Peppermint OS

General => GNU/Linux Discussion => Topic started by: GNULINUX on February 01, 2016, 02:26:16 pm

Title: Is Linux too powerful?
Post by: GNULINUX on February 01, 2016, 02:26:16 pm
Seems like EFI/UEFI (and the motherboard) really can be killed by Linux?

Quote
After reading this post wherein it seems that the OP bricked his motherboard rendering it useless (read carefully -- MOTHERBOARD not just a particular installation...

Read here (https://bbs.archlinux.org/viewtopic.php?id=207549), here (https://github.com/systemd/systemd/issues/2402) and here (https://bbs.archlinux.org/viewtopic.php?id=208102)!  :o

What do you think about this?
Title: Re: Is Linux too powerful?
Post by: AndyInMokum on February 01, 2016, 03:44:38 pm
Seems like EFI/UEFI (and the motherboard) really can be killed by Linux?

Quote
After reading this post wherein it seems that the OP bricked his motherboard rendering it useless (read carefully -- MOTHERBOARD not just a particular installation...

Read here (https://bbs.archlinux.org/viewtopic.php?id=207549), here (https://github.com/systemd/systemd/issues/2402) and here (https://bbs.archlinux.org/viewtopic.php?id=208102)!  :o

What do you think about this?
It doesn't seem to be just one thing causing this.  It appears to be a culmination of several things coming together.  This in turn, is creating the perfect storm, so to speak.  It's very worrying though and needs to be addressed PDQ.   It brings up the question, what other weirdness is going to show up that's related to systemd  :-\?
Title: Re: Is Linux too powerful?
Post by: PCNetSpec on February 01, 2016, 04:34:36 pm
At first glance I thought this would need addressing, but after actually thinking it through this isn't a systemd or Linux problem.

EFI variables need to be exposed and editable by ANY OS that may need to change them, including Windows .. the fact that a given UEFI implementation can be bricked by malformed or blank variables is purely a hardware/firmware problem.

Hardware should NEVER be brickable by software, if it is it's a hardware problem every time otherwise it's just a matter of time until someone writes something to do just that irrespective of the OS

Sure they could mount it read-only as a safeguard then bung a wrapper around any utils that need to edit it to remount it read-write, but then what's to stop someone writing malicious software that remounts it read-write then wipes it (in Linux or Windows).

At the moment nobody know if this is a widespread UEFI implimantation bug or just a one off like the early Samsung UEFI bug that was fixed at the hardware level fairly quickly.

If anything this just goes to show how yet again Linux has uncovered an issue that absolutely WOULD have eventually been found and exploited by someone with malicious intent on Windows systems .. don't think it applies to Windows ?, how do you think something like EasyBCD manipulates the EFI variables if they're not exposed there too .. if they're exposed, THEY'RE EXPOSED, irrespective of the OS .. as I said, they NEED to be exposed so if they can be damaged irrecoverably it's not an OS or software issue but a UEFI firmware/hardware one.
Title: Re: Is Linux too powerful?
Post by: scifidude79 on February 01, 2016, 09:00:22 pm
What do you think about this?

Stick to good old fashioned BIOS.
Title: Re: Is Linux too powerful?
Post by: GNULINUX on February 02, 2016, 12:33:37 am
If anything this just goes to show how yet again Linux has uncovered an issue that absolutely WOULD have eventually been found and exploited by someone with malicious intent on Windows systems .. don't think it applies to Windows ?, how do you think something like EasyBSD manipulates the EFI variables if they're not exposed there too .. if they're exposed, THEY'RE EXPOSED, irrespective of the OS .. as I said, they NEED to be exposed so if they can be damaged irrecoverably it's not an OS or software issue but a UEFI firmware/hardware one.
That's also my opinion about this... but how to solve it goes beyond my knowledge...  :-\
Title: Re: Is Linux too powerful?
Post by: PCNetSpec on February 02, 2016, 03:27:09 am
I don't very often find myself agreeing with Lennart Poettering .. but this time I agree it's a problem for the hardware vendors and the UEFI firmware authors to fix (otherwise it WILL eventually be exploited in Windows), it's not something for the Linux devs to fix.

In fact the Linux devs couldn't fix it .. at best they could make the command to break things (on PC's with firmware affected by this) a little longer .. but as I said, the EFI variables NEED to be writeable (in ALL OS's)