● 12.09.13

●● ‘Secure’ Boot is Not Secure, Time to Abandon It

Posted in GNU/Linux, Kernel at 3:21 pm by Dr. Roy Schestowitz

Summary: The ‘security’ boasted by restricted boot is shown to be a sham; other booting systems ought to be promoted at UEFI’s expense

THE malicious thing which is UEFI (with or without restricted boot) has been covered here a lot. It needs to be shunned and those behind it should be investigated for collusion. It’s not secure, as Torvalds predicted (with strong words at times).

↺ UEFI
not
secure
Torvalds predicted
strong words
at times

As part of his ongoing investigation of UEFI, Dr. Garrett found serious flaws in restricted boot. As Phoronix put it the other day, “Matthew Garrett has written an insightful blog post about security issues pertaining to the Linux kernel’s kexec functionality that could defeat any security benefits provided by Secure Boot. Using kexec could even allow you to boot a Windows kernel.”

↺ his ongoing investigation of UEFI
↺ found serious flaws in restricted boot

UEFI is a sham that hardly offers any benefits to ordinary users; all it does in practice is harm. We need to embrace something like Coreboot [1] instead. The “UEFI” label (which computer makers don’t even make visible) should be read as “defective out of the box”. █

Related/contextual items from the news:

Coreboot Gets Support For Haswell Power LimitingAfter landing hardware support improvements last week for Coreboot, the open-source BIOS firmware replacement now has another new feature: ACPI power limiting and it’s been implemented for Intel Haswell CPUs.

Share in other sites/networks: These icons link to social bookmarking sites where readers can share and discover new web pages.

Permalink  Send this to a friend

Permalink
↺ Send this to a friend

----------

Techrights

➮ Sharing is caring. Content is available under CC-BY-SA.