When development or maintenance tasks become prohibitively expensive in time, software development, certificates or knowledge requirements, there will be a move to alternate solutions to UEFI. In the meantime I can see the day that a cheap discard-able UEFI based appliance, not upgradable, would be used for secure connections. Want to connect to the bank, use the appliance, want to transfer data files, create a md5sum, encrypt the file and include the md5sum in the encrypted file. Use a different appliance for the file transfer.
For a secure operating system, to respect UEFI security when requiring a system patch or upgrade the vendor must always include the entire system. The certificate applies to the whole deliverable, and you should not accept patches. Patch ability makes your system half safe and opens the door to security breeches.
Imagine the hardware vendor costs if he wants his logo within a UEFI bios for his new tablet, net-book, server, or whatever. His costs will soar as replacing one chip on the mother board with one from another vendor may change the motherboard checksum.
The software developer, the student in a computer science class, the applications seller, the embedded controller vendor, are their efforts and products going to fall under the UEFI requirements?
UEFI is doomed to fail, and will be replaced by something better.
Power management, mobile and firmware developer on Linux. Security developer at Aurora. Ex-biologist. mjg59 on Twitter. Content here should not be interpreted as the opinion of my employer. Also on Mastodon.
![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
Delegate UEFI for appliances only
Date: 2012-03-17 09:09 pm (UTC)For a secure operating system, to respect UEFI security when requiring a system patch or upgrade the vendor must always include the entire system. The certificate applies to the whole deliverable, and you should not accept patches. Patch ability makes your system half safe and opens the door to security breeches.
Imagine the hardware vendor costs if he wants his logo within a UEFI bios for his new tablet, net-book, server, or whatever. His costs will soar as replacing one chip on the mother board with one from another vendor may change the motherboard checksum.
The software developer, the student in a computer science class, the applications seller, the embedded controller vendor, are their efforts and products going to fall under the UEFI requirements?
UEFI is doomed to fail, and will be replaced by something better.