Hi, this is a little off-topic, but still relevant I think. You all might remember that about a month ago I made a post about how I had partitioned my laptop hard drive GPT-style, which requires UEFI boot. I did this mainly to learn about GPT and UEFI, not because I wanted to dual-boot with Windows (because I don't in fact use Windows, at all). My post was just to ensure that Devuan would be able to handle UEFI boot.
A few people later replied that MBR boot was at least as good, if not better. I didn't really think that it mattered, so I don't have anything to say about that. But then today I saw this: New Vicious UEFI Bootkit Vulnerability Found for Windows 8 http://www.theregister.co.uk/2012/09/19/win8_rootkit/ That got my attention. And with a little more googling, I learned that UEFI boot in fact is quite a bit more likely to compromised than BIOS boot, because you can place rootkits undetectable for the OS in the preload. Microsoft's answer to this is to enable "secure boot," but now it seems that even that has been compromised. Your best protection would be to own a motherboard that only has BIOS boot capability. But such boards are now becoming scarce, though you can still find that in new server motherboards (such as those made by Tyan) On consumer motherboards, BIOS is pretty much history. Nevertheless, a UEFI motherboard is probably safe (or at least safer) if you disable UEFI boot and enable CSM (compatibility support module) so that you can partition the drive MBR style. Doing that, of course, means that you don't get to take advantage of the dubious benefits of GPT partitioning, but unless your hard drive is larger than 2TB, I don't think you'll notice the difference. cheers, Robert
_______________________________________________ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
