UEFI Secure Boot – It's not about security at all!

Administrator's picture
Submitted by Administrator on Thu, 03/01/2012 - 11:14

UEFI or Unified Extensible Firmware Interface is an improvement over the standard 'BIOS' we are all used to. But as it has been since the Big Bang explosion took place, everything has its own downsides. With UEFI comes a feature called “Secure Boot” which is up for grabs with an evil plan called 'secure-boot'.

What is Secure-boot?

This is one term which could make you feel secure unless you know the reality. The secure boot feature as hyped saves you from “boot viruses” or unauthorized binary programs when booting. In such a case, the only thing you can boot is something which is 'signed'. Now, since almost every other Laptop or Configured desktop being sold comes only with Windows as its only operating system (if it does comes with one), it actually means that you will be able to boot only Windows. Any other operating system would not be able to boot on your computer in such a case.

The good side that they will show you

Since everything has a good side, people usually show that to you unless you fall into the trap and find the problems by yourself. So we tell you about the good things that your computer vendors will show you.

  • No boot viruses.
  • Signed Operating System makes you secure.
  • Signed programs make sure that you do not run pirated programs and hence save you from viruses.

    • That is pretty interesting and actually luring. It makes you want to have the 'secure-boot' feature so that you are 'protected'. But this shiny part is not all that you have. The darker side resides in the 'meaning' of it all and how this can turn out to be.

    The bad side of the good side

    Since Microsoft is the largest player in the software industry and (almost) all OEM computers would give you Windows pre-installed as the only operating system (if they ever give you one pre-installed one), chances are high that these manufactures will disable the ability of installing another operating system on your computer. Now, there are a lot of things that are invisible in here.

  • If you buy a Windows 8 based computer, the only operating system you will be able to install is 'Windows 8', which means that you cannot install an earlier version like Windows 7 or Windows Vista if you wanted to.
  • There are a lot of users who would be running pirated version of Windows. That would not work any more and you will have to install a 'genuine' copy of the OS. Well, this is not really the case with Laptops or other OEM computers because you do have a recovery disk or recovery partition. The question – does you data matter? Because if you reset the OS, you are losing your data!
  • If you happen to ever fall into problems where the OS does not boot and you are in need to recover your data (and you do not want to format the Windows partition), you will not be able to.

    • Did that drop your jaw? Well, yes, in most cases, this can be the case. Right now, you can do a simple thing – pop in a live recovery disk like a live Linux distribution or another rescue boot disk. Since the secure boot feature of UEFI would not allow you to boot an 'unsigned' OS, it will mean that you cannot recover your data. The only option you wold be left off with is to lose your data and use recovery disks! Don't be troubled yet; more troubles are coming in.

  • If you are someone who wanted to use Linux for some reason, like having a 'virus-free' life, or a 'fast' computer or if you were someone who wanted to deploy a LAMP server setup for some development or any other reason, you are doomed! So secure boot is an evil if you ever wanted to develop or test anything.

    • While all this may sound trivial as a problem, in fact it is not. It is a way Microsoft asks you to install Windows 8 and above only and abandon any other operating system! This simply translates to crushed freedom and a lot of pain for the user. Also, if your machine were to get old and you just wanted to install Linux on it and treat it as a FTP server for your home network, you are at loss. Again, if you were to sell such a machine to someone who wants a second hand machine, you are certainly locked out of those potential buyers who would want to install Linux on the machine after buying it! Now that is one big evil!

    Now, as a matter of fact about boot viruses, it is only present in Windows because all the code is closed source. Since almost all programs that you can install in Linux are open source and the chances of getting a virus in there is zero, this feature tells two things. One - Windows will never be free of viruses because of its propriety nature. Two - Microsoft wants to prevent regular users from being able to install anything other than Windows. The Linux ecosystem prevents any and all Viruses from getting into source code and gives you a lot of options as far as freedom of choice is concerned. By all means, it's a 'Windows' problem and the 'secure-boot' feature is a gimmick being played by Microsoft to lock out customers out of their own boxes!

    Please visit this page: http://www.fsf.org/campaigns/secure-boot-vs-restricted-boot/statement and sign the petition to save your freedom.

    Tags:

    Add new comment

    More information about text formats

    Plain text

    • No HTML tags allowed.
    • Lines and paragraphs break automatically.
    • Allowed HTML tags: <em> <strong> <cite> <blockquote> <code> <ul> <ol> <li> <dl> <dt> <dd>