brick PCs. Later on, after the NSA leaks had gone maintream, the NSA pretty much confirmed it was a possible strategy (but defecting this to the Chinese). Going back to 2008 we also warned about back doors, some of which facilitated by broken encryption in hardware (e.g. Intel’s ‘hardware-accelerated’ RNG). That was about a decade after Microsoft had allegedly built back doors into Windows (we know that there are back doors now, but it’s just hard to say when Microsoft started it).
We already wrote a great deal about the problem with UEFI patents, UEFI ‘secure’ boot (taking control over computers, moving control away from the users to put itinto corporate hands and governments), but we have not done much to cover UEFI remote control capabilities, or more broadly Intel’s rogue role in intelligence, leading to a ban in some places (some variants of BSD refuse to use Intel RNGs due to fear of intentionally low entropy that derails encryption).
Quoting the article from Vandewege et al.: “Intel’s Active Management Technology (AMT) is a proprietary remote management and control system for personal computers with Intel CPUs. It is dangerous because it has full access to personal computer hardware at a very low level, and its code is secret and proprietary.”
Intel is a deeply criminal company, so to blindly trust its proprietary technology would be foolish. We have always campaigned against Intel not just because “intel” is shorthand for something rather insinuative although this latter point is now a growing factor, too. Watch what China is doing these days when it comes to hardware policy, not just software policy. Or simply watch what Snowden has been leaking; it’s rather revealing. █
Send this to a friend
Microsoft — unlike Nokia — cannot fall/revert back to the tyres business
Summary: Xbox One is a failed product and “Surface” is losing hundreds of millions of dollars
THE LATEST episode of TechBytes covers the good news that “Microsoft May Halt Xbox One Production”; it’s news that reminds us of an important fact: “We know that the company has shipped 5 million consoles to retailers since launch, but Microsoft hasn’t been as forthcoming with actual end user sales data.”
When Microsoft does not divulge these figures it always means that Microsoft has something to hide. The same thing has historically been true when it comes to Windows (number of licences issued) and other Microsoft hardware. Microsoft is full of lies.
In other interesting news, Microsoft’s “Surface Loses” because it’s a losing product, by design. As Robert Pogson put it (citing a Microsoft booster, Gavin Clarke): “Do the maths: it cost M$ $2.1billion to sell $1.8billion worth of Surfaces… That’s a loss of $300 million. Eewww! Even without charging itself the tax, they can’t compete in the market.”
The headline at The Register (chosen by the editor) is Microsoft: The MORE Surfaces it sells, the MORE money it loses” (so it’s a bit like Xbox, which lost billions of dollars over the years).
Microsoft is really struggling to re-invent itself for the post-Windows world. So far it has failed and there is now some Microsoft advertising from Microsoft Peter who promotes subscription-based Windows — a horrible idea which is sure to bring rise to GNU/Linux-based operating systems ($0 purchase and subscription charges).
In this article we are citing no Microsoft-hostile sources; instead we link to props of Microsoft, rather than journalists. It helps show just how bad things have become for Microsoft. Microsoft Jack has been defecting away from Microsoft as of late (we wish him well for that), repeatedly promoting some of Microsoft’s competitors for the first time in many years, unlike some in the British press. Gavin Clarke may pretend to be covering GNU/Linux, but most of the time he is just the source/outlet of Microsoft agenda, including his new piece whitewashing Bill Hilf.
We are entering an interesting era where Microsoft is not only struggling (along with Apple) but is also fighting publicly and aggressively against GNU/Linux using attack ads (more so under the 'new' leadership) and racketeering. █
Send this to a friend
« Previous entries Next Page » Next Page »