Bonum Certa Men Certa

Today in UEFI 'Secure' Boot Debates (the Frog is Already Boiling and Melting)

posted by Roy Schestowitz on May 28, 2024

Over at LQ today:

Quote:
Originally Posted by TheJooomes /div>
That's the meaning I extracted from "no BIOS", "third party UEFI certificates have been disabled", and "The era of general purpose computing is drawing to a close". I haven't heard of cases that extreme before so I want more than a claim in a forum thread.
No problem. Here are two links, the first one via an archive in case m$ changes it:

"Secure the Windows boot process":

https://archive.is/q69Mx/again?url=h...0-boot-process

and "Using your own keys"
https://wiki.archlinux.org/title/Uni..._your_own_keys

Though the first one has a lot of weasel-wording it still makes the point. Notice that you have to actually parse the document:

Quote:
Configure UEFI to trust your custom bootloader. All Certified For Windows PCs allow you to trust a non-certified bootloader by adding a signature to the UEFI database, allowing you to run any operating system, including homemade operating systems.
The word "default" is not used specifically, yet the default is exactly what is being described.

Also, the gotcha there is certified. Those which are not certified and those which are certified but not in compliance are not going to permit that. Talk with people who deal with resale of used systems and you will get plenty of first hand anecdotes, there are certainly such shops or individuals in your geographical area.

If you have not gone out of your way to follow trends in ICT lately then it would not be strange that you have not heard of third party certificates being disabled by default. Again, there was a lot of discussion and detailed analysis before UEFI was even rolled out. All that is buried somewhere in the search engines, assuming the pages are even still up.

Edit: See also:
Starting in 2022 for Secured-core PCs it is a Microsoft requirement for the 3rd Party
Certificate to be disabled by default. This means that for any of these Lenovo
platforms shipped with Windows preinstalled an extra step is needed to allow Linux to
boot with secure boot enabled.

UEFI + Secureboot was always just a lot of "security theatre" marketing for the gullible. For proprietary OS vendors, security is a feature which can be sold for profit. The aim was always to lock out alternative OS such as Linux. UEFI itself was dreamed up by a consortium of the x86 hardware/bios vendors, MS and Apple.

Those who still believe that Secureboot is really about security and preventing "evil maid" attacks need to pull their heads out of the sand. Business often invents the problem, then sells the solution and this was very similar, but not quite the same. It also came packaged with MS' anti-competitive, hostile agenda to destroy Linux - all dreamed up during the Steve "Linux is a cancer" Ballmer era.

It astounds me that users of FOSS operating systems who post on sites like this one, happily walked down that path, eagerly supporting sell outs like Canonical and Red Hat and are still parroting the marketing speak about Secureboot, many years later. Many of these people were running Linux on hardware which was not configured for dual booting Windows 8.0/8.1, yet still they took great pride in running a UEFI only system, disabling legacy boot, jumping through hoops to configure their OS to boot by this horrible convoluted broken and ironically, insecure MS design, which even uses the antiquated MS FAT file system.

MS wants to ensure that only a Microsoft OS can boot from the bare metal, it has been paving the way for this for years. For Linux it has invested in WSL/WSL2 and it has lured people across with the convenience of that.

The TPM/TPM2 is a further assault on your freedom to install what you want to install on the hardware you paid for. It is one of the latest advances in "Trusted Computing", which is anything but trustworthy...

https://www.cl.cam.ac.uk/~rja14/tcpa-faq.html

Quote:
There are some gotchas too. For example, TC can support remote censorship. In its simplest form, applications may be designed to delete pirated music under remote control. For example, if a protected song is extracted from a hacked TC platform and made available on the web as an MP3 file, then TC-compliant media player software may detect it using a watermark, report it, and be instructed remotely to delete it (as well as all other material that came through that platform). This business model, called traitor tracing, has been researched extensively by Microsoft (and others). In general, digital objects created using TC systems remain under the control of their creators, rather than under the control of the person who owns the machine on which they happen to be stored (as at present). So someone who writes a paper that a court decides is defamatory can be compelled to censor it - and the software company that wrote the word processor could be ordered to do the deletion if she refuses. Given such possibilities, we can expect TC to be used to suppress everything from pornography to writings that criticise political leaders.
Quote:
The gotcha for businesses is that your software suppliers can make it much harder for you to switch to their competitors' products. At a simple level, Word could encrypt all your documents using keys that only Microsoft products have access to; this would mean that you could only read them using Microsoft products, not with any competing word processor. Such blatant lock-in might be prohibited by the competition authorities, but there are subtler lock-in strategies that are much harder to regulate.
Quote:
12. Scary stuff. But can't you just turn it off?

Sure - unless your system administrator configures your machine in such a way that TC is mandatory, you can always turn it off. You can then run your PC as before, and use insecure applications.

There is one small problem, though. If you turn TC off, Fritz won't hand out the keys you need to decrypt your files and run your bank account. Your TC-enabled apps won't work as well, or maybe at all. It will be like switching from Windows to Linux nowadays; you may have more freedom, but end up having less choice. If the TC apps are more attractive to most people, or are more profitable to the app vendors, you may end up simply having to use them - just as many people have to use Microsoft Word because all their friends and colleagues send them documents in Microsoft Word. By 2008, you may find that the costs of turning TC off are simply intolerable.
In the world of "Big Tech", the words "trust", "security" and "privacy" don't mean what you think they mean.

Other Recent Techrights' Posts

[Video] Richard Stallman Questions and Answers Session in Google's YouTube or Invidious
From last night
Slopwatch: Anti-Linux Articles Published by Bots, Dominating Google News
So a lot of the Web is Microsoft chatbot-generated anti-Linux FUD
Macho Patent Office
At the EPO there's always room for women in top roles
Gemini Links 12/02/2025: "Bream Gives Me Hiccups", Making Chinese Tea, and More
Links for the day
This is Why Codeberg Issues an Apology Today
This response was clear and relatively swift
Destruction and Distortion of Information, Including Facts About Linux (Bonus: This is Destroying the Planet)
All that LLMs have going for them is hype, and moreover media that intentionally misrepresents them and their supposed capabilities
 
IBM Layoffs in 'RTO' Clothing Reported by Thomas Claburn
This "hey hi" (AI) nonsense is just a go-to excuse that IBM and GAFAM (and many others) use
Still Waiting for the EU to Abolish the Illegal and Unconstitutional Court Linked to EPO Corruption and Lobbyism by the Patent Litigation Industry
Sadly, all the blogs that used to talk about those issues have been infiltrated and then completely hijacked by the very perpetrators of the illegality
Social Engineering of the Free Software Movement is a Corporate Takeover With Code of Conduct (CoC) to Drive Out or Expel Dissent
Richard Stallman (RMS) covered "cancel culture"
Links 13/02/2025: Mass Layoffs at Google (Disguised as "Buyouts"), Telecoms Price Hikes as Collusion/Price-Fixing
Links for the day
Gemini Links 13/02/2025: Broken Watches and Naming Types
Links for the day
Corrupt Bill Gates Worming His Way Into Richard Stallman Videos in Google's YouTube
Reputation laundering riding other people's names?
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Wednesday, February 12, 2025
IRC logs for Wednesday, February 12, 2025
Links 12/02/2025: Crytek Layoffs, Security Holes, and Giving Ukraine to Russia
Links for the day
Relaying GAFAM Talking Points and Lies Using GAFAM LLMs, or Slop Pasted in by Brittany Day
linuxsecurity.com is relaying slop, i.e. misinformation
Photos From This Evening's Talk by Dr. Richard Stallman in Torino, Maybe a Video Soon
The talk that Dr. Richard Stallman gave today (a few hours ago) was recorded and streamed
IlSoftware.it Covers Richard Stallman's Visit to Give Talks in Italy
The publication is in Italian, the talk was in English
EPO Staff Representatives Confront the President Who Says 'F--king' in Front of Female Workers Over Measurable Discrimination Against Female Colleagues
Central Staff Committee versus Lukashenko's sponsor
The Register Studies (to Affirm) Reports of IBM Layoffs "at the Finance and Operations business unit"
something about that specific unit
Links 12/02/2025: SSL FUD, DEI Phase-out, Felonies Committed by MElon (Data Breaches)
Links for the day
Italian Media Covers Richard Stallman's English Talk Ahead of Tonight's Public Appearance
article in La Stampa
Google Seems to Have Just Killed All Instances of Invidious
YouTube is rapidly becoming just "another Neflix"
Microsoft Skype in a Freefall: About 20% Decrease in Site Traffic in 3 Months (Amid Microsoft Phasing Out Credits)
Microsoft axing more services/features may mean that now they scrape the bottom of the barrel and Skype will simply die, discontinuing service (like ICQ) in a matter of years
Gemini Links 12/02/2025: Depression, Gabbro, WikiTok, and More
Links for the day
Links 12/02/2025: Health, Security, and Monopolies
Links for the day
Gemini Protocol is Increasingly Important to the Net
Gemini Protocol will turn 6 this summer
Former EPO Manager Warns That the Illegal 'Court' for "Unitary Patents" Enables “Law Shopping”
Daniel X. Thomas opposed the very existence of the UPC, which any honest person could recognise was both illegal and unconstitutional
Like GAFAM, the EPO is Passing the Financial Pains to Staff
the EPO is operating illegally at this point
Morale at Microsoft Ruined by the Company Labelling Thousands of Workers 'Low Performers', Sacking Them on the Spot and Denying Them Basic Benefits
people laid off as "low performers" go to social control media to bemoan the label
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Tuesday, February 11, 2025
IRC logs for Tuesday, February 11, 2025
Links 11/02/2025: Current state of the Internet and Smallnet Information Services (SIS)
Links for the day
Conservative Estimate: Over 10,000 IBM Workers to Be Laid Off in the Next Two Waves
The morale is low and layoffs are expected soon, with mass layoffs likely happening next month and then again later
Links 11/02/2025: Trade Wars and "Crisis for American Universities"
Links for the day
Parasitic LLM Slop Sites Destroy the Ability to Find "Linux" News in Google News
Remember that Google News laid off lots of its workers
Richard Stallman's English Talk in Italy Less Than 24 Hours Away (Torino) and Then Another Talk in Italy Scheduled (University of Bozen-Bolzano)
He's active and he travels a lot in spite of his medical condition
IBM Layoff Rumours, Large-Scale Implementations Weeks Ahead (in March 2025)
There are some people corroborating
Links 11/02/2025: Nutritional Poverty, Closure of USAID, More Fictional 'Valuations' Around Buzzwords
Links for the day
Perl Programming Leftovers
recently in perl.org
Microsoft in Africa: From 98% to Less Than 10% in Just 16 Years
Microsoft being on less than 1 in 10 Web-connected devices in Africa is a very big deal
Almost as If MElon Reads Techrights
The joke we started appears to be spreading
Microsoft Blasted for Adding Insult to Injury: Workers Laid Off Without Prior Notice, Without Severance Payment and Basic Coverage (Like Health), Then Stigmatised as Bad Performers So They Cannot Find a Job Elsewhere
Such stereotypes end entire careers
Gemini Links 11/02/2025: NeoVim and Deploying Other People's Code
Links for the day
BetaNews is Still Publishing LLM Slop/SPAM About "Linux"
Assuming it is indeed LLM slop, it seems clear BetaNews has no intention of improving or is simply unable/unwilling to improve
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Monday, February 10, 2025
IRC logs for Monday, February 10, 2025