The Fight for a Secure Linux BIOS… Past, Present and Future
I am a college instructor with more than twenty years of experience. I offer free online courses through our non-profit organization, College in the Clouds. I have written several books, the latest of which is Learn Linux and LibreOffice. More than 100,000 students have used our associated website, LearnLinuxandLibreOffice.org to assisted them in creating their own Linux computer and joining the Linux community. I have recently started a new project called DistroTweaks.org to provide the Linux community with a new way to customize the Linux operating system. I also teach students in the Bellingham School District how to start their own business and build their own website using a Linux computer. For more on this program, visit kidsbizclub.org. My interests include helping students learn how to build their own secure websites and putting the power of the Internet in the hands of the people.
One reason many people are moving from Windows to Linux is security. People are tired of getting their Windows computers hacked every time they go online. The problem is that the Windows operating system has a Call Home function that is basically an open back door for hackers. But what is the point of having a secure Linux operating system on your computer if it has another program – the BIOS program - that still has a Call Home function? In this presentation, we will explain why the BIOS program is important and describe the past, present and future of our fight for a secure Linux BIOS.
PAST: We begin with a review of the past 30 years of BIOS. BIOS or Basic Input Output System is the program that starts your computer before handing it over to your operating system. For more than 20 years, BIOS consisted of a small program that was independent of the operating system. Then, in May 2006, Bill Gates gave a speech announcing a “better” replacement for BIOS called the Unified Extensible Firmware Interface (aka UEFI) – a secret closed source program that was 20 times bigger than the prior BIOS. https://news.microsoft.com/speeches/bill-gates-winhec-2006/
All Windows computers and most Linux computers now use UEFI. Thankfully, in 2007, Google began supporting Coreboot - a free open source alternative to UEFI. Coreboot eventually became the BIOS program for all Chromebooks.
I have written many articles over the last 8 years explaining why the open back door in UEFI was a security risk. I have repeatedly urged Linux users to seek out computers that use Coreboot or some other open source BIOS program. https://learnlinuxandlibreoffice.org/1-why-switch-to-linux/1-4-uefi-the-microsoft-kill-switch
PRESENT: We will next explain why the current state of UEFI BIOS is not looking very good… For example, in September 2018, the first UEFI Rootkit was discovered in the wild. Naturally, the attackers used the open back door I have complained about for years.
Meanwhile, Ron Minnich and others at Google are working on Linux Boot - a secure BIOS that uses the core of the Linux operating system as firmware. https://www.linuxboot.org/
In 2018, Linux, Facebook (Open Computing Foundation), ARM, Intel, OpenSUSE, Secunet, Horizon Computing, Two Sigma,, 9 elements Cyber Security and Siemens joined Google in supporting the Linux Boot project. At the same time, Purism developed their own version of Coreboot for their Purism Linux computers.
FUTURE: It is encouraging that all of these open source BIOS projects are going on. But the fact is that over 90% of all computers are still using UEFI. We need a secure Linux BIOS for all Linux users. We will therefore end with a discussion of the future… What do we have to do to get a secure Linux BIOS for all Linux users? Come and contribute to the discussion. Your ideas and input are wanted.
- 45 min
- LinuxFest Northwest 2019
- Open Source Firmware