'Secure' Boot is Not Secure, Time to Abandon It
- Dr. Roy Schestowitz
- 2013-12-09 20:21:48 UTC
- Modified: 2013-12-09 20:21:48 UTC
Summary: The 'security' boasted by restricted boot is shown to be a sham; other booting systems ought to be promoted at UEFI's expense
THE malicious thing which is UEFI (with or without restricted boot) has been covered here a lot. It needs to be shunned and those behind it should be investigated for collusion. It's not secure, as Torvalds predicted (with strong words at times).
As part of
his ongoing investigation of UEFI, Dr. Garrett
found serious flaws in restricted boot. As
Phoronix put it the other day, "Matthew Garrett has written an insightful blog post about security issues pertaining to the Linux kernel's kexec functionality that could defeat any security benefits provided by Secure Boot. Using kexec could even allow you to boot a Windows kernel."
UEFI is a sham that hardly offers any benefits to ordinary users; all it does in practice is harm. We need to embrace something like Coreboot [1] instead. The "UEFI" label (which computer makers don't even make visible) should be read as "defective out of the box".
⬆
Related/contextual items from the news:
-
After landing hardware support improvements last week for Coreboot, the open-source BIOS firmware replacement now has another new feature: ACPI power limiting and it's been implemented for Intel Haswell CPUs.
