UEFI != DRM?

~ hucktech

<soapbox>

https://twitter.com/Intel_UEFI/status/732295351672012800

 

LOL. 🙂

This argument is still happening because while UEFI may not explicitly be a mechanism of DRM, a UEFI vendor can use UEFI as a form of UEFI. Rubber hoses were designed for spraying water, but they are also used as a weapon. OS vendors who are also OEMs can use UEFI to bind their HW to their OS, something that could not be done with an earlier BIOS-based firmware, due to the additional security. UEFI’s Secure Boot security can be used to protect the manufacturer’s interests, or the  owner-user’s interests, and those are not the same. 😦

I think there should be 2 classes of systems, one which the owner can control (General Purpose Computing), and one which the manufacturer controls (Secure Specialized Systems). The latter systems can be used in banks and a subset of embedded systems. Citizen-consumers should be able to purchase a system that they can control. The NIST secure BIOS guidelines permit owners to control their own systems locally, but Secure Boot implementations often do not permit owners that same control.  Don’t let fear of malware let manufacturers develop systems you cannot control.

</soapbox>

Published by hucktech

One thought on “UEFI != DRM?

  1. As I’ve been telling people for years: If you don’t own your computer, then someone else does.
    I don’t agree that Secure Specialized Systems as you propose them should be owned by the customer. I think that the administrator of a device should be the one responsible for its security, and therefore that an owner of a device should hold or delegate the control of that device. If Secure Specialized Systems are deployed they should be owned by an entity that provides computing services to the customer, and not by the customer itself.

    Like

    Reply

Leave a comment