Slashdot Mirror
Demystifying UEFI, the Overdue BIOS Replacement
An anonymous reader writes "After more than 30 years of unerring and yet surprising supremacy, BIOS is taking its final bows. Taking its place is UEFI, a specification that begun its life as the Intel Boot Initiative way back in 1998 when BIOS's antiquated limitations were hampering systems built with Intel's Itanium processors. UEFI, as the article explains, is a complete re-imagining of a computer boot environment, and as such it has almost no similarities to the PC BIOS that it replaces."
Seriously, it's almost brilliant how different Slashdot articles contradict themselves. Just yesterday we talked about how bad thing it is that Microsoft employees UEFI , and now were saying it's long overdue.
Article was a little too light on technical details for me. This article read like something you might find in an “intro to computers” textbook. Vague somewhat-technical description of what it does and a few somewhat unclearly described differences.
Not necessarily a bad article, just wasn't what I was hoping for :(
It's called U-boot. This is just a way to lock out open source.
An unbiased, mature look at a piece of new technology.
Help I am stuck in a signature factory!
What the point was of this article? There is no meat at all in there. I expected a complete deep technical overview of UEFI, not something you can summarize as "It's a little operating system providing services to the actual operating system".
Ahhh...the great dumpster continuum. Many a free computer will be found there. -- sowth (748135)
The return of boot-sector virii. This time in your BIOS. I can hear it, just over the horizon. They're coming.
Is that what we need, DRM in the firmware?
...because slashdot is only one person. I. AM. SLASHDOT!
What is wrong with the BIOS anyway? Why does the boot process need to be all flashy? It seems like adding complexity there will just end up causing problems...
Maybe I'm just a relic...a lot of people don't even know how to get into their BIOS anymore, let alone what the POST and such is afterwards.
With any luck, it'll be close enough to Apple's EFI implementation that Hackintoshing will be a simpler process. Not that it is terribly difficult now, geniuses like nawcom and netkas have made amazing advances in simplifying the process. But hey, the closer I can get to a vanilla install, the better.
loUw-lEvel Friggin lockout
Join the Slashcott! Feb 10 thru Feb 17!
From a screenshot in the ExtremeTech article: "Never run downloaded programs that are unknown to SmartScreen". So how does a software developer make a program "known to SmartScreen" for the first time other than by selling it on the Windows Store?
From the same article:
if you try to boot while an infected USB memory stick is plugged in, Windows 8 will warn you and refuse to load.
So how do I tell Windows that a USB mass storage device containing an Ubuntu install image is not "an infected USB memory stick"?
Microsoft wants you to hibernate Windows 8 rather than shut it down
So will we finally have the ability to come out of hibernate without that one peripheral not responding?
Reset restores Windows 8 to its base, just-like-new state. Refresh is similar, but it preserves all of your documents.
So now "reformat and reinstall" is becoming institutionalized.
The article links to an article about the Windows Store. It claims that "the process for getting an app certified and listed in the Windows Store will be as painless as possible." Does this include applications developed by high school students who aren't 18 yet? Or college students who don't want to spend $99 per year? It also mentions "content compliance checks", and if "content compliance checks" are anything like the ones that Microsoft uses for Xbox Live Indie Games, this could shut out entire genres of applications. It says "you won't be able to download a Metro app from Download.com", but wouldn't one just be able to load an app into Visual Studio Express and run it that way?
Secure boot is bad. What is mysterious about that? If you want to understand more, related to booting Linux, read these. UEFI secure booting x86 EFI boot stub
Having to work for a living is the root of all evil.
Fuck everybody who uses that word. It belongs in the marketing buzzword incinerator with "thought-shower", "synergy", "pro-active", and anything "in the cloud".
Finally had enough. Come see us over at https://soylentnews.org/
Yes, I recognize that MS can abuse UEFI. Given that my work machines are WinXXXXX I don't have a choice about that, and I would assume that at some point there will be mobos that aren't controlled by M$.
My question is ten times simpler: If this thing is flashable memory, etc., doesn't it open the doors to way more cracking by folks I'd really rather avoid, that is, identity thieves et. al? How is going away from silicon going to affect this?
...Open Source isn't the only answer -- but it's almost always a better value than the alternatives...
I read the articles attached to this Slashdot story, and my impression was that Microsoft could use UEFI secure booting to make it much harder for PC owners to install Linux alongside or in place of Windows. Red Hat develoer Matthew Garrett explains: "Microsoft requires that machines conforming to the Windows 8 logo program and running a client version of Windows 8 ship with secure boot enabled. [...] A system that ships with only OEM and Microsoft keys will not boot a generic copy of Linux."
YOU-fee?
YOU-fi?
you-EF-ee?
load "linux",8,1
What are the chances that the secure boot is a simple switch that we can change? Enable secure boot to support whatever keys are in the system or disable to support anything else? I would actually be surprised if UEFI didn't support this.
So it's the Ourobios?
My first Journal Entry ever, in 8 years! http://slashdot.org/journal/365947/aphelion-scifi-fantasy-horror-poetry-webzine
My understanding of the documentation of secure boot allows controlling: operating system, firmware and drivers. Now let take a look at this you buy a Asus MB with secure boot activated and containing key for let say windows and Asus drivers / firmware only, good luck adding a gigabyte video card this this setup as your new Asus secure boot Uefi does not contain the gigabyte driver signature. Now let take for instance your new Dell have is video card blow up and you want to replace by an off the shelve one, if it not Dell you’re toast. My computer is 3 years old, do you think I will be able to have a Dell video for it ? Hell no, so it all comes down to new system.
The only reason UEFI is overdue is not because they are slow in development. It's simply the fact that UEFI isn't an open standard. If UEFI was made an open standard every new computer in a month would all have UEFI.
The main issue for me is that BIOS is just SLOW.
There are limits to how fast any BIOS or BIOS replacement can proceed to reading and executing the bootloader. How long does it take to write to every page of RAM and read back from it? How long does it take for a hard drive to spin up?
if it allows me to have that instant-on computer that Intel has been promising us for the last decade or two
The only instant-on computers are computers with the operating system in solid-state memory. This can be an SSD. Or it can be RAM, which means the computer has been put to sleep and the hard drive spins up while the user is entering his password.
Just like Androids, sever vendors will remain unlocked, or give out the keys to owners.
By "sever" did you mean "cut off"? I don't think you did. So you meant either "several", which is OK, or "server", which excludes people who want to buy laptops. Which?
BLAME CANADA!
What are the chances that the secure boot is a simple switch that we can change?
Slim. Otherwise, trojan horse programs that claim to "make Windows faster" would ask the user to turn off secure boot and restart so that they can "do their job" (actually install malware).
So it's the Ourobios?
Wishing I had mod points for you.....
-- Don't call me "Sir," I increase entropy for a living!
"you can surf the internet from the UEFI interface" Even though it might be highly useful to network this way does anyone see that this could be a major downfall? Aren’t they just taking the most important part of the computer and opening it up to everyone?
Some should make a soft core porn game for metro and make it very clear that it is a adult game and if it gets banned sue under 1ST amendment rights and antitrust laws.
Read UEFI as UFIA. On further review, yep, that's about right.
They say the first thing to go is your penis. Well, it's either that or your brain. I forget which...
Needs a marketing department.
I've been dealing with UEFI-based servers for the past couple of years - IBM System x specifically - and while I see the potential for UEFI, it's still got a lot of teething pains in the Enterprise space as far as I am concerned. IBM was the first to basically put their entire x86 product line on UEFI-only hardware.
However, I have actually encountered machine configurations that BIOS was unable to deal with (add-in PCIe cards utilizing all of the ROM memory space and bringing the machine to a halt, amount of RAM beyond what BIOS can handle natively, etc...) so I can see the requirement for a BIOS replacement.
In its current incarnation in the servers I deal with, the architecture is essentially booting two full-blown microprocessors running code *BEFORE* the machine will even attempt to POST. The service processors in the current IBM machines (IMM - Integrated Management Module) are the first thing to fire up when power is applied to the server - since IMMs are small microprocessors in their own right (can't remember the make, but I remember hearing 100MHz speeds) loading what I believe is a micro-Linux kernel it takes time for these things to fire up. This process can take up to two (sometimes more) minutes before the power button stops blinking rapidly and goes to a normal "power off" blink. At this point you can turn the server on, which is when it will fire up the UEFI microprocessor and begin to load all of that code into the system. UEFI goes and "talks" to all of the internal hardware, loads profiles for devices, etc... during this phase. That can take up to another four minutes or so (it has gotten faster over the last two years) at which point the actual POST screen will display and you can either enter SETUP or allow the server to boot - note that add-in cards will have to load their own ROM as normal (if in Legacy Mode, which most of our server are due to OS limitations). Note that the more cards you put in a machine and more boot options you leave enabled, the longer this pre-POST initialization takes. I've seen reboot cycle times of over ten minutes in some instances, whereas the BIOS-based systems would complete that cycle in under two minutes.
So here's a brief summary of the current state-of-the-art in server UEFI:
PROS:
* Allows configuration of peripheral devices from the SETUP screen.
* Allows up to 1TB (much smaller in practive) of Option ROM space for add-in cards.
* Allows for huge amounts of memory, and very large disk sizes.
* In theory, allows for additional software to execute before the primary OS kicks in. Not really utilized in these machines.
CONS:
* Horribly slow boot cycles. Length of boot cycle dependent on amount of hardware in server. Had an IBM ATS Engineer tell me they had a machine in the lab that they plugged so much stuff into that it took 23 hours to POST.
* Corrupt firmware or firmware updates is the kiss of death for many of these machines. While there are backup firmware spaces and the appropriate jumpers to recover, this does not always work as intended. We've had quite a few brand-new systems that had to have complete system planar replacements because the code wasn't executing right.
* As these are actual mini-OSes running there are all kinds of strange quirks and odd behavior from the servers. Lots of troubleshooting involves resetting the service processors and praying they reboot properly in order to just get the server to POST normally.
* Speaking of quirks, there are lots of situations where hardware failures are either false-positive failures or not indicated as an issue when they actually have faults. Troubleshooting on these machines becomes guesswork based on intuition rather than having a solid grip on what component is doing what.
* Example: As the UEFI handles all of the components on the server, we have run into issues where bad code for the UEFI causes the Operating Systems to malfunction in strange ways, only to find the OS was reacting to thousands of repeated error messages being
UFIA and UEFI. The latter means Un-Expected Finger Insertion
Some drink at the fountain of knowledge. Others just gargle.
lot's of hardware raid cards have some kind of text mode GUI or a GUI that looks like the old MS-DOS Editor.
Now it can be a big plus to have gui with mouse to config a raid card with out having to boot a full os.
BIOS, all the way down.
"UEFI, being a pseudo-operating system, can access all of the hardware on the computer — you can surf the internet from the UEFI interface, or backup your hard drives — and it even has a full, mouse-driven GUI"
Why do we need that? Why we can't have a "BIOS" that just boots the bootloader or the system itself and nothing else. Maybe an option from where it should boot (from harddisk, CDROM, network, etc). Just a thing, that don't have the limitations of the old BIOS, but with the sole purpose to boot the system/bootloader as fast as possible and then just go out of the way.
"The fact that all of this boot data is stored on NAND flash or on a hard drive means that there’s a lot more space for things like language localization, boot-time diagnostics (begone meaningless POST beeps!), utilities (backup, restore, malware scanners), and so on."
If the graphic card or the motherboard is broken, all the computer can do is to beep, with UEFI or without. If I need diagnostics and utilities I just use my Linux live-CD or live-USB-stick (like Knoppix or SystemRescueCD). They are easy to use and much more sophisticated.
UEFI sounds like the shiny new GUI interface that nobody will use, but it was developed because the old boring program was too old fashion. Like Nero, with was 50MB and then later became a 1GB full blown suite.
http://www.mueller-public.de - My site http://www.anr-institute.com/ - Advanced Natural Research Institute
...BIOS’s antiquated limitations were hampering systems...
What exactly are these limitations, in real-world terms? My systems all seem to boot & run fast right now...
If the BIOS has limitations, why not just flash an updated BIOS? All of my machines have had at least one BIOS update since manufacture. No problem.
As for the mini-OS-before-boot concept...I already have a bunch of Linux "Live CDs" that I use to partition drives, image & restore partitions, scan for viruses, etc without having to boot Windows. Why would I want to put a "pre-boot" OS on my hard drive, where it can be hacked and infected?
Someone please enlighten me if UEFI has any real-world benefits to outweigh its costs.
Yeah, UEFI boot time is insane. Even on my home server which doesn't have any fancy monitoring hardware the UEFI boot takes about twice as long as booting Linux once it's finished.
Its been a while since I've needed to diagnose a problem with those beeps, but last time I did I'm pretty sure that each and every one of them had a very specific meaning.
Okay, I'm going to be a dick and say that UEFI is a load of crap. It has its own cute little platform-independent bytecode, which I suppose would come in real handy if you're in the business of selling motherboards that support more than one CPU architecture... wait, what ? And then manufacturers love to store a bunch of extensions on the hard drive, like in the Asus screenshot - but let's not call it an operating system okay ? Hell, Gigabyte even ships a few crappy games as EFI extensions on the motherboard CD.
UEFI is an overdesigned solution to a non-problem. Intel has basically given everyone carte-blanche to bloat up the pre-boot experience. We already had gimmicky mouse-driven BIOSes back in the day, I remember one as far back as the 286, where AMI had replicated a Windows 2.0 style GUI. Pointless, slow, but hey it's shiny right ? :P
What the BIOS needed was an update from its 35 year old roots - a little less 16-bit legacy cruft, a little more forward compatibility for the 64-bit era. What we got instead was a reinvention of the wheel that doesn't actually solve much. It simply replaces one simple interface with another. Instead of VESA VBE, we now use GOP, which provides (dun dun dun!) a linear frame buffer. Instead of calling interrupt 13h for disk access, we now call a C++ object. Nothing has really changed, except for the bloat.
-Billco, Fnarg.com
I would actually be surprised if UEFI didn't support this.
Microsoft will presumably refuse to 'Windows certify' motherboards which allow you to turn off 'secure boot'. All for the user's security, of course.
They've wanted a completely locked-in system for a decade or more since they started pushing DRM. They couldn't do that with the old BIOS, but they can now; if not in this generation then they will for 'Windows 9' once the old BIOS-based motherboards are gone.
Oh wait, this isn't FARK.
But seriously, go check out BoingBoing for what this means for Open Source / Free operating systems.
Any reason why AMD could not design an open & free specification with as much industry participation as possible? That would seem like a good move.
Service processors are different than UEFI, however.
Oh wow now I can use teh mouse in teh setup screenz.
OpenBOOT, free FORTH environment, boot from anything available and if not and all else fails you can write it there and then, anyone? Talk about bootstrapping.
I don't think UEFI is all that nice, compared to what already exists, unless you restrict your comparisons to BIOS only, and that isn't really fair. Just another poorly reinvented wheel. But hey, at least it allows vendors to lock you out of hardware you thought you owned. BONUS.
Like movie DVD players there are bound to be one or two manufactures who will leave in a back door to allow install of any OS. Also, any lock in specifically designed to only allow Windows to work will either be worked around or will result in another anti-trust lawsuit for MS.
Another scenario is that Linux users will buy Macs to run Linux, since Macs already support EFI. Then seeing the impact of this other companies will try to add ways of installing Linux.
I think in the long run we have nothing to worry about, though we should be careful about the hardware we buy.
Jumpstart the tartan drive.
mnem
*Tired being expected to get excited about what is essentially the transmission in his computing device*
with all this extra memory needed to put in this GUI crap, malware can be 100% embedded in the BIOS without any way to get rid of it!
permanent remote access anyone?
Anons need not reply. Questions end with a question mark.
So yeah, just add XEN and it is another hypervisor with Windows or whatever being the DOM0.
Well I would assume that if the secure boot thing checks the keys of software that runs at boot, there would be some similar key based check done before something was flashed onto UEFI. This of course brings us back to the problem of just how reliable are digitally signed keys?
Another problem I have is that my gaming rig is always a Windows machine, and I'm okay with that. But then about every two years I build a new one, and the old one becomes a Linux machine of some flavor. If the way things shake out I'd have to build two machines to accomplish what I want, instead of just maintaining a machine whose only crime is still being worthwhile as a computer, just not a game machine.
Note to self: No more arguing with the faithful.
Microsoft will presumably refuse to 'Windows certify' motherboards which allow you to turn off 'secure boot'. All for the user's security, of course.
So this whole "Microsoft kills Linux" thing is more of a "Microsoft may presumably do something that indirect may be bad for Linux".
I was using EFI in 2002/2003 when I worked on Itanic servers at HP. I remember being told at the time that it was the future and would soon be on PCs. However things seem to have moved on, I don't remember having any kind of GUI, just a DOS like interface.
if it had some kind of hypervisor functionality.
Nullius in verba
Also, any lock in specifically designed to only allow Windows to work will either be worked around or will result in another anti-trust lawsuit for MS.
By whom? An anti-trust lawsuit requires the US DOJ to do the prosecution. If the DOJ doesn't want to do it, then it's not going to happen. What makes you think the DOJ would have any interest in enforcing anti-trust law? Did you forget that Bush ordered the DOJ to drop their case against MS back in 2000? What makes you think the Republican who takes over the White House next year would be any different? Or that Obama, if he somehow got re-elected (fat chance), would do anything different? (He's been one of the best Republican Presidents ever.)
UFIA, if Microsoft gets their way.
... on a subject, and... and... more than one of them are posted... on the same website. Wow, what a mind-blowing concept. Seriously, dude, "Slashdot" is not a monolithic brain that has one and only one opinion on any given topic. UEFI is a controversial topic, and postings on Slashdot are going to reflect differing views.
Graphical picking of boot disk
If your hard drive or SSD dies and you replace it, or if you destroy your version of OS X Lion somehow, the latest Macs, using UEFI, will go out over the network to Apple, download a new copy of Lion, and install it.
Try that with BIOS.
But my general feeling is that users sophisticated enough to wipe and replace their hard drive are probably sophisticated enough to understand not to wipe out that hidden partition labelled "UEFI". Sure, some won't be, and they'll suffer. But we're not talking about a very large portion of the population - your grandma is not going to be wiping and reloading the OS in the first place, and 1337 haxxxors are probably going to figure out how to do this safely.
Time for them to find an easier job.
From a user perspective, UEFI rocks.
Your bios is already flashable. That's how bios updates work. And yes, there are bios viruses.
Give me Classic Slashdot or give me death!
BIOS has a LOT of limitations. >2TB hard drives, network boot, disk controllers, GPU's, IPMI, ... everything has to subvert the BIOS in some way which makes it mightily slow. My iMac boots with Lion in 7 seconds. My Linux machine takes 15 seconds just getting to Grub, my servers take up to 45 seconds to get to the boot loader.
All of the things you mentioned above are _positive_ things, in that you would have to be crazy to use the bios for anything other than loading the os and getting the hell out.
How exactly is a longer boot time and slow operation that needs to be circumvented a "positive" thing? The mere fact that you can work around the BIOS does not make it good.
We've had a ton of issues with the various large vendors (IBM, HP, Dell, etc) and UEFI PXE boot. For the past couple of years we've just dissabled it in UEFI and enabled legacy style PXE. Well, this needs to change. Too bad none of these vendors have done much to help with their damn issues.
Microsoft will presumably refuse to 'Windows certify' motherboards which allow you to turn off 'secure boot'.
Presumed by who?
Now it can be a big plus to have gui with mouse to config a raid card with out having to boot a full os.
Hahahaha! Really? Being able to use the mouse is such a big advantage?
Still, if you really want to use the mouse to configure things, no need to throw out the BIOS. I remember old (early 1990s) Compaq BIOSes that had GUIs, mouse and all. IIRC, they looked kind of like Windows 3.x.
Please correct me if I got my facts wrong.
I'm wondering if we're headed back to the era of the access-dongle, so you get a dongle with your new computer, just like you get a key with your new car.
[Cue mutterings about how if the dongle isn't write-protected, all sorts of nasty effects could ensue.]
~REZ~ #43301. Who'd fake being me anyway?
Because there have been more recent antitrust lawsuits by the DOJ as they have actual balls. Such as the AT&T lawsuit currently ongoing.
APK likes to ask for responses to the same things over and over. Maybe he just likes the responses?
The idea isn't far from how mobile device makers secure their boot loaders. The flash part can be set as read only and only unlocked by some special process. That process can check for signed updates (IIRC, some of that is in the EFI capsule update specification). And with the driver structure of EFI, the firmware can check for signed drivers before running them. At least some thought has been put into security but I do think it will be interesting to see what happens. BIOS security was mostly based on the fact that is just didn't look like a good target because of the realities of real mode x86 code that was not set up for any sort of dynamic relocation. So it seems that UEFI has more thought for security put into it.
and the rest of us will continue to build our own from components.
Know of any good sites selling components with which to build a laptop?
Ever heard of the EU? They're a bit keener on anti-trust actions against US companies than the US is.
And what happens when the HD develops a bad spot in the middle of the hidden UEFI partition?
A thin layer of error correction like Par2 on the recovery image might help with that.
Here's another stumper: What happens when the HD develops a bad spot in the boot sector?
Last I heard, they're in a giant financial crisis which threatens to actually destroy their monetary union, so their attention might be occupied.
Anyway, the EU doesn't have any say over what gets sold in the US. Even if the EU forbade Windows-only secure-booting machines, MS would still be free to require all machines sold in the US to be made that way, and the US is a giant market. Of course, this could create a small gray market, with EU-market machines being sent over for Linux users. Of course, it's far more likely we'd have gray-market machines or motherboards being sent over from Asia, where they're all made anyway, but expect the prices to be higher since it'd be a specialty item.
why UEFI and not common used standards like Openfirmware? This is already used in many systems and not so bad..
LOL! And Nobody is going to want those quantity 1000 orders? You know your salesmen are too old when . . . .
Those Compaq machines had a hidden service partition that actually booted DOS and ran the setup program along with diagnostics programs. If your HD died or you completely wiped the service partition off, you couldn't get into setup until you restored it. The only self contained BIOS I can think of that used a mouse was the AMI WinBIOS, which everyone seems to hate for some reason.
You guys can be so negative. I just built a new system with the Z68 chipset with an asus mobo running a UEFI just like the one shown in the article. Using the mouse and a decent graphical interface to alter boot order and set overclocking settings is pretty damn cool, and I've been mucking with the BIOS since you had to enter the # of heads and cylinders for hard drives manually.
I looked in the motherboard section of NewEgg and all I could find were for desktops, not laptops. Are we entering a market where desktops can run Ubuntu but new laptops can run only Windows?
As I understand it, these two companies don't manufacture their own laptops. Instead, they refurbish the major OEMs' laptops, install Ubuntu, and resell them. Once the major OEMs' laptops are locked down with UEFI secure boot to run only Microsoft operating systems, where will these two companies get laptops to refurbish?
I am thinking the spooks will love having a mini-OS to put secret hooks. It allows them
to directly access your system bypassing your own OS.
Microsoft will presumably refuse to 'Windows certify' motherboards which allow you to turn off 'secure boot'.
Presumed by who?
By anyone possessing the sense that God granted a goatse?
2+ TB GPT boot drives
Graphical pre-boot interfaces with mouse
Graphical installation of my OS over the network
No more legacy 16-bit
From a user perspective, I don't care about all the crap you're talking about. It just works.
does this mean that we won't have to worry about firmware updating potentially bricking your machine if things don't go well?
that has always baffled me that there wasn't a ultra-base layer that could not be modified and did not NEED to be modified that would simply allow your machine to always boot...
so is that what uefi means?
i hope so.
How dumb. If your OS is already so crappy that it gives someone access to the bootloader when what hope do you have that the virus won't write itself into the OS just after the boot loader. Just hook in anywhere/everywhere else. AND now you have created a place to STORE more viruses when this dumb thing gets hacked.
If it's a SWITCH or jumper, Bubba and LaQueefa ain't cracking the case.
"This post is an artistic work of fiction and falsehood. Only a fool would take anything posted here as fact."
The BIOS has problems. So fix them, change the BIOS. Adding a new level of abstraction between the BIOS and the OS, or making a BIOS replacement that is a shiny toy, is asking for trouble.
Contribute to civilization: ari.aynrand.org/donate
The key point is whether the end user can install a signature for his *own* operating system in his own hardware, and then secure boot linux. Nothing in the document suggests this is possible (and MS slams linux as an older operating system for "enthusiasts", but that isn't really the point)
Taken directly from the article.
"UEFI, being a pseudo-operating system, can access all of the hardware on the computer — you can surf the internet from the UEFI interface, or backup your hard drives — and it even has a full, mouse-driven GUI (below right). The fact that all of this boot data is stored on NAND flash or on a hard drive means that there’s a lot more space for things like language localization, boot-time diagnostics (begone meaningless POST beeps!), utilities (backup, restore, malware scanners), and so on."
Unless the UEFI can be wiped FROM the underlying system (DOS, meet BIOS: they won't get rid of you, they'll just get better at hiding you from the base of heathen users), and users are GIVEN this option, this does not get rid of the possibility of rootkits. This just makes it laughably easier. Anyone who believes otherwise is clearly an idiot and has little to no understanding of actual system security. This will turn out to be little more than a prettied up version of DOS. I'm even willing to bet money on it.
The reason UEFI will replace BIOS is that it's a standard and not every vendors will have their own BIOS implementations. It also provide support for fast boot and large disks (> 2.2 TB).
There are Windows vs non-windows-os issues in play here, but
How does uefi do for enabling motherboard-level DRM strategies?
A modern system should contain two SDHC slots, one named SYSTEM, one named DATA.
The Bios should just blindly and nearly instantly try to boot from the SYSTEM SDHC slot, and probably not be upgradable at all.
SDHC is enough to have your all operating system on it for just e few dollars per card.
SDHC has a read-only button, so you can really prevent any rootkit to install.
As a result, you can at last have different environments, some for playing, some for doing sensible tasks,
each environment beeing just an SDHC system card. And last but not least, before upgrading the operating system,
you can make a true backup (copy the SYSTEM SDHC to another one) that will be restored through just reinserting
the old SDHC card.
No more partitions, cards please, and security will become a reality !
Also USB could provide it, there are several small issues that makes SDHC/SDXC better suited for the task.
if they manage to do this, it's creating a monopoly, and I believe that there would be legal issues raised at that point
Remember how U.S. President George W. Bush dropped the DOJ's case against Microsoft as soon as President Clinton left office? If the Obama administration were to sue or prosecute Microsoft for such monopolistic practice, watch President Perry or President Romney drop the case.
how long do you think it would take for the Linux community to jailbreak computers built that way?
Should I include the years spent waiting for the next DMCA rulemaking to get the jailbreak exemption expanded from phones to also cover computers?