Announcement

Collapse
No announcement yet.

UEFI Makes It Easy To Boot Rust Applications

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #31
    Originally posted by erendorn View Post
    Sure, what I don't get is what does it have to do with UEFI, as that's doable with any hardware.
    There are hundreds of ARM devices (phones, tablets, set top boxes) that only boot signed firmware, and don't even have bios. Checking a remote connection instead of a certificate is not much more complicated.
    There are also many government and enterprise hardware that indeed only boot after entering a security token.

    It's not very scary either as the connection attempt would be obvious on packet sniffing, and then as a workaround you could just buy anything else.
    I am not sure that is possible with BIOS, but with UEFI it surely will.

    That assumes there will be an option to buy anything without it.

    Comment


    • #32
      Originally posted by uid313 View Post
      I am not sure that is possible with BIOS, but with UEFI it surely will.

      That assumes there will be an option to buy anything without it.
      This is possible below the bios. This is possible at bios level (see PXE for BIOS level network access). And at bootloader level. And at OS level.

      BIOS is an interface (just as UEFI). It does not prevent nor is required for the hardware to execute arbitrary code at arbitrary moments.

      Comment


      • #33
        Originally posted by grigi View Post
        I'm really just concerned about the DRM integrated into UEFI Secure Boot. You hear all these stories where manufacturers whitelist only some vendors keys, so you can't boot anything that wasn't pre-approved.

        What is actually the benefits to me for using UEFI Secure Boot? I don't know.
        The theoretical benefit is if you whitelist your own key only, then you can't boot anything unexpected. No Windows, for example. No rootkits.

        Comment


        • #34
          At least Linux/Linux bootloaders can easily call ExitBootServices

          Originally posted by uid313 View Post
          Imagine, a boot service could call ExitBootServices only if it was successful in contacting a remote server.
          This would allow some scary phone home functionality.
          I do not know where UEFI Linux boot sequences call ExitBootServices, but I would assume they do so. If they do not, it would be trivial to add this. On the other hand, I would fully expect vendor-supplied operating systems of ANY type to take advantage of this to phone home, maybe phone home delayed so packet sniffing would not so easily find them. Win9 could spawn a process that starts witha 5 minute sleep to allow networked users to begin online activity, connect to the server, then ExitBootServices. So could your favorite celluler provider's version of Android. This is one more reason why any OS provided by a vendor should be wiped from the disk prior to allowing a device to connect to any network.

          As for UEFI keys, we should assume the NSA has another key that cannot be blacklisted, just as it was revealed they did for Windows 2000. You could make it harder for someone to replace your initramfs by signing it with your own key, and probably the FBI would not have the NSA key, and probably they would expect Ubuntu's default key and sign their poisoned initramfs with that one, which you may have removed. Still, treat all commercial/hardware/closed source encryption as suspect, use it as only one layer in your defenses as by itself it cannot be trusted.

          One possible exception: If the NSA permits use of a component or program for anything classified "Top Secret," it is likely they do not have a back door in it for fear it would be found by someone else. AES itself is an example: the NSA is constantly trying to crack it, hoping any crack comes to them first and not to one of their enemies. The day the NSA says not to use AES for TS, dump it. Some hardware they do have custom made, however, and any TPM chip they don't trust I won't trust with anything important either unless it is made someplace they are hostile to and I am not.

          Comment

          Working...
          X