Bonum Certa Men Certa

With UEFI, TPM, Pluton Etc. Microsoft and Intel/AMD Trashed an Entire Generation of Computers, Made Security a Lot Worse in Order to Curtail GNU/Linux and BSD Adoption



Reprinted with permission from Ryan Farmer.

UEFI is Trash: Part 2 “Destroy the Computer to Continue Using Windows 11!”



This is a follow-up to my last post about System76 getting rid of UEFI and putting in Coreboot for their laptops.



UEFI is a security disaster.



Lenovo has patched my UEFI over 30 times and there are still releases like this month’s.



Modified:
1.  Enhancement to address security vulnerability CVE-2022-44611, CVE-2023-22616, CVE-2023-22615, CVE-2023-22612, CVE-2021-38578,
                                                  CVE-2022-24350, CVE-2023-22613, CVE-2021-38575
2.  Enhancement to address security vulnerability CVE-2022-46897, CVE-2023-27373, CVE-2023-26090, CVE-2023-27471, CVE-2022-24351,
                                                  CVE-2023-0286, CVE-2022-4304, CVE-2023-0215, CVE-2022-4450, CVE-2023-28468
3.  Enhancement to address security vulnerability CVE-2022-40982
4.  Enhancement to address security vulnerability CVE-2022-36392, CVE-2022-38102, CVE-2022-29871

-Lenovo


That’s TWENTY-TWO security vulnerabilities with a CVE that they’ve patched in one update (out of over thirty since this laptop was released in November 2020).



They’ve all been about like this.



“Security Expert” Matthew Garrett shows up to many debates about firmware, talking UEFI up as if it were possible to secure, if they even knew what they were doing with it.



Which they obviously, demonstrably, do not.



The recent Windows 11 “Unsupported Processor” error, had Microsoft say they were “working with OEMs” to provide “firmware updates”.



You’d need Windows to install the update, and Windows is already hosed if you got the update this month (you are making backups, right?), because it caused the system to Blue Screen of Death before the desktop is available to run any programs.



And even if you do install UEFI updates, which most users do not ever do, even once, you run the risk of bricking the entire computer to get Windows to behave itself enough to even do anything after you install the August Update.



(That’s if it doesn’t install the August Update and try to reboot itself while you’re trying to update the firmware. Does it still do things like this? Windows 10 was forcibly restarting for updates while people were live streaming games and had Microsoft Office open.)



Every time you update your firmware, any one of a million things can go wrong and leave the computer’s main board (which in a laptop has the CPU, RAM, and SSD soldered in sometimes, so kiss everything goodbye) utterly ruined.



That could be a Windows program (or virus) messing up the update process, Windows itself malfunctioning and freezing the computer before the update goes all the way in, the power going out, etc.



Of course you’re going to play Russian Roulette with your Lenovo laptop three dozen times, right? Right?



And even if it appears to update the UEFI, I have actually lost a motherboard (from Acer) while updating the correct firmware revision, and then had Acer refuse to do anything about it, so I had to find another motherboard that fit the case, and rebuild the entire desktop computer. (Which I’m sure all of you know how to do.)



So if you’re affected by Windows refusing to let you continue until you update the UEFI, it’s safer to just remove Windows and install Linux instead, because Linux doesn’t have fake errors like this.



It’s also worth mentioning that when I started tinkering with Windows 98 as a child and gutting the operating system of Internet Explorer, the Trident engine, the Windows 98 Shell Update (installing the Windows 95 B Shell), Outlook Express, and the several dozen useless components of Windows, using RoM II, I rebooted.



I said, “This is cool! Without all that Internet Explorer junk around, my games run 10% faster!”.



It was like a free graphics card, RAM, CPU, and hard disk update!



Even back then things were, relatively speaking, as bad as they are now, with the bloat.



You had a 4 GB hard disk and here comes Microsoft to spew at least 300 MB of useless trash all over it, you had a PC that came from the factory with 32 MB of RAM, or 64 if you were lucky, uh oh, here’s a bloated shell with IE stuff in it that takes up 11 MB more than it should!



They’ve always considered everything in your PC pretty much theirs to waste. You have an expensive PC? They’re wasting it on things you don’t even want to run.



But today, 25 years later, I say, “Let’s remove all this Windows junk so my games can go wheeeeeeee!”.



But for the adult in you, the average Linux distribution includes tons of Free and Open Source Software (as in freedom and price), including an entire Microsoft-compatible office suite that doesn’t go into “read-only” mode if your subscription to “Microsoft 365” lapses, saying “Pay Up, Chump!”.



Windows 11 treats its users like they’re running some kind of awful browser game with in-app purchases.



It’s not even really an operating system.



And you’re supposed to risk damaging a $1,500 laptop to continue running it because Microsoft is too incompetent to fix bugs?



Recent Techrights' Posts

Speed of GNU/Linux
The media seldom speaks of the dangers of "proprietary software"
Proprietary Windows Versus "Linux" News (Trying to Keep People on Windows, Never Exploring GNU/Linux)
Good editors know better how to recognise threats and not give them lip service
Ensuring That Every Computer User Anywhere in the World Can Take Control of All His or Her Computers
We must fight the people who attack general-purpose computing, in particular those who push this agenda very aggressively inside Linux
Gemini Links 28/04/2025: Autism and Structural Navigation
Links for the day
What Happened to the Open Source Initiative (OSI) Elections: The Purge, the Cover-up, and the Witch-hunts
OSI has gone "full Microsoft"
 
New Leaks Coming Soon, We Maintain 100% Record of Successful Resistance to Censorship
We won't be told what we can and cannot say (especially when it's true)
Central African Republic (CAR): Vista 11 is Only ~0.2% Market Share
99.8% to go!
BSD and GNU/Linux Replaced Microsoft in Secure Servers, All Microsoft Has Left is LLM Slop for Fear, Uncertainty, and Doubt (FUD)
the FUD machine never rests
Gemini Links 28/04/2025: A Simple Task Tracking and Auto-Prioritization Tool and Other Programs
Links for the day
Links 28/04/2025: Canada's Election, Pakistan-India Conflict
Links for the day
Glue Inside Your Pizza (or Why People Will Get Fed Up With Slop)
People are given "answers" from non-intelligence word dumpsters
Links 28/04/2025: Cyberattacks Happening, Chatbots Disappointing, and "Free Speech Under Fire"
Links for the day
Phone Adoption Very Low in Vatican, Windows Usage Fell Nonetheless
Even in places where people still use desktops/laptops most of the time (and have access to these) Windows is gradually losing ground
GNU/Linux 9% in Cuba, Vista 11 Waning, Android Dominant
Microsoft has pretty much lost Cuba
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, April 27, 2025
IRC logs for Sunday, April 27, 2025
In 24 Countries Observed by statCounter Vista 11 is Still Less Than a Quarter of Windows Users Despite All Other Versions Being 'Expired'
They ought to move to GNU/Linux
Links 27/04/2025: Pope Goodbyes, "Politics of Fear", Slop Redux and More Google Shutdowns (Google Debt Had Grown This Year)
Links for the day
Links 27/04/2025: Serenity Dialectics, Hockey Jersey Ethics, and More
Links for the day
Links 27/04/2025: Death of Nest Thermostats, Death of Metaverse
Links for the day
Links 27/04/2025: Projects Workflow and Discovering Technology
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Saturday, April 26, 2025
IRC logs for Saturday, April 26, 2025
Microsoft Isn't on the Map in USSR
To them, it's either Google or Yandex
In Central America Windows Became a Small Force
These are countries where Windows used to have well over 95% of the "market"
What's Very Vexing to GAFAM, EPO and Others Is That It's Incredibly Hard to Censor Us (and Nobody Ever Successfully Did That Before)
resist, do not capitulate
Site May be Even Faster Now
It basically takes less than a tenth of a second to serve the page
Receiving SLAPPs and Collecting Them Like Trophies (the SLAPPs Always Fail)
People who file lawsuits bring even more attention to themselves (or to embarrassing statements about them)
Year of GNU/Linux on the Laptop?
It's not happening only in Lenovo
What People Must Understand About the Open Source Initiative (OSI)
some facts about the Open Source Initiative (OSI)
Many of the Scandals Are Interconnected (Overlapping People and Corporations)
We're only getting started
More Copyright Lawsuits Against LLM Slop Providers and Suppliers of LLM Slopfarms Would Benefit Society
It's not just bad for the Web and for society; it's also legally dangerous
Links 26/04/2025: General Assassinated in the Town of Balashikha, US Promoting Seafloor Mining
Links for the day
Links 26/04/2025: Facebook Layoffs Again, Remembering What's Real, and Say No to Mass Surveillance
Links for the day
Links 26/04/2025: NOAA Budget Cuts and "Dog Days Ahead"
Links for the day
In defence of JD Vance, death of Pope Francis
Reprinted with permission from Daniel Pocock
Three Years in Prison for Disney Employee’s ‘Menu Hacking’: The Economic Fallout of Digital Menus
Reprinted with permission from Ryan Farmer
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Friday, April 25, 2025
IRC logs for Friday, April 25, 2025