
- #Reddit efi partition showing goldenkey 64 Bit
- #Reddit efi partition showing goldenkey drivers
- #Reddit efi partition showing goldenkey full
- #Reddit efi partition showing goldenkey software
The most annoying issue to deal with on these systems is resuming from low power states (i.e. Linux is not quite there, and since its a hardware problem the pool of people who could possibly solve this problem is small to begin with.
#Reddit efi partition showing goldenkey software
It appears Microsoft has corrected the problems for their software so everything runs seamlessly under Windows. There are a lot of compatibility hacks that need to be done. To my knowledge linux doesn't have a working implementation that fully supports this mismatch.
#Reddit efi partition showing goldenkey 64 Bit
The main problem with UEFI is when there is a mismatch in bit implementation between the CPU and UEFI.īasically you get problems where there is a 64 bit cpu and the UEFI implementation is 32 bit. See also: EFI and Linux: the future is here, and it's awful - Matthew Garrett Of course, it's not hard to see MS's ulterior motive here, strangleholding alternate operating systems (Linux, FreeBSD, etc) from ever running in the first place.
#Reddit efi partition showing goldenkey full
While it makes it much harder to perform a bootchain attack on a full Secure Boot chain like the one used in Windows, there's no way to know if that chain has been broken or not. Secure Boot doesn't really protect from much. Oh, and for ARM devices, Secure Boot cannot be disableable! And, now with Windows 10, OEMs don't have to allow it to be disabled and don't have to allow loading alternate keys. Granted, OEMs were required to allow Secure Boot to be disabled and to allow loading a custom keychain, but now getting a non-MS OS to run takes more steps then just "pop in this CD/USB stick." OEMs shipping Windows 8 (and now Windows 10) computers must have Secure Boot enabled and loaded with MS's keychain. The claimed point is to prevent low-level malware from hijacking the boot process, even though that's a shitty attack vector, and to allow businesses/users/whatever to only allow binaries they sign to run.Įxcept, of course, MS had to fuck it up. Basically, you can load in RSA keys into your firmware, and then you can only boot binaries signed with those keys. UEFI also has this thing called Secure Boot. Like basically every manufacturer not setting FLOCKDN when coming out of sleep, creating the Darth Venamis attack (which is another story the Jedi won't tell you). The standard itself is secure, but with such a huge surface area, it's very easy to misimplement. It's basically an entire OS, who's only purpose is to load another OS.
#Reddit efi partition showing goldenkey drivers
It's about 10% the size of the Linux kernel and if you exclude Linux's device drivers it's actually bigger than the Linux kernel. With the release of Windows 8 in October 2012, UEFI was mandatory for OEMs to put Win8 on their machines. But, by 2011, manufacturers had started shipping UEFI-capable machines, even if they defaulted to CSM (aka MBR, aka 'legacy boot'). When Apple switched to x86 from PPC, they went straight for EFI and later migrated to UEFI.Īside from Mac machines, no-one really used EFI. MBR is certainly capable, but it's a pretty garbage standard that's only in place because it is.Įxtensible Firmware Interface (EFI) was built by Intel a while ago, and was used for Itanium (Intel's failed 64-bit version of x86, later replaced by AMD's amd64 aka x86_64). Originally, back in ye olde DOS days, IBM-compatible computers booted using the MBR semi-standard. Now, to answer: what is UEFI, why is it shit, and why did it pose problems for Linux: It's not really a problem, but it's still a gigantic shitstorm. The installers included with Debian, Ubuntu, Mint, Fedora, and many other distros can handle UEFI if you're installing Arch or Gentoo there's guides on their respective wikis for using it. Unless you're buying an ARM Surface, don't worry about it. It's incredibly overly complicated and kinda shit. With modern Linux installers you shouldn't have any issues with penguinifying a UEFI-based computer. It doesn't really offer any more security, but on 99% of computers can be disabled. Microsoft invented, and then made mandatory for OEMs with Win8 (and later Win10), this thing called Secure Boot. To quickly answer your numbered questions:
