

Stop UEFI - kephra
http://kephra.de/blog/Stop_UEFI.html#en

======
ChuckMcM
I would like to offer up what is probably a bit more provocative than I want
it to be but here goes.

We should totally endorse secure boot for "webiances." I have to invent a word
here because we haven't coined one yet, but its a device you use to surf the
web, read email, chat on facebook, edit our resumes, Etc. It is something
hobbiests and experimenters never ever need to write code for. Its the thing
our grandparents use and we don't have to worry that Rico from Brazil is going
to clean out their accounts with. It is an information
telephone/tv/typewriter, it is an appliance.

Few people complain that you cannot boot unsigned code on the computer in your
BMW, that is a good thing, you want to trust your car.

That said, there should always be (and no doubt will be) computers that
engineers, hobbiests, and others use which are completely programmable. Those
will be distinguished as being "General Purpose" computers as opposed to "Task
specific" computers. They may even share the same instruction set architecture
with their counterparts, but it should be perfectly Ok for a task specific
device to refuse to run any code that hasn't been verified though some system
of trust.

The comments about unlocking phone bootloaders, or the iPad, are quite
relevant here. Those devices, when locked, aren't general purpose computers.
Locked they can be task specific and reasonably safe [1]. Without such
barriers they put their users at unnecessary risk and for users who have
neither the ability nor the time to understand the risks that is a good thing.

[1] "reasonably safe" - This discussion will often jump to 'nothing is 100%
secure' which is true of course and not the point. Planes fall out of the sky
and kill people, but they are 'reasonably safe' which means that the risk of
them killing us is acceptable given the benefit returned. Similarly with cars.
Computers these days are not 'reasonably safe'. Huge swaths of non-technically
literate people are harmed every year by the inability to create a reasonably
safe environment for them to use.

~~~
throwaway64
I disagree strongly with this type of argument, nobody starts out a "computer
professional", we all get there by experimenting on commodity hardware. With
this type of proposal you essentially make it impossible for a user of a
regular device to ever advance beyond the walled garden.

~~~
ChuckMcM
You seem to toss out the history of computers. I owned my first computer when
I was in high school, I soldered it together from a kit (it was based on a
Z80). Today I can do the same thing with an ARM chip (in fact I've been
playing with the ST micro STM324F 'butterfly' which is a Cortex-M4
architecture.

You also toss out with the bathwater virtual machines. You can boot a virtual
machine where the hypervisor is 'signed' on a machine which gives you 100%
access to your virtual machine that can do most anything you might want, from
talking to the network, to displaying graphics, to running the latest fizzbuzz
contender.

My guess is that wmf's is correct, the relatively low volume of 'general
purpose' computers will cause the cost to rise but I doubt it will ever be
impossible to put one together.

~~~
throwaway64
>You seem to toss out the history of computers. I owned my first computer when
I was in high school, I soldered it together from a kit (it was based on a
Z80). Today I can do the same thing with an ARM chip (in fact I've been
playing with the ST micro STM324F 'butterfly' which is a Cortex-M4
architecture.

My point being, I doubt that this was your first encounter with programming a
computer, and even if it was, you are in the extreme minority, even on HN.

>You also toss out with the bathwater virtual machines. You can boot a virtual
machine where the hypervisor is 'signed' on a machine which gives you 100%
access to your virtual machine that can do most anything you might want, from
talking to the network, to displaying graphics, to running the latest fizzbuzz
contender.

Ah, where is this VM i can run on an unrooted ipad?

~~~
ChuckMcM
My first experience programming a computer was running FOCAL8 on a PDP8 that
an engineer that was working with my Mom let me use because I was so bored
waiting for her to be done with work and to give me a ride home from school.
The second computer I programmed was running BASIC programs that I typed in on
an ASR33 Teletype that was connected to a mainframe at the school district
headquarters.

I don't doubt for a minute that my kids, should they choose to, could use a
terminal application on a securely booted appliance device to access a
computer 'instance' somewhere in the cloud (an EC2 instance perhaps). No need
to root my iPad.

If you look at the Beagle board, or the RPi, or the Pandaboard or any number
of 'kit' computers, they are still out there in numbers, and there will always
be a market for them. And, depending on your level of sophistication you may
start with a webiance and remove or simply access its internal compute engine
with some other bit of code. Nothing UEFI can do, cannot be undone with a JTAG
loader and new firmware. But it won't be useful for running those standard
applications any more. Just like the TV I hacked into so that I could display
video directly that was generated by my Z80 system ever tuned in TV shows
again after that.

------
drcube
I honestly don't understand how this can be legal. There's precedent, at least
in the US. The Bell system was forced to allow non-AT&T hardware on their
network. Automobile manufacturers were required to allow third parties to
service vehicles.

Also, I don't understand the need. I've heard the excuses about malware, but
is that even a significant problem? I know I've never booted up a machine and
said to myself, "You know what I need? An upgrade to my BIOS."

I mean, it is purely and transparently anti-competitive. But why now? This is
something the 90s, we're-deathly-afraid-of-linux Microsoft would do. So why
now and not then?

~~~
shawnz
> I honestly don't understand how this can be legal.

Are you serious? It's _mandatorily_ configurable. Are you suggesting that
Secure Boot just not be implemented by motherboard manufacturers? Or rather
that Microsoft should just pretend it doesn't exist?

Secure Boot is quite a useful part of the UEFI specification, albeit maybe not
in the average case. I should hope it doesn't get ignored just to satisfy
conspiracy theorists.

~~~
kephra
Secure Boot might be a useful part, if everybody could add his own keys to his
own board, and delete existing keys for Microsoft and others. But one has to
pay to get his key signed by Microsoft. This is comparable to install own
software on an iPhone, where one has to pay Apple to unlock a devices.

The most dangerous malware is now produced by states.

If RedHat and Ubuntu can pay their us$99, I guess NSA, BND, CIA, Mossad and
others can also. So secure boot is not adding any security, imho. There was
already the case that Microsoft implemented a backdoor in NT export versions
for NSA 13 years ago.

~~~
shawnz
Actually, the Logo requirements specify that you _must_ be able to add your
own keys:

> It shall be possible for a physically present user to use the Custom Mode
> firmware setup option to modify the contents of the Secure Boot signature
> databases and the PK.

~~~
kephra
You can not change the boot loader on ARM for Windows 8. And you likely can
not change it for Intel for next Windows version.

~~~
shawnz
The former claim is absolutely true, and I'm not happy about it. But that is
surely the standard for all ARM devices out today, is it not? Locked
bootloaders?

Anyway, the latter claim is purely conjecture. Why would they change
convention once everyone has already implemented all this standard/custom mode
stuff that they require for 8?

~~~
krickle
Apple and Android devices are all closed so that excuses Microsoft from doing
the same? Guess again; they are all wrong.

------
pooriaazimi
> _Order them, unpack them, ruin the paper and cardboards, and send them back
> with a note: Can not install Linux._

What a stupid idea.

What happens next, you think? OEMs will hug you and other Linux users and kiss
you? No, they won't issue driver updates. And your graphic card is useless. If
you (Linux users) cost them too much, they'll dump you. It's business, nothing
personal.

But, of course, it's open source. You can always write the drivers yourself.

\-----

By the way, it's very funny that a "forward-thinking, open source-loving" guy
who (supposedly) wants to make computing world better, doesn't think it's
absolutely immoral to do such a stupid thing. You ruin the cables, and the
company has to pay for it. The CEO doesn't pay the money from his pocket you
know, they increase the price for "all" customers a little bit, so it's Dell
(or other OEM) customers pays who are paying money for your stupid "cause".

~~~
comex
OEMs do not, as a rule, provide drivers for Linux desktops. Graphics card
manufacturers are not OEMs, and the rest is mostly open source...

~~~
pooriaazimi
You're right. They don't provide graphics card drivers, but they "do" provide
_some_ (less important) drivers. I can't find a link (slow internet connection
right now), but see here for example: [http://www.canonical.com/engineering-
services/oem-services/w...](http://www.canonical.com/engineering-services/oem-
services/why-ubuntu/drivers)

Anyway, my point was that if Linux guys prove to be costly, they'll be dumped
or neglected. It's bad for open source guys, it's bad for OEMs (they get worse
deals with Microsoft), and it's bad for everyone other than Microsoft. So, if
you think SecureBoot is bad, make your case like civil citizens without
inducing cost to others.

~~~
comex
That page is about "drivers" in the sense of "reasons that drive the decision
to ship Linux", not hardware drivers :)

I don't actually support the kind of crude protest measure suggested by the
article (although I doubt a non-negligible number of people will actually
carry it out in any case), but drivers really aren't the issue here.

------
sp332
The linked video of Cory Doctorow's keynote at the Chaos Communication
Congress in Berlin, "The Coming War on General Computation" is very
interesting, insightful, and worrying.
<http://www.youtube.com/watch?v=HUEvRyemKSg>

~~~
astrodust
I'm sure Cory would have given a talk in 1970 on "The Coming War on General
Purpose Hardware" where he bemoans the rise of the integrated circuit and an
end to you being able to rearrange the components in your computer to suit
your whims.

There's nothing worrying about it. What's happening is what used to be general
purpose is now becoming an appliance.

Until Cory is out there petitioning blender makers to open their firmware,
he's just grabbing headlines with this nonsense.

~~~
orangecat
With platforms like Arduino, you can in fact plug arbitrary components into
your computer. For now.

 _There's nothing worrying about it. What's happening is what used to be
general purpose is now becoming an appliance._

I find the prospect of Apple or Microsoft having veto power over how I use
"my" computer extremely worrying.

 _Until Cory is out there petitioning blender makers to open their firmware,
he's just grabbing headlines with this nonsense._

The manufacturers of blenders are generally not advocating that taking them
apart should be a federal crime.

~~~
sp332
"Components" as in individual transistors, resistors, and capacitors as
opposed to integrated circuits. And MS already has veto power. You can't run
device drivers that haven't been OK'd and cryptographically signed by them.
DRM is baked into the media layers (e.g. you can't watch a blu-ray movie on a
non-HDCP monitor).

~~~
orangecat
_You can't run device drivers that haven't been OK'd and cryptographically
signed by them. DRM is baked into the media layers_

Yes, and that sucks. But that's just Windows, and there are other options. For
now.

------
michaelmior
I don't understand why the author seems against UEFI in general. I can
understand the concerns with Secure Boot, but that's only part of the spec. Am
I missing something?

~~~
rwmj
I'm not convinced that putting most of an OS into the bootloader is a good
idea. Particularly when that OS is closed source and written by the same
geniuses that write BIOSes.

~~~
lgeek
> Particularly when that OS is closed source

Not exactly:
[http://sourceforge.net/apps/mediawiki/tianocore/index.php?ti...](http://sourceforge.net/apps/mediawiki/tianocore/index.php?title=EDK2)

~~~
rwmj
(a) TianoCore is only a small part of the code (the clue is in the name
"Core")

(b) The bits of TianoCore source that I've read are overcomplex and ugly.
There's no reason for a bootloader to even have all this stuff.

(c) That's not the UEFI implementation I have on one of my servers which AFAIK
is completely closed source, and does all sorts of weird stuff when I boot. I
reverted the machine back to plain BIOS "boot the first sector" booting.

~~~
lgeek
a) As far as I know, EDK compiles to a working bootloader on supported
platforms.

b) Not knowing what exactly you've read, I don't know if I'd agree, but
anyway, it just implements the UEFI spec.

c) As far as I'm aware, all UEFI implementations are built on top of
TianoCore. But as it is BSD-licensed, the OEMs don't have any obligation to
release their source code.

I really think that UEFI is superior to BIOS in every way. It could also be
open, except that hardware manufacturers choose to keep it closed. Not
allowing user keys for Secure Boot is, also, a decision of Microsoft and
manufacturers, not a problem with UEFI itself.

~~~
pgeorgi
"supported platforms" being a couple of emulators. That is, without any need
to do hardware initialization.

Tianocore "just implements" the UEFI spec, but that's what is overcomplex and
ugly. Also, Tianocore picks the ugliest possible way to implement things (or
at least, they really try to).

------
jwildeboer
Yawn. Same discussion when Intel introduced the TPM - doomsday didn't happen.
Or the Clipper chip? Doomsday didn't happen.

UEFI SecureBoot on Intel/AMD is optional and will not deliver on its promises
IMHO.

The REAL thing to focus on (and the one thing that all of these doosmday guys
seem to willingly ignore) is that on the ARM platform it is truly worse what
the Windows requirements are enforcing - locked bootloader, no way to change
that. So instead of whining about an OPTIONAL problem, how about fighting a
REAL problem?

~~~
pgeorgi
clipper chip didn't materialize.

TPM was widely misunderstood (thanks to the Anderson "TCPA FAQ", which went
into hyperbole real quickly). It was also defused a bit due to public
pressure.

With the Windows Logo Requirements (which are the real issue surrounding
secureboot), there are some indications that things will end up bad, but
that's speculation (but on a better foundation than the TCPA FAQ back then
IMHO). What's going on now is public pressure - and it already worked to some
degree, since the Logo Requirements went from "has to provide it, disabling
optional" on x86 to "must allow disabling secureboot".

------
unimpressive
These tactics aren't exactly going to inspire good will towards linux users.

Not to mention the ethical issues here.

------
donniezazen
_This will become the end of Linux and free software._

For crying out loud. Nothing can stop LinuX.

~~~
zokier
>Nothing can stop LinuX.

Not even spelling mistakes.

hint: it's spelled Linux

------
jasonlingx
Isn't UEFI something I need to boot from a disk larger than 2.2 TB?

~~~
pgeorgi
No, it's not. BIOS supports LBA48 for a _long_ time now (which can address a
couple of PB).

The main issue is the MBR format which doesn't allow >2TB easily (there are
hacks, but those break with older systems). It would be perfectly possible to
teach BIOS GPT, and use the boot sector of the system partition for booting
(ie. what happens today).

2TB disks are just the excuse to finally force the issue (after about 10 years
of promoting EFI without much success).

------
cooldeal
We have a huge malware problem and these folks are worried that there's one
more setting that a user might need to change before installing Linux? You
know, apart from changing the boot order of the devices, partitioning the hard
disk, installing into the right partitions, configuring dual boot etc. ?

>This is most easy from Germany, where we have a law that allows us to send
back any mail order, internet order or things that had been sold at the door
or on phone within 14 days, and charge our money back. So my suggesting is
doing this at the moment the first computers ship that are locked to boot only
Microsoft systems. Order them, unpack them, ruin the paper and cardboards, and
send them back with a note: Can not install Linux.

>The same can be done by people who have an American Express credit card,
within 30 days worldwide, I think.

Please think twice before doing that, this will just make the OEMs think that
a section of Linux users are mean and just too costly to support. I prefer
that some other way of indicating support for Linux is used, like buying
hardware with preinstalled Linux.

>It also won't help much if major distributions like Ubuntu or RedHat get a
signed key into the boot loader, because UEFI will prevent any normal Linux
system programmer from installing his own self compiled operating system.

Huh what? Doesn't Microsoft mandate(to the extent they can, because of
antitrust laws) that secure boot be able to be turned off and users be able to
add their own keys? Or is the author talking about the slippery slope of the
mysterious future?

~~~
mcpherrinm
> that secure boot be able to be turned off and users be able to add their own
> keys?

On x86, but not on ARM. And that's quite possibly more important, because ARM
platforms are likely porting targets for things like Android that "regular
users" might actually want.

~~~
cooldeal
Then campaign for unlocking the bootloader on the iPad, which is the largest
selling "ARM platform" by a huge margin. Interesting that no one seems to care
about that.

~~~
kephra
I would applaud the same campaign against Motorola/Google.

They publish the Linux kernel for their Android phones, complying to GPL. But
the lock the boot loader, preventing everybody to install its own kernel.

~~~
mdwrigh2
If having an unlocked bootloader is important to you, _stop buying locked
phones_. It really is that simple. The Galaxy Nexus is $350 unsubsidized on
the Play Store[1], and is completely unlocked (okay, I admit, you have to run
fastboot oem unlock).

[1]:
[https://play.google.com/store/devices/details?id=galaxy_nexu...](https://play.google.com/store/devices/details?id=galaxy_nexus_hspa)

------
drivebyacct2
Which should be a very small number of them as long as they've followed the
restrictions that Microsoft places on OEMs to ship Windows 8 certified
devices.

(Not to get in the way of anyone's pitchfork of course.)

