Brand new computers are plagued by a disease called UEFI. Just like how you understood virus menace in Windows, it is important for us to understand the same with UEFI. Hopefully somebody will be brave enough to take some action for removing if not improving the implementation.
For the brave ones, steps right away and for analysts and people from Lenovo, the rest.
- Wipe entire harddrive, “dd if=/dev/zero of=/dev/sdX bs=512 count=1”
- Remove all EFI enteries, using efibootmgr(from a live linux disk), “http://linux.die.net/man/8/efibootmgr”
- Goto UEFI setup and select “Load OS Optimized Defaults”
What is UEFI?
UEFI is the firmware of your computer just like the BIOS. The CPU and other chips have a lot of initialization processes, which are initiated by the firmware.
Also it has various other capabilities used by the operating system like ISCSI controller, RAM controller, OS uses for accessing IO services.
It has setup utilities and also a simple POST check to make sure key components work and the computer starts.
Advantages of UEFI over BIOS?
Vendors get the freedom to put more optional ROM(s) to achieve functionalities that were there only in OS(mostly windows) like hardware check, remote assistance etc.
It uses a GPT partition table enabling you to make larger disks bootable(greater than 2TB).
It is no longer dependent on MBR, tiny space on the start of primary partition allowing the computer to chainload a boot loader like GRUB.
This also frees the bootloader from chainloading. Multiple OS(s) can co-exist peacefully without maintaining one bootloader. Earlier the primary had to boot second and thereafter start the kernel of respective OS, just like we have been loading Windows from GRUB.
Because UEFI(you will learn in a while why?), is so vulnerable you should use only certified OS(s), like the very respected Windows(I hate Microsoft).
Entries in ROM?
If I somehow manage to turnoff secure boot, I can install any EFI based bootloader. But where does the entry go? I do not have a MBR.
It goes straight to your ROM. Wow, even if you put a new harddrive your efi entries remain intact still remains with you. How satisfying, maybe that is jolted lovers keep photographs of the X(es).
The real problem
All these secure boot computers that you buy, have Windows pre-installed and they have a very caring feature for you. Simply by going into UEFI setup(which still looks like BIOS setup) you can find an option to “Load OS Optimized default Settings”.
Wow, but what if the first thing you do is clean the entire hard drive and delete all partitions(even the Windows recovery and EFI partitions).
Where are the “OS Optimized default settings”?
For some they might be in the ROM somewhere, not for Lenovo at least.
For the love of God if you still go ahead with it, boom the Lenovo breaks down.
You can boot from external drives, except for Lenovo Firmware update CD, which does nothing.
Guess what remains in the end,bloody BOOT MENU.