Linked by Elv13 on Sun 17th Jun 2012 10:35 UTC
Hardware, Embedded Systems "The UEFI secure boot mechanism has been the source of a great deal of concern in the free software community, and for good reason: it could easily be a mechanism by which we lose control over our own systems. Recently, Red Hat's Matthew Garrett described how the Fedora distribution planned to handle secure boot in the Fedora 18 release. That posting has inspired a great deal of concern and criticism, though, arguably, about the wrong things."
Thread beginning with comment 522544
To view parent comment, click here.
To read all comments associated with this story, please click here.
justsayin
Member since:
2012-06-18

The free community doesn't always need to get what they want for free. MS and other companies do pay real people to have real jobs and have real lives. For years everyone has claimed that MS get more secure. When they do it they get hammered. If opensourced people want to they can re-write an openbios and one could load it.

The solution is to fix it not to cry about it. An openbios that can be locked is a solution.

The real solution is what DEC used to have. A write protect switch on the drive. We never had any issue with them as long as no one pressed that button.



I registered an account just to reply to your comment. The "Free" in "Free Software" stands for "Freedom", not price. It's not about getting what we want or don't want without paying any money. It's about not enjoying freedoms over the computing device we own.

You should take a look at https://www.fsf.org/campaigns/secure-boot-vs-restricted-boot to see why there's this campaign from the free software community against secure boot.

Reply Parent Score: 2

lucas_maximus Member since:
2009-08-18

Nobody cares outside of RMS and his fanatics.

Reply Parent Score: 0

jefro Member since:
2007-04-13

Why can't anyone fix an issue? Instead it is easier to cry foul.
"
The solution is to fix it not to cry about it. An openbios that can be locked is a solution.
"
So get off your silly notions about what free is and either pay to get a fix or have someone or yourself fix the issue.

The issue is around us every day. Only task a 9 year old to know about rootkits, virus's and malware. Every major OS company knows how dangerous the whole issue it. They can't simply not rely on software to fix the problem. We as in both MS and other OS users need to have more secure systems.

There is NO FREEDOM while under the threat of hackers. That is not free to me at all. My credit, my personal medical history, my entire life now resides on computers that are subject to attack. Sure if you are a 24 YO that doesn't have any money or job you many not care but I do.

Get secure to quit talking.

Reply Parent Score: 0

Alfman Member since:
2011-01-28

jefro,

I think your understanding of secure boot is flawed to be suggesting that linux users (and the alternative OS crowd at large) are crying about fixing the problem themselves. We're certainly not crying because we're lazy or incapable of implementing secure boot ourselves. If this is what you think, then your assumptions are invalid. To gain a better understanding of why secure boot is so controversial, for starters you should read Matthew Garrett's reports.

The problem for us is that even if we implement secure boot in our alternative/independent/non-commercial/etc operating systems, it will not run on off the shelf consumer hardware in secure boot mode because it's not signed by microsoft's key. Microsoft is going to be alone in having a "skeleton" key that can run on 100% of secure boot enabled consumer hardware.


You see, it's NOT a matter of us making our operating systems secure boot compliant, it's a matter of who controls the keys. Very few independent software developer has the power to get their keys in consumer devices that would otherwise support their code, not even Red Hat does. This is why they are seeking to boot as a subordinate to microsoft's bootloader & keys, because at least that way Fedora will boot everywhere windows can. However by doing so they've implicitly granted microsoft the technical ability and right to control our usage of Fedora Linux on our own machines, which is outrageous.

In principal, we believe the owners should control their own keys to their own hardware.

Secondly, there are plenty of security issues with the design of secure boot itself. As these new secure boot systems enter consumer homes, all windows users will be vulnerable to signed & hacked Fedora images, all Fedora users will be vulnerable to signed & hacked Windows images. Remember to add in everyone else who gets permission to branch off microsoft's bootloader. Secure boot with MS keys necessarily becomes a global failure mode where the weakest link dictates the security of the whole model. What do you think about that? From a security perspective, this is awful, and there's no good reason for it.

Of course they might resort to revoking/reissuing 3rd party keys of legitimate partners who've been compromised, but that'll cause it's own havoc. We're not protesting a secure boot feature in general so much as the current flawed and restricted implementation of it.

Reply Parent Score: 3