Announcement

Collapse
No announcement yet.

UEFI Firmware Update Support To Be Backported To Ubuntu 15.04

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • UEFI Firmware Update Support To Be Backported To Ubuntu 15.04

    Phoronix: UEFI Firmware Update Support To Be Backported To Ubuntu 15.04

    With Linux 4.2 there is UEFI ESRT support as a necessary prerequisite for supporting UEFI firmware upgrades / capsule upgrades. That kernel System Resource Table support is in the process of being back-ported for riding on Ubuntu 15.04's kernel...

    http://www.phoronix.com/scan.php?pag...15.04-Backport

  • #2
    I just hope this won't blow up. There has been so much trouble with UEFI, even bricked mainboards.
    Just yesterday I had the pleasure of "just updating" a laptop's SuSE (mainly Adobe's crapware flash, but they needed it for some TV sites), and also took several other things that had accumulated and then suddenly SecureBoot struck me (it was bought with SuSE preinstalled but iirc. it was meant to be sold w. W8) In the end it took me 4 hours to switch to legacy boot mode (grub would freeze then), hook up a SuSE 13.2 install media, backup the box via console / USB HDD and then reinstall SuSE in classic mode. The (~500G) HDD was also in UEFI's GPT partition mode so I would rewrite the partitions.
    Also there was a separate boot partition (which is okay and what I normally do for grub + kernel) but this was a VFAT FS...

    "Just" took me 4 hours at all. "Just" wanted to update the flash players on two computers. (The elderly people were confused by FF's messages about it being vulnerable (again). But then you can't leave them with a non working laptop so I had to fix things.)
    I know SecureBoot and UEFI are not neccessarily exactly the same but they go hand in hand.

    Really interesting were the SuSE installation hints about UEFI. About writing to firmware chips, brinking, failing FS cleanups in those file systems there, even writing partition UIDs to the flash chips? I once thought a computer was there to help me do my stuff and not dictate me what to boot and what not. And just because MS had security issues up to the moon responsibility was shoved off to the firmware side and now we all have to suffer.

    And now I imagine what will happen if something during firmware update goes wrong. Or some bits flip for a checksum / security key.

    This had taught me another time reasons why I hate UEFI.
    Last edited by Adarion; 14 July 2015, 04:12 AM.
    Stop TCPA, stupid software patents and corrupt politicians!

    Comment


    • #3
      Originally posted by Adarion View Post
      Just yesterday I had the pleasure of "just updating" a laptop's SuSE (mainly Adobe's crapware flash, but they needed it for some TV sites), and also took several other things that had accumulated and then suddenly SecureBoot struck me (it was bought with SuSE preinstalled but iirc. it was meant to be sold w. W8) In the end it took me 4 hours to switch to legacy boot mode (grub would freeze then), hook up a SuSE 13.2 install media, backup the box via console / USB HDD and then reinstall SuSE in classic mode. The (~500G) HDD was also in UEFI's GPT partition mode so I would rewrite the partitions.
      Had the same problem with Kubuntu 15.04 a few days ago. After an update my XPS13 would just refuse to load grub. Searched for a solution online, but the only suggestions I have found were to disable Secure Boot which in the end was what I did.

      Comment


      • #4
        Originally posted by Adarion View Post
        I just hope this won't blow up. There has been so much trouble with UEFI, even bricked mainboards.
        Just yesterday I had the pleasure of "just updating" a laptop's SuSE (mainly Adobe's crapware flash, but they needed it for some TV sites), and also took several other things that had accumulated and then suddenly SecureBoot struck me (it was bought with SuSE preinstalled but iirc. it was meant to be sold w. W8) In the end it took me 4 hours to switch to legacy boot mode (grub would freeze then), hook up a SuSE 13.2 install media, backup the box via console / USB HDD and then reinstall SuSE in classic mode. The (~500G) HDD was also in UEFI's GPT partition mode so I would rewrite the partitions.
        Also there was a separate boot partition (which is okay and what I normally do for grub + kernel) but this was a VFAT FS...

        "Just" took me 4 hours at all. "Just" wanted to update the flash players on two computers. (The elderly people were confused by FF's messages about it being vulnerable (again). But then you can't leave them with a non working laptop so I had to fix things.)
        I know SecureBoot and UEFI are not neccessarily exactly the same but they go hand in hand.

        Really interesting were the SuSE installation hints about UEFI. About writing to firmware chips, brinking, failing FS cleanups in those file systems there, even writing partition UIDs to the flash chips? I once thought a computer was there to help me do my stuff and not dictate me what to boot and what not. And just because MS had security issues up to the moon responsibility was shoved off to the firmware side and now we all have to suffer.

        And now I imagine what will happen if something during firmware update goes wrong. Or some bits flip for a checksum / security key.

        This had taught me another time reasons why I hate UEFI.

        "I only know how things were done in the 1980s, am resistant to change, and refuse to update my knowledge"

        Comment


        • #5
          Originally posted by directhex View Post
          "I only know how things were done in the 1980s, am resistant to change, and refuse to update my knowledge"
          Sure, it is a big improvement that an update to your OS stops you from booting it at all. Because the firmware said so.
          Sure, it bust be great that you can store some variables in some location. But if you store too much or maybe write at the wrong position of if the embedded firmware has a bug, then, voila, the box is bricked. Really, great improvements we see for the 2010s.

          UEFI was meant to improve the old BIOS, overcome limitations. That was one goal, yes. But to me it seems
          a) they did not succeed
          b) certain people with their DRM stuff made it into it
          c) it's totally bloated. Why do you need a whole OS under the OS? Why does it need a whole network stack? So much open surface for errors and security / privacy issues.

          Coreboot seems the way to go. Modern, small, ported and freedom to the best possible degree.

          Stop TCPA, stupid software patents and corrupt politicians!

          Comment


          • #6
            Originally posted by Adarion View Post

            Sure, it is a big improvement that an update to your OS stops you from booting it at all. Because the firmware said so.
            Sure, it bust be great that you can store some variables in some location. But if you store too much or maybe write at the wrong position of if the embedded firmware has a bug, then, voila, the box is bricked. Really, great improvements we see for the 2010s.

            UEFI was meant to improve the old BIOS, overcome limitations. That was one goal, yes. But to me it seems
            a) they did not succeed
            b) certain people with their DRM stuff made it into it
            c) it's totally bloated. Why do you need a whole OS under the OS? Why does it need a whole network stack? So much open surface for errors and security / privacy issues.

            Coreboot seems the way to go. Modern, small, ported and freedom to the best possible degree.
            Do you care about the answers to your baited questions, or are you just showing off?

            edit: I've written a primer about UEFI, for hardware enthusiasts. http://forums.hexus.net/pc-hardware-...ml#post3498782
            Last edited by directhex; 15 July 2015, 06:06 AM.

            Comment


            • #7
              Originally posted by directhex View Post

              Do you care about the answers to your baited questions, or are you just showing off?

              edit: I've written a primer about UEFI, for hardware enthusiasts. http://forums.hexus.net/pc-hardware-...ml#post3498782
              Gee, you made two comments here that were both rude and with no substance. I seem to recall you do this a lot...

              Your UEFI "primer" does not address the very valid concerns Adarion has with UEFI. People on a Linux blog may prefer a open source replacement for BIOS? Shocker!

              Comment


              • #8
                Originally posted by oldtimefighter View Post

                Gee, you made two comments here that were both rude and with no substance. I seem to recall you do this a lot...
                If people on this forum weren't, by and large, extremely loud, angry, and uninformed, that might not happen.

                Of course, on most planets, a 1400 word primer written for people at Adarion's technical level would be considered "substance". But this is Phoronix.

                Your UEFI "primer" does not address the very valid concerns Adarion has with UEFI.
                He doesn't have "concerns", he has "complete lack of relevant domain knowledge".

                Since you seem to consider it vital, let's sit and deconstruct all the reasons he doesn't know what he's talking about.

                I just hope this won't blow up. There has been so much trouble with UEFI, even bricked mainboards.
                Covered in my primer, "Anything else I should know?".

                Just yesterday I had the pleasure of "just updating" a laptop's SuSE (mainly Adobe's crapware flash, but they needed it for some TV sites), and also took several other things that had accumulated and then suddenly SecureBoot struck me (it was bought with SuSE preinstalled but iirc. it was meant to be sold w. W8)
                Covered, "What's this "secure boot" I hear so much about?"

                n the end it took me 4 hours to switch to legacy boot mode (grub would freeze then), hook up a SuSE 13.2 install media, backup the box via console / USB HDD and then reinstall SuSE in classic mode.
                Covered, "Okay. But my drive isn't bigger than that. Can't I keep using BIOS, since I know it?"

                The (~500G) HDD was also in UEFI's GPT partition mode so I would rewrite the partitions.
                Covered, "Then what?"

                Also there was a separate boot partition (which is okay and what I normally do for grub + kernel) but this was a VFAT FS...
                Covered, "Installed to?"

                "Just" took me 4 hours at all. "Just" wanted to update the flash players on two computers. (The elderly people were confused by FF's messages about it being vulnerable (again). But then you can't leave them with a non working laptop so I had to fix things.)
                In no dimension do you get to blame choosing to reset a firmware to default settings on a completely unrelated act (updating a package in an OS)

                I know SecureBoot and UEFI are not neccessarily exactly the same but they go hand in hand.
                Covered, "What's this "secure boot" I hear so much about?"

                Really interesting were the SuSE installation hints about UEFI. About writing to firmware chips, brinking,
                Covered, "Anything else I should know?"

                failing FS cleanups in those file systems there, even writing partition UIDs to the flash chips?
                Covered, "Installed to?"

                I once thought a computer was there to help me do my stuff and not dictate me what to boot and what not. And just because MS had security issues up to the moon responsibility was shoved off to the firmware side and now we all have to suffer.
                Covered, "And stops me booting what I want"

                And now I imagine what will happen if something during firmware update goes wrong. Or some bits flip for a checksum / security key.
                Good job classic 16-bit BIOS updates never go wrong, right?

                This had taught me another time reasons why I hate UEFI.
                "I don't understand the thing, so I hate the thing because it is the thing's fault"

                People on a Linux blog may prefer a open source replacement for BIOS? Shocker!
                http://www.tianocore.org/

                Whether Coreboot is better (in a few ways it is, in many ways it's worse) is irrelevant. Utterly, entirely irrelevant. Tens of millions of UEFI-based systems are being sold per year. Tilting at windmills isn't going to change that.

                Comment


                • #9
                  Originally posted by directhex View Post

                  If people on this forum weren't, by and large, extremely loud, angry, and uninformed, that might not happen.
                  Your solution is for you to be even more loud and rude?

                  Of course, on most planets, a 1400 word primer written for people at Adarion's technical level would be considered "substance". But this is Phoronix.
                  The way it is done is for you to respond directly and NOT link to comments on another site which were mostly irrelevant to the issue of using Coreboot over UEFI.


                  Whether Coreboot is better (in a few ways it is, in many ways it's worse) is irrelevant. Utterly, entirely irrelevant. Tens of millions of UEFI-based systems are being sold per year. Tilting at windmills isn't going to change that.

                  Whether WINDOWS is better (in a few ways it is, in many ways it's worse) is irrelevant. Utterly, entirely irrelevant. Tens of millions of WINDOWS-based systems are being sold per year. Tilting at windmills isn't going to change that.

                  Maybe we should all be using Windows instead full time and get off of this site. We get it... You like UEFI, move on.

                  Thanks for playing.
                  Last edited by oldtimefighter; 19 July 2015, 08:30 PM.

                  Comment


                  • #10
                    Originally posted by Adarion View Post
                    I just hope this won't blow up. There has been so much trouble with UEFI, even bricked mainboards.
                    Just yesterday I had the pleasure of "just updating" a laptop's SuSE (mainly Adobe's crapware flash, but they needed it for some TV sites), and also took several other things that had accumulated and then suddenly SecureBoot struck me (it was bought with SuSE preinstalled but iirc. it was meant to be sold w. W8) In the end it took me 4 hours to switch to legacy boot mode (grub would freeze then), hook up a SuSE 13.2 install media, backup the box via console / USB HDD and then reinstall SuSE in classic mode. The (~500G) HDD was also in UEFI's GPT partition mode so I would rewrite the partitions.
                    Also there was a separate boot partition (which is okay and what I normally do for grub + kernel) but this was a VFAT FS...

                    "Just" took me 4 hours at all. "Just" wanted to update the flash players on two computers. (The elderly people were confused by FF's messages about it being vulnerable (again). But then you can't leave them with a non working laptop so I had to fix things.)
                    I know SecureBoot and UEFI are not neccessarily exactly the same but they go hand in hand.

                    Really interesting were the SuSE installation hints about UEFI. About writing to firmware chips, brinking, failing FS cleanups in those file systems there, even writing partition UIDs to the flash chips? I once thought a computer was there to help me do my stuff and not dictate me what to boot and what not. And just because MS had security issues up to the moon responsibility was shoved off to the firmware side and now we all have to suffer.

                    And now I imagine what will happen if something during firmware update goes wrong. Or some bits flip for a checksum / security key.

                    This had taught me another time reasons why I hate UEFI.
                    UEFI allows you to load your own security keys or disable SecureBoot altogether if there is no UEFI password set. Former can be used for having a (self-)signed Linux, latter for just disabling signature check. Latter will most likely make Windows not bootable if installed with SecureBoot on but you don't have one so might as well do it. It is a far better option than using legacy mode and doesn't involve reinstalling your Linux

                    Comment

                    Working...
                    X