Windows 10 and UEFI

Name
Email
Subject
Comment *
File	Select/drop/paste files here
* = required field	[▶ Show post options & limits] Confused? See the FAQ.

Flag
Embed	(replaces files and can be used instead)
Oekaki	Show oekaki applet (replaces files and can be used instead)
Options	Do not bump (you can also write sage in the email field) Spoiler images (this replaces the thumbnails of your images with question marks)
Password	(For file and post deletion.)
Allowed file types:jpg, jpeg, gif, png, webm, mp4, swf, pdf Max filesize is 8 MB. Max image dimensions are 10000 x 10000. You may upload 5 per post.

File: 1430252089788.gif (1.84 MB, 320x247, 320:247, desk-drawer-antique-gif-15….gif)

Windows 10 and UEFI Salty Dog 04/28/15 (Tue) 20:14:49 b7be0f No.3839

My understanding be that Windows 8 makes UEFI optional, but Microsoft wants to make UEFI mandatory in Windows 10.

Pirating vidya be great, but not if it ends up enabling Microsoft.

Normally I would say Gabe will save us with SteamOS, but Gabe appears to be preoccupied with eye surgery and charging doubloons for mods.

How bad be UEFI? How much does it threaten the security of a pirate?

Let's assume that you've got lots of private stuff to keep hidden - e.g. treasure maps to chests full of bitcoins, intimate photos of yer pet parrot, etc.

I know many pirates will use cracked versions of WIndows to avoid software-based programs that "phone home" to the mother ship.

However, UEFI might be so bad that a software-based firewall might be incapable of stopping it.

Salty Dog 04/28/15 (Tue) 21:04:08 1de7cb No.3861

File: 1430255048714.jpeg (6.68 KB, 275x183, 275:183, allislost.jpeg)

>>3839

/tech/ (albiet still a pleb) landlubber here-

>NOTE- this be a simplified and butchered explanation, designed to only highlight the parts that OP might care about. feel free to fill in anything I fucked up/glossed over.

UEFI be a BIOS replacement, designed to be easier to code, more modular, with CPU-independent drivers. It also has a bunch of other other technical benefits, but that's beyond the scope of discussion. Its also nothing new- UEFI has been standard in Macs since 2006, and most boards since 2008ish also have UEFI.

Now, there are two things about UEFI that a scurvy dog like ye needs to be concerned about. The first be secure versus legacy boot. Secure boot be a windows only security "feature" that prevents unsigned operating systems to boot on the computer. This has some benefits (say, if yer a library and ye don’t want someone to fuck around with a flashdrive-based OS) but it means that ye won't be able to boot a computer with another, unsigned operating system (like an experimental linux distro or a pirated version of windows)

As of windows 8, Microsoft required that all manufacturers of windows computers make secure boot optional and add an extra feature called "legacy boot", that allows anything to be booted on the machine if its enabled in the UEFI's settings. However, Microsoft quietly dropped that requirement for windows 10 machines, and manufacturers are now allowed to ship secureboot-only machines.

as for the phoning home part, there are two facets to that. The first be that UEFI supports networking, meaning that if someone was able to access it they could forcibly update/change yer settings. The other concern be independent from the UEFI, and be actually hiding in the firmware itself. An example of this would be the intel AMT- (active management technology) which be hardware level technology so that intel can update the firmware (and possibly other things) on yer computer remotely. AMT be completely separate from yer operating system or yer hard drive- its stored on a CMOS chip soldered directly onto the motherboard. This be also nothing new- the intel AMT actually pre-dates UEFI itself.

there are people working on disabling hardware-level backdoors, but they're a small, incredibly autistic and have only gotten it to work on a total of 5 laptops, all of which date to the bush presidency. if yer want to read more, its called the Libreboot project, but reading their documentation be like reading cult literature crossed with a quantum-mechanics textbook.

so Tl:DR-

> legacy boot be no longer required to be shipped with secure boot on windows 10 machines.

> Machines without legacy boot will be unable to load any operating system without a signed kernel, so ye can't install another OS

>There are hardware-level networked assets in most computers, and have been since at least 2006, that could potentially be used to snoop on users.

>workarounds for the hardware level stuff be in the works, but its painstaking, nuclear-physics teir hard, and only embarked on by the most devoted of autists.

so, really the best ye can do at this point be get a nice, ancient computer with the network card ripped out for all of those pictures of yer Crested Parrot, and a VPN for any high-seas action.

Salty Dog 04/28/15 (Tue) 21:07:23 9ffba5 No.3863

>>3839

>UEFI

>Software-based firewall

You've got it all wrong m8ty.

Firstly, UEFI has replaced BIOS for quite some time now. Many UEFI systems don't have the fancy-pants UIs and horrible mouse input, but they be UEFI anyway.

With Windows 8 and 8.1, Microsoft made vendors turn on Secure Boot by default, but vendors had to let users be able to turn it off. With Windows 10, they be removing that last stipulation, so ye may be stuck with Windows 10, and only Windows 10, forever and ever (amen.)

This be more concise and less specific than >>3861. Also, GNU/Linux a best, but WINE be absolute shite for anything relatively new. If ye can tolerate tinkering with it, it be having potential, but dual-booting 7 and GNU/Linux be yer best bet.

Salty Dog 04/28/15 (Tue) 21:20:57 b7be0f No.3869

File: 1430256057247.gif (1.81 MB, 330x255, 22:17, desk-drawer-antique-gif-15….gif)

>>3861

Arrrr, that be informative, thank ye.

Incidentally me original post was supposed to include links:

http://www.uefi.org/sites/default/files/resources/LinaroConnect2013_UEFIACPI.PDF

https://github.com/ARM-software/arm-trusted-firmware

I don't really care if the x86 architecture become a wasteland, because that just means x86 PCs become dedicated gaming machines.

However, the ARM chip might be the future of general-purpose computing.

It looks like the insiders who control UEFI will also control related initiatives for ARM, such as ACPI.

This if these insiders make things easy for some spy agency - that spy agency might get backdoors beyond No Such Agency's wildest current dreams.

https://wiki.linaro.org/LEG/Engineering/Kernel/ACPI

>>3863

>With Windows 8 and 8.1, Microsoft made vendors turn on Secure Boot by default, but vendors had to let users be able to turn it off. With Windows 10, they be removing that last stipulation, so ye may be stuck with Windows 10, and only Windows 10, forever and ever (amen.)

Arrr, so if I spend me doubloons on an x86 system and install Windows 10, I'll never be able to recycle it for use with OpenBSD.

Windows 8.1 looks intriguing, and if UEFI be optional, I might try to build a Windows 8.1 machine, knowing that I will be able to recycle it after I decide that no amount of gaming orgasms could be worth the degradation of Microsoft.

Salty Dog 04/28/15 (Tue) 22:01:30 1de7cb No.3887

File: 1430258490926.jpg (474.75 KB, 3000x1688, 375:211, Vulkan_6.jpg)

>>3869

>Arrr, so if I spend me doubloons on an x86 system and install Windows 10, I'll never be able to recycle it for use with OpenBSD.

not necessarily- windows merely removed the requirement. A manufacturer can still choose to add legacy boot if they want. Just do yer research and make sure that it has the option before buying a machine

>Windows 8.1 looks intriguing, and if UEFI be optional

UEFI isnt optional- its been industry standard since 2009. It isn't pure DRM- it does a shitton of useful shit for the boot process. as with above, if it has a legacy boot option, ye will still be able to load other operating systems onto it. Depending on how shitty the UEFI interface is, however, it might be like wrestling a rabid badger, but its still doable.

As for what gaben be doing

> windows 8 be announced

> developers world wide shit themselves with how retarded it be for both developers and users

> Valve shits itself extra hard because its entire business model be dependant on windows being (relatively) open for 3rd party developers

> they put everything on hold half life 3 to get themselves the fuck away from windows

> Open GL be the graphics api for linux, much like Directx, and its absolute shit.

> Direct quote from a programmer on the matter "the code be this gordian knot of bullshit. It hits ye like the Necronomicon; ye take one look, ye close ye laptop, and then ye repress the urge to jump off a cliff."

> So, valve threw all of its weight (along with a shitton of other developers, pic related) to get a graphics API onto linux that doesn't make half of yer coding staff commit seppiku in the break room.

> it was announced at GDC as Vulkan API.

> in a stroke of fate, at a similar time Microsoft announced that windows 7 will not support directx 12, which might be a bid to get gamers (as well folks using CAD shit) off of windows 7.

steam machines are merely the pretty, marketable package for the monumental back-end that a bunch of developers, not just valve, are throwing everything they have into. Windows 8 spooked them so bad that a shitton of folks are risking literally everything on this project.

sorry about re-posts, wierd formatting errors keep happening

Salty Dog 04/28/15 (Tue) 22:42:45 b751d8 No.3899

>>3861

Another /tech/ user on the poop deck here. Libreboot not be very hard to understand for the user, I believe >>3861 was looking at the intel me libreboot computers as they require a higher technical level too get it runing, I have not look too much into this though so I may be wrong.

As a note of warning to the fellows who want liberation libreboot only works with Linux based operating systems right now (why would ye use winblows on a free as in freedom computer?) I don't think BSD based systems work as of now so that sucks.

Also heres a guide for the T60 (the X60/T be on the sidebar) if the autistic docs confuse you.

https://github.com/bibm80/Coreboot-ThinkPads/wiki/ThinkPad-T60

I don't play video games on computers due to said freedom, send help ;_;.

Salty Dog 04/28/15 (Tue) 22:50:53 1de7cb No.3904

>>3899

i personally have a non-free machine for gayman and other shit, while everything low end (word processing, internet, ect) be used on me fully liberated x60.

if ye can get 32 bit dolphin emulator running, that might be a good option for the gaymes. dolphin-emu be free as in freedom, and just steal roms, we're on the piracy board after all.

Salty Dog 04/28/15 (Tue) 22:57:30 ddab5e No.3907

>>3839

Nigga where ye been? all new computers have had UEFI for years

>>3861

>its called the Libreboot project

Yeah I know them, tried to get me chinkbook to work but it was too new for it, total bummer

>so ye can't install another OS

Wait what? what about distros?

>so ye may be stuck with Windows 10, and only Windows 10, forever and ever

I be getting nervous here!

>>3899

What about linux games? like super shooting hat simulator (aka: TF2)

Salty Dog 04/28/15 (Tue) 23:17:19 b751d8 No.3912

>>3907

GANO/Linux games should work on the Libreboot computers. A T60 with a 2.33gh CPU should play tf2 fine based on the fact that one of me older computers before I got into Linux could run it with the same processing power just fine.

Salty Dog 04/28/15 (Tue) 23:18:35 b751d8 No.3914

>>3912

Its mainly autism stopping me from playing games because muh freedoms.

Salty Dog 04/28/15 (Tue) 23:56:24 b7be0f No.3930

File: 1430265384282.jpg (93.88 KB, 1024x878, 512:439, shootinCDRdj76UIAIV-Su.jpg)

>>3907

> tried to get me chinkbook to work but it was too new for it,

Speaking of Chink-books, R. Me-hearty Stallman uses a special notebook from China.

Yeeloong or some such thing.

http://ubuntuforums.org/showthread.php?t=984532

In the long run, we consumers who spend doubloons on personal workstations must demand that we have access to firmware.

Arrrrr. Or else we will send cosplayers armed with .357s

Salty Dog 04/29/15 (Wed) 02:04:47 b751d8 No.3965

>>3930

His Yeeloong got stolen so he got an libreboot computer I think.

Salty Dog 04/29/15 (Wed) 03:52:35 17f2d8 No.4006

>>3930

he's currently using a librebooted x60.

>>3907

>>so ye may be stuck with Windows 10, and only Windows 10, forever and ever

http://arstechnica.com/information-technology/2015/03/20/windows-10-to-make-the-secure-boot-alt-os-lock-out-a-reality/

in theroy, yes. This shit be scary, so hang onto yer older laptops.

Although, I expect it will only be a matter of time before a butthurt lawyer goes full lawsuit because he can't pay the intern to downgrade to 7 anymore.

Salty Dog 05/01/15 (Fri) 08:34:29 03a8a9 No.4847

Of course ye could, ye know, build yer own machine…

Salty Dog 05/01/15 (Fri) 09:06:14 4a3233 No.4849

YouTube embed. Click thumbnail to play.

>>4847

The question is, how do I get a motherboard that isn't contaminated with UEFI? I don't want to have to take it off (although theoretically I could get a UEFI motherboard and purge it of UEFI.)

I might decide to spend some doubloons on this:

http://www.tomshardware.com/news/ODROID-X-Raspberry-Pi-Quad-Core-Buy-Online,16293.html

or on this:

http://tronixstuff.com/pcduino/

But I'm not sure whether they are UEFI-compliant or not.

Salty Dog 05/02/15 (Sat) 23:22:59 ae1ba7 No.5183

>>4849

What do ye have against UEFI?

As long as the secure boot option be off, they cause no harm.

And no stand alone mobo has that, since ye wouldn't have a way to install an OS with it.

Just don't buy a prebuilt machine with Windows on it and that's that.

Salty Dog 05/03/15 (Sun) 08:58:08 dbb86c No.5253

>>5183

>What do ye have against UEFI?

A bunch of UEFI engineers came to me berth, pissed in me rum, and bothered me parrot.

I drank all the rum before I realized what had gone on.

Salty Dog 05/03/15 (Sun) 10:14:21 1e1fc6 No.5264

It's even worse in fact.

UEFI be vulnable to an entirely new class of malware which infects yer computer at the firmware level. Basically all UEFI be vulnable since they share code and are heinously annoyin' to update once out in the wild.

All I can tell ye be to NEVER EVER run Windows on bare metal (non-virtualized). Get some variant of linux as the bare metal OS and run a virtual windows. Pass through yer GPU but virtualize all other resources. ye can get very close to native gamin' performance while reducin' risk of infection, data leakage etc.

Naturally ye run Linux desktops virtualized side by side for all yer secure browsin' needs (Whonix), filesharin' (debian with i2p) or just regular desktop usage (Ubuntu with Libreoffice etc).

Salty Dog 05/06/15 (Wed) 14:45:34 4d61e7 No.5782

>>3863

>vendors had to let users be able to turn it off. With Windows 10, they be removin' that last stipulation, so ye may be stuck with Windows 10

Not necessarily, fellow m80, though the explanation gets a bit more technical.

A UEFI platform has 2 modes: Setup mode (i.e. ye can run anythin' unsigned), and User mode (won't let ye run unsigned software if secure boot be on).

-If it's in Setup mode, then great; ye have control of yer boat and can muck around to yer heart's content.

-If it's in User mode, ye have to pray to ye gods of the sea that ye can turn off Secure Boot. Otherwise, things get even worse from here:

—If Secure Boot can be toggled, then great. ye don't need to do anythin' as unsigned code will run on yer system.

—If Secure Boot be enabled with no option to turn it off or switch to Setup mode, ye need to strip the Platform Key (thus enterin' Setup Mode), or the Key Exchange Key (the key that can be used to sign a program to run or update the approved keys database, among other things). I don't know whether the KEK :^) be made available to users. There's plenty of information to go around.

If neither option be available, ye be most likely boned.

Salty Dog 06/21/15 (Sun) 07:59:58 86cc01 No.7683

File: 1434873598314.jpg (169.52 KB, 946x1600, 473:800, NotAfraidToDie.jpg)

>>5264

I will dig up this thread like a chest beneath the X spot on a map.

Relevant: Microsoft be tryin' to trick people into "up"gradin' to Windows 10.

http://answers.microsoft.com/en-us/windows/forum/windows_7-windows_update/kb3035583-installing-windows-10-using-windows/e8dc58af-18c4-4ab6-9906-02658b8f402d

http://www.intowindows.com/remove-upgrade-to-windows-10-message-from-windows-78/

http://www.infoworld.com/article/2907472/operating-systems/windows-10-upgrade-nagware-patch-kb-3035583-now-marked-important-on-some-win7-pcs.html

On the one hand, I want to build a gamin' machine.

On the other hand, I don't want to go through the headaches of virtualizin' a Windows machine on a Linux box.

Sigh.

I will probably have to learn how to virtualize, just like this person wrote:

>>5264

>UEFI be vulnable to an entirely new class of malware which infects yer computer at the firmware level. Basically all UEFI be vulnable since they share code and are heinously annoyin' to update once out in the wild.

>All I can tell ye be to NEVER EVER run Windows on bare metal (non-virtualized). Get some variant of linux as the bare metal OS and run a virtual windows. Pass through yer GPU but virtualize all other resources. ye can get very close to native gamin' performance while reducin' risk of infection, data leakage etc.

Naturally ye run Linux desktops virtualized side by side for all yer secure browsin' needs (Whonix), filesharin' (debian with i2p) or just regular desktop usage (Ubuntu with Libreoffice etc).

Salty Dog 06/21/15 (Sun) 16:18:46 60dc45 No.7687

>>3863

So, basicly, if I have a self-built PC, and updated from win 7 to win 10, I could not switch to legacy boot? Or be it only that way for specially treated Motherboards?