Well, then I'm confused as to WTF Intel is actually removing. Again, I don't see mobo vendors taking time/money/effort to add legacy BIOS back in if Intel removes it from their platform.

There is a UEFI feature called "UEFI Capsule" that sends the firmware to the UEFI and has it flash it on its own. Their idea is probably getting this system more standardized and able to work on all devices.
It's of course supported by Windows https://docs.microsoft.com/en-us/win...pdate-platform
and there is also a Linux project with tools and its own firmware repository https://fwupd.org/

If you get your hands on the capsule blob (a *.cab file) you can manually "install" it with the Linux commandline tool. (more like send it to the UEFI and let it do its thing, which is the same on any OS).

Since this is a standardized UEFI system and not a custom BIOS flashing tool it is less likely to blow up (as any upstream bug will affect anyone, and will be cached fast).

My Lenovo laptop from 2015 supports it if I check from Linux, and I'm pretty sure the windows-only "firmware upgrade" tool is actually using capsules.

Sapphire and other brands were slower to provide UEFI-compatible cards. It might be possible that your manufacturer has a firmware update with UEFI support, or that you can find a dump compatible with your GPU in this database of GPU BIOSes (also useful to find out which GPUs are actually UEFI-compatible). https://www.techpowerup.com/vgabios/

But quite frankly in 2020 that card would be like 8 years old, and if you aren't in dire need of sending Intel your $$$ you can probably get by for another 5 years with whatever the last CSM-supported system in 2019, without losing much in performance.

So yeah, I would not worry that much. By the time it becomes an actual issue, the card is going to be obsolete anyway.

There is no need for chipset support.

The only way to block this at the hardware level is for Intel to remove or lockdown their CPU's 16-bit mode (needed by BIOS and its applications to run). Which would be strange given Intel's promise of retrocompatibility, but it's indeed possible (and imho good riddance)

CSM does not give me full control over a shit. My OS is still a passenger running under the control of two shit OSes. CSM is a module running on UEFI. It does not disable UEFI, just adds stuff on top to let BIOS applications run.

None in IT really "wanted" UEFI. It's Intel's pet project.

Secure Boot per-se isn't as bad. On proper UEFI firmwares the user can add his own keys, so even if they mandate SecureBoot enabled I can still boot what I want.

Intel puts the infrastructure in place, but the decision to lockdown or not (i.e. who is good and who is bad) is defined by the OEMs (influenced by Microsoft or not).

So yeah, it's shit, but not as bad as you picture.

EFI is an older version of UEFI used in Apple PCs.

Assuming you mean BIOS in the question, UEFI does have some benefits too, assuming your board's UEFI does not cut too much options, but it comes with so much added bullcrap that it's a bit meh on the safety side of things.

Some of the things I like about UEFI is that it allows easier passthrough of GPUs in KVM (if the GPU has a UEFI firmware onboard, and the CPU/chipset support this anyway), and that I can use eEFInd graphical boot manager (independent boot manager so distros can't screw it up unlike what happens with GRUB2).

Also decent UEFI firmwares allow you to select manually the boot manager from within the UEFI interface itself (by travelling into the folders it sees in the EFI partition on disk), and to add/manage SecureBoot keys so you can use SecureBoot with your own self-signed key.

Then you have some amazing graphics and mouse support in the board setup interface. Which is debatable.

The main UEFI issue is that it is significantly more complex than BIOS, so it's easier to get buggy shit UEFI firmwares, and they are all probably unsafe one way or another.

For example my AMD laptop has an UEFI option to disable the PSP, but it does not do anything and resets to "enabled". Maybe your PC has that option and it works too (I've seen UEFI setup screens and quite a bit of boards now offer that option).

EDIT: another thing I like of UEFI is that it has facilities called "uefi capsule" that let you upgrade the firmware in supported devices using UEFI itself (no more freedos or windows-only firmware updaters). Windows supports this of course, and the same format is used by a linux project/repository of firmwares https://fwupd.org/

It used to be common to flash new BIOS versions with FreeDOS memory stick or CD. How much there is need for that with current UEFI boards? I know that usually you can flash it within UEFI menu and some boards can do emergency flashing without any display (note that not all boards support this!), but how often these are not enough? I have too little experience on UEFI motherboards that I could really comment on this, but on one old BIOS motherboard I had to use DOS because it the BIOS tool didn't work well (left me with 64 MiB of usable memory). I know that some people have this thing called Windows which seems to be well supported, but lets assume that one just doesn't have it for whatever reason. It could be just that they don't have a working installation and they can't have it without flashing the (UEFI) BIOS first.

I don't see your comment as pessimistic, it's realistic, and quite scary.

Adding some more thoughts:
* using secure boot for your security (replace the M$ cert chain with your own) won't get you a working system because of add-in hardware where you can't change the cert
* M$ is working on Linux support within Windows -> no need to boot Linux anymore
* and if you do, possible developments where someone whos has actual control over his/her systems/network is considered "bad", or "hacker", or "terrorist"
* the only way to boot Linux on an UEFI system will be with a M$ supplied cert, which is not what we want
* the still present certificate authority mess, and lack of good tools to disable certs you don't want
* the bad shape of code on router/modem/TV's/IoT devices

You know, a few years ago some Justice department guy said on TV (Netherlands public channel) that he would like to be able to search people's computers realtime and over the Internet.
But he also said that it was not time for that, yet.

Hmmm.

looking at modern uefi implementation i sometimes thing legacy bios is better, even if some of its code dates back decades.

So this is how IBM PC-compatible dies.. with thunderous applause of evil corporations.