Bonum Certa Men Certa
Links 5/6/2013: Calligra 2.6.4 Released, Facebook Collapses | Microsoft's Latest Attack on GNU/Linux in Education Targets the Poorest

UEFI 'Secure' Boot is Not About Security, Insyde Software's Business Model is Misguided and Dangerous

Corporate insecurity for Insyde Software, corporate security for Microsoft

UEFI



Summary: Promotion of bad ideas by Insyde Software merits another discussion about what UEFI actually means to ordinary GNU/Linux users

The main problem with UEFI is its effect on freedom. It's not just about restricted boot but also patents and other issues covered in the criticism section in Wikipedia.



A new press release from Taiwan describes UEFI as a security mechanism, but this is utter fiction. Last month I spoke for over an hour with the president of the UEFI Forum, covering in length the aspect of security. He too was led to agreeing with me that security is hardly improved by UEFI, which can have its barriers bypassed and ignored. The press release says something like this:

Insyde Software, a leading provider of Unified Extensible Firmware Interface (UEFI) BIOS, today announced the availability of new UEFI security features including Secure Boot and secure firmware update for leading Linux distributions.


No, thanks. Linux does not need UEFI for security. Even Torvalds rejects the 'security' claim (he dislikes 'secure' boot in general [1, 2]). So the above is a marketing gimmick, that's all. Insyde Software will boost flawed claims of 'security', so we should all be prepared to rebut.

Dr. Garrett, an expert in this field and occasional apologist, demonstrated that UEFI with Linux can brick hardware [1, 2, 3]. So much for security, eh? He is supporting it, sadly enough, based on very weak grounds. He should have antagonised it instead. Earlier this week he posted an update on the bricking issue:

Meanwhile, Samsung got back to us and let us know that their systems didn't require more than 5KB of nvram space to be available, which meant we could get rid of the 50% value and replace it with 5KB. The hope was that any system that booted with only 5KB of space available in nvram would trigger a garbage collection run. Unfortunately, it turned out that that wasn't true - some systems will only trigger garbage collection if the OS actually makes an attempt to write a variable that won't otherwise fit.


So the search for a solution goes on under the false pretences that buggy, experimental UEFI sometimes adds something for GNU/Linux users to enjoy. The practical benefits of UEFI are very minor to ordinary desktop users. UEFI is good for two monopolies: the Intel/x86 monopoly and the Windows monopoly.
Links 5/6/2013: Calligra 2.6.4 Released, Facebook Collapses | Microsoft's Latest Attack on GNU/Linux in Education Targets the Poorest

Recent Techrights' Posts

A Week After a Worldwide Windows Outage Microsoft is 'Bricking' Windows All On Its Own, Cannot Blame Others Anymore
A look back at a week of lousy press coverage, Microsoft deceit, and lessons to be learned
 
Links 26/07/2024: Hamburgerization of Sushi and GNU/Linux Primer
Links for the day
Links 26/07/2024: Tesco Cutbacks and Fake Patent Courts
Links for the day
Links 26/07/2024: Grimy Residue of the 'AI' Bubble and Tensions Around Alaska
Links for the day
Gemini Links 26/07/2024: More Computers and Tilde Hosting
Links for the day
Links 26/07/2024: "AI" Hype Debunked and Elon Musk's "X" Already Spreads Political Disinformation
Links for the day
"Why you boss is insatiably horny for firing you and replacing you with software."
Ask McDonalds how this "AI" nonsense with IBM worked out for them
No Olympics
We really need to focus on real news
Nobody Holds the GNOME Foundation Accountable (Not Even IRS), It's Governed by Lawyers, Not Geeks, and Headed by a Shaman Crank
GNOME is a deeply oppressive institutions that eats its own
[Meme] The 'Modern' Web and 'Linux' Foundation Reinforcing Monopolies and Cementing centralisation
They don't care about the users and issuing a few bytes with random characters costs them next to nothing. It gives them control over billions of human beings.
'Boiling the Frog' or How Online Certificate Status Protocol (OCSP) is Being Abandoned at Short Notice by Let's Encrypt
This isn't a lack of foresight but planned obsolescence
When the LLM Bubble Implodes Completely Microsoft Will be 'Finished'
Excuses like, "it's not ready yet" or "we'll fix it" won't pass muster
"An escalator can never break: it can only become stairs"
The lesson of this story is, if you do evil things, bad things will come your way. So don't do evil things.
When Wikileaks Was Still Primarily a Wiki
less than 14 years ago the international media based its war journalism on what Wikileaks had published
The Free Software Foundation Speaks Out Against Microsoft
the problem is bigger than Microsoft and in the long run - seeing Microsoft's demise - we'll need to emphasise Software Freedom
IRC Proceedings: Thursday, July 25, 2024
IRC logs for Thursday, July 25, 2024
Over at Tux Machines...
GNU/Linux news for the past day
Links 26/07/2024: E-mail on OpenBSD and Emacs Fun
Links for the day
Links 25/07/2024: Talks of Increased Pension Age and Biden Explains Dropping Out
Links for the day
Links 25/07/2024: Paul Watson, Kernel Bug, and Taskwarrior
Links for the day
[Meme] Microsoft's "Dinobabies" Not Amused
a slur that comes from Microsoft's friends at IBM
Flashback: Microsoft Enslaves Black People (Modern Slavery) for Profit, or Even for Losses (Still Sinking in Debt Due to LLMs' Failure)
"Paid Kenyan Workers Less Than $2 Per Hour"
From Lion to Lamb: Microsoft Fell From 100% to 13% in Somalia (Lowest Since 2017)
If even one media outlet told you in 2010 that Microsoft would fall from 100% (of Web requests) to about 1 in 8 Web requests, you'd probably struggle to believe it
Microsoft Windows Became Rare in Antarctica
Antarctica's Web stats still near 0% for Windows
Links 25/07/2024: YouTube's Financial Problem (Even After Mass Layoffs), Journalists Bemoan Bogus YouTube Takedown Demands
Links for the day
Gemini Now 70 Capsules Short of 4,000 and Let's Encrypt Sinks Below 100 (Capsules) as Self-Signed Leaps to 91%
The "gopher with encryption" protocol is getting more widely used and more independent from GAFAM
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Wednesday, July 24, 2024
IRC logs for Wednesday, July 24, 2024
Techrights Statement on YouTube
YouTube is a dying platform
[Video] Julian Assange on the Right to Know
Publishing facts is spun as "espionage" by the US government and "treason" by the Russian government, to give two notable examples
Links 25/07/2024: Tesla's 45% Profit Drop, Humble Games Employees All Laid Off
Links for the day
Gemini Links 25/07/2024: Losing Grip and collapseOS
Links for the day