BIOS then UEFI hacking motivation have always been presentin the 1st place because Microsoft, by design, always relied on boot loader services for the OS: BIOS services (so called BIOS "interrupts", even the name was confusing) early made the nest of PC boot sector viruses. UEFI runtime services pursued in the same/modernized way and was the primary motivation for secure boot.
Of course, other architectures now have secure boot as well: Especially ARM. But primary motivation there is quite clear. Locking the user. Well, Microsoft pushing the UEFI abomination willing to go beyond x86 was probably later another motivation.
So UEFI 3 almost waterproof phases that lead to many code commonalities duplicates (on top of those linked with BIOS vendors code, EDK2 reference implementation lead by Intel and Intel/AMD reference-codes, that may also all bring their own compiler toolchain) means an heavy/difficult to maintain patchwork.
For ARM, that's also 3 stages to start "lifting the rocket" before reaching your own boot loader (usually u-boot, thanks god, UEFI remains uncommon). So 3 times the commonalities for boot HW support as well with many restrictions (boot SPI compatibility is a nightmare and every secured zone access must use them through SMC calls) and, let's say, a code quality that would not be allowed if this was not from a third party (same for UEFI).
For what benefit? If you want to sell anything that can go in network infrastructure in the US, for instance, you have top provide all sources+build infrastructure on a server in the USA that can be accessed by the NSA to exactly (let's say the only differences may be build time/info in some binaries!) rebuild all your firmware!
If these guys managed to rebuild & tap Cisco routers FW during the delivery to targeted customers, that's not (only) because they are true genius: The laws are written to ease their work.
On my side, I'm still waiting to see any highly customized boot-loader (for the HW it runs on) hacked if not designed for exposing (back)doors to a Microsoft OS, without everything to build it to allow remaining unnoticed/stable.
Power management, mobile and firmware developer on Linux. Security developer at Aurora. Ex-biologist. mjg59 on Twitter. Content here should not be interpreted as the opinion of my employer. Also on Mastodon.
![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
Re: Secure boot?
Date: 2023-03-31 01:15 pm (UTC)Of course, other architectures now have secure boot as well: Especially ARM. But primary motivation there is quite clear. Locking the user. Well, Microsoft pushing the UEFI abomination willing to go beyond x86 was probably later another motivation.
So UEFI 3 almost waterproof phases that lead to many code commonalities duplicates (on top of those linked with BIOS vendors code, EDK2 reference implementation lead by Intel and Intel/AMD reference-codes, that may also all bring their own compiler toolchain) means an heavy/difficult to maintain patchwork.
For ARM, that's also 3 stages to start "lifting the rocket" before reaching your own boot loader (usually u-boot, thanks god, UEFI remains uncommon). So 3 times the commonalities for boot HW support as well with many restrictions (boot SPI compatibility is a nightmare and every secured zone access must use them through SMC calls) and, let's say, a code quality that would not be allowed if this was not from a third party (same for UEFI).
For what benefit? If you want to sell anything that can go in network infrastructure in the US, for instance, you have top provide all sources+build infrastructure on a server in the USA that can be accessed by the NSA to exactly (let's say the only differences may be build time/info in some binaries!) rebuild all your firmware!
If these guys managed to rebuild & tap Cisco routers FW during the delivery to targeted customers, that's not (only) because they are true genius: The laws are written to ease their work.
On my side, I'm still waiting to see any highly customized boot-loader (for the HW it runs on) hacked if not designed for exposing (back)doors to a Microsoft OS, without everything to build it to allow remaining unnoticed/stable.