Linked by Thom Holwerda on Thu 31st May 2012 11:11 UTC
Fedora Core "Fedora 18 will be released at around the same time as Windows 8, and as previously discussed all Windows 8 hardware will be shipping with secure boot enabled by default. [...] We've been working on a plan for dealing with this. It's not ideal, but of all the approaches we've examined we feel that this one offers the best balance between letting users install Fedora while still permitting user freedom." Wait for it... "Our first stage bootloader will be signed with a Microsoft key."
Thread beginning with comment 520101
To read all comments associated with this story, please click here.
Wonderful...
by Neolander on Thu 31st May 2012 11:45 UTC
Neolander
Member since:
2010-03-08

What's next, using the NT kernel and recoding the user-space in C# ? This secure boot situation is really getting more and more ridiculous every month... :/

In most realms of engineering, when a fatal design flaw is discovered in a product, companies generally fix it and provide free repairs on the flawed units. Why is it than in IT, we instead try to keep the broken stuff around and build software around it ?

Edited 2012-05-31 11:45 UTC

Reply Score: 1

RE: Wonderful...
by Risthel on Thu 31st May 2012 12:02 in reply to "Wonderful..."
Risthel Member since:
2010-12-22

And you are blamming that this is Fedora's fault, because they want the thing working in this "EFI broken Standard" that Engineers created just to make OEM harder to avoid?

Reply Parent Score: 2

RE[2]: Wonderful...
by orestes on Thu 31st May 2012 12:14 in reply to "RE: Wonderful..."
orestes Member since:
2005-07-06

Some people would prefer that potential users be screwed over to make a point rather than adopt a simple, if less than ideal solution.

I know someone's going to bring up Fedora's hard line on media codecs when other distros are more flexible so I might as well point out that it's not the same scenario. With the media codecs, there are issues of legality and licensing at play in various countries. Fedora takes the safe path for itself and it's users.

With this the only issues are ethical, and those who feel strongly about it can simply avoid the locked down platforms entirely.

Edited 2012-05-31 12:24 UTC

Reply Parent Score: 2

RE[2]: Wonderful...
by gan17 on Thu 31st May 2012 12:58 in reply to "RE: Wonderful..."
gan17 Member since:
2008-06-03

I think Neolander was just lamenting the sorry state of the tech sector in general. He wasn't really singling out Fedora.

Reply Parent Score: 2

RE[2]: Wonderful...
by Neolander on Thu 31st May 2012 14:29 in reply to "RE: Wonderful..."
Neolander Member since:
2010-03-08

This is not Fedora's fault in particular, so much as the general way hardware standards work in IT.
-Some big company with lots of cash puts a half-done standard document on the table and says "Okay, here is how things are going to be done now"
-When they become aware of it, smaller actors quickly read the spec, point out the flaws of the new standard and suggest improvements
-Big company refuses to listen
-In the end everyone has to face the consequences of their irresponsible behavior

I couldn't even count the amount of solutions that have been proposed yet to address Secure Boot's shortcomings. Having a central signing authority, using a "keyring" mechanism to accept several signing keys + displaying a clear warning on boot when OS software is signed with an unknown key, allowing OSs to use whatever structure they like instead of forcing NT's executable format and "every driver is in kernel mode" philosophy on everyone...

Secure Boot as it exists today is basically a gigantic "f--k you !" to any OS developer that is not Microsoft or one of their partners. It's just baffling that it could make it into an industry-standard document like the UEFI spec without a reasonable discussion with other OS actors going on first.

Edited 2012-05-31 14:44 UTC

Reply Parent Score: 7

RE: Wonderful...
by moondevil on Thu 31st May 2012 13:34 in reply to "Wonderful..."
moondevil Member since:
2005-07-08

You mean Singularity?

Reply Parent Score: 2

RE[2]: Wonderful...
by Neolander on Thu 31st May 2012 14:42 in reply to "RE: Wonderful..."
Neolander Member since:
2010-03-08

You mean Singularity?

I was referring to it, yes ;) Just asking, what if tomorrow's alternative OSs could only be user processes running inside of Microsoft's latest product ?

Starting from today's "you basically have to ask Microsoft to sign your product before people can easily use it", it wouldn't be that big of a stretch.

Edited 2012-05-31 14:50 UTC

Reply Parent Score: 3

RE: Wonderful...
by vaette on Thu 31st May 2012 15:14 in reply to "Wonderful..."
vaette Member since:
2008-08-09

A bit of a weak comparison. If Fedora is to work with secure boot they either have to get a key into all hardware or get their bootloader signed by someone who already is getting a key into all hardware. Microsoft is the only company in the latter camp.

What Fedora is asking Microsoft for a small signature for their bootloader. No Microsoft code is involved.

There will be plenty of hardware which allows secure boot to be disabled, or keys to be replaced, in which case you can go through the trouble of setting things up right yourself. For the sake of novice users however it is useful both that the boot is protected from malware and that Fedora can install without a lot of manual configuration.

Plus, of course, Fedora having secure booting is a good security measure in itself.

Reply Parent Score: 2

RE[2]: Wonderful...
by Neolander on Thu 31st May 2012 15:49 in reply to "RE: Wonderful..."
Neolander Member since:
2010-03-08

A bit of a weak comparison. If Fedora is to work with secure boot they either have to get a key into all hardware or get their bootloader signed by someone who already is getting a key into all hardware. Microsoft is the only company in the latter camp.

...which is only the case due to the brain-dead way Secure Boot has been designed, by Microsoft themselves, to begin with.

What Fedora is asking Microsoft for a small signature for their bootloader. No Microsoft code is involved.

What Fedora ended up having to do is paying Microsoft in order to receive a revocable permission to let their users comfortably run the OS they want on their hardware. Don't you see a problem there ?

There will be plenty of hardware which allows secure boot to be disabled, or keys to be replaced, in which case you can go through the trouble of setting things up right yourself.

Why should users have to fiddle with obscure firmware settings and break their Windows install by swapping the Microsoft key with something else only to get another OS on their computer ? Why couldn't they just insert or connect the OS installation media, add the new signing key to the firmware database when asked with a scary warning if they really want to do so, and get a working dual-boot setup like they do today ?

For the sake of novice users however it is useful both that the boot is protected from malware and that Fedora can install without a lot of manual configuration.

Plus, of course, Fedora having secure booting is a good security measure in itself.

I am not saying that Secure Boot is useless here, only that its core design is terrible, and that Microsoft have consistently refused to fix its flaws in what borders monopoly abuse.

It benefits no one but Microsoft when other OSs have to become their slave in order to keep a sane installation process.

Edited 2012-05-31 15:55 UTC

Reply Parent Score: 6

RE[2]: Wonderful...
by Alfman on Thu 31st May 2012 16:16 in reply to "RE: Wonderful..."
Alfman Member since:
2011-01-28

vaette,

"For the sake of novice users however it is useful both that the boot is protected from malware and that Fedora can install without a lot of manual configuration."

Except now running independent secure boot operating systems is a privilege, with microsoft being the gatekeeper.


"Plus, of course, Fedora having secure booting is a good security measure in itself."

Nobody's arguing this, but the reason "secure boot" is controversial is that microsoft was uniquely positioned to overload the design of secure boot to make it difficult/impossible for independent developers to implement. The rest of us generally don't have the means to get our keys in firmware. Once many of these start to ship, it'll be too late. Independent OS developers won't have any way to make their offerings secure boot compliant on existing hardware. We'll all be literally at the mercy of microsoft to sign our stuff.

A serious problem inherent with the design is that microsoft's key is now going to be on virtually all UEFI hardware, probably even on motherboards people will buy to run linux. This makes microsoft uniquely capable of installing bootloader trojan malware on all our systems at any point in the future. I'm not alleging that MS would knowingly let it happen, but it is not a good security model to have a UEFI standard where one entity controls the rights on all our hardware. God forbid China, US spy agencies, or even maligned hacking groups should get ahold of microsoft's secure boot key.

A properly designed secure boot would be future-proof and allow the owner to approve & reject what operating systems his hardware is allowed to boot *without having to disable secure boot*. Independent developers should not be relegated to 2nd class citizens on consumer hardware.

Edited 2012-05-31 16:31 UTC

Reply Parent Score: 4

RE[2]: Wonderful...
by Soulbender on Fri 1st Jun 2012 00:28 in reply to "RE: Wonderful..."
Soulbender Member since:
2005-08-18

Plus, of course, Fedora having secure booting is a good security measure in itself


Sorry, I fail to see what's so awesome about "secure" boot. It still does not prevent companies (like Sony) from installing signed, malicious code so what real-world security problem does it solve?

Reply Parent Score: 5

RE[2]: Wonderful...
by Lennie on Fri 1st Jun 2012 22:05 in reply to "RE: Wonderful..."
Lennie Member since:
2007-09-22

"There will be plenty of hardware which allows secure boot to be disabled, or keys to be replaced, in which case you can go through the trouble of setting things up right yourself."

Actually, there is already ARM-based hardware planned which does not allow UEFI to be disabled. At Microsoft's request no less.

I'm sorry, but this direction is the wrong direction.

Reply Parent Score: 2