On Sun, Jul 8, 2012 at 6:18 AM, Alexey Suslikov <alexey.susli...@gmail.com> wrote: > Remember SOPA/ACTA? If somebody is planning to have a regulation, > this somebody should take care about tools which guarantee direct, not > circumstantial, evidence of somebody else broke this regulation. > > UEFI implements network stack so it can be a long-standing strategy. > > UEFI is about remote monitoring without you even knowing about it, or > your corporate firewall sniffing for somebody else.
It's not the only thing it's about. The old Palladium project, now known as "Trusted Computing", is designed to have "secured" access to each level of hardware and software. Since every step individually can be circumvented with known technologies if not part of the secure stack, they've tried very hard to embed it at every level: CPU, boot loader, kernel, applications, data, and hardware. Expect to see this whole stack pushed for secure storage media and private information, because some of the primary goals are portable storage media and backup data. By "securing" every stage, it's also effectively digital rights managed, and for that to work, it needs to exist at every stage rom motherboard chipsets on up. Where it's going to be problematic for OpenBSD is on "Windows 8" certified hardware, which has the UEFI enabled by default. It's theoretically possible for OpenBSD's boot loaders to emulate what Red Hat has done for Fedora: buy a signature for UEFI compatible shim that will load the kernel. The problem then, will be locally compiled kernels, which all my OpenBSD managing peers create as a matter of course. Many of us can comfortably disable UEFI, but it's going to be problematic for our less skilled colleagues. > You buying UEFI hardware will be a sponsor of somebody sniffing on you. > What an irony. Or saving $100 on buying the latest hot box, or of graciously accepting a gift, or of doing a successful dumpster dive for laptops, desktops, and server grade hardware. > Also, UEFI will possibly take down a dozens of Linux/BSD-oriented > hardware suppliers businesses because their customers will deny to run > security critical tasks on UEFI hardware. Good support for stagnating > world economy. Go look at what Fedora is doing to handle this. OpenBSD boot loaders are going to have to make some kind of accomodation with this in the next 5 years, or throw in the towel for new hardware and go directly to virtualization only. (That's admittedly how I use it these days, mostly for testing components like OpenSSH before 6.0p1 was bundled.) > IMO, it is smarter to spent on Raspberry Pi port than UEFI bullshit. Good luck with that.
