Disclaimer

This information HAS errors and is made available WITHOUT ANY WARRANTY OF ANY KIND and without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. It is not permissible to be read by anyone who has ever met a lawyer or attorney. Use is confined to Engineers with more than 370 course hours of engineering.
If you see an error contact:
+1(785) 841 3089
inform@xtronics.com

Why UEFI is not your friend


UEFI represents a proprietary mini operating system that is capable of two way networking, file manipulation, remote access and more - it is no longer a simple BIOS that only has the capability to load a OS loader. It continues to run after boot time. It has every capability needed to exploit your system. It is promoted to provide "secure boot", but actually introduces a second operating systems and a juicy target to attack.

No longer uses MBR - need to set up a UEFI boot sector on GPT now. See EFI UEFI GUID GPT and large TB partitions - Dealing with UEFI

The WHY

According to the repeated talking points:


benefits of UEFI boot mode over Legacy BIOS boot mode include:
 Support for hard drive partitions larger than 2 Tbytes
 Support for more than four partitions on a drive
 Fast booting
 Efficient power and system management
 Robust reliability and fault management- more secure.

But is that really true?

All of these 'benifits' have easy workarounds - GTF tables can be used as a second drive (booting off a SSD system drive speeds things up anyway). There is no real problem with more than 4-partitions. There are fast booting BIOS's (try coreboot)- All of these are false issues.

The real reason is to to allow secure boot (AKA boot guard) for the DRM people and possibly some backdoors for three letter agencies. This is a little sad as UEFI opens several cans of worms - violates the if it works don't mess with it principle.

The idea that a blob of closed source code is good for security is insane. It is a good idea only work with motherboards that support coreboot if at all possible. I would expect that any boot security it provides will be broken quite regularly.

Worse yet is the system appears to be written by complexity junkies.


Top Page wiki Index