tenser wrote to McDoob <=-

There's that. There's also this idea that tons of random
code runs before the OS even loads; "secure boot" is a cute
fiction with UEFI.

My understanding is that it's even worse than that. From what I've read the UEFI boot process uses MS-DOS.

But the the only truthful sentance that includes the words "Microsoft" and "secure" is "Microsoft products are inherently not secure."


... Your weapon was made by the lowest bidder!
___ MultiMail/Linux v0.52

--- Mystic BBS/QWK v1.12 A46 2020/08/26 (Linux/64)
* Origin: bbs.alsgeeklab.com:2323 (21:1/126)

On 19 Feb 2022 at 02:35a, Dr. What pondered and said...

My understanding is that it's even worse than that. From what I've read the UEFI boot process uses MS-DOS.

No, it does not. The confusion might come because by
design, when an x86 CPU comes out of reset, it begins
executing at code-boot reset vector in 16-bit real
mode; often that's executing instructions directly from
SPI-flash or something. The SEC phase code has to
handle running in that constrained environment and
getting the PEI running; that usually means turning on
DRAM (on Intel, you do training here; AMD does that
from the PSP), handling the A20 latch on the BSP, and
getting into 32-bit protected mode, loading the PEI
and jumping to it. From then on, it's mostly 32-bit
until you get to DXE. PEI does a lot of platform-specific
stuff, like enumerating APICs (CPUs), initializing
buses, device configuration, and so on, then it loads
and starts the DXE runtime, which remains resident even
after the OS boots (the OS can make UEFI calls by jumping
into DXE).

MS-DOS isn't used at all here, but DXE applications
often ship as Windows PE executables (which themselves
are based on COFF, which came out of System V Unix).

But the the only truthful sentance that includes the words "Microsoft"
and "secure" is "Microsoft products are inherently not secure."

That's not true. MSFT has some really crackerjack people
working on Windows, and has produced some very nice research
work in security.

--- Mystic BBS v1.12 A47 2021/12/24 (Linux/64)
* Origin: Agency BBS | Dunedin, New Zealand | agency.bbs.nz (21:1/101)

But the the only truthful sentance that includes the words "Microsoft"
and "secure" is "Microsoft products are inherently not secure."

THIS! ^^^^

McDoob
SysOp, PiBBS
pibbs.sytes.net

--- Mystic BBS v1.12 A46 2020/08/26 (Raspberry Pi/32)
* Origin: PiBBS (21:4/135)

tenser wrote to Dr. What <=-

MS-DOS isn't used at all here, but DXE applications
often ship as Windows PE executables (which themselves
are based on COFF, which came out of System V Unix).

Good to know. When I played around in it, it had a MS-DOS look-and-feel to me (keep in mind that was only 1 system that FORCED me to have to deal with UEFI to get Linux loaded).

That's not true. MSFT has some really crackerjack people
working on Windows, and has produced some very nice research
work in security.

That may be the case. But there's only so much a great architect can do if the ground he's building on is weak.

I've had to work with Windows for many decades now and while I've certainly seen improvement here, Windows "security" remains baroque and something tacked on afterwards.


... A nudist has no reason to fear a pickpocket.
___ MultiMail/Linux v0.52

--- Mystic BBS/QWK v1.12 A46 2020/08/26 (Linux/64)
* Origin: bbs.alsgeeklab.com:2323 (21:1/126)

On 21 Feb 2022 at 05:26a, Dr. What pondered and said...

Good to know. When I played around in it, it had a MS-DOS look-and-feel to me (keep in mind that was only 1 system that FORCED me to have to
deal with UEFI to get Linux loaded).

You mean the UEFI shell? I suppose that implements whatever
look and feel the shell's implementors designed it to have.
Sounds like it has some resemblance to DOS, which itself
resembles CP/M and TOPS-10 in many ways. None of this stuff
was born in a vacuum. DCL on RSTS/E on the PDP-11 looks
like DCL on VMS on the VAX/Alpha/Itanium (and now x86!), but
the implementations are quite different.

That's not true. MSFT has some really crackerjack people
working on Windows, and has produced some very nice research
work in security.

That may be the case. But there's only so much a great architect can do if the ground he's building on is weak.

I've had to work with Windows for many decades now and while I've certainly seen improvement here, Windows "security" remains baroque and something tacked on afterwards.

It could certainly be simpler, but the Windows code (by which
I mean the kernel) is actually remarkably good.

--- Mystic BBS v1.12 A47 2021/12/24 (Linux/64)
* Origin: Agency BBS | Dunedin, New Zealand | agency.bbs.nz (21:1/101)