Windows 8 and UEFI. The dangerous background of Windows 11 and TPM

Diego Germán González

4 minutes

Windows 8 and UEFI

This series of articles serves two purposes. The first is demonstrate that Windows 11 is a great opportunity to expand the Linux market. The second, to warn that If Linux doesn't take advantage of that opportunity, we can go back 30 years to the dark days of computer vassalism.

At previous article I gave my point of view that Microsoft, learning from IBM's mistakes, tries to reaffirm its supremacy over users, demanding them what hardware to buy and, over hardware manufacturers, determining which ones can or cannot run Windows.

Now I want to remind you of the antecedent. From a Microsoft demand that Linux did not know or could face.

Windows 8 and UEFI. The Discord Module

In October 2012, Microsoft announced the release of Windows 8. He also said that computers that intended to bring it pre-installed should use UEFI instead of BIOS.

What is UEFI?

UEFI is the acronym in English for Unified Extensible Firmware Interface or Unified Extensible Firmware Interface. Its function is to start all the hardware connected to the computer and launch the operating system. In fact, we can consider it as a reduced operating system that is responsible for booting the computer's motherboard and related hardware components. In other words, this interface is responsible for loading a specific bootloader in the main memory. This will be the one that will initiate the routine start-up actions. When it is finished we will see the login screen that will allow us to use the operating system.

As is now the case with TPM, not just any computer was compatible with UEFI. It is necessary to have a special firmware on the motherboard. This firmware uses the UEFI interface as an operational layer or layer that acts as an intermediary between the firmware itself and the operating system. The firmware is located on a memory chip where it is kept. even when there is a power outage.

  • Revamped and easier to understand interface.
  • Faster system loading.
  • GPT file system support.
  • Take full advantage of the possibilities of 64-bit processors.
  • Easy programming (Using the C language).
  • Remote start and update.
  • Drivers can be released before the operating system does.

So far, so good. But, the snake behind the apple had two names: Secure Boot

What is Secure Boot?

Secure Boot is a feature first introduced with Windows 8, and included as part of Windows 10. Microsoft initially required manufacturers to pre-install their operating system that users have the ability to disable it, even with Windows. 10 that requirement disappeared

It was supposed to help prevent malware from running when starting a computer. In practice it made it difficult to boot Linux distributions in Live mode.

When the PC starts up, Secure Boot verifies the signature of every piece of boot software, including UEFI firmware drivers, EFI applications, and the operating system. If the signatures are valid, the PC boots and the firmware relinquishes control to the operating system.

The manufacturer must store the verified signature databases in non-volatile RAM.il firmware. This includes the signature database (db), the revoked signature database (dbx), and the enrollment key database (KEK).

The signature database (db) and the revoked signature database (dbx) list the signers or image hashes of UEFI applications, operating system loaders (such as Microsoft's operating system loader or file manager). boot) and UEFI drivers that can be loaded on the device. The revoked list contains items that are no longer trusted and cannot be loaded.

The Enrollment Key Database (KEK) is a separate signature key database that can be used to update the signature database and the revoked signature database. Microsoft requires that a specific key be included in the KEK database so that in the future Microsoft may add new operating systems to the signature database or add known bad images to the revoked signature database.

Reread the last paragraph. And you will understand what I mean by the risk of technological vassalage.

In the next article we will see how Linux distributions solved the problem.


Leave a Comment

Your email address will not be published. Required fields are marked with *

*

*

  1. Responsible for the data: AB Internet Networks 2008 SL
  2. Purpose of the data: Control SPAM, comment management.
  3. Legitimation: Your consent
  4. Communication of the data: The data will not be communicated to third parties except by legal obligation.
  5. Data storage: Database hosted by Occentus Networks (EU)
  6. Rights: At any time you can limit, recover and delete your information.

  1.   vicfabgar said
    ago 3 years

    For fanboys all this slips them, but you have to awaken consciences. I still remember with longing when I loaded the DOS on the IBM, on 5-1 / 4 disks ... I have seen the entire process of evolution of this company to this day and I have suffered it in my flesh; after the infumable comes the execrable. I got out of the car a few months ago because I can't get out of it. wasting my time, wasting my money and my effort on that platform, which has collected the worst of Google and the worst of Apple. In the end, greed will break the bag.

    Greetings.

    Reply to vicfabgar
  2.   curefox said
    ago 3 years

    Congratulations on these two articles, what you say is totally true, Microsoft is still what it is and we who have already awakened from the matrix must not only be attentive to these movements, but also in some way be spokespersons for this information and make known the Dangers that these movements will bring to the future on the part of these companies, this is the great opportunity for GNU / Linux to gain ground in companies and in homes.

    Reply to Curefox
    1.    Diego German Gonzalez said
      ago 3 years

      Thank you.

      Reply to Diego Germán González