It surprises me that virtually no-one in the open source community has protested against (u)EFI.
First of all, let me explain briefly what it is. EFI is not a replacement of BIOS, but an BIOS with extra features. The main feature is that hardware has their firmware extensions, so should (in theory) be easier and quicker to write drivers for multiple CPU architectures and different operating systems, handy for servers and workstations for instance. EFI has a small core which runs below the OS kernel, and controls all I/O and resources, the OS kernel is not aware if EFI has interfered.
What bothers me is that EFI has recently been marketed for a nice GUI, quicker boot time, larger harddrives, removal of legacy features and such, but almost never for it's real benefits. The extensible firmware is not very relevant for consumers anyway, it will take a very long time before hardware drivers will utilize this, if they ever will. (For instance, I don't see nVidia tossing away their universal driver architecture for a new one when they have basically already achieved this.) Support for larger harddrives can be solved by adding support for a new MBR with a larger LBA, no need for adjusting the sector size. Unused legacy features is no real problem. In fact, the GUI and boot and POST time has nothing to do with EFI itself, it seems like companies are just using this to push a new piece of software we consumers don't really need. Why are they doing this, is it just marketing or is it something more? I don't know their intentions.
My issues with (u)EFI of course that it's proprietary, but it's also the following issues(mostly security):
* EFI can control your entire computer without you knowing it, it can communicate with the world without your permission. I'm not saying governments or companies will use this features, but it is technical possible within the specifications. The community keeps nagging people for using proprietary software like the nVidia blob, while real big issues like EFI is hardly ever mentioned. Using a proprietary driver or piece of software(if it supports open formats) does not rob your freedom, but letting others control potentially your computer is definitely giving up your freedom. Let me emphasize, it's very unlikely that anyone will take over your computer, but the principle is the important thing here. Anyway, at best EFI will drain a little of your computer's resources.
* On x86, EFI has a security vulnerability when switching from 32-bit pmode to 64-bit pmode through real mode, and the other way around, because when switching mode anything can be injected to RAM, and the EFI image has to be stored in "unallocated RAM" for a moment. In order to solve this, x86 has to be redesigned and break backward compatibility. This issue should only be a problem when EFI starts in one mode and boots an OS in another mode, if both are in the same mode this issue should not be a problem. But at least older EFI usually boots in 32-bit pmode, and most people use 64-bit OS today.
* EFI requires the EFI loader to be in the ugly proprietary PE-format.
This is why alternatives like coreboot is so important, to me it seems like the only free way to use a PC in the close future.
I would love being able to buy a motherboard shipping with coreboot.
You might ask why I know this, well I was writing my own boot loader and a very simple kernel some years ago, so I'm familiar with how x86 boot strapping works. I also spent some weeks researching EFI and starting writing an EFI loader for XP, you might remember the competition a while back? (None of this work of mine ever got finished.) But feel free to explain more of these issues above, some of you guys might have way more experience than me. If you don't take my word, feel free to read the entire specifications for EFI/uEFI.
Like V!NCENT said, the BIOS still runs after boot, and interrupts go through there. It's a myth that BIOS is no longer in use.
First of all, let me explain briefly what it is. EFI is not a replacement of BIOS, but an BIOS with extra features. The main feature is that hardware has their firmware extensions, so should (in theory) be easier and quicker to write drivers for multiple CPU architectures and different operating systems, handy for servers and workstations for instance. EFI has a small core which runs below the OS kernel, and controls all I/O and resources, the OS kernel is not aware if EFI has interfered.
What bothers me is that EFI has recently been marketed for a nice GUI, quicker boot time, larger harddrives, removal of legacy features and such, but almost never for it's real benefits. The extensible firmware is not very relevant for consumers anyway, it will take a very long time before hardware drivers will utilize this, if they ever will. (For instance, I don't see nVidia tossing away their universal driver architecture for a new one when they have basically already achieved this.) Support for larger harddrives can be solved by adding support for a new MBR with a larger LBA, no need for adjusting the sector size. Unused legacy features is no real problem. In fact, the GUI and boot and POST time has nothing to do with EFI itself, it seems like companies are just using this to push a new piece of software we consumers don't really need. Why are they doing this, is it just marketing or is it something more? I don't know their intentions.
My issues with (u)EFI of course that it's proprietary, but it's also the following issues(mostly security):
* EFI can control your entire computer without you knowing it, it can communicate with the world without your permission. I'm not saying governments or companies will use this features, but it is technical possible within the specifications. The community keeps nagging people for using proprietary software like the nVidia blob, while real big issues like EFI is hardly ever mentioned. Using a proprietary driver or piece of software(if it supports open formats) does not rob your freedom, but letting others control potentially your computer is definitely giving up your freedom. Let me emphasize, it's very unlikely that anyone will take over your computer, but the principle is the important thing here. Anyway, at best EFI will drain a little of your computer's resources.
* On x86, EFI has a security vulnerability when switching from 32-bit pmode to 64-bit pmode through real mode, and the other way around, because when switching mode anything can be injected to RAM, and the EFI image has to be stored in "unallocated RAM" for a moment. In order to solve this, x86 has to be redesigned and break backward compatibility. This issue should only be a problem when EFI starts in one mode and boots an OS in another mode, if both are in the same mode this issue should not be a problem. But at least older EFI usually boots in 32-bit pmode, and most people use 64-bit OS today.
* EFI requires the EFI loader to be in the ugly proprietary PE-format.
This is why alternatives like coreboot is so important, to me it seems like the only free way to use a PC in the close future.
I would love being able to buy a motherboard shipping with coreboot.
You might ask why I know this, well I was writing my own boot loader and a very simple kernel some years ago, so I'm familiar with how x86 boot strapping works. I also spent some weeks researching EFI and starting writing an EFI loader for XP, you might remember the competition a while back? (None of this work of mine ever got finished.) But feel free to explain more of these issues above, some of you guys might have way more experience than me. If you don't take my word, feel free to read the entire specifications for EFI/uEFI.
Like V!NCENT said, the BIOS still runs after boot, and interrupts go through there. It's a myth that BIOS is no longer in use.
Comment