UEFI Build requests - suggested help

[Jerry]

Well said.

Sent from my Mobile phone using Tapatalk

[trinidad]

bitsnpcs:

The following are what I would consider utterly firmware free even in the kernel, but the performance limitations are real regarding specific OEM hardware because of this. There is really no monetary incentive for hardware manufacturers to cooperate with the Linux community, and I look for Intel to deepen its firmware crypt rather than go open source in the future. Technology cycles along with education, and gurus want to be paid. Money will lure many of the very best people away from ethical considerations. No one wants to admit it, but the only barrier to OEM hardware extortion practices is the US Government. A US law against such practices is the only solution. Hacking is headed for obsolescence and technology has utterly outrun its day to day dependent users. The balance of power has tipped heavily toward the most skilled, most educated, and wealthiest entities. US law is the only thing powerful enough to forestall an utter domination of the world by corporate technology entities. I personally feel the US Government has a basis for a class action suit against Intel, not to mention potential espionage charges. The real anarchists in the world today are companies like Intel. The damage done by tobacco, asbestos, and Wall St. banks, is nothing compared the damage done and to come from technology companies allowed to operate outside the reach of US law.

https://libreboot.org/
http://www.gnewsense.org/Main/HomePage

TC

[TheDead]

3) OEM tracking can now be placed in a machine beyond the reach of your Linux system. AMD has already done this, and I doubt that Intel is far behind, and when they cross that bridge computing privacy will be utterly dead on their new machines, even running Debian.

Didn't Intel already do that with the unique CPU identifier in the Pentium3 (I think)? The option to disable this "feature" was the first thing motherboard manufacturer put in their BIOS. Other than Intel board of course.

There is no spoon!

[trinidad]

Adding to this discussion: as of May first this year Intel finally announced the patch for AMT and other firmware security vulnerabilities that has been present in all Intel cpu/mobo management firmware since 2006. I have yet to receive any notification of patch availability from Dell, HP, or Intel, even though I still manage a few enterprise networks. BIOS may be BIOS but processor management firmware is a whole 'nother beast. The lag is reported officially as 9 years but is indeed 11 years on some higher end HPs as far as I can tell. I personally don't think the patch appeared except for certain newer AMT versions.

TC

I forgot. Get the Linux repair tools here:

https://github.com/intel/INTEL-SA-00075-Linux-Detection-And-Mitigation-Tools

Adding again to this post: OEM support is spotty in my opinion at Dell and HP with several missing OEM machines that I know of personally and I have been to both sites. Finally I don't think the patch will prevent an "in the room exploit" via the MEBx recovery tools but we will just have to wait and see.

[bitsnpcs]

As I noted before a CPU sourced to code from a GNU compiler. I wish them well, but some things are fallacious in their claims, and a bit over-exaggerated as "security" claims always are. Why bother with a Debian respin (PureOS) other than for marketing their OS above Debian which is a silly claim. The issue with OEM security is not going to go away. That extra partition can hold as many tracking applications as OEMs want to write, all in inaccessible code. We have a better chance of getting a law against it the US, but worldwide the game is not winnable.

TC

Very true security claims are often like fairy tales, and can make for some fun reading.
Biggest surprise recently I read of was windows 10 file sharing of users infos, wonder if the isp's will start capping them lol. It gave me the giggles when I read it thinking it would be so fun if when people boot windows it produces one of those screens from their ISP stating, "blocked for illegal file sharing". It would be legendary.

[gold_finger]

goldfinger... rEFInd does this very well, and has contingencies for firmware quirks.

Thanks for the reminder -- for some reason I always seem to forget about that option.

[trinidad]

As I noted before a CPU sourced to code from a GNU compiler. I wish them well, but some things are fallacious in their claims, and a bit over-exaggerated as "security" claims always are. Why bother with a Debian respin (PureOS) other than for marketing their OS above Debian which is a silly claim. The issue with OEM security is not going to go away. That extra partition can hold as many tracking applications as OEMs want to write, all in inaccessible code. We have a better chance of getting a law against it the US, but worldwide the game is not winnable.

TC

[bitsnpcs]

What do we need? A miracle. An OEM hardware builder of Linux only computers.

TC

https://puri.sm/products/librem-13/

http://www.techradar.com/news/the-5-best-linux-laptops-of-2017

[trinidad]

goldfinger... rEFInd does this very well, and has contingencies for firmware quirks.

TC

[trinidad]

1) A basic GNU C compiler cannot install the depth of active applications into an ESP that an OEM C++ compiler from Intel or AMD can.
2) Do it youself? I think not especially when a single license can run you $2000.
3) OEM tracking can now be placed in a machine beyond the reach of your Linux system. AMD has already done this, and I doubt that Intel is far behind, and when they cross that bridge computing privacy will be utterly dead on their new machines, even running Debian.
4) EFI is a circumvention that could have been done in a much simpler way. Pretty obvious, given the length of develpment time, that MS, Intel, and AMD had a plan for the future all along.
5) Certainly OEMs are going to appease the Linux community with functionality, that is UEFI is going to work better and better with Linux systems as it continues down its developmental curve, but you can be sure that inaccessible to GNU tracking mechnisms are going to become more sophisticated as well.

What do we need? A miracle. An OEM hardware builder of Linux only computers.

TC

[gold_finger]

@ Monkeyman,


I just posted instructions for someone else with similar question to yours.  If your computer firmware allows for changing modes from UEFI to Legacy/CSM, then you can keep Windows installed in UEFI mode and install LL in Legacy mode.  When done, you boot to OS of choice by changing boot modes instead of from grub menu choices.


See here for fuller explanation.

[Jerry]

This goes for all things in life. Explore both sides of a given topic, then form a view from an ethical, humanitarian perspective. Then disseminate this information. Do your part to help others evolve. I see even in our time, the devolution of our species. We have to fight that.

Sent from my Mobile phone using Tapatalk

[Jerry]

I'd encourage everyone to look past convenience in regards to UEFI in the pursuit of taking at the very least, a balanced view of the issue of the implementation of it. There are ethics involved in nearly every topic. Explore and develop a more thorough understanding of UEFI and people will respect you more and view you as a fair and balanced person.

Sent from my Mobile phone using Tapatalk

[Monkeyman]

There is nothing wrong with BIOS. If it ain't broke... UEFI is an unecessary imposition on people. The benefits of UEFI are trivial. Legacy BIOS does exactly what it is supposed to do. /end-imo

Jerry, you're a heck of a lot smarter than I am so I'll just take your word for it that BIOS is fine.  Only problem is that I happen to have a mobo that has UEFI.  I'm not going to buy another mobo (even if I had the money, which I don't) just to use LL even though I think LL is great.

I hope you'll reconsider your choice in the future but if you don't, at least I can run LL on my laptop. 

[Jerry]

There is nothing wrong with BIOS. If it ain't broke... UEFI is an unecessary imposition on people. The benefits of UEFI are trivial. Legacy BIOS does exactly what it is supposed to do. /end-imo

Sent from my Mobile phone using Tapatalk