canthearu wrote on 2021-06-30, 02:40:
Glad you ask. It's wrong by design! 🙁 UEFI is a (not so) miniature-OS that can (and occassionally will) lie to the user's operating system.
It also is a security risk and it adds more complexity to the appartus than good. It undermines the whole concept of the ring schemes, also.
UEFI itself would need regular updates, just like Windows, in order to be secure to some degree:
- Let's think of these secure boot certificates. What if "keys" leak eventually and get used by malicious software ? 🙁
However, these regular updates are not going to happen likely. There's no automatic update service running.
And even if it was, it would be another security risk. Hackers would take over the update servers.
UEFI , in an ideal world, would need a firewall, an anti-virus program etc. and a lot of quality testing that happens on a regular basis.
The problem is: How to find out whether or not UEFI is infected by malware ?
Windows can't find out, since UEFI is running with higher priority in background.
Also, a hacked/infected UEFI could filter network traffic of the network card it supports (on-board devices).
(And some experts of the 90s were worried about System Management Mode aka SMM already.
If they knew of the monster that the PC platform has become, they'd be horrified)
Originally, there was an alternative, called "Open Firmware", which was used by some workstations and Power Macs.
It was a bare-metal firmware with some basic connectivity and a shell.
Unfortunatelly, it didn't made it to the x86 platform. Even Apple used EFI in later models, sadly.
Edit: Due to the whole secure boot concept, UEFI also nolonger allows users to develop and run their own OSes.
On a traditional PC, be it x86 or x64, you can write/run your own boot sector games and write/run your own OSes like MenuetOS.
Where does this lead to ? To a world where a single company can decide which OS is allowed to run, maybe ?
Let's imagine, that only "certified" OSes can be run in the future. What does this mean to people with, well, overly careing govs ?
In the far east, such scenarios are no fiction currently. A future PC without a BIOS/CSM is a platform without freedom, I'm afraid.
canthearu wrote on 2021-06-30, 02:40:
As long as PCs are implemented using open/documented standards, then I'm not exceptionally worried.
Are they ? There was a time when x86 CPUs were general-purpose components, not just meant for PCs.
The Hubble Space Telescope (HST), for example, used an 80386, originally, before it was upgraded. 😀
Also, there were C&T, Cyrix, Nexgen, Transmeta and a few more companies making x86 processors.
Many of other popular companies, like Siemens and Texas Instruments made x86 processors through license-agreements.
But that was way back in the 90s. Now it's just Intel, AMD and, maybe, VIA.
The Z80, 8080, 8085, 8086 up to the first Pentiums were not tied to WinTel platform.
In Japan, for example, there were PC-98 and FM Towns which also using some of these CPUs.
Nowadays, x86 processors are especially made to suite a particular OS.
Like Skylake, which demands a Windows higher than Windows 7.
They also require a specific chipset now, which often is proprietary stuff.
An 8086 to 80486 era processors could be interfaced with generic off-the-shelf parts, by comparison.
What we have now, for ~15 years or so, is not my understanding of an open, standardized platform anymore. 🙁
canthearu wrote on 2021-06-30, 02:40:
It is things like proprietary ARM systems that I would rather not have a bar of.
Also, enforcing secure boot is another thing that worries me greatly. Hopefully, there will be enough blowback on any attempt to do that generally.
Sounds a bit like xenophobia to me. Just kidding. 😀
TPM and stuff are nice as long as they are optional. Which sadly is about to change. BitLocker used them to scramble a HDD, for example.
This was highly useful for business people that carried secret information on their notebooks.
Even if the notebook was stolen, the data was still safely scrambled.
Edit: Aw, I'm sorry. Way too much text - I got carried away, again. And in my own thread, even. Shame on me! 😅
"Time, it seems, doesn't flow. For some it's fast, for some it's slow.
In what to one race is no time at all, another race can rise and fall..." - The Minstrel
//My video channel//