Announcement

Collapse
No announcement yet.

UEFI Makes It Easy To Boot Rust Applications

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • UEFI Makes It Easy To Boot Rust Applications

    Phoronix: UEFI Makes It Easy To Boot Rust Applications

    While (U)EFI is frowned upon by many Linux users due to the security disaster known as Secure Boot or other UEFI compatibility problems with running Linux on systems, there are a few benefits...

    Phoronix, Linux Hardware Reviews, Linux hardware benchmarks, Linux server benchmarks, Linux benchmarking, Desktop Linux, Linux performance, Open Source graphics, Linux How To, Ubuntu benchmarks, Ubuntu hardware, Phoronix Test Suite

  • #2
    I'm really just concerned about the DRM integrated into UEFI Secure Boot. You hear all these stories where manufacturers whitelist only some vendors keys, so you can't boot anything that wasn't pre-approved.

    What is actually the benefits to me for using UEFI Secure Boot? I don't know.

    Comment


    • #3
      Originally posted by grigi View Post
      What is actually the benefits to me for using UEFI Secure Boot? I don't know.
      Zero, zilch, 0.
      Secureboot was never defined to help the "user".

      - Gilboa
      oVirt-HV1: Intel S2600C0, 2xE5-2658V2, 128GB, 8x2TB, 4x480GB SSD, GTX1080 (to-VM), Dell U3219Q, U2415, U2412M.
      oVirt-HV2: Intel S2400GP2, 2xE5-2448L, 120GB, 8x2TB, 4x480GB SSD, GTX730 (to-VM).
      oVirt-HV3: Gigabyte B85M-HD3, E3-1245V3, 32GB, 4x1TB, 2x480GB SSD, GTX980 (to-VM).
      Devel-2: Asus H110M-K, i5-6500, 16GB, 3x1TB + 128GB-SSD, F33.

      Comment


      • #4
        Originally posted by gilboa View Post
        Zero, zilch, 0.
        Secureboot was never defined to help the "user".
        No I think you miss my point.
        I'm not disputing that Secure Boot was corrupted by corporate interests. I'm asking what it was designed to solve, and which of those does it achieve?
        (Engineers tend to have altruistic views on their own work)
        What Secure Boot is known to do better consists of simpler, more streamlined booting process, hence it is easier to boot and faster to boot, In theory. How risky is it to enable secure boot on a system where it is optional (Say, a Dell Precision notebook). What behaviour will change?

        I know my parents cheap little machine, I installed Mint on and then later on realised that it is booting through UEFI. It does seem to POST really quickly (about 2-3 sec, mostly waiting for the hard drive to spin up). I want to know if this is due to the "streamlined" boot process, or just general optimization by ASUS?

        Comment


        • #5
          Originally posted by grigi View Post
          I'm really just concerned about the DRM integrated into UEFI Secure Boot. You hear all these stories where manufacturers whitelist only some vendors keys, so you can't boot anything that wasn't pre-approved.
          Every PC implementing UEFI version 2.2 or later should allow you to change the UEFI platform key and therefore give you full control over what the system considers a trusted boot payload.

          Originally posted by grigi View Post
          What is actually the benefits to me for using UEFI Secure Boot? I don't know.
          The benefit is being able to verify the payload before it gets executed. A traditional BIOS tries to execute whatever code your MBR contains. If some malware program managed to replace that code, your machine would be compromised. This is relatively easy to do remotely. That can't happen under the SecureBoot scheme. An attacker would have to gain physical access to the machine.

          Comment


          • #6
            Originally posted by grigi View Post
            No I think you miss my point.
            I'm not disputing that Secure Boot was corrupted by corporate interests. I'm asking what it was designed to solve, and which of those does it achieve?
            (Engineers tend to have altruistic views on their own work)
            What Secure Boot is known to do better consists of simpler, more streamlined booting process, hence it is easier to boot and faster to boot, In theory. How risky is it to enable secure boot on a system where it is optional (Say, a Dell Precision notebook). What behaviour will change?

            I know my parents cheap little machine, I installed Mint on and then later on realised that it is booting through UEFI. It does seem to POST really quickly (about 2-3 sec, mostly waiting for the hard drive to spin up). I want to know if this is due to the "streamlined" boot process, or just general optimization by ASUS?
            I've an ASUS laptop which - I think - dosn't have UEFI support. It reaches grub really fast.

            AFAIK secure boot isn't risky, as long as you can still use it for your purpose: adding your own keys and being able to sign your kernel and initramfs. This is the only thing which stays unencrypted on a full-disk-encrypted system.

            Comment


            • #7
              Originally posted by grigi View Post
              No I think you miss my point.
              I'm not disputing that Secure Boot was corrupted by corporate interests. I'm asking what it was designed to solve, and which of those does it achieve?
              (Engineers tend to have altruistic views on their own work)
              What Secure Boot is known to do better consists of simpler, more streamlined booting process, hence it is easier to boot and faster to boot, In theory. How risky is it to enable secure boot on a system where it is optional (Say, a Dell Precision notebook). What behaviour will change?
              You seem to be mixing UEFI and secureboot.
              UEFI is BIOS replacement.
              Secureboot is an optional (!) component within UEFI, which is design to verify the validity of the booting kernel (Linux kernel, Windows kernel, etc).

              In theory, secureboot is a good thing, as it prevents hypervisor based attacks which are immune to modern age anti virus technologies (and to some extent kernel-base attacks).
              However at least to the best of my knowledge, the complexity of developing hypervisor attacks makes them far less effective as its far easier to develop user-mode attacks that target the browser...
              However, once you remove the security part of secureboot, you're only left with the "hidden" agenda. Prevent you from installing "unsupported" OS on your phone, tablet, netbook and in time, PC.

              I know my parents cheap little machine, I installed Mint on and then later on realised that it is booting through UEFI. It does seem to POST really quickly (about 2-3 sec, mostly waiting for the hard drive to spin up). I want to know if this is due to the "streamlined" boot process, or just general optimization by ASUS?
              Actually, modern age BIOSs are just as fast as UEFI.
              However, the original design (?) of the BIOS have become out-dated ~10 years ago.
              Trying to initialize a machine with 80 cores, dozens of networking cards, RAID controllers w/ muti-TB storage, and multiple GPUs in 16bit real mode is nearly impossible...

              - Gilboa
              oVirt-HV1: Intel S2600C0, 2xE5-2658V2, 128GB, 8x2TB, 4x480GB SSD, GTX1080 (to-VM), Dell U3219Q, U2415, U2412M.
              oVirt-HV2: Intel S2400GP2, 2xE5-2448L, 120GB, 8x2TB, 4x480GB SSD, GTX730 (to-VM).
              oVirt-HV3: Gigabyte B85M-HD3, E3-1245V3, 32GB, 4x1TB, 2x480GB SSD, GTX980 (to-VM).
              Devel-2: Asus H110M-K, i5-6500, 16GB, 3x1TB + 128GB-SSD, F33.

              Comment


              • #8
                UEFI for virtualization

                I'm thinking about making the UEFI environment a hypervisor that boots up virtual machines, l I think that would be interesting. The hard drive images to be booted from may be network shares and need not be local.

                Comment


                • #9
                  Hmm, thanks for everyones answers.

                  So in short, UEFI is the new BIOS, and generally just a regular advancement/evolution. SecureBoot is the new attempt at un-Trusted Computing.

                  Comment


                  • #10
                    So this raises a more important question !

                    Will we see now the REAL RISE OF THE LISP MACHINES ?

                    Comment

                    Working...
                    X