Announcement

Collapse
No announcement yet.

EFI is now mandatory? Canonical strikes again.

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    #46
    @Oshunluvr +1
    Kubuntu 23.11 64bit under Kernel 6.8.1, Hp Pavilion, 6MB ram. All Bow To The Great Google... cough, hack, gasp.

    Comment


      #47
      @Oshunluvr +1 here as well.

      However, There was one good side benefit for me with EFI. The new KFocus laptop I recently bought is all EFI. No legacy mode or anything. Gave me a hell of a time even trying to figure out how to create USB boot drives when I wanted to run gparted. However, and I know sounds odd and there is a reason, I wanted to install Windows 10 on a small partition. On older systems you should install Windows 10 first. I did not want to do that in this case. I went ahead with the knowledge I would have to try and repair GRUB. However, after install I went the the UEFI menu and the Kubuntu entry in the UEFI boot choices was still there. I moved it as the main one and was able to boot into Kubuntu and from there updated grub and it found Windows and there you go. Windows installed secondary.

      That is the part I like saying too. Installed Windows SECONDARY.

      So long story short, at least a small positive. However, over all, I dislike the lack of control most UEFI interfaces gives over your system. Yes, I do see it as a lack of control.

      Comment


        #48
        The Grey Hairs here will remember that EFI was created by Intel to replace BIOS. UEFI came in 2005. Many people may not know it but UEFI on firmware can support remote diagnostics and repair of computers that do not have an OS installed on it. Think about that for a minute. WIFI? OS? Back doors? Secret file system? Secret remote access? It's all there in UEFI. Being on firmware no AV product scanned for it. Its code was executed BEFORE any OS that was booted, INCLUDING Linux. (This summer M$ added ESET UEFI scanning to Defender)

        UEFI has boot and runtime services. Ever wonder were M$ stored its GUID's Or did phantom reboots?
        From Wikipedia
        UEFI variables provide a way to store data, in particular non-volatile data, that is shared between platform firmware and operating systems or UEFI applications. Variable namespaces are identified by GUIDs, and variables are key/value pairs. For example, variables can be used to keep crash messages in NVRAM after a crash for the operating system to retrieve after a reboot.
        ...
        A type of UEFI application is an OS boot loader such as GRUB, rEFInd, Gummiboot, and Windows Boot Manager; which loads some OS files into memory and executes it.
        About a decade ago as a "security layer" to make the Windows platform more secure against the millions of malware that infected it every year M$ began pushing it. I have little doubt that M$ used it to spy on its customers and that prosecutors paid M$ to spy on its suspects to acquire information from even password secured computers, two keys or not. M$ patented a software app called "Legal Intercept" and put them on its Linux computer farms that were running Skype, and later on its Linux powered Azure server farms. LEO's could set at an M$ terminal and intercept live streams from suspects computer activities, browse files, turn on cameras, listen in on mics, etc. This power was extended when EFI was installed on smartphones.

        Does Kubuntu have it?
        /etc/grub.d/30_uefi-firmware

        Do your VM's have it?
        Are these installed?
        Code:
        libefiboot1      Library to allow for the manipulation of UEFI variables related to booting.
        libefivar1        Library to allow for the simple manipulation of UEFI variables.
        ovmf              It includes full support for UEFI, including Secure Boot, allowing use of UEFI in place of a traditional BIOS in your VM.
        sbsigntool      This package installs tools which can cryptographically sign EFI binaries and drivers.
        If you attempt to remove libefiboot1 it will take out grub2 and a host of other important files.
        Click image for larger version

Name:	libefiboot1_purge.jpg
Views:	1
Size:	66.1 KB
ID:	644899


        The Legacy (BIOS) installation is supposed to be UEFI free.
        Removing the BIOS installation and being FORCED to install UEFI is unacceptable for Linux users.

        However, it is a way to insure that Linux users can be spied upon remotely regardless of which distro they use (if UEFI is installed).

        Then the tables turned. Gov spying tools where hijacked and began to be used against government agencies.

        https://www.wired.com/story/hacking-...-tool-spyware/
        Last edited by GreyGeek; Oct 24, 2020, 02:01 PM.
        "A nation that is afraid to let its people judge the truth and falsehood in an open market is a nation that is afraid of its people.”
        – John F. Kennedy, February 26, 1962.

        Comment


          #49
          Originally posted by GreyGeek View Post
          ...
          Removing the BIOS installation and being FORCED to install UEFI is unacceptable for Linux users.
          ...
          Absolutely agree.
          Kubuntu 23.11 64bit under Kernel 6.8.1, Hp Pavilion, 6MB ram. All Bow To The Great Google... cough, hack, gasp.

          Comment


            #50
            In a previous post I showed what would happen if I purged the libefiboot library. It would clean out my grub files and more.

            On Debian-based Linux distros like Kubuntu, there are two versions of Grub boot manger.

            • grub-efi
            • grub-pc


            If your distro is installed in UEFI mode, then it comes with grub-efi instead of grub-pc.


            If I run
            Code:
            $[B] dpkg -l | grep grub-efi[/B]
            it shows nothing. I didn't not install using EFI.

            If I run
            Code:
            $ [B]dpkg -l | grep grub-pc
            [/B]
            it shows that my Kubuntu 20.04 installation is running grub-pc for BIOS.
            Code:
            ii  grub-pc        2.04-1ubuntu26.4      amd64    GRand Unified Bootloader, version 2 (PC/BIOS version)
            ii  grub-pc-bin    2.04-1ubuntu26.4      amd64     GRand Unified Bootloader, version 2 (PC/BIOS modules)
            If I check for the presence of efi firmware it is not existent.
            Code:
            $ ls /sys/firmware/efi
            shows that
            Code:
            ls: cannot access '/sys/firmware/efi': No such file or directory
            does not exist.

            So, what are libefiboot1, libefivar1, ovmf and sbsigntool doing on my system and why can't I remove them without borking grub?
            Last edited by GreyGeek; Oct 24, 2020, 07:56 PM.
            "A nation that is afraid to let its people judge the truth and falsehood in an open market is a nation that is afraid of its people.”
            – John F. Kennedy, February 26, 1962.

            Comment


              #51
              Originally posted by GreyGeek
              So, what are libefiboot1, libefivar1, ovmf and sbsigntool doing on my system and why can't I remove them without borking grub?
              I can't answer your question directly. However, grub-install can install to other architectures than that of the system that is running, so those libraries may be compile-time dependencies of whatever grub-install invokes. There are non-installing packages for these purposes, but I imagine it might be simpler to leave a few EFI things in to avoid a mess of conditional compilation flags and directives.
              Regards, John Little

              Comment


                #52
                Originally posted by jlittle View Post
                I can't answer your question directly. However, grub-install can install to other architectures than that of the system that is running, so those libraries may be compile-time dependencies of whatever grub-install invokes. There are non-installing packages for these purposes, but I imagine it might be simpler to leave a few EFI things in to avoid a mess of conditional compilation flags and directives.
                Possible. Here are dependencies of some of the EFI related packages on my system. I have to run so I'll post more later:
                Code:
                jerry@jerryAspire-V3-771:~$ apt-cache depends qemu
                qemu
                jerry@jerryAspire-V3-771:~$ apt-cache rdepends qemu
                qemu
                Reverse Depends:
                  openbios-sparc
                  grub-firmware-qemu
                  grub-firmware-qemu
                  libvirt-daemon
                  libvirt-daemon
                  grub-firmware-qemu
                  grub-firmware-qemu
                  libvirt-daemon
                  libvirt-daemon
                  vde2
                  packer
                  openbios-sparc
                  openbios-ppc
                  openbios-ppc
                  libvirt-daemon
                  looking-glass-client
                  grub-firmware-qemu
                  grub-firmware-qemu
                  aqemu
                  qemu-slof
                  libvirt-daemon
                jerry@jerryAspire-V3-771:~$ apt-cache depends libvirt-daemon
                libvirt-daemon
                  Depends: libblkid1
                  Depends: libc6
                  Depends: libcap-ng0
                  Depends: libdbus-1-3
                  Depends: libdevmapper1.02.1
                  Depends: libfuse2
                  Depends: libgcc-s1
                  Depends: libglib2.0-0
                  Depends: libparted2
                  Depends: libpcap0.8
                  Depends: libpciaccess0
                  Depends: libselinux1
                  Depends: libudev1
                  Depends: libvirt0
                  Depends: libxml2
                  Depends: libvirt-daemon-driver-qemu
                 |Recommends: qemu-kvm
                  Recommends: qemu
                  Recommends: libxml2-utils
                    libxml2-utils:i386
                  Recommends: netcat-openbsd
                  Recommends: libvirt-daemon-driver-storage-rbd
                  Suggests: libvirt-daemon-driver-lxc
                  Suggests: libvirt-daemon-driver-vbox
                  Suggests: libvirt-daemon-driver-xen
                  Suggests: libvirt-daemon-driver-storage-gluster
                  Suggests: libvirt-daemon-driver-storage-zfs
                  Suggests: libvirt-daemon-system
                  Suggests: numad
                  Enhances: qemu
                  Enhances: qemu-kvm
                  Enhances: <xen>
                jerry@jerryAspire-V3-771:~$ apt-cache rdepends libvirt-daemon
                libvirt-daemon
                Reverse Depends:
                  libvirt-daemon-driver-qemu
                  libvirt-daemon-driver-xen
                  libvirt-daemon-driver-xen
                  libvirt-daemon-driver-xen
                  libvirt-daemon-driver-vbox
                  libvirt-daemon-driver-vbox
                  libvirt-daemon-driver-vbox
                  libvirt-daemon-driver-storage-zfs
                  libvirt-daemon-driver-storage-zfs
                  libvirt-daemon-driver-storage-zfs
                  libvirt-daemon-driver-storage-gluster
                  libvirt-daemon-driver-storage-gluster
                  libvirt-daemon-driver-storage-gluster
                  libvirt-daemon-driver-lxc
                  libvirt-daemon-driver-lxc
                  libvirt-daemon-driver-lxc
                  gnome-boxes
                  libvirt0
                  libvirt0
                  libvirt-daemon-system
                  libvirt-daemon-driver-storage-rbd
                  libvirt-daemon-driver-storage-rbd
                  libvirt-daemon-driver-storage-rbd
                  libvirt-daemon-driver-qemu
                  libvirt-daemon-driver-qemu
                  libvirt-daemon-driver-qemu
                  libvirt-clients
                  libvirt-dbus
                  libvirt-daemon-driver-xen
                  libvirt-daemon-driver-xen
                  libvirt-daemon-driver-xen
                  libvirt-daemon-driver-vbox
                  libvirt-daemon-driver-vbox
                  libvirt-daemon-driver-vbox
                  libvirt-daemon-driver-storage-zfs
                  libvirt-daemon-driver-storage-zfs
                  libvirt-daemon-driver-storage-zfs
                  libvirt-daemon-driver-storage-gluster
                  libvirt-daemon-driver-storage-gluster
                  libvirt-daemon-driver-storage-gluster
                  libvirt-daemon-driver-lxc
                  libvirt-daemon-driver-lxc
                  libvirt-daemon-driver-lxc
                  gnome-boxes
                  libvirt0
                  libvirt0
                  libvirt-daemon-system
                  libvirt-daemon-driver-storage-rbd
                  libvirt-daemon-driver-storage-rbd
                  libvirt-daemon-driver-storage-rbd
                  libvirt-daemon-driver-qemu
                  libvirt-daemon-driver-qemu
                  libvirt0
                  libvirt-clients
                  mom
                  libvirt-dbus
                  libvirt-daemon-driver-xen
                  libvirt-daemon-driver-xen
                  libvirt-daemon-driver-xen
                  libvirt-daemon-driver-vbox
                  libvirt-daemon-driver-vbox
                  libvirt-daemon-driver-vbox
                  libvirt-daemon-driver-storage-zfs
                  libvirt-daemon-driver-storage-zfs
                  libvirt-daemon-driver-storage-zfs
                  libvirt-daemon-driver-storage-gluster
                  libvirt-daemon-driver-storage-gluster
                  libvirt-daemon-driver-storage-gluster
                  libvirt-daemon-driver-lxc
                  libvirt-daemon-driver-lxc
                  libvirt-daemon-driver-lxc
                  gnome-boxes
                  python3-libvirt
                  libvirt0
                  libvirt-daemon-driver-storage-rbd
                  libvirt-daemon-system
                  libvirt-daemon-driver-storage-rbd
                  libvirt-daemon-driver-qemu
                  libvirt-daemon-driver-storage-rbd
                  libvirt-daemon-driver-qemu
                  libvirt-daemon-driver-qemu
                  libvirt-clients
                jerry@jerryAspire-V3-771:~$ apt-cache rdepends ovmf
                ovmf
                Reverse Depends:
                  autopkgtest
                  qemu-system-x86-xen
                  qemu-system-x86
                  qemu-system-x86-xen
                  qemu-system-x86
                  xen-utils-4.11
                  qemu-system-x86-xen
                  mkosi
                  debos
                  qemu-system-x86
                jerry@jerryAspire-V3-771:~$ apt-cache depends ovmf
                ovmf
                  Replaces: qemu-system-common
                jerry@jerryAspire-V3-771:~$ apt-cache depends sbsigntool
                sbsigntool
                  Depends: libc6
                  Depends: libssl1.1
                  Depends: libuuid1
                jerry@jerryAspire-V3-771:~$ apt-cache rdepends sbsigntool
                sbsigntool
                Reverse Depends:
                  secureboot-db
                  secureboot-db
                  ubiquity
                  shim-signed
                  refind
                  efitools
                  ubiquity
                  shim-signed
                jerry@jerryAspire-V3-771:~$
                "A nation that is afraid to let its people judge the truth and falsehood in an open market is a nation that is afraid of its people.”
                – John F. Kennedy, February 26, 1962.

                Comment


                  #53
                  https://www.blackhat.com/docs/asia-1...nd-Reality.pdf

                  Note pg 23 and on.
                  Seven years after Snowden blew the whistle on NSA snooping illegally on Americans many of the UEFI exploits he used/mentioned are not documented, as this PDF point out.

                  https://arstechnica.com/information-...g-in-the-wild/
                  Last edited by GreyGeek; Oct 26, 2020, 01:48 PM.
                  "A nation that is afraid to let its people judge the truth and falsehood in an open market is a nation that is afraid of its people.”
                  – John F. Kennedy, February 26, 1962.

                  Comment

                  Working...
                  X