Ronald Minnich of LinuxBIOS on EFI
Posted Feb 7, 2007 0:09 UTC (Wed) by moxfyre
Parent article: Second batch of FOSDEM interviews
Ronald Minnich's interview about LinuxBIOS is *very* interesting to me, especially his description of EFI.
The way he describes it makes it sounds like effectively enables a form of Blue Pill malware for DRM purposes!
From the article:
Another important thing to realize about EFI is that it also contemplates enabling chipset features that will trap certain OS operations to an EFI-based control system running in System Management Mode. In other words, under EFI, there is no guarantee that the OS owns the platform.
Accesses to IDE I/O addresses, or certain memory addresses, can be trapped to EFI code and potentially examined and modified or aborted. Many see this as an effort to build a "DRM BIOS".
I am not sure what the real intent of this design is, but is is a real concern in secure environments (such as those found in governments, banks, and large search engine companies). A number of vendors and users have told me that they are not sure they can ship an EFI system they are willing to trust in a secure environment.
What it sounds like is that EFI allows vendors to include a hypervisor that traps and redirects certain operations that might infringe on system "security" (e.g. DRM). Yikes!! That is enough to move me out of the "fan of EFI" column in a hurry...
to post comments)