Announcement

Collapse
No announcement yet.

UEFI Makes It Easy To Boot Rust Applications

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • UEFI Makes It Easy To Boot Rust Applications

    Phoronix: UEFI Makes It Easy To Boot Rust Applications

    While (U)EFI is frowned upon by many Linux users due to the security disaster known as Secure Boot or other UEFI compatibility problems with running Linux on systems, there are a few benefits...

    http://www.phoronix.com/vr.php?view=MTUyMDE

  • #2
    I'm really just concerned about the DRM integrated into UEFI Secure Boot. You hear all these stories where manufacturers whitelist only some vendors keys, so you can't boot anything that wasn't pre-approved.

    What is actually the benefits to me for using UEFI Secure Boot? I don't know.

    Comment


    • #3
      Originally posted by grigi View Post
      What is actually the benefits to me for using UEFI Secure Boot? I don't know.
      Zero, zilch, 0.
      Secureboot was never defined to help the "user".

      - Gilboa
      DEV: Intel S2600C0, 2xE52658V2, 32GB, 4x2TB + 2x3TB, GTX780, F21/x86_64, Dell U2711.
      SRV: Intel S5520SC, 2xX5680, 36GB, 4x2TB, GTX550, F21/x86_64, Dell U2412..
      BACK: Tyan Tempest i5400XT, 2xE5335, 8GB, 3x1.5TB, 9800GTX, F21/x86-64.
      LAP: ASUS N56VJ, i7-3630QM, 16GB, 1TB, 635M, F21/x86_64.

      Comment


      • #4
        Originally posted by gilboa View Post
        Zero, zilch, 0.
        Secureboot was never defined to help the "user".
        No I think you miss my point.
        I'm not disputing that Secure Boot was corrupted by corporate interests. I'm asking what it was designed to solve, and which of those does it achieve?
        (Engineers tend to have altruistic views on their own work)
        What Secure Boot is known to do better consists of simpler, more streamlined booting process, hence it is easier to boot and faster to boot, In theory. How risky is it to enable secure boot on a system where it is optional (Say, a Dell Precision notebook). What behaviour will change?

        I know my parents cheap little machine, I installed Mint on and then later on realised that it is booting through UEFI. It does seem to POST really quickly (about 2-3 sec, mostly waiting for the hard drive to spin up). I want to know if this is due to the "streamlined" boot process, or just general optimization by ASUS?

        Comment


        • #5
          Originally posted by grigi View Post
          I'm really just concerned about the DRM integrated into UEFI Secure Boot. You hear all these stories where manufacturers whitelist only some vendors keys, so you can't boot anything that wasn't pre-approved.
          Every PC implementing UEFI version 2.2 or later should allow you to change the UEFI platform key and therefore give you full control over what the system considers a trusted boot payload.

          Originally posted by grigi View Post
          What is actually the benefits to me for using UEFI Secure Boot? I don't know.
          The benefit is being able to verify the payload before it gets executed. A traditional BIOS tries to execute whatever code your MBR contains. If some malware program managed to replace that code, your machine would be compromised. This is relatively easy to do remotely. That can't happen under the SecureBoot scheme. An attacker would have to gain physical access to the machine.

          Comment


          • #6
            Originally posted by grigi View Post
            No I think you miss my point.
            I'm not disputing that Secure Boot was corrupted by corporate interests. I'm asking what it was designed to solve, and which of those does it achieve?
            (Engineers tend to have altruistic views on their own work)
            What Secure Boot is known to do better consists of simpler, more streamlined booting process, hence it is easier to boot and faster to boot, In theory. How risky is it to enable secure boot on a system where it is optional (Say, a Dell Precision notebook). What behaviour will change?

            I know my parents cheap little machine, I installed Mint on and then later on realised that it is booting through UEFI. It does seem to POST really quickly (about 2-3 sec, mostly waiting for the hard drive to spin up). I want to know if this is due to the "streamlined" boot process, or just general optimization by ASUS?
            I've an ASUS laptop which - I think - dosn't have UEFI support. It reaches grub really fast.

            AFAIK secure boot isn't risky, as long as you can still use it for your purpose: adding your own keys and being able to sign your kernel and initramfs. This is the only thing which stays unencrypted on a full-disk-encrypted system.

            Comment


            • #7
              Originally posted by grigi View Post
              No I think you miss my point.
              I'm not disputing that Secure Boot was corrupted by corporate interests. I'm asking what it was designed to solve, and which of those does it achieve?
              (Engineers tend to have altruistic views on their own work)
              What Secure Boot is known to do better consists of simpler, more streamlined booting process, hence it is easier to boot and faster to boot, In theory. How risky is it to enable secure boot on a system where it is optional (Say, a Dell Precision notebook). What behaviour will change?
              You seem to be mixing UEFI and secureboot.
              UEFI is BIOS replacement.
              Secureboot is an optional (!) component within UEFI, which is design to verify the validity of the booting kernel (Linux kernel, Windows kernel, etc).

              In theory, secureboot is a good thing, as it prevents hypervisor based attacks which are immune to modern age anti virus technologies (and to some extent kernel-base attacks).
              However at least to the best of my knowledge, the complexity of developing hypervisor attacks makes them far less effective as its far easier to develop user-mode attacks that target the browser...
              However, once you remove the security part of secureboot, you're only left with the "hidden" agenda. Prevent you from installing "unsupported" OS on your phone, tablet, netbook and in time, PC.

              I know my parents cheap little machine, I installed Mint on and then later on realised that it is booting through UEFI. It does seem to POST really quickly (about 2-3 sec, mostly waiting for the hard drive to spin up). I want to know if this is due to the "streamlined" boot process, or just general optimization by ASUS?
              Actually, modern age BIOSs are just as fast as UEFI.
              However, the original design (?) of the BIOS have become out-dated ~10 years ago.
              Trying to initialize a machine with 80 cores, dozens of networking cards, RAID controllers w/ muti-TB storage, and multiple GPUs in 16bit real mode is nearly impossible...

              - Gilboa
              DEV: Intel S2600C0, 2xE52658V2, 32GB, 4x2TB + 2x3TB, GTX780, F21/x86_64, Dell U2711.
              SRV: Intel S5520SC, 2xX5680, 36GB, 4x2TB, GTX550, F21/x86_64, Dell U2412..
              BACK: Tyan Tempest i5400XT, 2xE5335, 8GB, 3x1.5TB, 9800GTX, F21/x86-64.
              LAP: ASUS N56VJ, i7-3630QM, 16GB, 1TB, 635M, F21/x86_64.

              Comment


              • #8
                UEFI for virtualization

                I'm thinking about making the UEFI environment a hypervisor that boots up virtual machines, l I think that would be interesting. The hard drive images to be booted from may be network shares and need not be local.

                Comment


                • #9
                  Hmm, thanks for everyones answers.

                  So in short, UEFI is the new BIOS, and generally just a regular advancement/evolution. SecureBoot is the new attempt at un-Trusted Computing.

                  Comment


                  • #10
                    So this raises a more important question !

                    Will we see now the REAL RISE OF THE LISP MACHINES ?

                    Comment


                    • #11
                      Originally posted by grigi View Post
                      So in short, UEFI is the new BIOS, and generally just a regular advancement/evolution.
                      No, UEFI isn't an evolution of BIOS.
                      It is rewritten, redesigned and re-architectured from scratch.

                      BIOS was simple and only did basic hardware initialization and not much else.
                      Then it was ugly patched with hacks to make workarounds for limitations.

                      UEFI is much more complex and does much more than BIOS and is actually like an operating system.
                      It have its own network stack and can run programs and run multiple background services simultaneously.

                      BIOS just got the hardware running and passed control the OS.
                      UEFI does not pass control to the OS, because it never relinquishes control over the system to the OS, it always stays under the OS and can do its own stuff and runs it own stuff.
                      UEFI is kind of like an operating system and hypervisor.

                      Comment


                      • #12
                        Originally posted by uid313 View Post
                        BIOS just got the hardware running and passed control the OS.
                        UEFI does not pass control to the OS, because it never relinquishes control over the system to the OS, it always stays under the OS and can do its own stuff and runs it own stuff.
                        UEFI is kind of like an operating system and hypervisor.
                        Do you have a link for that? AFAIK, SMM is not related to UEFI, if that's what you mean.

                        Comment


                        • #13
                          Originally posted by Pseus View Post
                          Do you have a link for that? AFAIK, SMM is not related to UEFI, if that's what you mean.
                          I think SMM (System Management Mode) is part of x86 or some extension to BIOS.
                          But UEFI doesn't need SMM because it can run services.

                          https://en.wikipedia.org/wiki/UEFI#Services

                          Comment


                          • #14
                            Originally posted by uid313 View Post
                            No, UEFI isn't an evolution of BIOS.
                            It is rewritten, redesigned and re-architectured from scratch.
                            In practice, it does the same thing as the BIOS, it brings up the system, then loads an OS from one of the available devices, and dies. That's why it can be seen as an evolution of the BIOS, even if it is something different.

                            BIOS was simple and only did basic hardware initialization and not much else.
                            Then it was ugly patched with hacks to make workarounds for limitations.
                            That's not true. Booting was only the first of the BIOS' functions. After booting, the BIOS kept providing the OS with runtime services, such as teletype I/O, disk I/O, graphics, memory management. But they stopped evolving those services after the 286 era, because back then people began to think that the OS was a better place to implement those functions. Which holds true also today for UEFI.

                            UEFI is much more complex and does much more than BIOS and is actually like an operating system. It have its own network stack and can run programs and run multiple background services simultaneously.
                            Still, UEFI is single threaded and its runtime services are non-reentrant.

                            BIOS just got the hardware running and passed control the OS.
                            UEFI does not pass control to the OS, because it never relinquishes control over the system to the OS, it always stays under the OS and can do its own stuff and runs it own stuff.
                            UEFI is kind of like an operating system and hypervisor.
                            After the OS calls ExitBootServices, most of the UEFI firmware is pretty much finished, and it only provides limited, basic services such as setting the time or writing environment variables.

                            Comment


                            • #15
                              Originally posted by peppepz View Post
                              In practice, it does the same thing as the BIOS, it brings up the system, then loads an OS from one of the available devices, and dies. That's why it can be seen as an evolution of the BIOS, even if it is something different.
                              I was under the impression that UEFI loads the OS but stays resident and does not die.
                              Am I wrong about this?

                              Originally posted by peppepz View Post
                              Still, UEFI is single threaded and its runtime services are non-reentrant.
                              Please clarify, what do you mean with "runtime services are non-reentrant"?

                              Comment

                              Working...
                              X