Announcement

**TWPonKubuntu** · Oct 23, 2020, 02:06 PM

@Oshunluvr +1

**MoonRise** · Oct 24, 2020, 06:47 AM

@Oshunluvr +1 here as well.

However, There was one good side benefit for me with EFI. The new KFocus laptop I recently bought is all EFI. No legacy mode or anything. Gave me a hell of a time even trying to figure out how to create USB boot drives when I wanted to run gparted. However, and I know sounds odd and there is a reason, I wanted to install Windows 10 on a small partition. On older systems you should install Windows 10 first. I did not want to do that in this case. I went ahead with the knowledge I would have to try and repair GRUB. However, after install I went the the UEFI menu and the Kubuntu entry in the UEFI boot choices was still there. I moved it as the main one and was able to boot into Kubuntu and from there updated grub and it found Windows and there you go. Windows installed secondary.

That is the part I like saying too. Installed Windows SECONDARY.

So long story short, at least a small positive. However, over all, I dislike the lack of control most UEFI interfaces gives over your system. Yes, I do see it as a lack of control.

**GreyGeek** · Oct 24, 2020, 01:25 PM

The Grey Hairs here will remember that EFI was created by Intel to replace BIOS. UEFI came in 2005. Many people may not know it but UEFI on firmware can support remote diagnostics and repair of computers that do not have an OS installed on it. Think about that for a minute. WIFI? OS? Back doors? Secret file system? Secret remote access? It's all there in UEFI. Being on firmware no AV product scanned for it. Its code was executed BEFORE any OS that was booted, INCLUDING Linux. (This summer M$ added ESET UEFI scanning to Defender)

UEFI has boot and runtime services. Ever wonder were M$ stored its GUID's Or did phantom reboots?
From Wikipedia

UEFI variables provide a way to store data, in particular non-volatile data, that is shared between platform firmware and operating systems or UEFI applications. Variable namespaces are identified by GUIDs, and variables are key/value pairs. For example, variables can be used to keep crash messages in NVRAM after a crash for the operating system to retrieve after a reboot.
...
A type of UEFI application is an OS boot loader such as GRUB, rEFInd, Gummiboot, and Windows Boot Manager; which loads some OS files into memory and executes it.

About a decade ago as a "security layer" to make the Windows platform more secure against the millions of malware that infected it every year M$ began pushing it. I have little doubt that M$ used it to spy on its customers and that prosecutors paid M$ to spy on its suspects to acquire information from even password secured computers, two keys or not. M$ patented a software app called "Legal Intercept" and put them on its Linux computer farms that were running Skype, and later on its Linux powered Azure server farms. LEO's could set at an M$ terminal and intercept live streams from suspects computer activities, browse files, turn on cameras, listen in on mics, etc. This power was extended when EFI was installed on smartphones.

Does Kubuntu have it?
/etc/grub.d/30_uefi-firmware

Do your VM's have it?
Are these installed?

Code:

libefiboot1      Library to allow for the manipulation of UEFI variables related to booting.
libefivar1        Library to allow for the simple manipulation of UEFI variables.
ovmf              It includes full support for UEFI, including Secure Boot, allowing use of UEFI in place of a traditional BIOS in your VM.
sbsigntool      This package installs tools which can cryptographically sign EFI binaries and drivers.

If you attempt to remove libefiboot1 it will take out grub2 and a host of other important files.

The Legacy (BIOS) installation is supposed to be UEFI free.
Removing the BIOS installation and being FORCED to install UEFI is unacceptable for Linux users.

However, it is a way to insure that Linux users can be spied upon remotely regardless of which distro they use (if UEFI is installed).

Then the tables turned. Gov spying tools where hijacked and began to be used against government agencies.

https://www.wired.com/story/hacking-...-tool-spyware/

**TWPonKubuntu** · Oct 24, 2020, 03:43 PM

Originally posted by GreyGeek View Post

...
Removing the BIOS installation and being FORCED to install UEFI is unacceptable for Linux users.
...

Absolutely agree.

**GreyGeek** · Oct 24, 2020, 07:54 PM

In a previous post I showed what would happen if I purged the libefiboot library. It would clean out my grub files and more.

On Debian-based Linux distros like Kubuntu, there are two versions of Grub boot manger.

grub-efi
grub-pc

If your distro is installed in UEFI mode, then it comes with grub-efi instead of grub-pc.

If I run

Code:

$[B] dpkg -l | grep grub-efi[/B]

it shows nothing. I didn't not install using EFI.

If I run

Code:

$ [B]dpkg -l | grep grub-pc
[/B]

it shows that my Kubuntu 20.04 installation is running grub-pc for BIOS.

Code:

ii  grub-pc        2.04-1ubuntu26.4      amd64    GRand Unified Bootloader, version 2 (PC/BIOS version)
ii  grub-pc-bin    2.04-1ubuntu26.4      amd64     GRand Unified Bootloader, version 2 (PC/BIOS modules)

If I check for the presence of efi firmware it is not existent.

Code:

$ ls /sys/firmware/efi

shows that

Code:

ls: cannot access '/sys/firmware/efi': No such file or directory

does not exist.

So, what are libefiboot1, libefivar1, ovmf and sbsigntool doing on my system and why can't I remove them without borking grub?

**jlittle** · Oct 24, 2020, 08:43 PM

Originally posted by GreyGeek

So, what are libefiboot1, libefivar1, ovmf and sbsigntool doing on my system and why can't I remove them without borking grub?

I can't answer your question directly. However, grub-install can install to other architectures than that of the system that is running, so those libraries may be compile-time dependencies of whatever grub-install invokes. There are non-installing packages for these purposes, but I imagine it might be simpler to leave a few EFI things in to avoid a mess of conditional compilation flags and directives.

**GreyGeek** · Oct 25, 2020, 09:50 AM

Originally posted by jlittle View Post

I can't answer your question directly. However, grub-install can install to other architectures than that of the system that is running, so those libraries may be compile-time dependencies of whatever grub-install invokes. There are non-installing packages for these purposes, but I imagine it might be simpler to leave a few EFI things in to avoid a mess of conditional compilation flags and directives.

Possible. Here are dependencies of some of the EFI related packages on my system. I have to run so I'll post more later:

Code:

jerry@jerryAspire-V3-771:~$ apt-cache depends qemu
qemu
jerry@jerryAspire-V3-771:~$ apt-cache rdepends qemu
qemu
Reverse Depends:
  openbios-sparc
  grub-firmware-qemu
  grub-firmware-qemu
  libvirt-daemon
  libvirt-daemon
  grub-firmware-qemu
  grub-firmware-qemu
  libvirt-daemon
  libvirt-daemon
  vde2
  packer
  openbios-sparc
  openbios-ppc
  openbios-ppc
  libvirt-daemon
  looking-glass-client
  grub-firmware-qemu
  grub-firmware-qemu
  aqemu
  qemu-slof
  libvirt-daemon
jerry@jerryAspire-V3-771:~$ apt-cache depends libvirt-daemon
libvirt-daemon
  Depends: libblkid1
  Depends: libc6
  Depends: libcap-ng0
  Depends: libdbus-1-3
  Depends: libdevmapper1.02.1
  Depends: libfuse2
  Depends: libgcc-s1
  Depends: libglib2.0-0
  Depends: libparted2
  Depends: libpcap0.8
  Depends: libpciaccess0
  Depends: libselinux1
  Depends: libudev1
  Depends: libvirt0
  Depends: libxml2
  Depends: libvirt-daemon-driver-qemu
 |Recommends: qemu-kvm
  Recommends: qemu
  Recommends: libxml2-utils
    libxml2-utils:i386
  Recommends: netcat-openbsd
  Recommends: libvirt-daemon-driver-storage-rbd
  Suggests: libvirt-daemon-driver-lxc
  Suggests: libvirt-daemon-driver-vbox
  Suggests: libvirt-daemon-driver-xen
  Suggests: libvirt-daemon-driver-storage-gluster
  Suggests: libvirt-daemon-driver-storage-zfs
  Suggests: libvirt-daemon-system
  Suggests: numad
  Enhances: qemu
  Enhances: qemu-kvm
  Enhances: <xen>
jerry@jerryAspire-V3-771:~$ apt-cache rdepends libvirt-daemon
libvirt-daemon
Reverse Depends:
  libvirt-daemon-driver-qemu
  libvirt-daemon-driver-xen
  libvirt-daemon-driver-xen
  libvirt-daemon-driver-xen
  libvirt-daemon-driver-vbox
  libvirt-daemon-driver-vbox
  libvirt-daemon-driver-vbox
  libvirt-daemon-driver-storage-zfs
  libvirt-daemon-driver-storage-zfs
  libvirt-daemon-driver-storage-zfs
  libvirt-daemon-driver-storage-gluster
  libvirt-daemon-driver-storage-gluster
  libvirt-daemon-driver-storage-gluster
  libvirt-daemon-driver-lxc
  libvirt-daemon-driver-lxc
  libvirt-daemon-driver-lxc
  gnome-boxes
  libvirt0
  libvirt0
  libvirt-daemon-system
  libvirt-daemon-driver-storage-rbd
  libvirt-daemon-driver-storage-rbd
  libvirt-daemon-driver-storage-rbd
  libvirt-daemon-driver-qemu
  libvirt-daemon-driver-qemu
  libvirt-daemon-driver-qemu
  libvirt-clients
  libvirt-dbus
  libvirt-daemon-driver-xen
  libvirt-daemon-driver-xen
  libvirt-daemon-driver-xen
  libvirt-daemon-driver-vbox
  libvirt-daemon-driver-vbox
  libvirt-daemon-driver-vbox
  libvirt-daemon-driver-storage-zfs
  libvirt-daemon-driver-storage-zfs
  libvirt-daemon-driver-storage-zfs
  libvirt-daemon-driver-storage-gluster
  libvirt-daemon-driver-storage-gluster
  libvirt-daemon-driver-storage-gluster
  libvirt-daemon-driver-lxc
  libvirt-daemon-driver-lxc
  libvirt-daemon-driver-lxc
  gnome-boxes
  libvirt0
  libvirt0
  libvirt-daemon-system
  libvirt-daemon-driver-storage-rbd
  libvirt-daemon-driver-storage-rbd
  libvirt-daemon-driver-storage-rbd
  libvirt-daemon-driver-qemu
  libvirt-daemon-driver-qemu
  libvirt0
  libvirt-clients
  mom
  libvirt-dbus
  libvirt-daemon-driver-xen
  libvirt-daemon-driver-xen
  libvirt-daemon-driver-xen
  libvirt-daemon-driver-vbox
  libvirt-daemon-driver-vbox
  libvirt-daemon-driver-vbox
  libvirt-daemon-driver-storage-zfs
  libvirt-daemon-driver-storage-zfs
  libvirt-daemon-driver-storage-zfs
  libvirt-daemon-driver-storage-gluster
  libvirt-daemon-driver-storage-gluster
  libvirt-daemon-driver-storage-gluster
  libvirt-daemon-driver-lxc
  libvirt-daemon-driver-lxc
  libvirt-daemon-driver-lxc
  gnome-boxes
  python3-libvirt
  libvirt0
  libvirt-daemon-driver-storage-rbd
  libvirt-daemon-system
  libvirt-daemon-driver-storage-rbd
  libvirt-daemon-driver-qemu
  libvirt-daemon-driver-storage-rbd
  libvirt-daemon-driver-qemu
  libvirt-daemon-driver-qemu
  libvirt-clients
jerry@jerryAspire-V3-771:~$ apt-cache rdepends ovmf
ovmf
Reverse Depends:
  autopkgtest
  qemu-system-x86-xen
  qemu-system-x86
  qemu-system-x86-xen
  qemu-system-x86
  xen-utils-4.11
  qemu-system-x86-xen
  mkosi
  debos
  qemu-system-x86
jerry@jerryAspire-V3-771:~$ apt-cache depends ovmf
ovmf
  Replaces: qemu-system-common
jerry@jerryAspire-V3-771:~$ apt-cache depends sbsigntool
sbsigntool
  Depends: libc6
  Depends: libssl1.1
  Depends: libuuid1
jerry@jerryAspire-V3-771:~$ apt-cache rdepends sbsigntool
sbsigntool
Reverse Depends:
  secureboot-db
  secureboot-db
  ubiquity
  shim-signed
  refind
  efitools
  ubiquity
  shim-signed
jerry@jerryAspire-V3-771:~$

**GreyGeek** · Oct 26, 2020, 01:30 PM

https://www.blackhat.com/docs/asia-1...nd-Reality.pdf

Note pg 23 and on.
Seven years after Snowden blew the whistle on NSA snooping illegally on Americans many of the UEFI exploits he used/mentioned are not documented, as this PDF point out.

https://arstechnica.com/information-...g-in-the-wild/

Announcement

EFI is now mandatory? Canonical strikes again.

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment