Remember me, why did we need UEFI? what was wrong with old BIOS + USB upgrades only? Apart this, i really do not know if i like the idea of windows with its history of bugs and security flaw having access to my firmware. I would love the idea that while i go near to the metal, the upper layer of software is hosted, but cannot really touch or look anything apart from what the UEFI wants to expose. Similarly how applications cannot really delete system files and code in the browser cannot really delete applications.

When Windows Update fails, it will bring your hardware with it 😀

Good Luck! https://wikileaks.org/ciav7p1/

asturur:

Remember me, why did we need UEFI? what was wrong with old BIOS + USB upgrades only?

16 bit code, 1MB memory space to execute, bootable drives only lower than 2.1 TB. Now we have 64 bit code both in UEFI BIOS and in OS, we have UEFI shell (not used that widely but I am sure some do use it), we have unified BIOS modules (hence the UBU Tool), we have USB upgrades plus upgrades right in BIOS from NTFS partitions.

I like the idea behind this. But not if Microsoft is implementing it. They can barely get normal bog standard updates working each month. If someone like BitDefender, ESET, or Kaspersky integrated this into their software suites I would feel far more at ease with it. I personally do not use secure boot as I want the option of hitting DEL during startup and get into the BIOS to do what ever I need to do and if something goes wrong in the OS it makes it infinitely easier to correct it. The whole idea of having to load into windows to then reboot and get into to the BIOS is just ludicrous to me. I rarely ever turn on UEFI as I just do not trust the man behind the curtain (yes all modern boards are fully UEFI under the hood but it tones down what it can get it's grubby little hands into); the real world difference between a legacy boot and a UEFI boot on modern SSD machines is about 5-6 seconds, fine by me. Once you are in windows you cannot tell the difference between legacy and UEFI anyway as it switches over to side-channel addressing anyway to the BIOS. I take that reduction in security at face value. I personally use BitDefender on all of my internet facing devices as it works best for me and what I do. I would be interested to see this added to their security suites.

mbk1969:

16 bit code, 1MB memory space to execute, bootable drives only lower than 2.1 TB. Now we have 64 bit code both in UEFI BIOS and in OS, we have UEFI shell (not used that widely but I am sure some do use it), we have unified BIOS modules (hence the UBU Tool), we have USB upgrades plus upgrades right in BIOS from NTFS partitions.

The bios could be improved without become a full fledged OS with tcp ip stack, ntfs compatibility and bitmap graphic. ( is not even an open standard ntfs ) A fine text interface and usb + open filesystem format would reduce the attack surface in general.

Khronikos:

Let's face it, trusting Microsoft with any of your data more than you need to is the most stupid thing you might as well ever do. NO THANKS. Trying to remember the last time I got hacked on the UEFI. Let me think here... It's basically just give us control of your PC at this point.

Windows 10 is actually pretty secure and the built in Defender has a low footprint and actually does work well.

asturur:

The bios could be improved without become a full fledged OS with tcp ip stack, ntfs compatibility and bitmap graphic. ( is not even an open standard ntfs ) A fine text interface and usb + open filesystem format would reduce the attack surface in general.

But could it stay 16 bit? I guess "no" is the only interesting option. I prefer better performance (interaction with Windows/Linux) and better unification (and modularity).

@I_Eat_You_Alive start using M.2 with gpt and see how far you can boot in legacy mode... i dont care about secure boot being off, doesnt man im gonna stick with legacy mode for no reason on hw/sw that was design with uefi in mind.

You know I've thought about this in the past when my pc acted funny which made me full flash bios and everything went back to normal.... now I'm certain my hunch was correct.

asturur:

Remember me, why did we need UEFI? what was wrong with old BIOS + USB upgrades only? Apart this, i really do not know if i like the idea of windows with its history of bugs and security flaw having access to my firmware. I would love the idea that while i go near to the metal, the upper layer of software is hosted, but cannot really touch or look anything apart from what the UEFI wants to expose. Similarly how applications cannot really delete system files and code in the browser cannot really delete applications.

BIOS has significant limitations as it relates to modern hardware. It is limited to only 16-bit processor mode and 1 MB of addressable memory. UEFI on the other hand supports either 32-bit or 64-bit processor mode and can access all of the system’s memory. BIOS uses a Master Boot Record (MBR) for the disk partitioning scheme, whereas UEFI uses a newer partitioning scheme called GUID Partition Table (GPT) which overcomes certain limitation of MBR. UEFI is able to support disk sizes greater than 2 TB, with a maximum disk and partition size of 8 Zebibytes (Zib). There are also several security benefits to running UEFI over BIOS on Windows 10 systems. Secure Boot3: protects the pre-boot process against root kits/boot kits and requires no additional configuration (other than switching it on once the system is running UEFI). Once enabled, only signed boot loaders will be able to run. Other advantages of UEFI that your end users will appreciate is faster startup times, faster shutdown times, faster sleep times and faster resuming times compared to BIOS based systems.

From a very quick search here: https://www.1e.com/news-insights/blogs/what-is-uefi-and-why-do-i-need-it/

Khronikos:

Don't kid yourself. Win 10 was built from the ground up to take your data lol. Secure or not means nothing in this instance. I've never been hacked nor will I be hacked on the UEFI, so why give a known partaker into government hacking my firmware. MAKES ZERO LOGICAL SENSE. But Windows 10 is actually pretty secure guyZ! LOL. Not only is Win 10 probably completely CIA-compliant in the first place, giving them access to your firmware can only be good! I mean, who wouldn't trust Microsoft and the CIA at this point? WIN WIN.

You already gave the government access to your UEFI when you bought a bought an Intel processor with ME in it.

Here's an interesting conundrum not readily documented (not all of it) on the webs. It is more related to the bootloader than UEFI but still related. I recently ran into an issue when removing an older drive from my workstation which admittedly has to many drives. It turns you can have the boot files on a drive other than your C: or data windows drive. Once I removed the old drive (which did not contain the boot files), the system failed to boot without any recovery options. The only option is to boot from windows recovery USB or disk. Second the boot folder had either been corrupted or deleted because reconnecting the old drive did not fix the problem. Windows could not restore/fix/recover the boot partition because it also turns out the C: drive was not GPT enabled. Another uncommon setting in my configuration. It took quite awhile to determine that this was the reason I could not recreate a boot partition on my data parition. I verified this by finding a GPT enabled drive, creating a boot EFI partition and reloading the boot information on to it. Lesson learned. Your boot EFI partition should be located on a high letter drive such as S:, V: or P: to avoid lower level drive letters possibly leading to boot partition errors. Your main data Windows drive should be GPT and contain the EFI boot partition. Although I kind of like the idea of my configuration being non standard as most hacks are designed to access basic configurations and sometimes being non standard breaks their logic.

Khronikos:

Don't kid yourself. Win 10 was built from the ground up to take your data lol. Secure or not means nothing in this instance. I've never been hacked nor will I be hacked on the UEFI, so why give a known partaker into government hacking my firmware. MAKES ZERO LOGICAL SENSE.

not even from the ground up, they built on top of win8.1

Astyanax:

not even from the ground up, they built on top of win8.1

https://i.imgur.com/ExI9W0B.jpg

they are all gona start doing this at somepoint give them time not sure I feel about software having access to UEFI I barely like the stuff MS has access too, I pretty sure Avast already does this