This thread is about privacy that is not about botnet cpus or browser settings because we discussed those already. Namely I want to open a thread to have discussion about potential security and privacy risks with things like UEFI, TPM and systemd and anything other I did not have in mind when creating this thread. From old discussions we already know that Intel cpus are cancer and AMD cpus became cancer as well and that webbrowsers are turning more and more to the botnet route.
My question is what exactly UEFI does wrong and how exactly it is worse than traditional bios when it comes to privacy and botnet. I understand that they have some freedom restricting features and secure boot is pure cancer but if manufacturer x cannot be trusted with their UEFI, then you also have to assume their traditional bios is not safe against the botnet. What would a typical attack scenario look like? What could the attacker do with help of UEFI? Is it really worth to get a 60$ crap mainboard just so it has no uefi?
TPM faggotry was introduced by microshit a while ago but I thing it will only be a thing for servers and commercial computers in server farms. Many mainboards have a TPM slot but most of the time it is not used and if you have no TPM dongle installed, it will not be used in any way.
Then we have systemd. The object of never ending wars between supporters and people who oppose it. From what I understood so far it is about making things "more integrated and more modern" so they fit better with modern hardware. It opens a potential hole for attacks when everything is handled by one thing. What would a typical attack scenario look like? How large is the probability that it might happen?
The short answer is that UEFI and systemd make more problems than the (often imaginary) ones they solve. While not huge problems at the moment, they are stepping stones to a bad situation. Which is coming.
So it's not about the probability that your system will be attacked through systemd today, it's about the probability that things will turn to shit when they get their Redhat CIA claws embedded deep enough to basically control linux for normalfags.
Not necessarily a terrible thing, but many seem sad that normies will be on Microsoft Linux in a few years.
James Cook
Technically UEFi is not a bios It 's an extension of the bios written in C. It adds a lot of functionalities. Some of them are important others are bloats. wiki.osdev.org/UEFI UEFI should have never be written in C and should have stayed minimalist in it's design. Now you have mouse support in it. It has become an OS itself.
I invite you to watch this video witch will answer in better and more details your question: youtube.com/watch?v=yRxDvkKBMTc
There are multiple problems with systemd. Systemd by itself is just an init. But now it's a complete project with a lot of ""features"". So why are people pissed of systemd ? Well it was aggressively pushed by RedHat and Poettering in his humbleness hasn't helped in not pushing it and being a dick with the critics. There has been corporate menace from RedHat in the background if some distro/companies didn't use it. This aggressive push has also fueled a lot of paranoia in the community since we know that RedHat works with the NSA/CIA.
Third: a lot of the functionalities that it implemented were already existing.
Fourth: People who were on the debian project since 1996 stopped helping because of it. Witch again fueled a lot of skepticism on the debian project. So much that a lot of sysadmins abandoned it and created Devuan. And other projects have began to surface from the menace of systemd like heads the fork of tails but without binary blobs and without systemd. heads.dyne.org/
So the main reasons for why systemd isn't wanted is that: -It was pushed by force -It's a security menace -It reinvents the wheel badly -Probably a CIA/NSA trojan horse
Something that would be of interest is the Spook infiltration by CIA LGBT/SJWs. The LGBT and SJW community is what has brought distortion in the hacker community. And since wikileaks tweeted about it web.archive.org/web/20170321130812/https://twitter.com/wikileaks/status/843917197332365313 I am persuaded that Transgender/LGB/SJW people are part of a CIA project to destroy the hacker community. We need to remove LGBT/SJW people I don't care if there are innocents in this, the hacker community is much more important than anything else in this dreadfully timeline.
Zachary Cox
The Snowden leaks revealed one thing: why backdoor the OS when you can backdoor the firmware?
UEFI is basically a full OS at this point: it can run apps, has networking capabilities and can mount file systems. UEFI is also an universal standard. So you'll just have to backdoor the reference implementation and you’re pretty certain it will end up in any UEFI system. Also, there are only a few manufactures of UEFI systems (American Megatrends and Phoenix Technologies being the popular ones; both are US companies).
In theory secure boot works well. In practice you’ll end up with a default Microsoft key that’s located in every UEFI image. Want to modify and update the image? Good luck, only crypto-signed updates are allowed.
A TPM is included with a shitload of hardware these days, not just servers. Laptops and tablets have them as well. Here’s some advice: look at the Snowden leaks. Look at what an “implant” looks like and does. Then look at a TPM…
Systemd… here’s a question: what exactly is systemd? Is it an init system? A DNS client? A container runtime? A logging daemon? It’s all of those and more. It’s a great way if you want to centralize the Linux ecosystem to ensure the same attack vectors exists on every system. It also introduced bugs which have been solved decades ago.
The main problem is that all this tech is great for big enterprises, because it provides standards, meaning management becomes cheaper (i.e. instead of having to know 5 different systems, you’ll just have to know 1). But the price of using this stuff is all your data.
Jaxon Nelson
It's botnet m8, pure and simple.
Jeremiah Young
...
David Russell
Can you elaborate?
Colton Jenkins
remove tox from that picture, it's a virus
Luis Morgan
So I should replace my 100$ motherboard with UEFI for a 60$ one without UEFI even if the chipset is not as good as the more expensive? Will the normal BIOS also have the probability that it was botnetted? They are made by american megatrends as well.
now that I read your concerns, I will definetly switch to devuan. I read trisquel is likely to take over systemd as well.
Alexander Jenkins
UEFI does some good things, such as GPT support so you can hard drives larger than 2 TB and Secure Boot which normally does allow you to manually add your own keys (though Secure Boot did open the door for abuse by manufacturers), but also ended up adding a ton of additional attack surface in the process. Compromising UEFI can mostly achieve the same things as compromising Intel's management engine, given that UEFI code runs in system management mode. Here's an example of privilege escalation from ring 3 to ring -2 made possible by features included in UEFI: blackhat.com/docs/us-14/materials/us-14-Kallenberg-Extreme-Privilege-Escalation-On-Windows8-UEFI-Systems.pdf
I often wonder how many people who go on about back doors that affect large amounts of devices actually think about the potential consequences if the existence of that back door gets leaked or discovered, since it would allow any group to attack the critical infrastructure and banking system of the country that implemented the back door. Adding back doors to hardware and software that is commonly used by businesses in your country is just shitting where you eat.
Nathaniel James
OK I have been researching about non-UEFI AM3+ boards and this is one of the few I found: is this a good motherboard? Would it be a good idea to buy one of those and replace my M5A99X Evo 2?
pro:
cons:
I also read this on their site: Does it mean it just has the 3TB support in their bios integrated or did they include some UEFI botnet into the board?
It's really a shame that they do not give the customer the choice what bios he wants to use. I wish I would have researched better when I built my pc.
Julian Hill
This, really. One of the main problem with backdoors and weakening encryption, is the fact that even if you try to keep it for the agency that implemented it. It open huge gaping holes that other attackers that isn't you can exploit once they find it.
And this concept is the reason why any cryptographic protocol that has any integrity cannot mathematically call itself totally secure even if it has one tiny bit of a backdoor or a master key in itself.
Christian Fisher
I'm pretty sure that Gigabyte's Hybrid EFI is in fact UEFI. It's just what they call their implementation of it.
Sebastian Gray
sure? On the youtube videos I saw so far it looked like a normal BIOS (greyish-blue color style, looks like Windoes 98). well there goes my plans of a new mobo
Noah Reyes
With gigabyte dualbios literally means there are two bios chips on the motherboard. Problem: they still call it dualbios on boards with uefi, as a marketing term. Cannot confirm if that board has uefi, sadly.
BUT if they mention 3tb hdd support, that might mean it has a real bios, since uefi would not have that a 3tb problem.
Lucas Brooks
Don't bother with trying to find an AM3+ board that doesn't have UEFI. >wiki.osdev.org/UEFI Basically, the manufacturer can call it BIOS and it may look like old BIOS to the user, but it can still be UEFI under the hood and you wouldn't know until you have the hardware and see that Linux recognizes it as UEFI. It seems to me that the easiest way to get a non UEFI machine if you don't already have one would be to get a T410/X210 or earlier Thinkpad.
Juan Reed
UEFI is an entire OS written by the same people who have between them been incapable of producing a single working firmware since the dawn of the IBM PC clone.
Mason Jenkins
ring 2 botnet.
in case you haven't tried windows 8/10 with it, UEFI bioses can be manipulated at ring 3 or through windows itself (or other botnet OS) without having to do a reboot pressing that stupid bios hotkey. In short windows can manipulate efi variables at ring3... and due to windows' nature any NSA or hacker exploit can modify the entire system through some decade-old unpatched admin privilege exploit.
also if you remember that incident where some faggot literally rm -rf the / of his vidya laptop and unintentionally deleted efivars and his efi partition causing the system to be hard bricked.
Wyatt Jenkins
UEFI is at ring -2. Rings 1 and 2 have less privilege than the kernel, which runs at ring 0.
Any OS with UEFI support can, including Linux.
Ah, the wonders of everything being a file. Thanks Dennis Ritchie.
Benjamin Taylor
Traditional rings 1 and 2 were removed in the amd64 model. With firmware subversion like this, the old ring 0 is now effectively 2.
Lincoln Smith
Try actually understanding shit before posting about it. Universal models exist for a reason.
John Sanchez
Wat? You can delete EFI partition from Windows, and get same effect. It has nothing to do with Unix.
Asher Perez
So I would have to build a new pc from scratch and then hope it is not UEFI. I sure as fuck will not change the motherboard and then find out that it is pozzed as well. The alternative would be an Asrock board I found the other day but it comes with only 95W cpu support, poor power circuitry, without integrated video and without USB3 support. I am really getting desperate with this situation.
Andrew Collins
Off topic but it relates to privacy. I need a phone case completely kills all signal to it. I've found one online but it's $150. Any way to make one or is there a cheaper alternative? I also need an iphone case that just soundproofs the phone so it and can still be used for my sibling.
James Roberts
Which Asrock board?
Then it goes in the stickied consumer advice thread.
I found this list from ASrock of motherboards without UEFI that they have firmware updates to support GPT available for and that model is on the list: asrock.com/Feature/3TB/index.asp
I don't know if that means they found a way to add GPT support to their BIOS, started using a stripped down UEFI, or already used a stripped down version of UEFI that they couldn't quite call UEFI due to lacking features. I should also note that it seems the higher end AM3+ boards on that list also list UEFI support when going to their product page.
Connor Robinson
Is BIOS better than UEFI in terms of security, generally speaking?
Cameron Flores
it has similar problems like systemd because it is centralization and whenever something is centralized, if some malicious force takes control of it, damage is maximum. UEFI has internet access and it can run apps. You cannot remove it and if someone manages to implant a virus into it, the virus will survive every time you wipe your disk to get rid of it.
The question is also whether we can trust BIOS from the same manufacturer that delivers UEFI. I wish there were coreboot compatible AM3+ mobos.
Carter Ramirez
Personally I don't see a reason to use UEFI considering that I've never used more than 2TB disks. And when it comes to partitions you can use LVM which you probably already use anyway if you use full disk encryption.
Eli Phillips
Do you think coreboot will, or at least can, work on that? Any chance of bringing this issue before their eyes for their consideration?
Bentley King
Coreboot ported this motherboard some time ago: ASUS KGPE-D16
It is a server motherboard and one of the few newer ones they can support. Currently the most powerful you will get to work with it.
Adrian Hall
I bet you still think the OSI stack exists and we don't just do RPC over AJAX :^)
Levi James
wipe your computers throw them away go live innawoods privacy achieved
Blake Sanders
You don't need privacy. All you need is anonymity. Usurping privacy means you do things that can bite you back. Anonymity is black.
hey thank you man, I had no idea about this and I will take a look at it.
mind to elaborate? I never did anything like this before but I have an RS232 cable if this is of any help. This would really be nice if it were possible. From what I read in your link the guy who did it came to a dead end and asked for help.
Xavier Brooks
How am I affected by all the tracking and data-mining stuff when I'm outside the US/UK and not in a major city? (i.e. density of surveillance cameras/microphones etc is much lower) Obviously besides what happens when I use Jewgle, Kikebook, Microsoft and Apple services. (Which I almost don't use anymore)
Leo Sullivan
Required reading
Logan Price
Most tracking happens outside the US, they operate internationally. Have the highest privacy you can anyway, because one day you'll wish you supported it.
Jayden Smith
i am extremely gassy and neeed to take a shit
Camden Howard
I did some research on this board and it looks like it is without UEFI. The bios is specified as "Award BIOS", whatever it might mean. If it were UEFI, they would have put it in somewhere. When you look at the manual, there is not a single word about UEFI. If you search in it for UEFI it cannot be found. If they had UEFI, they would have used it for marketing purpose. Similar boards with UEFI are marketed as "Dual UEFI Bios" while this one is clearly not.
Then they have this "unlock 3+TB drives" feature, right? I found out to get this feature, you need to download some rom from their site and flash your mobo with it. It does not seem like the 3TB support comes by default.
And before you claim that this might have changed with the latest revision, my research is based on the latest version (revision 6). I might buy one of those boards and try it out. I will report anything I find out about it and write how well it works. It seems to have good Linux compatibility.
