|Your next Intel x86 computer with UEFI secure boot…
Much has been said of the UEFI and one of its features, the Secure Boot. The launch of windows 8 is near , and the UEFI is just around the corner.
UEFI is the talk of the town, but what is it?
It is a specification of a software layer between the old computer’s BIOS and the operating system.
Intel created the specification to solve various problems in its 64-bit Itanium platform, those problems caused by incompatibilities with the old BIOS, which was designed for a 16-bit architecture.
It will replace almost entirely the calls to the BIOS, for all operating system services.
Yes, it would be very interesting to do this, since our old BIOS is more than 30 years old.
It turns out that, currently, no operating system makes calls to the BIOS anymore. They all have routines for interfacing with the hardware already built-in, the BIOS only works at boot (memory test, and that’s about it).
Specifications inspired by Windows …
Exactly when the UEFI was thought, its design was very similar to that of Microsoft Windows, with calls for protocols and practices inspired by the Microsoft product.
Interesting, no? Does it look like something made for everyone? No, no, but one thing made for just a few to benefit just a few.
How UEFI works
The UEFI would work more or less like this:
That is, would be present in all the user’s system, like a shadow controlling everything.
But if this is something that comes from Intel and Microsoft, what is there to fear? Much as it is a black box running inside your computer, and with the ability of a complete operating system.
Hence, very interesting questions are raised, since no one knows what is inside UEFI, unlike the good old BIOS, which is already very well known (and documented).
But, The Security UEFI Brings is what matters…
Ha, how nice it would be if it were true. But, as it has already happened ( The FLAME malware has been spreading with valid keys from MS) is all a big crock. And, as mentioned here, the possibility of an attack at boot time is almost nonexistent.
But So What’s the grand plan to use the Secure Boot and UEFI?
Intel is suffering from a heavy attack of the ARM platform. ARM chips are ubiquitous, they are in mobile phones to video games, and now are entering the server room.
Microsoft is not doing well also, its windows XP system is still the most widely used worldwide, after almost three years of the release of Seven, and five years of the release of Vista.
Microsoft already knows that windows 8 will flop, so with the help of Secure Boot, it will lock the machines so that only its operating systems will be allowed to run, do not allowing users to know that there are other options, and much better, an attempt to freeze the market waiting for their next OS, 9.
What to do to fight this fierce competition?
Simple, use a standard and exclude the competitors from the standard. And the restricted UEFI boot fits perfectly there.
Consumers are choosing smartphones and tablets (with ARM chips) over x86 desktop computers. How could Intel leverage its sales?
Easy, to sell more x86 processors, just make computers that have a shorter lifespan. Hence, it will force consumers to buy more and more x86 computers.
Now, Apple already does this, with machines that are not repairable nor upgradeable (the latest MacBook Air comes with welded memories, so, not even memory is possible to add to it).
The next step for rapid obsolescence: An operating system slow, bloated and that drags the machine, coupled with applications with useless options – Anyone for Office 15 ? (for, obviously, make the whole system more cumbersome and slow).
Let’s face it, a computer with windows lasts no more than three years. After that, or it must be added more memory, or more HD or a more powerful processor (if possible).
Add to that the fact one can not install any other operating system to the machine, and you have a beautiful pile of useless junk.
Now, I wonder if this little UEFI secure boot detail Intel will also push in its server market.
I doubt it, since Intel is doing very well in the server market, mostly thanks to the Linux distros. It’s something they want to push down the throats of the domestic consumer and SOHO.
And, with Intel, Apple and Microsoft doing the same thing, this practice will become a standard.
What Can Happen?
Many things can happen. One that will certainly occur, is to increase the ignorance of the average user regarding Information Technology, which is not good, thanks to Microsoft and Apple, and will only tend to worsen. Imagine a Fahrenheit 451 world where books are banned, and most of the population lives in complete ignorance, where few can read and remember the culture and the old books (I have not read the book, just watched the wonderful film by François Truffaut, but the overwhelming impact of the message makes you think, a lot).
And worse, students of Information Technology related matters(software, hardware, computer science), will have their hands tied, they will not be able to experiment with their hardware / software and learn from it.
Imagine, there won’t be a next Linus Torvalds, because he can not run an operating system made by the user in his/her computer. And no next Steve Jobs also, since he began building computers in the Homebrew Computer Club. This will be a thing of the past.
Increase the junk in the world, the e-waste, since the machines will have a lifespan much shorter, it surely will happen. So long greencomputing.
But As For the time being, UEFI Secure Boot is not Mandatory…
Exactly, but with so many laws being passed by fear of terrorism or as protection of intellectual property (ACTA, SOPA, PIPA, etc …) how long to be illegal to run programs (and operating systems) not authorized by the vendors / manufacturers?
Just remember, there are countries where making a legitimate copy of a DVD, for security purposes, is illegal.
And is there an Option?
Sure. And, a much better than UEFI. The CoreBoot, the free, open, auditable specification, made in partnership with the Open Source community and the company AMD.
And, its block diagram is as follows:
Extremely simple, unobtrusive and lightweight, CoreBoot covers several platforms: x86, ARM, and various operating systems: GNU / Linux, BSD, and even windows (with SeaBios).
Even Linus has spoken out against the UEFI (“It has few real advantages, and add a greater layer of complexity” – http://kerneltrap.org/node/6884).
Not to mention that the user has no control over it.
How to Fight UEFI Secure Boot?
There are several ways.
1º Legally – Act to push investigation on the UEFI secure boot, to make the DOJ investigate anti-trust unheticall moves, by Microsoft and Intel.
2º Politically – Pressure on your congressmen, senators, legislators, to do not allow to become a common practice restricting the boot of the computers.
3º Boycott Intel and Microsoft (and all companies that sell machines with the UEFI secure boot). I do not like to advertise products or companies, but support AMD, the CoreBoot standard is supported by it, and do not buy from companies that offer machines that do not allow you to run your favorite distro.
Finally, a famous text (adapted to our Free, Libre and Open Source reality):
“First they came for Gentoo.
And I did not speak up because I don’t use Gentoo.
Then they came for Arch Linux
and I said nothing because I don’t use Arch Linux.
Later, they came for Slackware.
And I kept silence, because I don’t use Slackware.
Then they came for Pardus Linux.
And I remained silent because I don’t use Pardus Linux.
Finally, they came for Puppy Linux
And then there was no one left to speak out for me.”
Adapted from Martin Niemoller – First they came …
Intel, “Beyond bios,” Intel Software Network, November 2008.
Uniﬁed Extensible Firmware Interface Speciﬁcation, Version 2.3,
errata b ed., UEFI Forum
P. L., “New technology beefs up bios,” Computer, vol. 37, 2004.