Page 2 of 2 FirstFirst 12
Results 11 to 13 of 13

Thread: SecureBoot Is Now Easier For Smaller Distributions

  1. #11
    Join Date
    May 2008
    Posts
    213

    Default

    Quote Originally Posted by uid313 View Post
    UEFI can run in the background and can run background services behind the OS while the OS is also running.
    UEFI have much more control over the system and has a built-in TCP stack.

    BIOS is much more simple and can not run stuff in the background.

    UEFI is much more dangerous and likely to be vulnerable, exploitable and backdoored.
    I really hope you don't have recent Intel motherboards in any of your computers- otherwise, you very likely have Intel's Management Engine as part of your BIOS/UEFI. It's a very interesting technology if you are the one controlling it- it's basically another OS inside your computer that's trusted to do everything- with it's own networking stack as well. It's also hugely undocumented, and the main reason Flashrom can't be used safely on vast numbers of recent computers with Intel motherboards.

  2. #12
    Join Date
    Dec 2011
    Posts
    2,060

    Default

    Quote Originally Posted by dashcloud View Post
    I really hope you don't have recent Intel motherboards in any of your computers- otherwise, you very likely have Intel's Management Engine as part of your BIOS/UEFI. It's a very interesting technology if you are the one controlling it- it's basically another OS inside your computer that's trusted to do everything- with it's own networking stack as well. It's also hugely undocumented, and the main reason Flashrom can't be used safely on vast numbers of recent computers with Intel motherboards.
    Wow, Intel Management Engine and AMT is pretty creepy stuff.
    It is intended for companies and schools and such, but its pretty creepy.

  3. #13
    Join Date
    May 2012
    Posts
    347

    Default

    Quote Originally Posted by varikonniemi View Post
    The very minimum requirement should be that this key adding procedure would be doable from the UEFI specs and the computers came at most preinstalled with a microsoft key.
    They already do, when properly implemented. The hysteria has drowned out the reality, though.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •