05.27.15
Yet Another Major Security Deficiency in UEFI
Another reason to reject UEFI: system compromise before boot sequence starts (e.g. GNU/Linux)
Summary: UEFI is inherently insecure, more so than the alternatives which it strives to replace, including Free/libre ones
INTEL’S UEFI has been marketed as ‘security’ because of “Restricted Boot”, which basically gives a bunch of companies like Microsoft control over one’s computer. Microsoft works closely with the NSA and the NSA already spoke about compromise at boot time. UEFI enables remote bricking of PCs — a subject that we covered here before, e.g. in:
- Ignore the Spin: Microsoft’s UEFI Programme Still Bricking Laptops
- Microsoft’s Anticompetitive Attack on GNU/Linux Booting is Bricking Laptops
- If You Use Microsoft Windows, the NSA Can Brick Your Computer Hardware Remotely
- Why Samsung Hardware With UEFI Boot Gets Bricked by Linux
- NSA Confirms Remote Computer Bricking by BIOS (or UEFI) as a Real Strategy
- Windows Vista 8.1, or Windows ‘Brick Edition’, Shows That UEFI is Malicious, Opposite of ‘Secure’
- UEFI is Bricking Computers When One Removes Spyware With Back Doors (Microsoft Windows)
There is a post titled “UEFI backdoor allows root exploit in Linux” which UEFI apologist and developer Matthew Garrettresponded to not exactly with refutation, only the insistence that it is not the “backdoor you are looking for”. To quote: “And that’s what Dmytro has done – he’s written code that sits in that hidden area of RAM and can be triggered to modify the state of the running OS. But he’s modified his own firmware in order to do that, which isn’t something that’s possible without finding an existing vulnerability in either the OS or (or more recently, and) the firmware. It’s an excellent demonstration that what we knew to be theoretically possible is practically possible, but it’s not evidence of such a backdoor being widely deployed.”
Maybe not yet. We’re talking about and dealing with imperialistic espionage agencies that go as far as putting back doors in the firmware of just about every hard drive.
We really need to stop referring to UEFI as a security enhancement. This is far from the first time security issues are found in UEFI, which is complicated, proprietary, patents-encumbered and relatively immature.
Computers with UEFI should be appropriately labeled (warning labels), just like foods with genetically-modified ingredients or packets of cigarettes. █