Page 1 of 4 123 ... LastLast
Results 1 to 10 of 34

Thread: UEFI Makes It Easy To Boot Rust Applications

  1. #1
    Join Date
    Jan 2007
    Posts
    13,464

    Default UEFI Makes It Easy To Boot Rust Applications

    Phoronix: UEFI Makes It Easy To Boot Rust Applications

    While (U)EFI is frowned upon by many Linux users due to the security disaster known as Secure Boot or other UEFI compatibility problems with running Linux on systems, there are a few benefits...

    http://www.phoronix.com/vr.php?view=MTUyMDE

  2. #2
    Join Date
    Jan 2008
    Location
    South Africa
    Posts
    216

    Default

    I'm really just concerned about the DRM integrated into UEFI Secure Boot. You hear all these stories where manufacturers whitelist only some vendors keys, so you can't boot anything that wasn't pre-approved.

    What is actually the benefits to me for using UEFI Secure Boot? I don't know.

  3. #3
    Join Date
    Oct 2006
    Posts
    533

    Default

    Quote Originally Posted by grigi View Post
    What is actually the benefits to me for using UEFI Secure Boot? I don't know.
    Zero, zilch, 0.
    Secureboot was never defined to help the "user".

    - Gilboa
    DEV-NG: Intel S2600C0, 2xE52658V2, 32GB, 4x2TB, GTX680, F20/x86_64, Dell U2711.
    DEV: Intel S5520SC, 2xX5680, 36GB, 5x320GB, GTX550, F20/x86_64, Dell U2711 (^).
    SRV: Tyan Tempest i5400XT, 2xE5335, 8GB, 4x2TB, 9800GTX, F20/x86-64, Dell U2412.
    LAP: ASUS N56VJ, i7-3630QM, 16GB, 1TB, 635M, F20/x86_64.

  4. #4
    Join Date
    Jan 2008
    Location
    South Africa
    Posts
    216

    Default

    Quote Originally Posted by gilboa View Post
    Zero, zilch, 0.
    Secureboot was never defined to help the "user".
    No I think you miss my point.
    I'm not disputing that Secure Boot was corrupted by corporate interests. I'm asking what it was designed to solve, and which of those does it achieve?
    (Engineers tend to have altruistic views on their own work)
    What Secure Boot is known to do better consists of simpler, more streamlined booting process, hence it is easier to boot and faster to boot, In theory. How risky is it to enable secure boot on a system where it is optional (Say, a Dell Precision notebook). What behaviour will change?

    I know my parents cheap little machine, I installed Mint on and then later on realised that it is booting through UEFI. It does seem to POST really quickly (about 2-3 sec, mostly waiting for the hard drive to spin up). I want to know if this is due to the "streamlined" boot process, or just general optimization by ASUS?

  5. #5
    Join Date
    Oct 2009
    Posts
    28

    Default

    Quote Originally Posted by grigi View Post
    I'm really just concerned about the DRM integrated into UEFI Secure Boot. You hear all these stories where manufacturers whitelist only some vendors keys, so you can't boot anything that wasn't pre-approved.
    Every PC implementing UEFI version 2.2 or later should allow you to change the UEFI platform key and therefore give you full control over what the system considers a trusted boot payload.

    Quote Originally Posted by grigi View Post
    What is actually the benefits to me for using UEFI Secure Boot? I don't know.
    The benefit is being able to verify the payload before it gets executed. A traditional BIOS tries to execute whatever code your MBR contains. If some malware program managed to replace that code, your machine would be compromised. This is relatively easy to do remotely. That can't happen under the SecureBoot scheme. An attacker would have to gain physical access to the machine.

  6. #6
    Join Date
    Sep 2007
    Posts
    242

    Default

    Quote Originally Posted by grigi View Post
    No I think you miss my point.
    I'm not disputing that Secure Boot was corrupted by corporate interests. I'm asking what it was designed to solve, and which of those does it achieve?
    (Engineers tend to have altruistic views on their own work)
    What Secure Boot is known to do better consists of simpler, more streamlined booting process, hence it is easier to boot and faster to boot, In theory. How risky is it to enable secure boot on a system where it is optional (Say, a Dell Precision notebook). What behaviour will change?

    I know my parents cheap little machine, I installed Mint on and then later on realised that it is booting through UEFI. It does seem to POST really quickly (about 2-3 sec, mostly waiting for the hard drive to spin up). I want to know if this is due to the "streamlined" boot process, or just general optimization by ASUS?
    I've an ASUS laptop which - I think - dosn't have UEFI support. It reaches grub really fast.

    AFAIK secure boot isn't risky, as long as you can still use it for your purpose: adding your own keys and being able to sign your kernel and initramfs. This is the only thing which stays unencrypted on a full-disk-encrypted system.

  7. #7
    Join Date
    Oct 2006
    Posts
    533

    Default

    Quote Originally Posted by grigi View Post
    No I think you miss my point.
    I'm not disputing that Secure Boot was corrupted by corporate interests. I'm asking what it was designed to solve, and which of those does it achieve?
    (Engineers tend to have altruistic views on their own work)
    What Secure Boot is known to do better consists of simpler, more streamlined booting process, hence it is easier to boot and faster to boot, In theory. How risky is it to enable secure boot on a system where it is optional (Say, a Dell Precision notebook). What behaviour will change?
    You seem to be mixing UEFI and secureboot.
    UEFI is BIOS replacement.
    Secureboot is an optional (!) component within UEFI, which is design to verify the validity of the booting kernel (Linux kernel, Windows kernel, etc).

    In theory, secureboot is a good thing, as it prevents hypervisor based attacks which are immune to modern age anti virus technologies (and to some extent kernel-base attacks).
    However at least to the best of my knowledge, the complexity of developing hypervisor attacks makes them far less effective as its far easier to develop user-mode attacks that target the browser...
    However, once you remove the security part of secureboot, you're only left with the "hidden" agenda. Prevent you from installing "unsupported" OS on your phone, tablet, netbook and in time, PC.

    I know my parents cheap little machine, I installed Mint on and then later on realised that it is booting through UEFI. It does seem to POST really quickly (about 2-3 sec, mostly waiting for the hard drive to spin up). I want to know if this is due to the "streamlined" boot process, or just general optimization by ASUS?
    Actually, modern age BIOSs are just as fast as UEFI.
    However, the original design (?) of the BIOS have become out-dated ~10 years ago.
    Trying to initialize a machine with 80 cores, dozens of networking cards, RAID controllers w/ muti-TB storage, and multiple GPUs in 16bit real mode is nearly impossible...

    - Gilboa
    DEV-NG: Intel S2600C0, 2xE52658V2, 32GB, 4x2TB, GTX680, F20/x86_64, Dell U2711.
    DEV: Intel S5520SC, 2xX5680, 36GB, 5x320GB, GTX550, F20/x86_64, Dell U2711 (^).
    SRV: Tyan Tempest i5400XT, 2xE5335, 8GB, 4x2TB, 9800GTX, F20/x86-64, Dell U2412.
    LAP: ASUS N56VJ, i7-3630QM, 16GB, 1TB, 635M, F20/x86_64.

  8. #8
    Join Date
    Nov 2011
    Posts
    10

    Default UEFI for virtualization

    I'm thinking about making the UEFI environment a hypervisor that boots up virtual machines, l I think that would be interesting. The hard drive images to be booted from may be network shares and need not be local.

  9. #9
    Join Date
    Jan 2008
    Location
    South Africa
    Posts
    216

    Default

    Hmm, thanks for everyones answers.

    So in short, UEFI is the new BIOS, and generally just a regular advancement/evolution. SecureBoot is the new attempt at un-Trusted Computing.

  10. #10
    Join Date
    Jul 2013
    Location
    Bordeaux, France
    Posts
    213

    Default

    So this raises a more important question !

    Will we see now the REAL RISE OF THE LISP MACHINES ?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •