Bonum Certa Men Certa

[Video] UEFI Insecure Boot: Another Nail in the Coffin

posted by Roy Schestowitz on Jul 29, 2024

Video download link | md5sum dd9c634b1416f67902406317d73b9009
Insecure Boot Strikes Again
Creative Commons Attribution-No Derivative Works 4.0

Preview for Insecure Boot Strikes Again

THE small bunch (borderline fringe) of 'Secure Boot' Microsofters are not talking about the latest blunder. They just have nothing to say in their defence. They've been proven wrong. So let's discuss the matter. We don't just let it pass.

12 years ago they told us adoption of 'bootlocks' is fine and that this is perfectly OK. To oppose this would be to oppose security. Well, patience is a virtue here because over the past 12 years we've repeatedly been proven right and we can howl from rooftops now. The lesson is, do not believe anything Microsofters say. As an associate put it recently, there will "be a few long-form series later on in the indefinite future on the details."

The time seems right to respond to over a decade of mindless propaganda from Microsofters. They're hired professional censors in an effort to suppress information and intimidate women.

Some have dubbed this latest scandal "InSecure Boot" and security gurus are deeply concerned ("This isn’t good"). IDG said:

Security research firm Binarly reports that leaked cryptographic keys have compromised hardware from several major vendors in the PC industry, including Dell, Acer, Gigabyte, Supermicro, and even Intel. Eight percent of firmware images released in the last four years are compromised, with 22 untrusted keys discovered immediately.

This is also discussed in some GNU/Linux forums. One commenter said: "It's security done by Microsoft... that's all that needs to be said, eh?" Another one said: "Yeah, enough said. I'm grateful that I was able to switch off secure boot on my new T14 Thinkpad to install Linux. I'm glad that Windows isn't on my home LAN."

This additional report says "Secure Boot key compromised in 2022 is still in use in over 200 models — an additional 300 more use keys are marked ‘DO NOT TRUST’". To quote from the summary:

>Software security firm Binarly discovered that over 200 device models used a compromised security key, while an additional 300 more used default test keys shared with nearly all of AMI's customers.

Finally, for the time being, this one mentions another "brand name" for this issue:

A vulnerability dubbed PKfail can allow attackers to run malicious code during the boot process, which can be used to deliver UEFI bootkits.

No matter what one calls it - e.g. "PKfail" or "InSecure Boot" - this is a black eye to Microsofters.

Iris Flower Art Vintage

We already added some of these stories to Daily Links or had them linked to the originals in the sister site, but on Saturday we did a video about it. The first piece that everyone linked to (also in IRC) was Ars Technica's and it sort of speaks for itself. An associate called for "a Tomi Ahonen style "I told you so" article," arguing that "even short series is warranted because the public had been warned in detail in advance of just these kinds of problems."

We've repeatedly written about this since 2012.

"There are other problems too which have manifested," the associate said, "this is not the first."

There are also more serious warnings (warranting further precautions) which have not yet come to pass, so the other shoe has yet to drop - so to speak - on UEFI.

The politics which the UEFI patches and shim allowed Microsoft can be re-examined in this context.

Microsoft is meanwhile pushing the media to pretend no option exists other than Windows (and Office) for new laptops and desktops. What is this, 2004? Citing this as an example, the associate said "Microsoft pursues trapping people into a the sunk cost fallacy to prevent upgrading the OS to Linux or, worse from their perspective, using open formats for documents."

The way Microsoft sees things, anything other than Windows is not trustworthy or is "piracy". People who object to Windows are being bullied and vilified, even if the facts are on their side all the time.

Other Recent Techrights' Posts

Polygamy, from Catholic Synod on Synodality to Social Control Media & Debian CyberPolygamy
Reprinted with permission from Daniel Pocock
Only a Third of or 1 in 3 Web-Connected Devices is a Desktop or Laptop, According to statCounter
we can expect Android to widen its lead
 
Gemini Links 24/06/2025: Stimulants and Subscription Costs for DRM
Links for the day
When the Microsoft Aggressors Rely on Several Law Firms ('Attack Dogs', 'Guns for Hire'), Not Just One, Lawyering Up Against Techrights (Acting on Behalf of Americans Against UK Publishers)
From serving customers at some restaurant he has moved on to bullying people with demand letters
Links 24/06/2025: OpenAI [sic] May Soon Die (Too Much Debt) and Social Control Media Accused of Being Misinformation/Disinformation/Propaganda Amplifier
Links for the day
Nirbheek Chauhan in Planet GNOME Explains Why Wayland Pushers Are Losing
"A strange game. The only winning move is not to play."
The Days Are Getting Shorter, the First Half of 2025 is Almost Over
We're gratified to see significant increase in traffic and also positive feedback on the work we do
Turning GNU/Linux Into a Political Football
X (not the site) is Free software
X Server Still Works for Many People
A lot of people will grow suspicious of Wayland boosters/pushers if they persist and insist on using these tactics
Exactly a Week Ago "BetaNews Staff" Said "Betanews Is Growing Alongside You". Since Then Every Article (All by "Camila Nogueira") Has Been LLM Slop.
BetaNews is basically a slopfarm
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Monday, June 23, 2025
IRC logs for Monday, June 23, 2025
The "Tarzan Effect" in Compilers and Software
What happens when you forcibly make things 'work', either by hacks or by disregarding warnings (like those that compilers tend to issue)?
Gemini Links 23/06/2025: Mass Tourism, Hair Love, and Google Gemini as a Googlebomb
Links for the day
Law Firm Burgess Mee Does Not Fully Deny Participating in Abusive Litigation for Serial Strangler From Microsoft
I am not unfamiliar with these tactics
The Modus Operandi of Wayland Pushers: Make It Political
do what I say or you're a nazi...
Links 23/06/2025: RFE/RL Contributor Vladyslav Yesypenko Released, Recording Industry Cutbacks
Links for the day
Brett Wilson LLP Solicitors (M): Over 99.9% of Our E-mail is Self-Marketing, We Send You 3.5MB E-mails for Less Than 1KB of Text
Why would tech people entrust legal matters to such people?
Peter Moon's (Computerworld) Interview With Richard Stallman
Stallman: If you want freedom don't follow Linus Torvalds
At What Point Does Outsourcing Constitute Malpractice?
Brett Wilson LLP's new staff page is misleading
United Arab Emirates (UAE) Sailing to GNU/Linux, According to statCounter
countries in that region will quickly learn the price of neglecting digital sovereignty
From Do Your Own Research to Do Your Own Search
The Web is full of garbage; search engines amplify this garbage
More People Moving to Geminispace?
at age 6+ Gemini Protocol seems to have gained some maturity and it seems like more people use it
Permutation in LLMs Does, Inevitably, Change Meanings and Therefore LLMs Cannot Properly Rephrase or Summarise Texts
LLMs lack actual grasp or comprehension of what they spew out
Links 23/06/2025: Many Security Breaches, Population Declines
Links for the day
Gemini Links 23/06/2025: "America at the Crossroads" and OpenWRT Surgery
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, June 22, 2025
IRC logs for Sunday, June 22, 2025
Pure Dove
Different means different, and sometimes those who "deviate" from "the norm" have a point
Censorship is a Sign of Weakness Which Invites More Censorship Attempts
revolutionaries don't succumb to pressure from bullies
Why It's Unlikely That LLM Slop Will Dominate the Web in the Long Run
Slopfarms will eventually perish (they have no actual value) and "survivors" on the Web will be sites that never depended on search engines and social control media
GNU/Linux in Argentina Now Measured Near 5%
Like in central Europe, they must be seeing an increasingly hostile US
BetaNews is Fake News, Composed by LLM Slop
nothing in BetaNews is written by humans anymore
Links 22/06/2025: Giving Up on Smartphones and 'Jaws' at 50
Links for the day
Gemini Links 22/06/2025: Furniture Construction and Bubble for Comments
Links for the day
Links 22/06/2025: Windows TCO Tales and YouTube Getting More Hostile to Users
Links for the day
The FSF Board and FSF Beard
So the FSF's Board has grown
Law Firms Facing the Consequences for Patently Abusive Litigation on Behalf of Microsoft Employees Who Got Arrested for Strangulation and Had Done Even Worse Things
Having spent 1.5 years bullying me with patronising letters on behalf of Microsofters, last week they got served a massive bill and, in effect, lost the Hearing
New Report From the EPO's Staff Representatives in The Hague (LSCTH) Reveals Many Unsolved Issues
Local Staff Committee The Hague (LSCTH) wrote to staff just before the weekend
LLMs Breaking Everything
Computing and the Net became a playground for scammers and "bros", like people who "invented" fake currencies and also try to tell us that LLMs spewing out things will have some real value
Links 22/06/2025: More Slop Lawsuits (Copyrights) and "America’s Oligarch Problem"
Links for the day
Gemini Links 22/06/2025: Gigantic Toolchest and Annoying Bots
Links for the day