'Secure' Boot is Not Secure, Time to Abandon It

Dr. Roy Schestowitz

2013-12-09 20:21:48 UTC
Modified: 2013-12-09 20:21:48 UTC

Summary: The 'security' boasted by restricted boot is shown to be a sham; other booting systems ought to be promoted at UEFI's expense

THE malicious thing which is UEFI (with or without restricted boot) has been covered here a lot. It needs to be shunned and those behind it should be investigated for collusion. It's not secure, as Torvalds predicted (with strong words at times).

As part of his ongoing investigation of UEFI, Dr. Garrett found serious flaws in restricted boot. As Phoronix put it the other day, "Matthew Garrett has written an insightful blog post about security issues pertaining to the Linux kernel's kexec functionality that could defeat any security benefits provided by Secure Boot. Using kexec could even allow you to boot a Windows kernel."

UEFI is a sham that hardly offers any benefits to ordinary users; all it does in practice is harm. We need to embrace something like Coreboot [1] instead. The "UEFI" label (which computer makers don't even make visible) should be read as "defective out of the box". ⬆

Related/contextual items from the news:

Coreboot Gets Support For Haswell Power Limiting

After landing hardware support improvements last week for Coreboot, the open-source BIOS firmware replacement now has another new feature: ACPI power limiting and it's been implemented for Intel Haswell CPUs.

Microsoft Windows "Market Share" Measured Around 2.7% in Iraq, Plunges to 6.5% in Saudi Arabia: Microsoft isn't on the agenda in Iraq
Video: The Rise of GNU/Linux and Free Software as Seen by RMS in 2004: DTP's founder argued that when Windows goes below 85% "market share", it'll lose its grip in the monopoly sense
When (Almost) One-Man Operations Are Disguised as Medium-Sized Companies: the CEO hides in the US (hiding from his ex-wives, 4 daughters from those wives, and Sirius staff that he defrauded)
Microsoft Actually in Trouble, Microsofters Unable to Obey Judges' Orders: For the second time in a week, Microsofters are unable to obey orders
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Saturday, August 02, 2025: IRC logs for Saturday, August 02, 2025
Google Throwing Out the Search Engine With the Bathwater is a Complete and Utter 'Shi---ow' as the Company Drowns in Debt, Layoffs, and Worse: The mainstream media almost never mentions GAFAM debt
Next Month 'New Techrights' Turns Two: Next month, on the fourth week, it'll be 2 years since the migration
Operating Systems' Statistics in New Zealand: GNU/Linux Up, Windows Down to All-Time Lows: Remember all this when the media says that Microsoft became like 10 times more valuable in those 15 years (from 400 billion to 4,000 billion in alleged "worth")
GNU/Linux Share in Sweden Has Doubled Since PewDiePie, A Swede, Recommended It: months ago he moved to GNU/Linux, then told others to consider doing the same
GNU/Linux Hits Record High in Portugal: GNU/Linux picking up in Portugal
Gemini Protocol is Not Dying, It's Growing: When people say things like "Gemini Protocol is dying" the data does not support them
GNU/Linux is Thriving This Summer: It is meanwhile acknowledged, even by Microsoft pushers, that many GNU/Linux PCs will get sabotaged next month
The End of Microsoft's Reign in Spain: Windows Falls to All-Time Lows in Spanish Web Traffic: Windows sank to new lows in Spain
The Bots Never Sleep: In The Weekends, Slopfarms Dominate Google News, Majority of Entries in Google Are Fake Articles About 'Linux': Google is fast becoming an ocean of plagiarism; the same goes for Google News, which was supposed to have extra quality control
Russia's Yandex Has Caught Up With Bing in Terms of "Market Share": Microsoft has been firing loads of Bing workers for over 2 years already
Canada: GNU/Linux Up to Records Highs, Windows Down to Record Lows: Microsoft already announcing some plans to shut down Vista 11
Gemini Links 02/08/2025: Transducers in Typed Racket and American ISPs: Links for the day
Links 02/08/2025: Microsoft Already Kills Vista 11 SE, Smartphone Sales Down, Truth Gets "You're Fired!" in the US: Links for the day
Russia: GNU/Linux Rises to Highest Adoption Level Since Invasion of Ukraine: Moving up in the north
Microsoft's Latest Financial Report: We "Gained" 300 Million Dollars in "Goodwill" and Liabilities Grew by 32 Billion Dollars: Microsoft's debt has reached an all-time high
The Register US = The Register MS: Formerly The Register UK
Weeks After Microsoft Shut Down Its Operations in Pakistan Windows Falls to All-Time Lows: Only less than a month ago it was quietly revealed, based on laid-off staff, that Microsoft shut down in Pakistan
Criminal Behaviour is the Standard Operating Procedure at Microsoft: In the future I'll be able to tell how, when dealing with SLAPPs from Microsofters, their Microsoft services failed me and sometimes even blocked my contacts
GNU/Linux Rises to All-Time Highs in Europe: many people will get fired for buying Microsoft
All-Time Highs for GNU/Linux on the Client Desktop/Laptop, Based on Steam Survey: GNU/Linux rose to 2.89% in Steam
Links 02/08/2025: Blaugust 2025 and "Russia Declares Navalny Memoir ‘Extremist’": Links for the day
Free Software is Not a Business Model: Go ahead, ask your friend, "how do you plan to monetise your children?"
LLM Slop Harms Real Literature, Real Web Sites, Real Journalism: LLM slop is a parasite and it'll run out of legitimate outputs
Upcoming OSI Scandal Series: The OSI is a rogue actor because it serves Microsoft in exchange for money
Slopwatch: The Issue Persists, But the Consensus in the Media Changes as Google Enrages It With LLM Plagiarism: We've meanwhile assessed the latest output from Linuxiac
IRC Proceedings: Friday, August 01, 2025: IRC logs for Friday, August 01, 2025
Over at Tux Machines...: GNU/Linux news for the past day
Links 02/08/2025: İstanbul Retail Inflation Reaches 42.48%, US FBI Opens Office in New Zealand: Links for the day
Gemini Links 02/08/2025: ZFS, LLM Hype, and Fake Modules: Links for the day
Links 01/08/2025: Health, Conflict, and Attacks on Freedom of the Press: Links for the day
Microsoft's Debt Exploded by 15.4 Billion Dollars in the Past 9 Months Alone (Despite All the Layoffs): As of minutes ago, at 6PM on a Friday, the numbers are made public
Meeting (Webchat) With Maria Arranz Gomez, Florian Grundies, Jürgen Janda and Konstantinos Kortsaris Confronts EPO Management About Breaking Promises and Crushing Workers: The lack of consistent messages suggests plans other than what's advertised and the lack of consultation (secrecy) likewise
Links 01/08/2025: "The Great British Firewall" and U.S. Army Sponsors Palantir: Links for the day
For Second Day in a Row, Top Story in The Register MS is "Microsoft Says": The editor in chief exercises control over everybody else
LLMs as Attack Method Against Free Software and Programming: DDoS in "hey hi" (slop) clothing
Stability and Reliability, Backward Compatibility: I don't fancy relying on social control media as "sources"
What "the News" Looks Like in 2025: The "says" (or "sez") phenomenon
History Will Be Distorted, Sometimes Intentionally, Under the Guise of Intelligence (Manipulated/Curated Slop): Militarised misinformation or military-grade chaff is a national security threat, even domestically
Financial Engineering Companies: A Company Worth 4 Trillion Dollars Would Not Borrow 100+ Billion Dollars at Interest Rates Like Today's: Many headlines perpetuate the lie Microsoft had just 2 waves of layoffs
Microsoft is Googlebombing "Linux" While Paying Former News Sites to Publish SPAM: How much lower will IDG sink?
Google as a 'Bullshit Generator' Disguised as Intelligence: It'll probably cause Google to get sued a lot, both by individuals and companies
As Expected, Google in the UK Now Experiments With Slop Instead of Web Search: At this point more people ought to stop and think: Does Google's search engine deserve trust?
The Data You Don't Give Away is Your Advantage: stop sharing data that does not need to be shared
Being Obedient or Doing the Right Thing: The world always changes for the better because of people who think "Outside the Box", not the cogs
Gemini Links 01/08/2025: Happy Hacking Keyboards and New Gemini Arrivals: Links for the day
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Thursday, July 31, 2025: IRC logs for Thursday, July 31, 2025

'Secure' Boot is Not Secure, Time to Abandon It

Coreboot Gets Support For Haswell Power Limiting

Recent Techrights' Posts