Summary: The Trojan horse that Microsoft uses to cement its monopoly on desktops and laptops (making it hard or impossible to install and run GNU/Linux) is also being misused to block Coreboot
LAST WEEK we saw numerous reports about UEFI being used to attack, impede — or whatever one wishes to call it — Coreboot. It’s an attack on computing freedom at the very core, but given the long history of Intel crimes, we were hardly shocked by it. We included relevant links in our daily links, but citing , the biggest UEFI apologist writes  that this is justified in the name of ‘security’, erroneously assuming that it was ever about security rather than domination and control over the user. We have already shown, on numerous occasions in fact (even earlier this year), that UEFI achieves the very opposite of security, enabling even remote bricking of entire motherboards (Intel seems more interested in intel’ agencies than in actual purchasers of hardware). As the apologist is cited by FOSS sites we just thought it is worth pointing out again. People whose job is to write code for UEFI (and a lot of money is being paid for this) have a bit of an undeclared conflict of interest when writing about UEFI.
One solution, as we have pointed out before, is to avoid UEFI, which still helps Microsoft attack GNU/Linux. One effective way to achieve this is to boycott Intel, which deserves a boycott for many other reasons (much bigger and more compelling reasons than this). █
Related/contextual items from the news:
Even if you’re rocking the most open of open-source operating systems, chances are your laptop isn’t really that “free,” betrayed by closed firmware binaries lurking deep within the hardware itself.
Modern UEFI firmware is a closed-source, proprietary blob of software baked into your PC’s hardware. This binary blob even includes remote management and monitoring features, which make it a potential security and privacy threat.
You might want to replace the UEFI firmware and get complete control over your PC’s hardware with Coreboot, a free software BIOS alternative—but you can’t in PCs with modern Intel processors, thanks to Intel’s Boot Guard and the “Verified Boot” mode PC manufacturers choose.
PC World wrote an article on how the use of Intel Boot Guard by PC manufacturers is making it impossible for end-users to install replacement firmware such as Coreboot on their hardware. It’s easy to interpret this as Intel acting to restrict competition in the firmware market, but the reality is actually a little more subtle than that.
UEFI Secure Boot as a specification is still unbroken, which makes attacking the underlying firmware much more attractive. We’ve seen several presentations at security conferences lately that have demonstrated vulnerabilities that permit modification of the firmware itself. Once you can insert arbitrary code in the firmware, Secure Boot doesn’t do a great deal to protect you – the firmware could be modified to boot unsigned code, or even to modify your signed bootloader such that it backdoors the kernel on the fly.
Send this to a friend
Summary: How journalists, analysts and even developers carry water for Intel, usually in exchange for some monetary incentives
MANY of Intel‘s crimes have been covered here in Techrights at one point or another. The company has excellent PR operations that help conceal a great level of abuse and corruption. It’s the same with IBM. Watch this disgusting new puff piece from The Verge and this necessary response to it (“Delusional Media Hypes Intel Partnership With Anita Sarkeesian”) which says: “The Verge lies about us all the time. Hell, as I always cite, one of their former workers actually threatened to go GamerGate hunting at Comic Con. Unsurprisingly, he never caught any flack. Anti-GamerGate has gotten away with everything short of the high crimes like murder and rape, but I’m pretty sure the media would turn a blind eye towards that as well. Because after I just saw Intel co-sign Anita Sarkeesian and IGDA, I’m certain that I’m living on a different planet than these people.”
Intel’s role in GamerGate has already caused one of the leading Linux developers, who was clearly the face of UEFI on Linux, to boycott Intel and cease development of anything Intel-related.
“UEFI can be used for remote bricking (hardware sabotage) by the NSA and the likes of it.”Not only people like Anita Sarkeesian are potentially bribed by Intel for positive publicity that fools the public. Once upon a time the Gartner Group was used as marketing for Intel (false prophecies disguised as recommendations) and Gartner is now seeing the Wintel monopoly on the dive. Only a small portions of computers that are shipped are desktops or laptops with x86 chipsets, so Robert Pogson has visualised some numbers:
Gartner has built their business on Wintel and now they see 8% growth for the competition as something hopeful… Meanwhile, smartphones have explosive growth and thin clients are doing well too.
In order to further reinforce the Wintel monopoly Intel has made UEFI restricted boot. UEFI can be used for remote bricking (hardware sabotage) by the NSA and the likes of it [1, 2, 3]. Some involved developers deem it necessary to state that they are now working for the government, perhaps realising how controversial their work is. As one put it last year: “At no point have I been contacted with warrants of any kind, or any similar instrument, or in any way, from governmental or non-governmental entities, about inclusion of any kind of malware or backdoor in Fedora’s signed secure boot binaries, including shim, grub2, the kernel, and pesign, nor have I at any time been approached about disclosure of our signin keys. I am also not aware of anyone else involved in our signing that has been contacted with warrants of any kind, or any similar instrument, or in any way, from governmental or non-governmental entities, about inclusion of any kind of malware or backdoor in Fedora’s signed secure boot binaries, including shim, grub2, the kernel, and pesign, nor have I at any time been approached about disclosure of our signing keys.”
In a better world, this whole idiotic ‘secure’ boot would not exist. People don’t need it and the risk introduced by it (sabotage or prevention of access to one’s own PC) is great. As always, we urge readers to boycott UEFI and, where possible, also avoid Intel. █
Send this to a friend
Alternative (dirty) business models on the rise
Summary: The Wintel press, which is bribed by companies that it covers, is challenged by prominent developers and Microsoft continues to plant its patent propaganda in the Wintel-centric (and paid) press
Things are changing for the better as GNU/Linux, usually on non-x86 platforms, continues to gain. The Wintel monoculture is trying to use patents, lockdown (‘secure’ boot), bribes and other forms of abuse to maintain revenue.
“With some exceptions, especially desktops (not necessarily laptops), x86 can now be abandoned.”The many crimes of Intel have not, until very recently, bothered the UEFI apologists, notably Garrett, who now hates Intel (see “Actions have consequences (or: why I’m not fixing Intel’s bugs any more)”. UEFI is bad for several reasons that we mentioned here before and FreeBSD accepts it nonetheless. It is becoming part of an operating system that does not even need x86 because:
A new Beta version has been made available for the FreeBSD 10.1 branch, an operating system for x86, ARM, IA-64, PowerPC, PC-98, and UltraSPARC architectures. Users can now download and test it.
Who needs x86 anyway? With some exceptions, especially desktops (not necessarily laptops), x86 can now be abandoned. Samsung makes its own processors now and it has a thriving business based on Linux (Android and Tizen). When Samsung tried messing about with UEFI it ended up making a machine that was remotely brickable (a real problem that the NSA may exploit). Bricking is only one among numerous problems with UEFI. Our main concern about UEFI is that it’s designed to secure the monoculture known as Wintel.
“Microsoft does not receive a billion dollars per year from Samsung for Android; the deal works in two directions and the PR stunt is attempting to portray Android as very expensive.”Speaking of Samsung, the company is finally fighting Microsoft over patents (rather than sign secret patent deals) and The Mukt explained the insignificance of the latest news spin. As we noted at the time, not only Microsoft boosters relayed the deception but even some FOSS blogs repeated it (probably because of the former group, based on their links), including GNU/Linux advocates such as Robert Pogson and Steven J. Vaughan-Nichols. Microsoft does not receive a billion dollars per year from Samsung for Android; the deal works in two directions and the PR stunt is attempting to portray Android as very expensive. This is propaganda that mostly (originally) comes from pro-Microsoft circles such as CBS and IDG. █
Send this to a friend
Summary: More anti-competitive aspects are revealed inside UEFI, which helps merginalise GNU/Linux
Boycotting Intel is not hard to justify. The company is deeply corrupt. We spent over two years explaining why its UEFI antifeatures too should face a boycott and Silviu Stahie provides yet another reason in this article about a new petition. It says: “The Intel Atom Bay Trail tablets have been out for a few months already, but none of the hardware vendors is providing 64-bit firmware builds for them, which means that you can’t install any Linux distros.”
Here’s more: “In fact, you can’t install Linux on any 32-bit UEFI PC, because the boot loader only supports 64-bit, and this is a major issue for people who really want to used their Intel Atom Bay Trail-powered devices with a Linux OS.”
The solution is quite simple; avoid Intel, potentially dodge x86 (where practically possible), and definitely avoid anything with UEFI on any kind of device. It is not only a patent trap but also means for securing Microsoft’s monopoly. In addition, it’s a potential back door for bricking computers remotely. Intel should be shamed of itself. █
Send this to a friend
Yet another reason to boycott Intel
Summary: The dark hearts of computers, with a lot of secrets and circuitry whose behaviour cannot be verified, are also convenient back doors, even without additional bugs (implanted en route)
THE FSF has this interesting new article about “Active Management Technology”. It was written by Ward Vandewege, Matthew Garrett, and Richard M. Stallman, who awarded Garrett for his work on UEFI.
One year ago, around the same time that Snowden leaked some NSA documents, we warned that UEFI could be used to remotely brick PCs. Later on, after the NSA leaks had gone maintream, the NSA pretty much confirmed it was a possible strategy (but defecting this to the Chinese). Going back to 2008 we also warned about back doors, some of which facilitated by broken encryption in hardware (e.g. Intel’s ‘hardware-accelerated’ RNG). That was about a decade after Microsoft had allegedly built back doors into Windows (we know that there are back doors now, but it’s just hard to say when Microsoft started it).
We already wrote a great deal about the problem with UEFI patents, UEFI ‘secure’ boot (taking control over computers, moving control away from the users to put itinto corporate hands and governments), but we have not done much to cover UEFI remote control capabilities, or more broadly Intel’s rogue role in intelligence, leading to a ban in some places (some variants of BSD refuse to use Intel RNGs due to fear of intentionally low entropy that derails encryption).
Quoting the article from Vandewege et al.: “Intel’s Active Management Technology (AMT) is a proprietary remote management and control system for personal computers with Intel CPUs. It is dangerous because it has full access to personal computer hardware at a very low level, and its code is secret and proprietary.”
Intel is a deeply criminal company, so to blindly trust its proprietary technology would be foolish. We have always campaigned against Intel not just because “intel” is shorthand for something rather insinuative although this latter point is now a growing factor, too. Watch what China is doing these days when it comes to hardware policy, not just software policy. Or simply watch what Snowden has been leaking; it’s rather revealing. █
Send this to a friend
Microsoft — unlike Nokia — cannot fall/revert back to the tyres business
Summary: Xbox One is a failed product and “Surface” is losing hundreds of millions of dollars
THE LATEST episode of TechBytes covers the good news that “Microsoft May Halt Xbox One Production”; it’s news that reminds us of an important fact: “We know that the company has shipped 5 million consoles to retailers since launch, but Microsoft hasn’t been as forthcoming with actual end user sales data.”
When Microsoft does not divulge these figures it always means that Microsoft has something to hide. The same thing has historically been true when it comes to Windows (number of licences issued) and other Microsoft hardware. Microsoft is full of lies.
In other interesting news, Microsoft’s “Surface Loses” because it’s a losing product, by design. As Robert Pogson put it (citing a Microsoft booster, Gavin Clarke): “Do the maths: it cost M$ $2.1billion to sell $1.8billion worth of Surfaces… That’s a loss of $300 million. Eewww! Even without charging itself the tax, they can’t compete in the market.”
The headline at The Register (chosen by the editor) is Microsoft: The MORE Surfaces it sells, the MORE money it loses” (so it’s a bit like Xbox, which lost billions of dollars over the years).
Microsoft is really struggling to re-invent itself for the post-Windows world. So far it has failed and there is now some Microsoft advertising from Microsoft Peter who promotes subscription-based Windows — a horrible idea which is sure to bring rise to GNU/Linux-based operating systems ($0 purchase and subscription charges).
In this article we are citing no Microsoft-hostile sources; instead we link to props of Microsoft, rather than journalists. It helps show just how bad things have become for Microsoft. Microsoft Jack has been defecting away from Microsoft as of late (we wish him well for that), repeatedly promoting some of Microsoft’s competitors for the first time in many years, unlike some in the British press. Gavin Clarke may pretend to be covering GNU/Linux, but most of the time he is just the source/outlet of Microsoft agenda, including his new piece whitewashing Bill Hilf.
We are entering an interesting era where Microsoft is not only struggling (along with Apple) but is also fighting publicly and aggressively against GNU/Linux using attack ads (more so under the 'new' leadership) and racketeering. █
Send this to a friend
Summary: Reports of “loss of Linux dual-booting” due to Windows Update are investigated further; FSF award to Garrett faces opposition
IT WAS recently reported in Reddit that UEFI was used by Microsoft Windows to wipe out GNU/Linux. Windows Update rendered GNU/Linux unbootable and allegedly turned ‘secure’ boot on to achieve this.
According to this new analysis from Jamie the UEFI explorer, it’s not an isolated incident. He starts by stating: “I can finally report that yes, there is a problem — but it’s generally not as serious as has been reported.” He also writes: “While I found that I was able to ‘fix’ the loss of Linux dual-booting on both of my systems, I am NOT trying to say that everyone who has posted claims about dual-boot being ‘destroyed’ by Windows Update is wrong. I certainly have enough experience with UEFI boot configuration to know that all sorts of strange things are possible, and it may well be that some systems, with some configurations, really do get more seriously damaged by Windows Update than mine have. One very obvious example might be that the Linux items could get deleted from the boot object list. If that happened you would have to use efibootmgr to put them back again.”
But who would know how to do this and how many people would just turn away from GNU/Linux at this stage? This is why UEFI should face a boycott and antitrust complaints against Microsoft get bolstered. I wholeheartedly disgree with FSF for giving Garrett an award. This can be a PR disaster waiting to happen, a bit like Miguel de Icaza and Theo de Raadt and getting such an award before their FSF bashing. Apparently I am not alone in disagreeing with the FSF; Sam Varghese expressed similar concerns, having opposed ‘secure’ boot for quite some time along with many others. He writes: “The Free Software Foundation has given an annual award this year for work that enslaves people to the demands of Microsoft – something that flies in the face of all that the organisation has stood for since its founding.”
This has indeed been a bizarre move and it can help weaken existing complaints (in Europe) over Microsoft’s UEFI tricks. █
Send this to a friend
Summary: UEFI ‘secure’ boot is bricking laptops again, showing that there are worse aspects to UEFI than the anti-competitive (anti-GNU/Linux) nature of it
THERE IS a new UEFI nightmare scenario, which relates somewhat to the fact that the NSA can remotely destroy (as in brick) computers with UEFI, provided they use a ‘faulty’ implementation of UEFI  (UEFI ‘secure’ boot is faulty by design). “”Beware Samsung laptops” is a lesson the Linux community has already learned,” says the author of the article, but why not name UEFI also? “For Swedish Linux users,” he says, “the main lesson seems to be “Ask your big-box store salesperson to certify in writing that the machine she sells you is capable of running Linux equally well as it runs Windows”.”
This is becoming a serious issue. Germany has already pretty much banned machines with UEFI ‘secure’ boot, perhaps realising the potential hazards. Here in the UK there is concern about Windows in general, even among CESG staff (the CESG’s Web site has been down for half a day now, seemingly after getting cracked, following a migration to Windows 2 years ago). To quote CESG: “Local authorities connect to central government systems through a Public Services Network (PSN), via which they can share essential services in an effort to drive efficiency. GCHQ IT security arm CESG provides advice and certification for councils using the PSN.
“According to Gartner’s public sector research director Neville Cannon, CESG rules state that in order to connect to the PSN, authorities must run “patchable” software, which means those running XP after D-day could be in serious trouble.”
This again is an NSA back door. The security panic leads some major entities to migrating to Linux [2,3] and Microsoft’s UEFI-equipped (and Linux-hostile) hardware is now declared dead, perhaps because nobody really wanted it and it self-bricked, due to UEFI 'secure' boot'. This is a “so-so article but points to an interesting attitude,” iophk said, but it basically shows that the ‘new’ “Surface” is a failure as big as the ‘old’ and clumsy “Surface”, which was dubbed a “big ass table” and vanished quietly about half a decade ago. █
Related/contextual items from the news:
As detailed here before, a few Samsung laptop models have a firmware bug that makes them liable to becoming inert bricks if you install Linux. It’s a one-way process. This happened to me when I bought an ultrabook from the Elgiganten big-box store last summer. Both Samsung and the store refused to reimburse me for the loss of my machine’s use. At the suggestion of my home municipality’s consumer advisor (konsumentrådgivare), I took the matter to Allmänna reklamationsnämnden, the National Board for Consumer Disputes (complaint no 2013-10081).
The second alternative is to go for an alternative OS altogether.
This is not as farfetched as it sounds: Linux has a much smaller footprint than Windows 7 and, as a result, some ATM operators are considering a switch to Linux rather than the Microsoft product.
This would not be the first time ATMs have transitioned to a different OS. Before the industry moved to XP, most ATM’s were running IBM’s OS/2 operating system.
Send this to a friend
« Previous entries Next Page » Next Page »