Linked by Thom Holwerda on Thu 31st May 2012 11:11 UTC
Fedora Core "Fedora 18 will be released at around the same time as Windows 8, and as previously discussed all Windows 8 hardware will be shipping with secure boot enabled by default. [...] We've been working on a plan for dealing with this. It's not ideal, but of all the approaches we've examined we feel that this one offers the best balance between letting users install Fedora while still permitting user freedom." Wait for it... "Our first stage bootloader will be signed with a Microsoft key."
Order by: Score:
Comment by orestes
by orestes on Thu 31st May 2012 11:42 UTC
orestes
Member since:
2005-07-06

Typical Fedora, very pragmatic.

Reply Score: 6

Wonderful...
by Neolander on Thu 31st May 2012 11:45 UTC
Neolander
Member since:
2010-03-08

What's next, using the NT kernel and recoding the user-space in C# ? This secure boot situation is really getting more and more ridiculous every month... :/

In most realms of engineering, when a fatal design flaw is discovered in a product, companies generally fix it and provide free repairs on the flawed units. Why is it than in IT, we instead try to keep the broken stuff around and build software around it ?

Edited 2012-05-31 11:45 UTC

Reply Score: 1

RE: Wonderful...
by Risthel on Thu 31st May 2012 12:02 UTC in reply to "Wonderful..."
Risthel Member since:
2010-12-22

And you are blamming that this is Fedora's fault, because they want the thing working in this "EFI broken Standard" that Engineers created just to make OEM harder to avoid?

Reply Score: 2

RE[2]: Wonderful...
by orestes on Thu 31st May 2012 12:14 UTC in reply to "RE: Wonderful..."
orestes Member since:
2005-07-06

Some people would prefer that potential users be screwed over to make a point rather than adopt a simple, if less than ideal solution.

I know someone's going to bring up Fedora's hard line on media codecs when other distros are more flexible so I might as well point out that it's not the same scenario. With the media codecs, there are issues of legality and licensing at play in various countries. Fedora takes the safe path for itself and it's users.

With this the only issues are ethical, and those who feel strongly about it can simply avoid the locked down platforms entirely.

Edited 2012-05-31 12:24 UTC

Reply Score: 2

RE[2]: Wonderful...
by gan17 on Thu 31st May 2012 12:58 UTC in reply to "RE: Wonderful..."
gan17 Member since:
2008-06-03

I think Neolander was just lamenting the sorry state of the tech sector in general. He wasn't really singling out Fedora.

Reply Score: 2

RE[2]: Wonderful...
by Neolander on Thu 31st May 2012 14:29 UTC in reply to "RE: Wonderful..."
Neolander Member since:
2010-03-08

This is not Fedora's fault in particular, so much as the general way hardware standards work in IT.
-Some big company with lots of cash puts a half-done standard document on the table and says "Okay, here is how things are going to be done now"
-When they become aware of it, smaller actors quickly read the spec, point out the flaws of the new standard and suggest improvements
-Big company refuses to listen
-In the end everyone has to face the consequences of their irresponsible behavior

I couldn't even count the amount of solutions that have been proposed yet to address Secure Boot's shortcomings. Having a central signing authority, using a "keyring" mechanism to accept several signing keys + displaying a clear warning on boot when OS software is signed with an unknown key, allowing OSs to use whatever structure they like instead of forcing NT's executable format and "every driver is in kernel mode" philosophy on everyone...

Secure Boot as it exists today is basically a gigantic "f--k you !" to any OS developer that is not Microsoft or one of their partners. It's just baffling that it could make it into an industry-standard document like the UEFI spec without a reasonable discussion with other OS actors going on first.

Edited 2012-05-31 14:44 UTC

Reply Score: 7

RE: Wonderful...
by moondevil on Thu 31st May 2012 13:34 UTC in reply to "Wonderful..."
moondevil Member since:
2005-07-08

You mean Singularity?

Reply Score: 2

RE[2]: Wonderful...
by Neolander on Thu 31st May 2012 14:42 UTC in reply to "RE: Wonderful..."
Neolander Member since:
2010-03-08

You mean Singularity?

I was referring to it, yes ;) Just asking, what if tomorrow's alternative OSs could only be user processes running inside of Microsoft's latest product ?

Starting from today's "you basically have to ask Microsoft to sign your product before people can easily use it", it wouldn't be that big of a stretch.

Edited 2012-05-31 14:50 UTC

Reply Score: 3

RE[3]: Wonderful...
by moondevil on Fri 1st Jun 2012 19:36 UTC in reply to "RE[2]: Wonderful..."
moondevil Member since:
2005-07-08

I really don't know.

I'm just looking forward to operating systems that make use of safer systems programming languages, where buffer exploits are a thing of the past. Or at least with micro architectures with good security models around each process.

Unfortunately, this means more security over all the applications do, and can have bad side effects in the hands of not so nice corporations.

Reply Score: 2

RE[4]: Wonderful...
by Neolander on Fri 1st Jun 2012 19:52 UTC in reply to "RE[3]: Wonderful..."
Neolander Member since:
2010-03-08

I'm just looking forward to operating systems that make use of safer systems programming languages, where buffer exploits are a thing of the past. Or at least with micro architectures with good security models around each process.

You are not alone. Microkernels and VM-based OSs are two example of common OS designs that go in that direction, Singularity being an example of the latter and Genode, QNX, MINIX and my pet project being examples of the formers.

Sadly, these will never go very far unless the major OSs decide to do a step in the right direction themselves. In a way, I think that Android is the best thing that has happened to OS security recently, in that it is the first mainstream OS that actually tries a novel approach to solving security problems instead of hiding them behind the closed doors of a vetting process. Implementation sucks, though.

Unfortunately, this means more security over all the applications do, and can have bad side effects in the hands of not so nice corporations.

Totally true. The problem is that all too often, corporations use security as an excuse to get more control on their users. Whereas the goal of a proper security system, to the contrary, would be to help users deal with trust issues in an informed and efficient way.

Edited 2012-06-01 19:55 UTC

Reply Score: 1

RE[5]: Wonderful...
by moondevil on Sat 2nd Jun 2012 12:53 UTC in reply to "RE[4]: Wonderful..."
moondevil Member since:
2005-07-08

Sadly, these will never go very far unless the major OSs decide to do a step in the right direction themselves.


This is the main issue. No alternative OS architecture, or systems programming language, will ever take off, if no one from the major OS vendors picks them up.

Reply Score: 2

RE[6]: Wonderful...
by ilovebeer on Sat 2nd Jun 2012 15:47 UTC in reply to "RE[5]: Wonderful..."
ilovebeer Member since:
2011-08-08

Sadly, these will never go very far unless the major OSs decide to do a step in the right direction themselves.

This is the main issue. No alternative OS architecture, or systems programming language, will ever take off, if no one from the major OS vendors picks them up.

I don't believe that to be true. An OS and/or programming languages don't require major vendor support, they require user & developer support. Of course help from the big guys can be a tremendous help & benefit, but their participation isn't a requirement for success.

Reply Score: 2

RE[7]: Wonderful...
by moondevil on Sat 2nd Jun 2012 19:19 UTC in reply to "RE[6]: Wonderful..."
moondevil Member since:
2005-07-08

If a systems programming language is not used as such by a big OS vendor, then it becomes another application language.

If a new OS architecture is not picked up by a big OS vendor, then it is viewed as academic research or niche market, both cases won't help it get accepted on the mainstream.

Reply Score: 2

RE: Wonderful...
by vaette on Thu 31st May 2012 15:14 UTC in reply to "Wonderful..."
vaette Member since:
2008-08-09

A bit of a weak comparison. If Fedora is to work with secure boot they either have to get a key into all hardware or get their bootloader signed by someone who already is getting a key into all hardware. Microsoft is the only company in the latter camp.

What Fedora is asking Microsoft for a small signature for their bootloader. No Microsoft code is involved.

There will be plenty of hardware which allows secure boot to be disabled, or keys to be replaced, in which case you can go through the trouble of setting things up right yourself. For the sake of novice users however it is useful both that the boot is protected from malware and that Fedora can install without a lot of manual configuration.

Plus, of course, Fedora having secure booting is a good security measure in itself.

Reply Score: 2

RE[2]: Wonderful...
by Neolander on Thu 31st May 2012 15:49 UTC in reply to "RE: Wonderful..."
Neolander Member since:
2010-03-08

A bit of a weak comparison. If Fedora is to work with secure boot they either have to get a key into all hardware or get their bootloader signed by someone who already is getting a key into all hardware. Microsoft is the only company in the latter camp.

...which is only the case due to the brain-dead way Secure Boot has been designed, by Microsoft themselves, to begin with.

What Fedora is asking Microsoft for a small signature for their bootloader. No Microsoft code is involved.

What Fedora ended up having to do is paying Microsoft in order to receive a revocable permission to let their users comfortably run the OS they want on their hardware. Don't you see a problem there ?

There will be plenty of hardware which allows secure boot to be disabled, or keys to be replaced, in which case you can go through the trouble of setting things up right yourself.

Why should users have to fiddle with obscure firmware settings and break their Windows install by swapping the Microsoft key with something else only to get another OS on their computer ? Why couldn't they just insert or connect the OS installation media, add the new signing key to the firmware database when asked with a scary warning if they really want to do so, and get a working dual-boot setup like they do today ?

For the sake of novice users however it is useful both that the boot is protected from malware and that Fedora can install without a lot of manual configuration.

Plus, of course, Fedora having secure booting is a good security measure in itself.

I am not saying that Secure Boot is useless here, only that its core design is terrible, and that Microsoft have consistently refused to fix its flaws in what borders monopoly abuse.

It benefits no one but Microsoft when other OSs have to become their slave in order to keep a sane installation process.

Edited 2012-05-31 15:55 UTC

Reply Score: 6

RE[2]: Wonderful...
by Alfman on Thu 31st May 2012 16:16 UTC in reply to "RE: Wonderful..."
Alfman Member since:
2011-01-28

vaette,

"For the sake of novice users however it is useful both that the boot is protected from malware and that Fedora can install without a lot of manual configuration."

Except now running independent secure boot operating systems is a privilege, with microsoft being the gatekeeper.


"Plus, of course, Fedora having secure booting is a good security measure in itself."

Nobody's arguing this, but the reason "secure boot" is controversial is that microsoft was uniquely positioned to overload the design of secure boot to make it difficult/impossible for independent developers to implement. The rest of us generally don't have the means to get our keys in firmware. Once many of these start to ship, it'll be too late. Independent OS developers won't have any way to make their offerings secure boot compliant on existing hardware. We'll all be literally at the mercy of microsoft to sign our stuff.

A serious problem inherent with the design is that microsoft's key is now going to be on virtually all UEFI hardware, probably even on motherboards people will buy to run linux. This makes microsoft uniquely capable of installing bootloader trojan malware on all our systems at any point in the future. I'm not alleging that MS would knowingly let it happen, but it is not a good security model to have a UEFI standard where one entity controls the rights on all our hardware. God forbid China, US spy agencies, or even maligned hacking groups should get ahold of microsoft's secure boot key.

A properly designed secure boot would be future-proof and allow the owner to approve & reject what operating systems his hardware is allowed to boot *without having to disable secure boot*. Independent developers should not be relegated to 2nd class citizens on consumer hardware.

Edited 2012-05-31 16:31 UTC

Reply Score: 4

RE[2]: Wonderful...
by Soulbender on Fri 1st Jun 2012 00:28 UTC in reply to "RE: Wonderful..."
Soulbender Member since:
2005-08-18

Plus, of course, Fedora having secure booting is a good security measure in itself


Sorry, I fail to see what's so awesome about "secure" boot. It still does not prevent companies (like Sony) from installing signed, malicious code so what real-world security problem does it solve?

Reply Score: 5

RE[2]: Wonderful...
by Lennie on Fri 1st Jun 2012 22:05 UTC in reply to "RE: Wonderful..."
Lennie Member since:
2007-09-22

"There will be plenty of hardware which allows secure boot to be disabled, or keys to be replaced, in which case you can go through the trouble of setting things up right yourself."

Actually, there is already ARM-based hardware planned which does not allow UEFI to be disabled. At Microsoft's request no less.

I'm sorry, but this direction is the wrong direction.

Reply Score: 2

d3vi1
Member since:
2006-01-28

The only thing that they missed is that it's not x86 that we're worried about. In x86 the vendor should provide a non-secure-boot option in the firmware. In ARM we have the real mess that we need to solve and precisely ARM is the one that they're skipping. My guess is that the only decent/generic ARM hardware on the market will be the Windows hardware. Droid and iOS ARM hardware will be mostly inaccessible to Fedora, so for a decent fedora or ubuntu tablet you'll still need the Windows tablets. On the Server side though, I'm not really worried about the ARM part.

Reply Score: 1

WereCatf Member since:
2006-02-15

In x86 the vendor should provide a non-secure-boot option in the firmware.


I feel like I have to point out that the spec actually does NOT mandate this. The manufacturer can implement such a non-secure-boot option, but they are not required to. And if they aren't required to do that, well, feel free to guess how many manufacturers will do that.

Reply Score: 5

rr7.num7 Member since:
2010-04-30

"In x86 the vendor should provide a non-secure-boot option in the firmware.


I feel like I have to point out that the spec actually does NOT mandate this. The manufacturer can implement such a non-secure-boot option, but they are not required to. And if they aren't required to do that, well, feel free to guess how many manufacturers will do that.
"

The spec doesn't mandate it, but Microsoft does. According to Windows 8 Hardware Certification Requirements:

MANDATORY: Enable/Disable Secure Boot. On non-ARM systems, it is required to implement the ability to disable Secure Boot via firmware setup. A physically present user must be allowed to disable Secure Boot via firmware setup without possession of Pkpriv.

Reply Score: 4

Alfman Member since:
2011-01-28

One shouldn't have to disable UEFI secure boot in the first place for alternate operating systems. There wouldn't be a complaint if the spec/certification required owners be able to change their keys to non-microsoft vendors....and of course the freedom to do it on ARM as well.

Edited 2012-05-31 18:03 UTC

Reply Score: 2

AnythingButVista Member since:
2008-08-27

EDIT: rr7.num7 beat me to it but stil...

Apparently the Electronic Frontier Foundation seems to disagree. In one of their recent articles they mention:

"In response to warnings and legal steps from the free software community, Microsoft agreed to require "Windows 8" certified x86 and x86-64 hardware vendors to offer a way to turn off this "secure boot" option that locks out user-modified OSes."
Quote taken from https://www.eff.org/deeplinks/2012/05/apples-crystal-prison-and-futu...

So the total lockout would be for ARM hardware only.

Edited 2012-05-31 17:53 UTC

Reply Score: 3

Comment by Radio
by Radio on Thu 31st May 2012 12:30 UTC
Radio
Member since:
2009-06-20

Wait, wait, wait, it is even worse when you read it all:

Microsoft will be offering signing services through their sysdev portal. It's not entirely free (there's a one-off $99 fee to gain access), but it's cheaper than any realistic alternative would have been. It ensures compatibility with as wide a range of hardware as possible and it avoids Fedora having any special privileges over other Linux distributions. If there are better options then we haven't found them. So, in all probability, this is the approach we'll take. Our first stage bootloader will be signed with a Microsoft key.


WHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAT

This, is a friggin' scam. It is "only" 99$, but 99$ is already 99$ too much in Microsoft's pocket. When is the limit when we can finally call it for what it is, "extortion", "racket"?

And that is just the beginning; everything else in this post is deeply, deeply infuriating.

See that, ilovebeer? That is the shitty world you let develop, because "Companies have the right to legally protect their investment and interests".

Edited 2012-05-31 12:31 UTC

Reply Score: 3

RE: Comment by Radio
by bouhko on Thu 31st May 2012 13:11 UTC in reply to "Comment by Radio"
bouhko Member since:
2010-06-24

Although I think Fedora is doing the right thing (the other option being to let the user down - which won't do any good), I had the same reaction as you upon reading the article.

It's not even the 99$, it's the fact that in the future, alternative OS will have to be approved by Microsoft to be able to boot on hardware that people *bought*.

I sincerely hope the EU gets an investigation going about Microsoft on this topic. If this is not monopoly abuse, I don't know what this is.

Btw, I'm looking forward to the hacking conference following the Windows 8 release that will reveal that a way around this whole signing shit has been found.

Reply Score: 8

RE[2]: Comment by Radio
by Doc Pain on Thu 31st May 2012 13:39 UTC in reply to "RE: Comment by Radio"
Doc Pain Member since:
2006-10-08

It's not even the 99$, it's the fact that in the future, alternative OS will have to be approved by Microsoft to be able to boot on hardware that people *bought*.


That just sounds wrong, by two interpretations (maybe exaggerated, but potential future):

The first one being, a product in competition on a certain market needs the approval of the competitor. If the vendor of the concurrent product doesn't provide approval, the competing won't work.

Huh? Free market with competition anyone? Hello?

The second one may be similar to already established marketing and sales models. By purchasing something, you're not purchasing the thing physically in order to excercise your will on it (because it now belongs to you - you've paid for it). Instead, your payment allows you to exercise a limited set of rights on the device. The amount and kind of rights, as well as maybe their temporal availability, is controlled by the vendor of the product - the one you gave money to. This sounds a lot like a typical renting model for flats.

I sincerely hope the EU gets an investigation going about Microsoft on this topic. If this is not monopoly abuse, I don't know what this is.


We'll see. You know that a lot of governments depend on the good will of MICROS~1 to function. Never bite the hand that feeds you.

And don't rely on customers "waking up" and demanding a chance. They will always use what they are offered by a benevolent company that only wants their best.

Those who already denied following MICROS~1 will probably have a hard time finding hardware they can use in the future.

Btw, I'm looking forward to the hacking conference following the Windows 8 release that will reveal that a way around this whole signing shit has been found.


Soon, it won't be about hacking software, but hacking hardware to bring it back into "normal state".

Reply Score: 6

RE[3]: Comment by Radio
by JAlexoid on Thu 31st May 2012 19:15 UTC in reply to "RE[2]: Comment by Radio"
JAlexoid Member since:
2009-05-19

We'll see. You know that a lot of governments depend on the good will of MICROS~1 to function. Never bite the hand that feeds you.

And don't rely on customers "waking up" and demanding a chance. They will always use what they are offered by a benevolent company that only wants their best.

Those who already denied following MICROS~1 will probably have a hard time finding hardware they can use in the future.


No. Sorry, just no. You don't know how much EU central administration hates Microsoft. There is quite literally an effort not to use Microsoft. There are lot of integration projects that don't even bother providing member states tools for integrating based on Microsoft technologies. (I personally and Richard Pawson of NakedObjects have had a chance to experience it)

Reply Score: 3

RE[4]: Comment by Radio
by zima on Mon 4th Jun 2012 00:08 UTC in reply to "RE[3]: Comment by Radio"
zima Member since:
2005-07-06

Any more stories / details / background? (overall, I'm just curious)
And who do they love? ;)

Reply Score: 2

RE: Comment by Radio
by ilovebeer on Thu 31st May 2012 17:15 UTC in reply to "Comment by Radio"
ilovebeer Member since:
2011-08-08

WHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAT

This, is a friggin' scam. It is "only" 99$, but 99$ is already 99$ too much in Microsoft's pocket. When is the limit when we can finally call it for what it is, "extortion", "racket"?

And that is just the beginning; everything else in this post is deeply, deeply infuriating.

See that, ilovebeer? That is the shitty world you let develop, because "Companies have the right to legally protect their investment and interests".

What exactly are you blowing holes in your underwear about? There's no extortion going on. Did you not get the memo that UEFI isn't even a vendor requirement?

The next time you want to yell "FIRE!" in a movie theater, ..make sure there's an actual fire.

Reply Score: 3

RE: Comment by Radio
by Bill Shooter of Bul on Sat 2nd Jun 2012 19:16 UTC in reply to "Comment by Radio"
Bill Shooter of Bul Member since:
2006-07-14

You suck at reading. The $99 isn't going to microsoft, its going to verisign. Not that verisign is a great company or anything, but please read before reacting.

Reply Score: 2

RE[2]: Comment by Radio
by Alfman on Sat 2nd Jun 2012 20:35 UTC in reply to "RE: Comment by Radio"
Alfman Member since:
2011-01-28

Bill Shooter of Bul,

"You suck at reading. The $99 isn't going to microsoft, its going to verisign. Not that verisign is a great company or anything, but please read before reacting."


I noticed the article was recently edited to say this, but the original article did not, so don't be too hard on the poster.


It's no secret that I oppose secure boot because it does more to promote corporate control than our security. However I do have some questions about the program:
Just who will be allowed to get a key, what are the qualifications?
Who is responsible for approving applicants?
Are any developers or end users going to be denied?
If noone is there to vet the software, then doesn't that undermine the entire "security model" behind secure boot?
Do we really know where the money goes? MS may be outsourcing this program to Verisign because they specialise in selling code certificates already, I kind of doubt the deal between MS and Verisign lets Verisign keep all the profits?

Reply Score: 2

RE[3]: Comment by Radio
by mjg59 on Sun 3rd Jun 2012 00:27 UTC in reply to "RE[2]: Comment by Radio"
mjg59 Member since:
2005-10-17

Just who will be allowed to get a key, what are the qualifications?

Anyone who's a member of the Microsoft Winqual program.

Who is responsible for approving applicants?

Verisign.

Are any developers or end users going to be denied?

As long as their identity can be validated, no.

If noone is there to vet the software, then doesn't that undermine the entire "security model" behind secure boot?

No, because keys can be revoked.

Do we really know where the money goes? MS may be outsourcing this program to Verisign because they specialise in selling code certificates already, I kind of doubt the deal between MS and Verisign lets Verisign keep all the profits?

All the profits from a $99 identity validation? I'm sure that's significant. In reality, Microsoft subsidise the program heavily.

Reply Score: 1

RE[4]: Comment by Radio
by Alfman on Sun 3rd Jun 2012 03:30 UTC in reply to "RE[3]: Comment by Radio"
Alfman Member since:
2011-01-28

Thanks for answering my questions, but with regards to those, what is your source for the information? I'm not willing to assume this works like microsoft's normal code signing process without something authoritative that specifically says so. I couldn't find any of the information specific to alternate bootloader signing on the microsoft links.

I still find it unfortunate that secure boot was designed to control *who* has access instead of being a useful tool for owners to determine their machine has been compromised by bootloader malware. From the sounds of it, it won't be difficult for someone to sign a trojan directly or exploit someone else's buggy code. And from what we already know, "secure boot" will just accept the microsoft key without question.

After the fact revocation is better than nothing I suppose, but it gives very little confidence against a targeted attack, where a trojan is unlikely to be discovered by a victim for whom secure boot has failed.

Sorry mjg59, these last few paragraphs aren't addressed to you... I'm just extremely disappointed that we're going to be stuck with this instead of a more valid and open solution.

Reply Score: 2

I for one find it disturbing
by eantoranz on Thu 31st May 2012 13:41 UTC
eantoranz
Member since:
2005-12-18

So... another form of Microsoft Tax? God! I'm not a fedora user but if I were I don't know if I'd consider switching distro based on this.

Reply Score: 1

RE: I for one find it disturbing
by vaette on Thu 31st May 2012 15:06 UTC in reply to "I for one find it disturbing"
vaette Member since:
2008-08-09

It is a one-time fee of $99, paid for by RedHat to get the Fedora key. I don't think you need to twist and turn too much at night over that "tax".

Reply Score: 2

orestes Member since:
2005-07-06

It's also a $99 fee paid by anyone who wants to disseminate their modified binaries without shenanigans being required on the end user's side of things.

I don't personally take issue with the nominal fee, but I do feel there should be a choice of trusted key signers available instead of giving MS another defacto monopoly. Get Verisign or IBM or someone else sufficiently big and "trustworthy" involved as a neutral party.

Reply Score: 4

Alfman Member since:
2011-01-28

orestes,

"I don't personally take issue with the nominal fee, but I do feel there should be a choice of trusted key signers available instead of giving MS another defacto monopoly. Get Verisign or IBM or someone else sufficiently big and 'trustworthy' involved as a neutral party."


I think the owner should be the defacto root of trust.

Reply Score: 2

orestes Member since:
2005-07-06

It should be an option yes, but MS is at least correct in that doing things this way will lead to more secure systems overall.

Reply Score: 2

UltraZelda64 Member since:
2006-12-05

Bullshit. More secure systems would be those that are running any operating system system NOT developed by Microsoft... and which are unplugged from the AC outlet 99.9% of the time.

Edited 2012-06-01 06:23 UTC

Reply Score: 1

orestes Member since:
2005-07-06

Yes because clearly running something other than Windows is going to be a cure all against pre-boot attacks. Take off the fanboy hat and think rationally for a bit. Secure boot processes are a step in the right direction

Reply Score: 2

darknexus Member since:
2008-07-15

Yes because clearly running something other than Windows is going to be a cure all against pre-boot attacks. Take off the fanboy hat and think rationally for a bit. Secure boot processes are a step in the right direction


If only that were true. But how long do you think it's going to be before someone comes out with a bit of malware that gets signed with a rogue Microsoft key? And, since we the users won't be able to easily control what keys are in our hardware, that thing will just skip right through. How very secure. Open your eyes. Secureboot has nothing to do with security. Zero. It's security theater designed to give Microsoft the advantage. It's TSA for your computer. To hell with that.

Reply Score: 2

bhtooefr Member since:
2009-02-19

The problem is the number of owners that are complete morons.

I'd say that there needs to be a jumper inside the case for allowing addition of authorized secure boot certificates. Pain in the ass, but it keeps the idiots that will answer "yes" to everything out, while letting the people that know what they're doing in.

Reply Score: 2

Alfman Member since:
2011-01-28

bhtooefr,

"I'd say that there needs to be a jumper inside the case for allowing addition of authorized secure boot certificates. Pain in the ass, but it keeps the idiots that will answer 'yes' to everything out, while letting the people that know what they're doing in."

I'd find it to be one of many acceptable solutions. A physical jumper could reset the mainboard to it's original "setup mode" (as defined in the UEFI specification). This way the system returns to a clean state as before it was loaded with microsoft's key. In this mode the system would be ready to accept the user's own keys.

See the following sections for how UEFI "setup mode" works:
27.5 Firmware/OS Key Exchange: creating trust relationships
27.5.2 Clearing The Platform Key (Edit: the spec offers no mechanisms for owners to clear a 3rd party key)


There is no shortage of solutions that are superior to microsoft's, but unfortunately microsoft is in a position to dictate hardware standards and independent developers are not.

Edited 2012-06-01 02:06 UTC

Reply Score: 2

RE[2]: I for one find it disturbing
by einr on Thu 31st May 2012 17:52 UTC in reply to "RE: I for one find it disturbing"
einr Member since:
2012-02-15

Unless you want to build your own custom kernel on an UEFI system. Then, you'd better have your $99 handy.

Reply Score: 2

vaette Member since:
2008-08-09

Doubt you would be able to even with $99 (suspect the program is such that you need to be able to verify your identity and aimed at companies), but for developers turning off secure boot is not a complex task. I do agree that we should all push hardware manufacturers to include the options both to change keys and turn of secure boot, I just find both Microsofts and Fedoras motivations in this case to be pragmatic and good.

Edited 2012-05-31 18:17 UTC

Reply Score: 2

Alfman Member since:
2011-01-28

vaette,
"I do agree that we should all push hardware manufacturers to include the options both to change keys and turn of secure boot, I just find both Microsofts and Fedoras motivations in this case to be pragmatic and good."

I also hope for an outcome where consumers control their own hardware. However, microsoft designed secure boot this way on purpose. And of course consumers are explicitly denied control on ARM platforms by none other than microsoft.

My own guess is that the discrepancy exists because microsoft's own lawyers determined that they would quickly run afoul of antitrust law on the desktop space, but not in the tablet market. But I'm open to hearing other explanations.

Edited 2012-05-31 18:44 UTC

Reply Score: 3

orestes Member since:
2005-07-06

Nope. That's what the custom mode is for, the user can assert their own keys in the system for signing. The headache comes in when you want to distribute those custom kernels to others as binaries

Reply Score: 3

Prankster
by Gone fishing on Thu 31st May 2012 13:42 UTC
Gone fishing
Member since:
2006-02-22

So it can only be a matter of time before some prankster builds a boot sector virus with an MS key just for a laugh.

Reply Score: 8

Has everyone signed FSF's petition?
by ciaran on Thu 31st May 2012 13:44 UTC
ciaran
Member since:
2006-11-27

If you don't like this news, the least you can do is sign FSF's petition against MS's restricted boot:

http://www.fsf.org/campaigns/secure-boot-vs-restricted-boot/stateme...

28,000 signatures so far. Help spread this around.

Reply Score: 4

sbenitezb Member since:
2005-07-22

Signed... a couple hundred millions more and we'll win. Seriously.

Reply Score: 2

darknexus Member since:
2008-07-15

If you don't like this news, the least you can do is sign FSF's petition against MS's restricted boot:

http://www.fsf.org/campaigns/secure-boot-vs-restricted-boot/stateme...

28,000 signatures so far. Help spread this around.


I didn't know about it until now, but I signed it for all the good that's going to do anyone. You realize it will end up going something like this:
FSF: Open secure boot or disable it by default. Thousands of users don't want it.
Balmer: Cha-ching, cha-ching, I thought I heard something...

Reply Score: 2

Ehmm...
by dylansmrjones on Thu 31st May 2012 15:09 UTC
dylansmrjones
Member since:
2005-10-02

Microsoft takes control of my new motherboard and I have to pay them $99 to regain control of my own property... aahh, the wonder of the "free market".

Reply Score: 6

RE: Ehmm...
by darknexus on Thu 31st May 2012 17:24 UTC in reply to "Ehmm..."
darknexus Member since:
2008-07-15

Microsoft takes control of my new motherboard and I have to pay them $99 to regain control of my own property... aahh, the wonder of the "free market".


What free market? Nowhere in the world has a free market, and it's a term that gets misused. For a free market you need at least three things:
1. No government intervension in economics whatsoever,
2. corporates and business leaders able to think long-term,
and finally, intelligent consumers who won't jump on the latest shiny thing as soon as it comes out. What we have now is a market skewed towards certain corporations because governments have a vested interest, via support contracts and the like, in keeping them afloat while appearing to actually give a sh*t about monopoly abuse (EU, I'm looking at you). If we actually allowed a free market, this kind of crap wouldn't last long because other vendors would band together out of necessity to implement a better standard, which the big bad boy would either have to eventually embrace or be made irrelevant. Instead, what do we have? Governments with an objective in mind: Don't lose our support contracts. Bah.

Reply Score: 2

RE: Ehmm...
by ilovebeer on Thu 31st May 2012 17:52 UTC in reply to "Ehmm..."
ilovebeer Member since:
2011-08-08

Microsoft takes control of my new motherboard and I have to pay them $99 to regain control of my own property... aahh, the wonder of the "free market".

When you buy a computer, you purchase ownership of the hardware only, not the software. If you don't like the software the computer runs, buy a different computer running different software, or a barebones system and put whatever you like on it.

Reply Score: 2

RE[2]: Ehmm...
by Alfman on Thu 31st May 2012 18:02 UTC in reply to "RE: Ehmm..."
Alfman Member since:
2011-01-28

ilovebeer,

"When you buy a computer, you purchase ownership of the hardware only, not the software."

Why are you so dense? The whole problem is that consumers who "purchase ownership of the hardware only" don't truly own it because 3rd parties retain control over the hardware keys.


EDIT:
And by the way, I don't care if *you* don't mind that 3rd parties hold the keys to *your* property. But quit making pathetic excuses that none of us should be concerned over who controls *our* property. I can't even believe it's come to this, we now need to justify the case for the public to control it's own keys instead of corporations??

Edited 2012-05-31 18:19 UTC

Reply Score: 2

RE[3]: Ehmm...
by ilovebeer on Fri 1st Jun 2012 03:35 UTC in reply to "RE[2]: Ehmm..."
ilovebeer Member since:
2011-08-08

"When you buy a computer, you purchase ownership of the hardware only, not the software."

Why are you so dense? The whole problem is that consumers who "purchase ownership of the hardware only" don't truly own it because 3rd parties retain control over the hardware keys.

What the hell are you blabbing about now? Are you actually stupid enough to try debating against a person "owning" the hardware they've purchased, and not "owning" the software it came with? And you expect people to take you seriously? ......Wow.

EDIT:
And by the way, I don't care if *you* don't mind that 3rd parties hold the keys to *your* property. But quit making pathetic excuses that none of us should be concerned over who controls *our* property. I can't even believe it's come to this, we now need to justify the case for the public to control it's own keys instead of corporations??

You're either trolling again or have the worst comprehension in history. Why do you insist on going on and on in response to things I never said? Hopefully you'll return to Earth before posting again.

Reply Score: 2

RE[4]: Ehmm...
by Alfman on Fri 1st Jun 2012 23:38 UTC in reply to "RE[3]: Ehmm..."
Alfman Member since:
2011-01-28

ilovebeer,

"Are you actually stupid enough to try debating against a person 'owning' the hardware they've purchased, and not 'owning' the software it came with? And you expect people to take you seriously? ......Wow."

"You're either trolling again or have the worst comprehension in history. Why do you insist on going on and on in response to things I never said? Hopefully you'll return to Earth before posting again."

You're the one who thinks it's ok that owners don't have the keys to their own property. Is that not a fair assessment of your opinion? I honestly don't care that your opinion differs from mine, but quit bashing others who disagree with you - that doesn't make us stupid trolls. Just because you don't have a problem with closed computers doesn't mean that none of us has anything to loose as more hardware becomes closed.

You keep asserting developers will have access to open hardware, but once again I haven't denied that. It does nothing to dismiss the fact that I'm no longer be able to share my apps/OS directly with friends/relatives/coworkers/etc because the hardware they "own" won't permit them to run my software. Even if you don't care yourself, you must concede that not being able to distribute/run/modify software is a huge blow to the open source model, or indeed anyone who just wants to share their software without needing corporate permission. You can blame owners if you want to, but you still can't evade the fact that closed computing hurts open source.

Maybe you have a vendetta against open computing/open source, maybe your astroturfing, whatever the case may be you can't reasonably deny that this shift goes against the concept of owners controlling their own hardware. At the very least, you should admit to this.

Reply Score: 2

RE[5]: Ehmm...
by ilovebeer on Sat 2nd Jun 2012 04:12 UTC in reply to "RE[4]: Ehmm..."
ilovebeer Member since:
2011-08-08

You're the one who thinks it's ok that owners don't have the keys to their own property. Is that not a fair assessment of your opinion?

Considering I've never said anything in support of your claim, no. Your problem is that you don't pay attention. When you read something you seem to read into it whatever you make up at that moment rather than simply taking the words for what they're worth. I'm straight forward. My posts don't need to be decoded or deciphered. If you're going to reply to me, at least stick to what I've actually said.

I honestly don't care that your opinion differs from mine, but quit bashing others who disagree with you - that doesn't make us stupid trolls. Just because you don't have a problem with closed computers doesn't mean that none of us has anything to loose as more hardware becomes closed.

I have neither bashed anyones opinion, nor have I ever said I don't have a problem with closed computers. It seems as though I have to correct you yet AGAIN. I'll try to make this as clear as I can so you don't confuse yourself...again:

1. I don't care who agrees or disagrees with my views.
2. I don't fall for the idea that closed computers is/will be the computer armageddon that FUD'ers (like you) would have everyone believe.

You keep asserting developers will have access to open hardware, but once again I haven't denied that. It does nothing to dismiss the fact that I'm no longer be able to share my apps/OS directly with friends/relatives/coworkers/etc because the hardware they "own" won't permit them to run my software. Even if you don't care yourself, you must concede that not being able to distribute/run/modify software is a huge blow to the open source model, or indeed anyone who just wants to share their software without needing corporate permission. You can blame owners if you want to, but you still can't evade the fact that closed computing hurts open source.

You still don't get it. So again, ..... When you willingly choose to develop software for a closed system, you are bound to the rules that govern that closed systems whether you like it or not. Sitting there whining about it is ridiculous at best.

Think of closed systems as a circle and open source as a triangle. Your problem is that you keep trying to shove the triangle into a hole made for a circle. Rather than wanting so desperately for closed systems to be something they're not, why don't you spend your efforts bettering the open systems?

Maybe you have a vendetta against open computing/open source, maybe your astroturfing, whatever the case may be you can't reasonably deny that this shift goes against the concept of owners controlling their own hardware. At the very least, you should admit to this.

Considering I'm an active participant and contributor to open source projects, no, I have no vendetta again it. How ridiculous & meritless of a claim. Aside of that, I'm not the one worked into a panic because my imagination conjured up a future in which users are totally and completely locked out of their systems. The sky is not falling. The theater is not on fire. But that obviously hasn't stopped people from fearing they will be. Even when reality gives them no solid reason to think so.

Reply Score: 2

RE[6]: Ehmm...
by Alfman on Sat 2nd Jun 2012 18:43 UTC in reply to "RE[5]: Ehmm..."
Alfman Member since:
2011-01-28

ilovebeer,

At least you seem to be aware of the contradiction that owners aren't true owners when someone else holds the keys. So which is it? Are you ok with owners not being free to replace the keys on their own property or not? Considering this is what you called me a troll for pointing out...I at least feel entitled to a strait answer.

Reply Score: 2

RE[7]: Ehmm...
by ilovebeer on Sun 3rd Jun 2012 17:55 UTC in reply to "RE[6]: Ehmm..."
ilovebeer Member since:
2011-08-08

ilovebeer,

At least you seem to be aware of the contradiction that owners aren't true owners when someone else holds the keys. So which is it? Are you ok with owners not being free to replace the keys on their own property or not? Considering this is what you called me a troll for pointing out...I at least feel entitled to a strait answer.

I've already said a person who buys a computer owns only the hardware itself, not the software. That's about as simple as it gets. Do you mean to tell me you don't know whether a key is a software or hardware component?

I have no problem with owners not being able to change the keys if they have no problem with it. However, there's no evidence to suggest owners can't change their keys so once again this is claiming the sky is falling when it is not.

I personally will not purchase hardware in which I can't change the keys myself, or I can't circumvent the lock down.

You need to realize different people have different ideas of what's acceptable and what isn't. If people are provided with more security and less problems, they'll likely be fine with it. For those who aren't they will find alternatives. If "I" am fine with a locked down system, who are you to tell me otherwise?

Reply Score: 2

RE[2]: Ehmm...
by Soulbender on Fri 1st Jun 2012 03:05 UTC in reply to "RE: Ehmm..."
Soulbender Member since:
2005-08-18

"Microsoft's certification requirements for ARM machines forbid vendors from offering the ability to disable secure boot or enrol user keys."

So I then own hardware that I do not control. There's absolutely no valid reason for this arbitrary restriction. It only exists to unfairly favour Microsoft.
It's as absurd as if I purchased an audio player from Sony and they designed it so that under no circumstance could I play music from a non-Sony music label.

Reply Score: 2

RE[2]: Ehmm...
by UltraZelda64 on Fri 1st Jun 2012 06:58 UTC in reply to "RE: Ehmm..."
UltraZelda64 Member since:
2006-12-05

So when the hardware is locked down at the lowest level firmware--the BIOS/EFI--you know, the piece of software REQUIRED for the hardware to run, that's okay? Am I understanding that correctly?

What if I would like to buy an ARM-based machine, but Microsoft, in their infinite Abusive Monopolistic Wisdom, says that I can't install anything except Windows 8? So that's somehow alright? Hint: I've wanted an ARM machine for a while now, and no, it was NEVER to be able to run Windows 8. Hell, that OS was nothing more than a nut stain in Ballmer's underwear.

And now that ARM is finally making their processors available in computer styles other than cell phones, if I want to get an ARM-based laptop, desktop or tablet computer, I not only need to pay the Windows Tax to get Windows 8 with it, but at the same time waive all of my rights to install some other--ANY other--operating system, unless I support paying yet ANOTHER tax to Microsoft? Come the fuck on. Seriously.

I was proud that when I got my Android-based cell phone late last year, its manufacturer was one of the few remaining manufacturers that did not agree to pay Microsoft for nonsensical bogus patent bullshit. Earlier this year they did. So not only is Microsoft getting money (and OS sales) on practically every PC sold, they are also getting a shitload of money by Android phone manufacturers, AND now by Linux distros that simply want to be able to run on hardware that they rightly should to begin with. It will start with ARM-based tablets, and then as a recent OSNews article said, trickle up to laptops and eventually desktops, until Microsoft owns a monopoly on ARM devices... just as they practically do x86 now.

What the fucking fuck is going on here? Fucking seriously? And you think that's alright?

Reply Score: 2

RE: Ehmm...
by UltraZelda64 on Fri 1st Jun 2012 06:40 UTC in reply to "Ehmm..."
UltraZelda64 Member since:
2006-12-05

Microsoft takes control of my new motherboard and I have to pay them $99 to regain control of my own property... aahh, the wonder of the "free market".

So... motherfucking... spot... on...

Too bad I already posted, so I can't mod that post "Insightful." ;)

Reply Score: 3

Locked bootloaders
by aorth on Thu 31st May 2012 15:21 UTC
aorth
Member since:
2011-10-26

I'm used to selecting phones with unlocked bootloaders... but now I have to be careful about my computers too?! Mark my words: I will never buy a computer with locked bootloaders.

Regarding phones: I've vowed to never buy a non-Google phone again. `fastboot oem unlock` is a beautiful solution to this problem; Ship locked by default, but allow the user to unlock (they did pay for the device, after all). I understand I'm not the majority of users, but surely shipping with some sort of user unlock would work?

Reply Score: 2

RE: Locked bootloaders
by Lennie on Fri 1st Jun 2012 22:06 UTC in reply to "Locked bootloaders"
Lennie Member since:
2007-09-22

"I will never buy a computer with locked bootloaders."

I guess you won't be buying computers for much longer. :-(

Edited 2012-06-01 22:08 UTC

Reply Score: 2

Restricted Boot -> Restricted OS
by Alfman on Thu 31st May 2012 15:37 UTC
Alfman
Member since:
2011-01-28

For those who just read the summary here on OSNews, here are some additional excerpts you really must read. There are very wide-ranging implications for the future of open source kernel development on new secure boot platforms.


"Secure boot is built on the idea that all code that can touch the hardware directly is trusted, and any untrusted code must go through the trusted code. This can be circumvented if users can execute arbitrary code in the kernel. So, we'll be moving to requiring signed kernel modules and locking down certain aspects of kernel functionality... Userspace modesetting will be a thing of the past..."

"Signed modules are obviously troubling from a user perspective. We'll be signing all the drivers that we ship, but what about out of tree drivers? We don't have a good answer for that yet..."

"A lot of our users want to build their own kernels. Some even want to build their own distributions. Signing our bootloader and kernel is an impediment to that. We'll be providing all the tools we use for signing our binaries, but for obvious reasons we can't hand out our keys."

"Microsoft's certification requirements for ARM machines forbid vendors from offering the ability to disable secure boot or enrol user keys. While we could support secure boot in the same way as we plan to on x86, it would prevent users from running modified software unless they paid money for a signing key. We don't find that acceptable and so have no plans to support it."

Reply Score: 3