Linux

Hardware neutrality: UEFI strikes again and again

The latest UEFI snafu involved the bricking of Samsung laptops. It's time that hardware vendors knew consumers and IT pros demand the right to hardware neutrality.

You've probably read the headlines already: "Booting Linux via UEFI can brick some Samsung laptops". That's right, the simple act of booting (not installing) a different OS can render your laptop so defunct that the only solution is to replace the motherboard.

In the same week that was announced, I had the pleasure of experiencing a UEFI issue on my own. I purchased a new machine to replace my old work horse (which had to be done quickly as I was in production of an audio book). The machine arrived with Windows 7 - which I had every intention of blowing away. I installed Ubuntu 12.10, but realized there was an issue going on between hardware and operating system (an audio issue that a low-latency kernel eventually resolved). I thought maybe the best solution was to go back to 12.04. No matter how I installed that version of Ubuntu, no matter where I placed the boot loader -- UEFI wouldn't allow it to boot (even when UEFI was disabled in the BIOS). The end result was going with Ubuntu Studio 12.10 (and aforementioned low-latency kernel).

But worse than my easily resolved headache, is that which any owner of a Samsung laptop (models 530U3C, NP700Z7C, NP700Z5C, and 300E5C) would have to deal with, should they try to boot Linux with UEFI (Notice that does not say install). All one has to do is boot a Live distribution and the ghost will have been given up. You will be replacing the laptop or the motherboard.

Fortunately, Samsung is a rather forward-thinking company and will have a fix for the BIOS issue as soon as possible. And Linus Torvalds released a patch to the main Linux development tree which will serve as a temporary fix for the problem. Ultimately, however, one simple question must be asked.

Why is this necessary?

If the Windows platform was written, from the ground up, as a fundamentally secure operating system, lame security work a rounds like UEFI and Secure Boot wouldn't be necessary. Both of these technologies are causing more headaches than they are preventing.

Seriously - do you know of one instance where either UEFI or Secure Boot has prevented an issue? We're all aware that Microsoft touting that Secure Boot and UEFI would make it hard to write boot-time malware was a bald-faced lie. The so-called "Protected Boot" is doing nothing more than protecting Microsoft's profits.

We live in a world where, more and more, the technological landscape has to become heterogeneous. With so much of today's business being driven by the web (and web-based applications), platform has almost become an afterthought. And with BYOD becoming ever more prominent, homogeneous networks are fading away.

Security, however, should not be an afterthought. Unfortunately, because this is the case for the Windows platform, the consumer (and the IT admin) wind up shouldering the burden. Placing the weight of security on hardware vendors is doing nothing but avoiding the issue. With the obvious exceptions (smart phones, for example), a piece of hardware should be platform-neutral. A laptop should not care what operating system it houses. A BIOS should not require a particular platform in order to function. Consumers wanting a more secure, reliable platform (than Windows), should not have to be concerned if they are going to be able to use said hardware when they attempt to install a variation on the OS theme.

If, however, that is the case, from this point on I will go out of my way to recommend hardware companies like System76 to anyone looking for an alternative route to freedom. Yes, their prices are higher, but the added cost is worth avoiding such headaches.

This is a huge challenge for anyone that has worked with Linux and open source for some time. When Linux has made up the vast majority of your computing time, you know, full-well, how secure and reliable a platform can be (without a helping hand from hardware vendors). Because of that, it is some times hard to comprehend why the UEFI and Secure Boot even exits.

I understand an overwhelming majority of people use Windows - it's one of the main reasons I have a day job - but the status quo is always on the verge of being threatened. No one knows what the future holds. Five years from now we may all be using Linux and Windows will be nothing more than a bad memory. Ultimately, however, hardware companies need to seriously open their eyes and understand that alternatives are never going to go away. To that end, vendors must make sure their hardware is as platform-neutral as possible.

Positively

Samsung reacted to this issue in the right way - positively. Another company (like the new Dell - with its hands deep in the pockets of Microsoft), might react a bit differently (say something like "We're sorry, your platform isn't supported."). Of course, Samsung gets alternative platforms (their cash cow being the Android-powered Galaxy SIII). Other hardware manufacturers haven't quite reached that state of enlightenment. Someday, that ignorance might well brick their business.

Until all hardware vendors wake up, don't jump into a hardware purchase without a little research. Know for sure that you can disable the UEFI and that the hardware doesn't "require" Windows 8 to run. And, if you think about it, voice your displeasure (about the UEFI and Secure Boot) with your hardware vendor. Stand up for your right to boot whatever you want on your hardware - you paid for it after all!

About

Jack Wallen is an award-winning writer for TechRepublic and Linux.com. He’s an avid promoter of open source and the voice of The Android Expert. For more news about Jack Wallen, visit his website getjackd.net.

44 comments
dsatfire
dsatfire

Dude for real? This guy has obviously not heard of the Chain of Trust. Your OS only takes control of your system after your BIOS has initialized the hardware and drivers and passed control (which can even be limited based off of BIOS implementation) to the OS. So if your BIOS (Root of Trust) can't tell whether your OS boot loader has been tampered with then control of your machine is handed to malicious software at boot time. By the way, Intel is the big pusher of UEFI, Microsoft just supports it (a smart move for any OS vendor). UEFI is an open framework meant standardize BIOS and create an interface from which any OS can control your machine. If your Linux distro is not compatible with UEFI then run it as Non-UEFI from your BIOS menu (almost every UEFI BIOS is backward compatible). Linaro (non-profit) is currently working toward making the Linux kernel more compatible with UEFI (especially with ARM processors). The entire WHO's WHO is the BIOS and OS industry is pushing the move to UEFI because the framework provided ensures both the universal compatibility and security of the machines in which it is implemented on. And if you're so avid on Open Source as your profile seems to suggest then wouldn't you support a BIOS that has a major portion of its implementation Open Source? Intel (via Tianocore) provides all this for any BIOS vendor wishing to use their implementation. Google EDK2 if you don't believe me. Also you know very little on the difference between a hardware vendor and an OEM and even less about their roles in the industry. Hardware vendors make hardware components (i.e. motherboards, processors, HDDs, NICs and the like). Whereas OEMs (i.e. Dell, HP, Acer) take those components and put them together (usually with an OS) and sell them as a complete package. It seems that most of what you are doing is complaining. Try understanding first. Then you can be like the rest of the tech geniuses of the tech industry and support the migration to a more secure and universal BIOS framework. "Stand up for your right to boot whatever you want on your hardware -"  and chose a UEFI BIOS.

dpresley_50201
dpresley_50201

that UEFI goes the way of Microchannel. Sure, PCs need an updated BIOS architecture, but it sounds like UEFI is pissing off enough of the industry that the architecture's designers need to go a more system neutral route.

JRaigoza
JRaigoza

may be the have a open mind and share with us ;)

Asakku
Asakku

Read up on what UEFI is. UEFI is not inherently bad, it is a much needed replacement for the decades old slow and crufty BIOS. Basically all my computers have UEFI and they run Linux just fine -- and boot much faster. Yes, UEFI is actually quite nice. It's not the fault of UEFI that Samsung's hardware programmers suck at what they do and can't produce a motherboard that can boot anything other than Windows. That said, Secure Boot, on the other hand, is total shit.

SiO2
SiO2

uses one Linux distro or another to diagnose problems with them. I do it myself, its the quickest way of finding out whether the hardware is broken or Windows has got its knickers in a twist. One thing thats certain to happen, take your computer to a shop for repair and you will be charged for the extra time and effort it takes. Not to mention the hair-raising liability issues the shop faces, or the expense of keeping themselves certified, licensed and educated. I'm just going to have to keep my fingers crossed UEFI and particularly Secure Boot annoys enough of the industry to kill it before it gets worse. Thankfully there will always be ARM, with RPi and dozens of 'micro pc' boards popping up it could well be irrelevant in a couple of years anyway.

da philster
da philster

is it anyhow ? ? I deeply resent Microsoft dictating to hardware manufacturers to make their machines run only Microsoft Operating Systems. I sense the smell of an antitrust case in the works. Just sayin' .................

emenau
emenau

How hard is it to brick every dominated piece of hardware in the shops? (before it is sold) Just for the fun of it... :-D It's not vandalism, the hardware will not be damaged in any way. It only 'bricks itself by design'. It's a feature not a failure.... Once they see the feature fails, then they might fix it... See as helping them to make them aware of this mistake.

retiredSoftwareFlunky
retiredSoftwareFlunky

Non-Linux using purchasers of UEFI products (why not phones, too) aren't going to be educated as to what the fallout of owning these devices is for them until Microsoft is being prosecuted as a monopoly again. That's when articles like this one will be highlighted in the news: years from now.

downtoearthman
downtoearthman

I'd like to know if Toshiba and Lenovo Think Pads are making their laptops OS neutral. I plan to get a ThinkPad soon, but I'm not going to get it if installing linux burns the motherboard. I'll let them know about it too.

mckinnej
mckinnej

I'm in the planning stages for a DIY upgrade of my Windows game machine. The first criteria I have for the motherboard is "No UEFI". If a company wants to sell me a motherboard, they will not have that crap on it...period. "Disable" is not an option. I refuse to participate in (more) vendor lock-in, especially with MS.

andrew5859
andrew5859

If anyone here does any kind of system building, the best thing to do, first: try to find mob's that don't have the UEFI garbage in it....if that don't work, second: go to places like ebay and find your particular parts there and build your system that way. This is how I've built all my systems, including 2 Dell Latitude D series laptops....this is how you can avoid having to have Windows on your computer(s). The Motherbord manufactures need to know, that we won't be bullied into just using Windows or any certain type of mobo...we have a voice, and they need to know

george
george

As they say the devil is in the details. Secure boot is an extension of the UEFI. UEFI basically replaces the aging BIOS with updated framework. I boot my home and work computers using a UEFI (Gigabyte) Motherboard and it works great. The Secure Boot farce on the other hand is the "Devil" in the details. If you get hardware with Secure Boot enabled then you can only run "Signed" boot loaders. Windows being the 500 pound gorilla has already pushed their signing keys to the hardware manufacturers. Linux has some projects that are doing the same with a signed grub bootloader. Time will tell, but the take away is look at the hardware you purchase to see if it meets your needs. The big vendors like Dell are only concerned with their bottom lines. They buy the cheapest Chinese motherboards and parts so you don't know what is truely compatible with which OS. If you can build your own or buy from a trusted vendor who puts in higher quality parts. Its worth the extra money to do so.

Alelanza
Alelanza

However some of it is supposed to speed up the boot process, so maybe parts of it could be kept. Anyways, my experience with a Lenovo z580 lappie was that i had no trouble running win7 and ubuntu side by side, but reading the experiences of others that may have been to do with the fact that i wiped out the HDD first, then installed win7 from a USB stick, and then installed ubuntu from a stick too. Apparently going that route vs installing from optical media makes a difference here, had something to do with the file system used in each case. Google it if you must.

alzie
alzie

This UEFI stuff scared the crap out of me. My current pc having gotten to ~4.5 yrs of age, i figured its probably a good time to get a new one, and i probably ought to do it soon before non UEFI mobos are no longer available. I went to my local chinese pc store and requested a non UEFI mobo and the rest of the stuff to build up a pc. He looked at me weird til i explained that i run Linux exclusively. Then he looked at me even weirder. Not wanting to lose a sale, he agreed to research it and got back to me with a non UEFI ASUS mobo and an AMD quad core. So far, its booting Ubu and running w/o a hickup. Got to upgrade now, else the next few years are going to be a horrendous mess, til this gets ironed out and / or M$ bites the dust. Preferably the latter!

lkarnis
lkarnis

Bought a very high end $2000+ Dell a year ago that failed after 30 days. Called in the problem and Dell wouldn't send a support technician to my location (despite my having a 3 year next business day onsite warranty) because... they couldn't locate a replacement 1080p panel for the machine. This went on for 30+ days before they finally shipped me a new notebook. At one point I was told by a frustrated support technician (after he told me that they actually couldn't locate the panel in Dell's worldwide inventory) that their accountants told him not to provide any more support because it was getting too expensive. Eventually the machine was replaced and I no longer purchase Duh'hell notebooks. Bad for Samsung for buying into Microsoft's UEFI Secure Boot bunk. Good for Samsung for supporting their clients. Based on the above story, I'd be more inclined to trust Samsung than I'd ever trust Dell.

Slayer_
Slayer_

Thanks for the heads up.

Super_MCSE
Super_MCSE

It would be nice, if just ONCE, you spelled out what the acronym stands for. It's not like these articles really cater to the ultra hard core so why don't you make it easier for casual readers to understand what you're writing about?

zefficace
zefficace

I just thought about this. What about all those Linux based rescue disks out there, or even partition magic? Can't use those...

monicabower
monicabower

All-in-one full stack solutions are all the rage (exadata, etc) in the datacenter. It seems obvious that OEMs would want to enjoy the same vendor lock on the desktop.

zefficace
zefficace

What if vendors explained out right, with a prominent sticker on the computer, that they have made machines for windows only, and then said: "Boot any other OS, and your computer will need physical repairs". Further to explain that the decision to run windows and only windows, removing their choice, has been taken for them. Further explain that as the computer ages, the usefulness of it will be limited to the latest windows it can run. Explain again, that even if Linux could give them a bit more out of their hardware as a home server or a backup, Linux can't be run at all. How much market would they loose? For sure, they would loose me without hesitation. But how many people would be offended/disturbed that their right to do with their hardware as they please is taken away by careless manufacturers? How many windows users will care to choose manufacturers that respect their clients property rights on their computer, and give them the ability to choose their OS?

fairportfan
fairportfan

does attempting to boot Linux do to the Samsung laptops?

HAL 9000
HAL 9000

You critique Samsung for badly written drivers and it's an attack on Microsoft. Not really sure how you come to that conclusion but can I have some of whatever it is you are smoking. I need a break from reality at the moment. Col :^0

andrew5859
andrew5859

newegg.com has some good non UEFI mobo's....gigabyte is a good one...check em out

TucsonGuy
TucsonGuy

do you build Dell Latitude D Series laptops? Aren't they pre-built from Dell? Just curious as to what you actually meant and did here!

mudpuppy1
mudpuppy1

have a point, proper writing technique (at least how I learned it) states that you spell out an acronym the first time it's used. Yes, most of us know what most of the acronyms used in the IT world mean, but there are so many. I don't know about you, but I do get tired of going to Google several times while reading an article. It disrupts the flow. You have a valid complaint. With a name like Super_MCSE though, I would think you would know what it means. :=) If they really wanted to help, they could have used this link: http://lmgtfy.com/.

Locrian_Lyric
Locrian_Lyric

... Minesweeper Consultants and Solitaire Experts. Just sayin.... By the way.... GOOGLE IS YOUR FRIEND.

RipVan
RipVan

Google is working again.

TucsonGuy
TucsonGuy

I'm a computer consultant, and when I have a client machine that is so crudded up that it runs like a snail, I throw in Puppy Linux on a CD or USB, or a Rescue Disc and boot from it to do the initial cleanup. Just imagine the financial liability and loss of reputation if I did that in the future and the customer's computer became a brick!!!!

pgit
pgit

Great point. I am used to throwing a Linux liveCD into a crudded-up windows box to retrieve files. I have to think twice now. I'm going to start scouring for a source of info on which hardware is safe to run Linux on. If there isn't a one-stop source, there's a good idea for a web developer. You'd get a lot of hits from a very specific market niche

TucsonGuy
TucsonGuy

percentage would be lost as the market share of Linux, which means virtually none. Most people don't care and never install an OS in their life and don't upgrade until they buy a new computer with a new OS on it. AND, I love Linux and Android, so I'm not a troll or a fanboy! :)

HAL 9000
HAL 9000

The Secure Boot doesn't recognize the OS that you are attempting to boot and kills the process as well as the BIOS. Col

TucsonGuy
TucsonGuy

C'mon, mudpuppy1 - What does IT stand for? :D

pgit
pgit

I suppose one could use the Hiren's bootable CD, which loads a stripped down win XP image. The CD has tools like most Linux rescue disks have, but there are limitations. I just don't seem to get as much done with it than I do with a Slax or Bactrack. One problem running a windows session is if the machine's NTFS is infected it could alter the live image, too. It's possible a root kit, trojan or such could recognize the environment and defeat any attempts to recognize (let alone fix) it. After having looked into Samsung's gaffe a little more I'm relieved. I doubt we'll see too many similar problems. This incident makes me wistful for the days when the BIOS chip could be peeled off the mobo and replaced... a bricked UEFI system could be fixed in the field, simply, cheaply and swiftly, if the pertinent parts of the UEFI boot system were on a replaceable chip.

mudpuppy1
mudpuppy1

Sorry, guess I should take my own advice. Oh well, I never claimed to be perfect. Thanks for pointing that goof out. IT=Information Technology. Slinking away, hanging head.......

rkuhn040172
rkuhn040172

It's quite clear the problem is with the Samsung driver yet people on here continue to make the anti-Microsoft argument. Similar to the artricle on TR about the Surface vs iPad free storage space. Facts are facts.

NickNielsen
NickNielsen

That's a rather broad brush you're painting with. Watch out for back-spatter...

rkuhn040172
rkuhn040172

Don't argue reason with these people. Agenda matters more than facts.

Editor's Picks