UEFI and Secure Boot mandated for Windows 8 certified PCs - your thoughts?

[Pepinno]

UEFI is just the first step in the long road towards the tivoization of the PC, towards converting PCs into proprietary vendor-locked appliances.

I still haven't seen any compelling reason as to why UEFI is better than a modern BIOS (which are able to boot from USB, able to boot from the network, able to enable and disable features in your CPU, etc.). More complicated and convoluted? Sure! More difficult to program for it unless you are big corp with ultra-specialized people mastering UEFI? Sure!

The only compelling reason is that with UEFI plus Secure Boot you can avoid loading so called 'bootkits' when starting your system up. Yes, I concede that is true. But how did that bootkit got to reside into your boot sector/partition in the first place? I you are already in a stage where you need protection against a locally resident bootkit, something has ALREADY gone horribly wrong in your system -- to sum it up: you have already been owned.

 

[Chuck(G)]

A question this brings up is "Do people change PCs/notebooks more frequently than they change operating systems?"

If the answer is "yes", then Microsoft clearly sees an opportunity by hard-bundling the OS software with the machine. That is, "you can't change to a new OS, only buy a new system".

 

[Pepinno]

The theory is that anyone willing to put their name and $100 behind the certificate won't be a hostile actor or easily tracked and jailed if they are. Fraud is expected to be caught before the certificate has a chance to gain traction.

So, in that Big Brotherish future, to boot your PC you need to present it with your real, certified, paid-for ID, or else you can only boot it with the Microsoft ID using only Microsoft-blessed operating systems.

Next thing we know, everyone of us gets an IPv6 assigned with the driver license / passport, and you only can get into the Internet if you put it into a smartcard reader, so you can use your personal IPv6 on the net.

Hell itself, if you ask me.

 

[Pepinno]

If the answer is "yes", then Microsoft clearly sees an opportunity by hard-bundling the OS software with the machine. That is, "you can't change to a new OS, only buy a new system".

And the sad thing is most people will not care, as long as they can get into Facebook and twit about the latest fad on TV...

 

[Compgeke]

There is one thing to keep in mind: Post people don't bother with OS changes, if even a Windows upgrade.

Most people I know that bother running stuff other than Linux are usually getting business grade laptops (Thinkpads\Latitudes) and they almost always have configuration to disable everything, my Latitude will let me disable anything from keyboard backlight to the ability to enable\disable wireless. The others are building their own systems and I doubt any motherboard OEM is going to care about some Secureboot requirement, they don't sell Windows with their stuff anyways.

 

[Pepinno]

and I doubt any motherboard OEM is going to care about some Secureboot requirement, they don't sell Windows with their stuff anyways.

I doubt an OEM would sell many bare motherboards if said motherboards cannot boot Windows 9, when UEFI with Secure Boot will be mandatory (most probably, you know, for your security).

 

[g4ugm]

UEFI is just the first step in the long road towards the tivoization of the PC, towards converting PCs into proprietary vendor-locked appliances.

I still haven't seen any compelling reason as to why UEFI is better than a modern BIOS (which are able to boot from USB, able to boot from the network, able to enable and disable features in your CPU, etc.). More complicated and convoluted? Sure! More difficult to program for it unless you are big corp with ultra-specialized people mastering UEFI? Sure!

The only compelling reason is that with UEFI plus Secure Boot you can avoid loading so called 'bootkits' when starting your system up. Yes, I concede that is true. But how did that bootkit got to reside into your boot sector/partition in the first place? I you are already in a stage where you need protection against a locally resident bootkit, something has ALREADY gone horribly wrong in your system -- to sum it up: you have already been owned.

I thnk Windows/8 and the Windows store is really the first step towards proprietary vendor locked in appliances. I am sure Microsofts vision is that you buy apps through the app store. Micorosft is looking to regain control of what you run on the PC and if you have to isntall apps (you don't in windows/8) by the apps store then they will, at some point almost be able to give windows away. If they are getting 50p for every app you install, it makes the numbers much more attractive.

On servers EUFI is usefull , in that it aalows things like fibre cards to be configured from within the UEFI settings screen rather than having to run through the boot sequence to get to the press "cntrl+s" to configure the scsi cards...

 

[Pepinno]

On servers EUFI is usefull , in that it aalows things like fibre cards to be configured from within the UEFI settings screen rather than having to run through the boot sequence to get to the press "cntrl+s" to configure the scsi cards...

I'm not following you here. How is configuring a fiber HBA through UEFI any easier/different than doing it while POSTing or after boot using the HBA's vendor ad-hoc native tool?

 

[g4ugm]

If you have multiple cards you don't have to continually restart the boot process. On a tradional server evry time you change a cards settings it (usually) goes back to the start of the boot process, and you have to wait whilst each card initializes. With UEFI the configuration screen all become part of the UEFI configuration process. You can configure them all from one place in the UEFI screens.

On the other hand a UEFI boot process on a server seems to takes ages....

 

[Pepinno]

If you have multiple cards you don't have to continually restart the boot process. On a tradional server evry time you change a cards settings it (usually) goes back to the start of the boot process, and you have to wait whilst each card initializes. With UEFI the configuration screen all become part of the UEFI configuration process. You can configure them all from one place in the UEFI screens.

On the other hand a UEFI boot process on a server seems to takes ages....

So, in the fringe cases where you have several HBAs in a server, using UEFI you don't have to make several restarts mid-way through the BIOS POST process to configure them all. Operation which is usually done only once in the life of the server.

On the other hand, initializing UEFI at boot takes ages.

I still cannot see what we gain with this UEFI kludge being rammed down our throats.

 

[krebizfan]

So, in the fringe cases where you have several HBAs in a server, using UEFI you don't have to make several restarts mid-way through the BIOS POST process to configure them all. Operation which is usually done only once in the life of the server.

On the other hand, initializing UEFI at boot takes ages.

I still cannot see what we gain with this UEFI kludge being rammed down our throats.

Nothing about UEFI requires it to be slower; the only UEFI system I have worked with boots in about the same amount of time as a slightly older but very similar system equipped with a traditional BIOS. I doubt that the BIOS design can handle too many more removals of some functionality in order to add new functions. A complete rethinking of the concept was needed. UEFI does suffer from being a bureaucratic compromise expected to handle every issue of the next 20 years for every type of computer that could be made. Some parts of it will prove to be over engineered yet never actually needed while new hastily created features will be thrown in as holes in the specification are discovered.

 

[commodorejohn]

I say let's go back to toggling in bootloaders through the front panel!

 

[Pepinno]

UEFI does suffer from being a bureaucratic compromise expected to handle every issue of the next 20 years for every type of computer that could be made. Some parts of it will prove to be over engineered yet never actually needed while new hastily created features will be thrown in as holes in the specification are discovered.

UEFI is a compatibility nightmare brought down on us, the public, for no good reason. It very well may mark the death of the COMPATIBLE PC born in 1981.

UEFI reeks of the "MicroChannel Arquitecture approach", this time with Microsoft at the helm.

UEFI is already bringing pain to the users, like it's described in this forum post:

I hate Windows 8, let me get that out of the way. I decided to give it a try and it's on my HTPC at the moment.

Finally found the old Windows 7 backup program that was hidden in there and used it to create my backup and system image to a separate HDD. Win8 won't let me boot from that drive to access the image, so it makes me create a Repair Disc. I burned 8 different repair discs, different brands etc, and NONE of them will boot. Windows 8 says they were all created successfully, it lies apparently.

So I decided to see if I could just access the repair/restore options from the Win8 boot/install media and I could.

At that point I thought great, it works, but no... I get this error:

Windows cannot restore a system image to a computer that has different firmware. The system image was created on a computer using EFI and this computer is using BIOS.

I don't understand what's going on as it's THE SAME COMPUTER! I installed Win8 to the computer, created the image with the computer but yet it says I can't restore the image to that computer.
I created the image on this computer and I'm trying restore the image to THE SAME COMPUTER that created the image but it says I can't, I've been at this for at least 4 hours now trying to figure it out and I'm at the end of my patience...

All of my other computers run Win7, and they will all stay that way for a long time to come, but I want my HTPC to work and it won't...

Anyone help?

I think Microsoft has a very serious problem, and this "solution" is going to backfire badly on them.

 

[Jimmy]

Microsoft has a serious problem for sure and UEFI and Secure BOOT is only a very small part of their problem. Windows 8 is not selling, PC sales continue to fall. I am not sure it is going to make any difference what Microsoft mandates.

http://gadgets.ndtv.com/laptops/new...ppointing-price-cuts-possible-insiders-339527

 

[yuhong]

I'm a former x86 BIOS developer (I worked on Phoenix BIOSeseses) and this has been right around the corner for over a decade and counting. We were told in the late 1990s that uEFI was going to make our jobs obsolete! It's just barely starting to take hold now. Obviously with a big push from MS, there is now enough critical mass that this prophecy will shortly come true.

It is unfortunate that AMD seems to have ignored EFI during x86-64 development, delaying it's adoption by years. And on Secure Boot, I once suggest that the keys should be transferred to a neutral standard body before:
https://news.ycombinator.com/item?id=4869505
Be careful not to confuse UEFI itself with Secure Boot, BTW.
Besides the dependence on x86 real mode, there are portions of current chipsets such as the 8259 which are not used very often by modern OSes but are still needed because the legacy BIOS depends on them. There is already the UEFI-only Clover Trail platform which removes this legacy from the hardware altogether

 

[Rick Ethridge]

I'm deeply suspicious of UEFI. It looks like the perfect doorway to a closed-system architecture. Anything that gives the predominance to computer operating systems that can be controlled through the government I eschew. I only possess one system with a hybrid bios/uefi and this will be my last.

 

[yuhong]

I'm deeply suspicious of UEFI. It looks like the perfect doorway to a closed-system architecture. Anything that gives the predominance to computer operating systems that can be controlled through the government I eschew. I only possess one system with a hybrid bios/uefi and this will be my last.

Again, don't confuse UEFI itself with secure boot. And "controlled through the government"?

 

[yuhong]

Personally on this laptop which comes with Win8 it shipped with it booting via UEFI as required to support secure boot and that is not going to change but I did change the BIOS options to disable secure boot.