Announcement

Collapse
No announcement yet.

UEFI 2.8 Specification Released With REST & Memory Cryptography

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • UEFI 2.8 Specification Released With REST & Memory Cryptography

    Phoronix: UEFI 2.8 Specification Released With REST & Memory Cryptography

    The UEFI Forum today announced the release of the UEFI 2.8 specification...

    http://www.phoronix.com/scan.php?pag...I-2.8-Released

  • #2
    HTTP... ...in your motherboard's firmware. Could this lead to security issues?

    Comment


    • #3
      I went to their site hoping that REST would mean another thing instead of HTTP semantics and Web services, but unfortunately it's the same REST we know

      Comment


      • #4
        Yep. Employ webcrappers to code lowlevel stuff and this is what you get. Stupid acronyms meaning nothing beside the buzz for stupid.

        Comment


        • #5
          Originally posted by tildearrow View Post
          HTTP... ...in your motherboard's firmware. Could this lead to security issues?
          Yes, the vendors are terrible at security. Modern motherboards have no problem updating UEFI directly from the Setup interface using DHCP to get an IP. Does that mechanism use fully validated code signatures and HTTPS? Who knows...

          What is more even the server hardware vendors can't be trusted with securely updating firmware, like Supermicro:

          We confirmed this result by intentionally modifying the binary in official Supermicro firmware images and observing that the system firmware still accepted and installed the modified package.

          Comment


          • #6
            Originally posted by milkylainen View Post
            Yep. Employ webcrappers to code lowlevel stuff and this is what you get. Stupid acronyms meaning nothing beside the buzz for stupid.
            It probably run some version of nodejs ...

            Comment


            • #7
              What's the point of writing an operating system in JavaScript when you can get inside on a lower level?

              Seriously though, why would I want a REST service in my firmware? Why would I want firmware that deals with the clusterfuck that is commonly known as HTTP? Isn't the point simply to provide some way to boot off a device? This is bloat at it's finest, it sounds like something Intel would put into their hardware.

              I'm starting to feel that even if people manage to get rid of ME and PSP in some meaningful way, the battle will move onto firmware.

              Comment


              • #8
                Its quite clear the future of your motherboard... and all firmware is in the cloud... where it will be kept safe and secure well outside your control. I cant wait for the day I can just pay a monthly fee for my MSI motherboard... maybe with a family package that will include my nVidia graphics cards!

                Comment


                • #9
                  I can see the complaints for adding something as relatively complex as HTTP(S) into firmware, but in all honesty I'd much rather see the UEFI board do the design and force a spec on it, rather than every OEM lazily hacking together their own extremely faulty - and exploit riddled - systems for doing their online firmware queries and updates.

                  Comment


                  • #10
                    This is the stupidest thing I've seen all year.

                    Comment

                    Working...
                    X