Enough with the UEFI drama already

Story: Enough with the UEFI drama alreadyTotal Replies: 12
Author Content
stoneguy3

Feb 21, 2013
3:49 PM EDT
Not sure what you've been smoking lately. Walk into Best Buy and tell them you want to buy a machine with no O/S. Go to NewEgg and find a machine that specifies whether it completely supports UEFI as specified.

My son is a 2nd generation Linux evangelist. His buds aren't buying Linux machines. He's taking their clunky, virus-infested Windows machines and putting Linux on them. Even his mother is using it.

It would be impossible to prove that UEFI was partially intended to lock down systems. But when push comes to shove, it might as well be a conspiracy between Redmond and Big Silicon.
caitlyn

Feb 21, 2013
5:31 PM EDT
Quoting:It would be impossible to prove that UEFI was partially intended to lock down systems. But when push comes to shove, it might as well be a conspiracy between Redmond and Big Silicon.
I think that it's pretty easy to prove UEFI is no such thing. UEFI Secure Boot, OTOH, is all about vendor lock in. I was saying that months before it arrived and was accused of spreading FUD. Well.... here's a whole article of FUD about UEFI Secure Boot being benign. Yeah, right!

For a computer literate person who doesn't get scared by the ridiculous warnings saying how unsafe you are making your systems, yes, you can disable secure boot provided it's x86_64 technology and the vendor actually meets the standard and allows it to be disabled. A few machines have surfaced that don't allow it. If it's ARM based technology Secure Boot cannot be disabled and you can't change OS, period. If you don't like Windows RT and that's what came with the system, well... tough luck.

Then there is the little issue that Microsoft is keeper of the keys. Yes, there are workarounds, and yes, a handful of Linux distros now work with UEFI Secure Boot out of the box and more will eventually. That doesn't make it any less an attempt at vendor lock in.
distrorank

Feb 21, 2013
6:20 PM EDT
There's definitely an argument to be made about it being an attempt at vendor lock-in. Why didn't Microsoft take the lead and create a standards group or a non-profit tech group that would hold/distribute keys? Or why not at least hand out keys to the major Linux distros?

UEFI is definitely a better tech than what it replaces - no doubt. However, I think that it's more of an act of faith to think that Microsoft is behind this purely because it's technologically better. Just look at their history...
linuxwriter

Feb 21, 2013
10:00 PM EDT
From the article: "Indeed, what's there to worry about? You simply enter your UEFI menu, change the Secure Boot configuration to either Setup or Custom modes, and make relevant tweaks. And this is where problems start."

Has this guy looked at the UEFI layout on different motherboards and seen how different it is? I am no hardware newbie but I had to search for a considerable amount of time before I found the menus where I could turn off secure boot on my MSI board.

There is a load of FUD in this article.

Sam
zester

Feb 21, 2013
11:43 PM EDT
@linuxwriter Not saying your lieing, but every MSI motherboard that I have purchased sence they started shipping the new UEFI Bios has come with "Legacy Mode" enabled by default, even the Z77IA-E53 that just arived today via UPS came with "Legacy Mode" enabled. It wouldnt even make sence for MSI Boards to not come that way, they use Winki(Custom outdated version of ubuntu) for updating there firmware and as a instant boot os.
kikinovak

Feb 22, 2013
8:34 AM EDT
UEFI Secure Boot is a sheer disaster, and this article is a load of nonsense. Reminds me of similiar publications asserting global warming is a myth.
CFWhitman

Feb 22, 2013
9:48 AM EDT
zester wrote:Not saying your lieing, but every MSI motherboard that I have purchased sence they started shipping the new UEFI Bios has come with "Legacy Mode" enabled by default, even the Z77IA-E53 that just arived today via UPS came with "Legacy Mode" enabled. It wouldnt even make sence for MSI Boards to not come that way, they use Winki(Custom outdated version of ubuntu) for updating there firmware and as a instant boot os.


You're talking about something entirely different than Sam is. Sam is talking about complete MSI machines or MSI boards that come with Windows 8 pre-installed and/or are Windows 8 certified. You're talking about MSI motherboards for system builders intended for general use. What he said is true of the MSI Windows 8 certified systems. Of course it's not true of MSI motherboards that are not Windows 8 certified.
zester

Feb 22, 2013
11:03 AM EDT
@CFWhitman My bad, I see what your saying I Imagen a dual boot would be very problematic.
jdixon

Feb 22, 2013
11:10 AM EDT
> UEFI Secure Boot is a sheer disaster,

UEFI is a fairly new technology that's going through the normal growing pains of incompatible and incomplete vendor implementations. It'll work it's way through it and come out as a mature technology that just works.

Secure Boot is a Microsoft mandated attempt to lock out any other OS. It does little to enhance security, and what little it does do will quickly be circumvented by the malware folks.
linuxwriter

Feb 23, 2013
8:28 PM EDT
@zester and @CFWhitman

I am talking about the layout of the UEFI and the fact that it is a difficult process to locate and turn off secure boot. The layout of the UEFI is not uniform from manufacturer to manufacturer. Thus there is no set of standard instructions one can provide to the newer user to turn off secure boot.

I had issues finding how to turn off secure boot myself:

http://www.itwire.com/opinion-and-analysis/open-sauce/57562-...

And I am no greenhorn to building PCs.

Thus when anyone talks of turning off secure boot as though it is like turning a light switch on and off, I tend to laugh cynically.

Sam
BernardSwiss

Feb 23, 2013
11:50 PM EDT
When all this "So...? Just turn it off!" hand-waving dismissal about Secure Boot concerns comes up, my response is to ask, "And...? Just why should non-Microsoft operating systems be denied having the benefit of "Secure Boot" as part of a sensible "security in depth" approach to computer security? Any sensible implementation of UEFI Secure Boot is intrinsically OS neutral (except of course, in cases where "secure boot" is just double-speak for "vendor lock-in").

When all is said and done, "Secure Boot" is just a way for the motherboard BIOS (now reworked as UEFI) to verify that the boot code is "authorized". The question is, simply, "authorized by whom? -- by Microsoft? -- or by the supposed owner?"

It's important to keep an eye on the essential, core issue, and not be overly distracted by all the baffle-gab blowing back and forth.

gus3

Feb 24, 2013
4:21 PM EDT
Quoting:authorized by whom? -- by Microsoft? -- or by the supposed owner?
Well, who do the hardware makers trust? The ones with the money, or the ones with the contracts?
caitlyn

Feb 25, 2013
11:52 AM EDT
I fully agree with Sam on this issue. Jesse Smith also did a DistroWatch Weekly a while back were he walked through the process on a new machine. It wasn't pretty and it was anything but simple.

Quoting:The question is, simply, "authorized by whom? -- by Microsoft? -- or by the supposed owner?"
Since Microsoft controls the keys it is Microsoft who ultimately determines who is authorized and hwo isn't. That is what makes the whole thing really worrisome. The sad fact is that there is no OS neutral implementation that I've seen. The systems come with Windows 8 (which is most of them) are designed to make changing the OS possible but daunting for those who are not confident of their technical ability. On ARM based machines you can't even turn it off. So, yes, I do think, to use your words, "secure boot" is double-speak for "vendor lock-in" in most cases.

Posting in this forum is limited to members of the group: [ForumMods, SITEADMINS, MEMBERS.]

Becoming a member of LXer is easy and free. Join Us!