Bonum Certa Men Certa
Links 5/6/2013: Calligra 2.6.4 Released, Facebook Collapses | Microsoft's Latest Attack on GNU/Linux in Education Targets the Poorest

UEFI 'Secure' Boot is Not About Security, Insyde Software's Business Model is Misguided and Dangerous

Corporate insecurity for Insyde Software, corporate security for Microsoft

UEFI



Summary: Promotion of bad ideas by Insyde Software merits another discussion about what UEFI actually means to ordinary GNU/Linux users

The main problem with UEFI is its effect on freedom. It's not just about restricted boot but also patents and other issues covered in the criticism section in Wikipedia.



A new press release from Taiwan describes UEFI as a security mechanism, but this is utter fiction. Last month I spoke for over an hour with the president of the UEFI Forum, covering in length the aspect of security. He too was led to agreeing with me that security is hardly improved by UEFI, which can have its barriers bypassed and ignored. The press release says something like this:

Insyde Software, a leading provider of Unified Extensible Firmware Interface (UEFI) BIOS, today announced the availability of new UEFI security features including Secure Boot and secure firmware update for leading Linux distributions.


No, thanks. Linux does not need UEFI for security. Even Torvalds rejects the 'security' claim (he dislikes 'secure' boot in general [1, 2]). So the above is a marketing gimmick, that's all. Insyde Software will boost flawed claims of 'security', so we should all be prepared to rebut.

Dr. Garrett, an expert in this field and occasional apologist, demonstrated that UEFI with Linux can brick hardware [1, 2, 3]. So much for security, eh? He is supporting it, sadly enough, based on very weak grounds. He should have antagonised it instead. Earlier this week he posted an update on the bricking issue:

Meanwhile, Samsung got back to us and let us know that their systems didn't require more than 5KB of nvram space to be available, which meant we could get rid of the 50% value and replace it with 5KB. The hope was that any system that booted with only 5KB of space available in nvram would trigger a garbage collection run. Unfortunately, it turned out that that wasn't true - some systems will only trigger garbage collection if the OS actually makes an attempt to write a variable that won't otherwise fit.


So the search for a solution goes on under the false pretences that buggy, experimental UEFI sometimes adds something for GNU/Linux users to enjoy. The practical benefits of UEFI are very minor to ordinary desktop users. UEFI is good for two monopolies: the Intel/x86 monopoly and the Windows monopoly.
Links 5/6/2013: Calligra 2.6.4 Released, Facebook Collapses | Microsoft's Latest Attack on GNU/Linux in Education Targets the Poorest

Recent Techrights' Posts

Hard Evidence Reinforces Suspicion That Mark Shuttleworth May Have Worked Volunteers to Death
Today we start re-publishing articles that contain unaltered E-mails
A Discussion About Suicides in Science and Technology (Including Debian and the European Patent Office)
In Debian, there is a long history of deaths, suicides, and mysterious disappearances
 
What Mark Shuttleworth and Canonical Can to Remedy the Damage Done to Frans Pop's Family
Mr. Shuttleworth and Canonical as a company can at the very least apologise for putting undue pressure
Amnesty International & Debian Day suicides comparison
Reprinted with permission from disguised.work
[Meme] A Way to Get No Real Work Done
Walter White looking at phone: Your changes could not be saved to device
Modern Measures of 'Productivity' Boil Down to Time Wasting and Misguided Measurements/Yardsticks
People are forgetting the value of nature and other human beings
Countries That Beat the United States at RSF's World Press Freedom Index (After US Plunged Some More)
The United States (US) was 17 when these rankings started in 2002
Record Productivity and Preserving People's Past on the Net
We're very productive these days, partly owing to online news slowing down (less time spent on curating Daily Links)
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Monday, April 29, 2024
IRC logs for Monday, April 29, 2024
Links 30/04/2024: Malaysian and Russian Governments Crack Down on Journalists
Links for the day
Frans Pop Debian Day suicide, Ubuntu, Google and the DEP-5 machine-readable copyright file
Reprinted with permission from disguised.work
Axel Beckert (ETH Zurich), the mentality of sexual violence on campus
Reprinted with permission from Daniel Pocock
[Meme] Russian Reversal
Mark Shuttleworth: In Soviet Russia's spacecraft... Man exploits peasants
Frans Pop & Debian suicide denial
Reprinted with permission from disguised.work
The Real Threats to Society Include Software Patents and the Corporations That Promote Them
The OIN issue isn't a new one and many recognise this by now
Links 30/04/2024: OpenBSD and Enterprise Cloaking Device
Links for the day
Microsoft Still Owes Over 100 Billion Dollars and It Cannot be Paid Back Using 'Goodwill'
Meanwhile, Microsoft's cash at hand (in the bank) nearly halved in the past year.
Workers' Right to Disconnect Won't Matter If Such a Right Isn't Properly Enforced
I was always "on-call" and my main role or function was being "on-call" in case of incidents
[Teaser] Ubuntu Cover-up After Death
Attack the messenger
The Cyber Show Explains What CCTV is About
CCTV does not typically resolve crime
[Video] Ignore Buzzwords and Pay Attention to Attacks on Software Developers
AI in the Machine Learning sense is nothing new
Outline of Themes to Cover in the Coming Weeks
We're accelerating coverage and increasing focus on suppressed topics
[Video] Not Everyone Claiming to Protect the Vulnerable is Being Honest
"Diversity" bursaries aren't always what they seem to be
[Video] Enshittification of the Media, of the Web, and of Computing in General
It manifests itself in altered conditions and expectations
[Meme] Write Code 100% of the Time
IBM: Produce code for us till we buy the community... And never use "bad words" like "master" and "slave" (pioneered by IBM itself in the computing context)
[Video] How Much Will It Take for Most People to Realise "Open Source" Became Just Openwashing (Proprietary Giants Exploiting Cost-Free or Unpaid 'Human Resources')?
turning "Open Source" into proprietary software
Freedom of Speech... Let's Ban All Software Freedom Speeches?
There's a moral panic over people trying to actually control their computing
Richard Stallman's Talk in Spain Canceled (at Short Notice)
So it seems to have been canceled very fast
Links 29/04/2024: "AI" Hype Deflated, Economies Slow Down Further
Links for the day
Gemini Links 29/04/2024: Gopher Experiment and Profectus Alpha 0.9
Links for the day
[Video] Why Microsoft is by Far the Biggest Foe of Computer Security (Clue: It Profits From Security Failings)
Microsoft is infiltrating policy-making bodies, ensuring real security is never pursued
Debian 'Cabal' (via SPI) Tried to Silence or 'Cancel' Daniel Pocock at DNS Level. It Didn't Work. It Backfired as the Material Received Even More Visibility.
know the truth about modern slavery
Lucas Nussbaum & Debian attempted exploit of OVH Hosting insider
Reprinted with permission from disguised.work
Software in the Public Interest (SPI) is Not a Friend of Freedom
We'll shortly reproduce two older articles from disguised.work
Harassment Against My Wife Continues
Drug addict versus family of Techrights authors
Syria, John Lennon & Debian WIPO panel appointed
Reprinted with permission from disguised.work
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, April 28, 2024
IRC logs for Sunday, April 28, 2024
[Video] GNU and Linux Everywhere (Except by Name)
In a sense, Linux already has over 50% of the world's "OS" market
[Video] Canonical Isn't (No Longer) Serious About Making GNU/Linux Succeed in Desktops/Laptops
Some of the notorious (or "controversial") policies of Canonical have been covered here for years
[Video] What We've Learned About Debian From Emeritus Debian Developer Daniel Pocock
pressure had been put on us (by Debian people and their employer/s) and as a result we did not republish Debian material for a number of years
Bruce Perens & Debian public domain trademark promise
Reprinted with permission from disguised.work
Links 28/04/2024: Shareholders Worry "AI" Hype Brings No Income, Money Down the Drain
Links for the day
Lawyer won't lie for Molly de Blanc & Chris Lamb (mollamby)
Reprinted with permission from disguised.work
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Saturday, April 27, 2024
IRC logs for Saturday, April 27, 2024