Ubuntu Can't Trust FSF's Secure Boot Solution

sfcrazy writes "The Free Software Foundation recently published a whitepaper criticizing Ubuntu's move to drop Grub 2 in order to support Microsoft's UEFI Secure Boot. The FSF also recommended that Ubuntu should reconsider their decision. Ubuntu's charismatic chief, Mark Shuttleworth, has responded to the situation during an interview, and explained the reason they won't change their stand on dropping Grub 2 from Ubuntu. Shuttleworth said, 'The SFLC advice to us was that the FSF could require key disclosure if some OEM screwed up. As nice as it is that someone at the FSF says they would not, we have to plan for a world where leaders change and institutional priorities change. The FSF wrote a licence that would give them the rights to take specific actions, and it's hard for them to argue they never would!'"

They expect OEMs to lock machines down?

[makomk]

The SFLC advice to us was that the FSF could require key disclosure if some OEM screwed up.

So in other words they're anticipating not only that OEMs are going to accidentally or intentionally ship machines running Ubuntu that are locked down so that you cannot boot your own kernels on them but also that they won't be able to convince the OEMs to fix their broken BIOSes to allow users to run their own code. By not using GRUB2 they ensure that said OEMs would have no legal obligations to allow you to run the code you wanted on the PC you'd just bought.

Re:They expect OEMs to lock machines down?

[jmorris42]

It gets better. Ubuntu is assuming this lockdown will be happening with OEMs they have a contractual relationship with.

Think about it. I put out Unknown Hacker Linux with a boot loader signed by me. I publish it on my website somewhere. Evil Bit Computers downloads it and installs my public key into the firmware of machines that they then sell to the public in a totally locked state. A buyer of one of those machines decides they want to wipe the preload and install Windows 8. They go Evil Bit and demand they keys per the GPL3 and get an Evil Laugh(TM). Then they come to me and demand the signing key and I tell them, I feel your pain but I'm sorry I can't do that because it would compromise every machine installed with packages signed by that key. And they couldn't do a darned thing to me legally because I have no relationship to Evil Bit Computers. If push came to shove Evil Bit could be required to issue new firmware allowing rekeying or they could be barred from distribution of GPL3 software. But I'd never see the inside of the courthouse.

And now you know why I have never considered Ubuntu. Never could say why, but they have always given off a 'wrong' vibe. Best explanation would be the short story _Young Zaphod Plays It Safe._ Just an undefined unease with em.

Re:They expect OEMs to lock machines down?

[UnknownSoldier]

> Perhaps the FSF should learn from this and lighten up on the whole "all code must be given away" thing?

Once you start compromising on your morals it is a slippery slope to "Convenience Morality"

Re:They expect OEMs to lock machines down?

GPL really just doesn't work, and the Ubuntu case is just one example of why,

When I look around at all the great GPL software packages and the advances that the GPL license (and free, open software) has brought about, I have to wonder who you are shilling for. For sure the GPL was a game-changer and anyone who says "it doesn't work" must be getting paid to say that.

Re:They expect OEMs to lock machines down?

Some OEM's ARE already locked down. Case in point, some Dell PC's I've run across WILL NOT allow you to run both onboard video, and the slot Video card. On other Dells where I've needed to use both onboard and card, moving the card to the last PCIe slot, if available, and settings bios to use onboard allowed Windows to utilize both.

Of course, this is a non-issue w/ non-OEM custom PC's. When I first ran across that, I knew it was only a taste of things to come. And now they are at locking out OS', err excuse me, deciding which OS' are ok to install.

Since when did owning a computer turn into licensing a computer?

Re:They expect OEMs to lock machines down?

Do you know how a bootloader works? (insert picture of Willy Wonka meme here). Really. Tell me more about the difference between the bootloader and the kernel image(s) loads. Then tell me how the hell your point applies. Put the damn tin foil hat away.

Re:They expect OEMs to lock machines down?

[GameboyRMH]

Exactly. If anything the next version of the GPL needs more restrictions to deal with newer forms of Tivoization that exploit loopholes in the GPLv3.

Re:They expect OEMs to lock machines down?

[GameboyRMH]

That's a real hardware limitation of cheapass mobos, nothing nefarious.

Re:They expect OEMs to lock machines down?

[hairyfeet]

Ya know, either the community needs to admit they are paranoid or that they think Linux users are really really REALLY dumb. because the doom scenario you are expecting us to believe is that someone who 1.-Even knows what Linux is, and 2.-Decides they want it and have the skills to install their own OS as well as 3.-Download and burn their own installation media is 4.- Too fucking dumb to flip a single switch in BIOS/UEFI. I'm sorry but you can't have your cake and eat it too, either they are smart enough to install Linux and thus smart enough to flip a single switch or they are not, can't be both at once.

Look the ONLY ONES that are gonna give a rat's ass about having Secureboot on is the corps okay? it gives them one more level of CYA if something nasty happens on their network whereas the home users that want to run linux will have to go into UEFI/BIOS ANYWAY to set the DVD/USB as first boot so flipping that single switch? really not a problem. WinARM is not gonna allow you to turn it off because MSFT is most likely gonna take a fricking bath to the tune of hundreds of millions on the hardware, just as they did on the X360, by going for the razor and blades model in the hopes they can make it up with the appstore (they won't, but they can hope all they want) and we all know the net would be ass deep in "How to remove that fugly ass Win 8 and make that tablet into a cool Android tablet".

Look its not like you don't have choices here, if the very thought of UEFI makes your panties get twisted? Then do the smart thing and buy AMD which frankly every damned FOSS users needs to do anyway as they have been bending over backwards to open their code, because AMD chose Coreboot over Intel's UEFI which is of course FOSS so hack away friend.

so would everyone stop getting their panties in a twist over something that is gonna be as easy to switch as whether you boot from IDE or SATA already? it makes everyone look like a bunch of nutters and frankly that's RMS job and I hear he don't like the competition.

Re:They expect OEMs to lock machines down?

I'm sorry but you can't have your cake and eat it too, either they are smart enough to install Linux and thus smart enough to flip a single switch or they are not, can't be both at once.

Except a lot of distros have put a lot of work into making it so you don't have to have any special computer "smartness" to install Linux.

Re:They expect OEMs to lock machines down?

[hairyfeet]

Tell me AC, or better yet give us a link to the ditros that "magically" set CD/USB as first boot? Because frankly i'd like to see THAT trick. I don't care how much you dumb down the installer you still have to set boot order since not a single OEM unit comes from the factory with anything other than HDD set for first boot because it slows down the system while it checks for boot media.

So they are gonna have to go to UEFI/BIOS ANYWAY to set boot, are they smart enough to set a fricking boot order but NOT smart enough to flip a simple yes/no? toggle switch? again i find that beyond ridiculous.

Re:They expect OEMs to lock machines down?

[Rich0]

Agreed. If you read the GPL v3 the only time you're required to pass along keys is if your software product is designed to be used in conjunction with some consumer product that requires that it be signed. The fact that somebody happened to build a product that requires your signature doesn't mean that you distributed it with the intent that it be used with that product.

If Ubuntu's intent is that their software be used on PCs that allow secure boot to be disabled, I don't see how they could get in trouble. They could point to the MS agreements and such and state that they only used the key because it was clear it would not infringe the GPLv3. If somebody doesn't follow the spec or the spec changes later, then Ubuntu wouldn't be liable for activity in the past that was not at the time infringing.

Intent matters in the eyes of the law.

Oh, and the bit about "well the FSF could change and still sue us" doesn't ring true either. As long as they save that press statement there is almost no chance they could prevail unless they gave advance notice of their policy changing and gave Ubuntu a fair amount of time to change what they're doing. If you promise somebody that you will interpret a legal agreement in a certain way, and they act on that promise in a way that would otherwise be to their detriment, then you can't later go back on your word - that's promissory estoppel. The future leadership of the FSF is still bound by the past actions of the organization in this way.

Re:They expect OEMs to lock machines down?

I don't disagree with your point that Linux users are generally smart enough to disable secure boot (or just revert to BIOS booting). However, most modern PCs have a "Press F-key for Boot Options" thingy on startup.

Re:They expect OEMs to lock machines down?

Nope - when a computer boots it says in the boot screen to push F2 (or whatever) to boot from a different medium. Absolutely no need to go into the BIOS or something. Please do not spread misinformation will you?

Re:They expect OEMs to lock machines down?

Next version of GPL should target platforms like Android, Sveasoft, and also, for the first time, make it compulsory to 'help your neighbor'. That's all that is left. Right now, the GPL allows people not to help their neighbor if they don't want to, but RMS thinks that it's worse than not violating EULAs that specifically forbid it. So right now, people are at liberty not to share their free software, and maybe that's a hole that GPL4 will plug. GPL4 can also require that all software be distributed, regardless of whether people want it or not.

Re:They expect OEMs to lock machines down?

[micheas]

Which is why nobody uses Linux and instead uses one of the multitude of BSD licensed kernels instead.

Oh ... Linux has far higher adoption than all the BSD licensed kernels combined. (OSX is not BSD licensed, and nobody uses Darwin (Hell, even Jordan Hubard only says Darwin is "probably not impossible"to compile and distribute as a binary, so I think we can safely count the number of people actually using the BSD licensed version of Darwin at zero.

If the goal of BSD licensed operating systems is widespread usage. The BSD license has had a spectacular failure in that regards: the UNIX wars. The BSD license allowed vendors to fragment the code enough to allow Windows NT 4 to displace UNIX resulting in a net fewer people using the code. (using other standards Darwin, FreeBSD, NetBSD, and OpenBSD are all successes, but usage is the criteria you put forth as the measurement of success.)

There are times that BSD licensing makes more sense than the GPL, but the GPL has proven to be very useful in getting competitors to cooperate, even when there is almost no trust between them (Oracle, RedHat, and Microsoft all contribute code to the Linux kernel to meet the business needs of the three companies. If the license didn't require them to share their changes the would not and you would need the special oracle kernel to run the oracle database server and the Microsoft kernel to properly run Linux in a Microsoft VM

Re:They expect OEMs to lock machines down?

[hairyfeet]

Most of those I've seen (At least on the Dells) are VERY limited and are pretty much "Cd/HDD/Restore/LAN" and very few have USB boot in that which is the preferred method for modern distros.

And again I would point out that if they have enough common sense they are gonna want to go in there ANYWAY since most machines from the factory have the HDDs set for "IDE Mode" which is more compatible but slower and since I do believe most Linux distros support AHCI it would be kinda stupid not to go ahead and turn it on.

But lets cut the shit and be honest, okay AC? Now do you REALLY think someone who doesn't even have enough skills to go into BIOS and set boot order is REALLY gonna have the skills to troubleshoot a Linux install when the first update borks their Wifi or they run into a Pulse audio problem, really? You can dumb down the installer all you want but I'm sure even the most die hard Linux advocate will admit it takes at least a LITTLE skill and common sense to run Linux as an everyday OS, and the people too fucking clueless to even flip a switch in BIOS? Really not gonna have the skills to keep Linux running for any length of time.

so either they themselves have enough sense or the person that is setting up and admining the machine for them has enough sense, in either case making the whole question moot.

Re:Ubuntu understands users

[0123456]

Until Windows 9 requires that Secure Boot can't be turned off and you can't install new keys if you want to ship with a 'Windows compatible' sticker.

FSF may be fruitcakes at times, but on this they're correct. 'Secure Boot' should have been named 'Windows lockin'.

Ubuntu is doing the right thing

[detain]

Not having a newer grub might suck in some regards but it appears as though they are looking out for our best interest here. If the only thing keeping this secure is a companies 'promise' they wont ever take action, then I'd have to agree with Ubuntu.

Re:Ubuntu is doing the right thing

[betterunixthanunix]

If the only thing keeping this secure

Secure from what? The goal is not to secure you from a bootloader virus; I doubt that was discussed for more than five minutes while this system was being designed. The goal is to secure DRM systems from you, the user, because of what happened with DVDs and deCSS, what happens with software cracking tools, etc. The goal is to turn PCs into iPads.

This is a trap, designed to rob you of the freedom you have right now, which as it so happens is the freedom that PCs were meant to provide in the first place.

Re:Ubuntu is doing the right thing

[PhilHibbs]

Let me get this straight. They are saying that an OEM's actions might mean that the GPL could be used to force Canonical to release something?

I release some Code A under the GPL (which works fine on its own) and some Code B under a proprietary licence, and a third party links A to B and releases it, that in no way compels me to release my proprietary code B! This is an analogy, not an attempt to explain exactly what is happening, but I think it's apt.

Re:Ubuntu is doing the right thing

[VGPowerlord]

I release some Code A under the GPL (which works fine on its own) and some Code B under a proprietary licence, and a third party links A to B and releases it, that in no way compels me to release my proprietary code B! This is an analogy, not an attempt to explain exactly what is happening, but I think it's apt.

Oh no, it's far worse than that, you'd be required to turn over the signing key that you use to cryptographically sign all your proprietary code.

Re:Ubuntu is doing the right thing

[bluefoxlucid]

The GPLv3 was actually designed specifically for that, to prevent "Tivoization."

Re:Ubuntu is doing the right thing

[nedlohs]

That's the advice they have.

They could choose to take an analogy in a random slashdot post or they could take the advice of a lawyer specialised in the field of software licensing.

Decisions, decisions...

Re:Ubuntu is doing the right thing

[PhilHibbs]

Not in my analogy - but I realise now that my analogy is not applicable here becasue Canonical don't own the copyright to GRUB.

Re:Ubuntu is doing the right thing

[higuita]

exactly, the "third party" above that joins A and B must obey to the license. If they arent compatible, they can not join the codes.

Being GPL doesnt mean that you can abuse it to whatever you want, you must always give back the same freedom you receive.

Re:Ubuntu is doing the right thing

[Archangel+Michael]

Which results in the very thing that it claims to not want. GPL3 code is RESTRICTIVE license. It is an anathema to FREEDOM. True freedom includes some not so nice things

Re:Ubuntu is doing the right thing

As far as I am concerned (has it been tested in court), GPL2 already requires that:

>The source code for a work means the preferred form of the work for making modifications to it. For an executable work, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the executable.)

"installation" would imply all that is required to install it (including signing, if that's required).

Re:Ubuntu is doing the right thing

[JohnFen]

If the only thing keeping this secure is a companies 'promise' they wont ever take action, then I'd have to agree with Ubuntu.

Except that now you have to trust Ubuntu. This is one of the main problems with this secure boot nonsense: in the end, you have to trust somebody.

Re:Ubuntu is doing the right thing

which as it so happens is the freedom that PCs were meant to provide in the first place.

Actually, I'm pretty sure that personal computers were simply "meant" to be useful to the most people possible (so that they would be bought by the most people possible). It's not more complicated than that. Computers increased productivity, so they became essentally required to complete. Perhaps sad for those of us who tinker, but whether or not the bootloader is locked will have zero impact on the vast majority of personal computer users... except to largely eliminate the possibility of rootkit-variety malware which is obviously a benefit for the average user. It's also sensationalist to assume that those of us who do tinker will not still have plenty of hardware options. Either turn off "secure boot" (buy x86) or you may also just build your PC yourself, but that's not really a barrier for the type of people who would have an issue with locked bootloaders. Of course servers won't have locked bootloaders, either.

In short, it's all nice and stuff that you've posted so much about this issue. You obviously care a lot about it. But when it comes right down to it, most people to whom this technology is targeted have no problem with iPad-like devices or "walled gardens" and can only benefit from the increased security (and having each layer of your software signed from boot is obviously, undeniably a secure benefit). Those of us who don't want or need that will continue to have plenty of other options, like we always have.

Re:Ubuntu is doing the right thing

[mathfeel]

If the only thing keeping this secure

Secure from what? The goal is not to secure you from a bootloader virus; I doubt that was discussed for more than five minutes while this system was being designed. The goal is to secure DRM systems from you, the user, because of what happened with DVDs and deCSS, what happens with software cracking tools, etc. The goal is to turn PCs into iPads. This is a trap, designed to rob you of the freedom you have right now, which as it so happens is the freedom that PCs were meant to provide in the first place.

Right. I would agree this crap is for security if, for example, mobo manufacture can put a jumper or something in that would by pass secure boot. This way, people who are the weak link in security, who wouldn't know what a jumper is, stay "secured" (as secure as you trust the vendor from whom you buy the hardware has not tinkered with it), while the rest of us who actually has a clue, can go on doing what we have been doing: actually owning the hardware we pay good money for.

Re:Ubuntu is doing the right thing

[betterunixthanunix]

Actually, I'm pretty sure that personal computers were simply "meant" to be useful to the most people possible

No, PCs were built by people who wanted to own and control their computers, and whose opinion was that everyone else should have that freedom. In the 1960s (years before PCs), IBM, AT&T and other companies were already talking about how to bring computers into offices and homes, by selling computation as a utility. The plan was for you to have a terminal in your house, which would connect to a mainframe, and you would pay by the CPU hour, by the storage you used, etc. The computer itself would be equipment owned and operated by the utility.

The point of PCs was to give you a computer that you owned and operated, rather than one you rented. You could install whatever hardware you wanted, you could run whatever software without worrying about the bill, you could modify the system in arbitrary ways. It was never a choice between PCs and having no computer access, it was a choice between PCs and renting time on some mainframe.

Perhaps sad for those of us who tinker, but whether or not the bootloader is locked will have zero impact on the vast majority of personal computer users...

I disagree; stronger DRM means tighter controls on what people can do. Copy a movie to your tablet, so you can watch it on the go? That will be something people will be forced to pay for, or even forbidden from doing in the first place. This is not just about hackers. Ordinary people often have no idea what their computer is truly capable of because they are using software, and now hardware, that is designed to restrict them.

It's also sensationalist to assume that those of us who do tinker will not still have plenty of hardware options

Yeah, but we may be forced to make decisions that we would not have had to make otherwise. What if dual booting becomes impossible, because Windows will not run on a system without these restrictions? That will stop a lot of people -- people who cannot afford two computers (like me when I was in middle school) and who cannot give up Windows.

Either turn off "secure boot" (buy x86)

Not necessarily easy to do; OEMs do not have to cooperate and enable custom mode, let alone allow you to disable the feature entirely.

you may also just build your PC yourself

There is no guarantee that Windows will actually run on such a system. Look at the effort required to get Mac OS X running on a homebrew system; what reason does Microsoft have to make Windows available on a home-built system? Maybe only OEMs will get to do that, or maybe only OEMs will be allowed to install Windows with support for certain entertainment services (e.g. Netflix), etc.

I know that it is a little paranoid, but Microsoft does not have a history of being soft on these things. Remember when they integrated Internet Explorer into the desktop? If Microsoft is pushing this because they envision the future of home computer as being entertainment-oriented -- and I strongly suspect that this is the case -- it is reasonable to assume that they will do everything they can to create a "media ecosystem." Why shouldn't OEMs be cutting deals with media companies? Why wouldn't Microsoft want to position Windows as the software that is used for that purpose? This is something that will probably make a lot of money, for Microsoft and the OEMs that ship Windows systems, and the entertainment companies. Perhaps homebrew systems will also get access -- for a price, and probably a higher price than what OEMs pay.

Of course servers won't have locked bootloaders, either.

I used to think this, but I am not so sure about that anymore. Why not have locked bootloaders on servers? There is a larger security concern there (the stakes are much higher; even if bootloader rootkits are a ra

Re:Ubuntu is doing the right thing

They could take the alleged and unconfirmed "advice" of a single lawyer who didn't write the GPLv3, or they could take the advice of the organization that actually wrote the GPLv3.

Decisions, decisions...

Re:Ubuntu is doing the right thing

[martyros]

Which results in the very thing that it claims to not want. GPL3 code is RESTRICTIVE license. It is an anathema to FREEDOM. True freedom includes some not so nice things

Freedom for some people means restricting freedom from other people. For instance, to make sure you can enjoy your right to "life, liberty, an the pursuit of happiness", we take away other people's rights to beat you up and take your stuff. To make sure that customers can enjoy their right to buy things at a fair price, we set restrictions on what sellers can do -- e.g., monopolies can't abuse their position, people who sell stuff can't make an agreement on setting a price, &c.

In any case, the guy who wrote the software chose the license; it's already a heck of a lot less restrictive than proprietary software. No one's making you use their software. If you don't like it, write your own.

Re:Ubuntu is doing the right thing

[isorox]

If the only thing keeping this secure

Secure from what? The goal is not to secure you from a bootloader virus; I doubt that was discussed for more than five minutes while this system was being designed.

We had security from bootloader viruses in the 90s, every bios had an option to pop up a BIOS-level warning "Your boot sector is being re-written -- do you want to allow this (Y/N)"

That went away for some reason.

Re:Ubuntu is doing the right thing

[Archangel+Michael]

Nobody has a "right" to beat me up and take my stuff. See 2nd Amendment for details

Re:Ubuntu is doing the right thing

[nedlohs]

You are right, taking the advice of the organization who wrote the license would be even more stupid than taking that of a random slashdot post (like this one).

Or do you also take the RIAA advice on whether the latest bill they authored for Congress would be good for the nation to pass at face value?

Re:Ubuntu is doing the right thing

[exomondo]

What if dual booting becomes impossible, because Windows will not run on a system without these restrictions?

That's just a silly scenario to even consider because it's illogical, they wouldn't lock out a hugely significant segment of their market forcing users to buy new hardware from which they make no money anyway for no gain.

Not necessarily easy to do; OEMs do not have to cooperate and enable custom mode, let alone allow you to disable the feature entirely.

Wrong, they do if they want Microsoft's blessing.

There is no guarantee that Windows will actually run on such a system.

Well actually there is, Windows 8 does run on older systems that do not support UEFI secureboot. If you're talking about future versions then there is no reason to believe they will be any different.

Look at the effort required to get Mac OS X running on a homebrew system; what reason does Microsoft have to make Windows available on a home-built system?

The most obvious one, the very reason they and every for-profit company in the world are in business...to make money, which they do by selling a software license. Microsoft's revenue stream is derived vastly from selling Windows and Office licenses, with that in mind it's pretty silly to suggest they would stop doing exactly that.

Maybe only OEMs will get to do that, or maybe only OEMs will be allowed to install Windows with support for certain entertainment services (e.g. Netflix), etc.
I know that it is a little paranoid

The reason that is paranoid is simply because there is no reason they would do that, nothing Microsoft would gain from that, they would only lose. Hey maybe they'll open source Windows under a BSD license.

If Microsoft is pushing this because they envision the future of home computer as being entertainment-oriented -- and I strongly suspect that this is the case -- it is reasonable to assume that they will do everything they can to create a "media ecosystem."

They've already got that with the XBox360's Zune functionality, people are much more likely to connect a cheap XBox to their TV than they are to connect a PC.

Sure, most people will not complain -- they will not complain, because they are content to live and think within the box.

How does any of this prevent you from 'living or thinking outside the box'? Or more to the point, what are you defining as 'the box'?

Re:Ubuntu understands users

[jawtheshark]

Ubuntu [..] understands why Microsoft needs to employ secure boot

I don't understand why Microsoft requires secure boot. Care to explain?

I mean the boot sector "virus"/"malware" thing is highly overrated. I've never seen one in the wild. The situation as is was just fine.

Good riddance

[Hatta]

Grub2 is an epic piece of shit anyway.

Re:Good riddance

[jmorris42]

> Grub2 is an epic piece of shit anyway.

Not exactly. It is epic. In that it is trying to live up to the "Grand" in its name. But it has to be admitted that it is in one important way inferior to GRUB 1. The big advantage of GRUB over LILO was that you didn't have to worry about an unbootable machine if you changed anything and forgot to 'rerun lilo'. GRUB2 brings those bad days back with it's mammoth configuration file spread into shards in /etc/ to make it possible for scripts to manipilate it in a sane way.

Re:Good riddance

[Hatta]

The big advantage of GRUB over LILO was that you didn't have to worry about an unbootable machine if you changed anything and forgot to 'rerun lilo'.

Which was never a big deal anyway. Just boot from external media run lilo, and reboot. Worked every single time. Why is that worth writing a whole new boot loader over?

Grub on the other hand would occasionally hose itself for no reason. Booting from external media and running 'grub-install' or 'update-grub' usually worked, but I still had one system that grub so totally screwed up that even that wasn't enough.

Re:Good riddance

You are an idiot, and clearly have not spent any time running GRUB2. Before you knee jerk reply with "yes I have", I'm calling preemptive bullshit.

Re:Good riddance

[Hatta]

I may or may not be an idiot, but I am no liar. I have been using Grub2 since Debian Squeeze was in unstable.

Re:Good riddance

Citation politely requested.

Grub on the other hand would occasionally hose itself for no reason.

Computers don't do things for "no reason". But you may indeed be referring to bugs I don't know of that I'll agree meet the description close enough. Point me to those.

Re:Good riddance

It's reduced to irrelevance with EFI. The EFI shell can do anything grub can do, and more. You can these days even just load the kernel directly.

In the future we'll probably just use fancy EFI scripts to boot and grub/Lilo will be footnotes in history.

Re:Ubuntu understands users

Why microsoft needs to employ secure boot...

Why microsoft needs to employ a microsoft controlled boot loader - tftfy.

I don't trust Microsoft to do anything that isn't directly tied to increasing their profits - that includes forcing a boot loader that can later turn-off any operating system they don't like or want on *their hardware* - and trust me folks, with their boot-loader on the box, they will claim it is theirs, not yours.

You will have to *PAY* microsoft a licensing fee to run something other than windows - just wait and watch - you know it's coming.

The only safe PC is a PC free of anything Microsoft (and Apple)

Grub bugs

[Twinbee]

I know this is offtopic, but just a quick request to the powers that be. I tried installing Ubuntu a while back, and 'Grub' not only made Ubuntu boot by defaut, but also wouldn't allow any easy way for to change that to Windows. In addition to that, uninstalling Grub proved to be very cumbersome.

I'm sure many would be far less patient than me, so it may help perceptions of Linux/Ubuntu if some of the basics were in place.

Re:Grub bugs

[dkleinsc]

At least Linux Mint's installer, and I think Ubuntu's as well, figure out that Windows is already on your system during the install process, and set up Grub so you can easily just choose "Windows" when the computer is booting up.

In other words, the "powers that be" know about the problem, and have a pretty good solution in place right now.

Re:Grub bugs

[CanHasDIY]

The worst part (of Grub2, IMO) is, you can't even make configuration changes without blindingly painful, self-inflicted dental surgery, or installing a separate, non-default GUI package (startup-config-manager or some such shit) to your Ubuntu box.


I miss my grub.conf and menu.lst!

Re:Grub bugs

People believe TFM too much on this.

Yes, it says you cannot edit the auto-generated config, and that bad things will happen if you do.

Go ahead, edit the goddamn config, and make a backup, and never run the automated config generator again. And if it somehow does get run, perhaps as part of some software update, just mutter imprecations into your beard while you copy the backup into place, then go on with life.

It works just fine, if you refuse to believe people who say you must not touch config files.

Re:Grub bugs

Oh, hell, yes. There was a time in the mid 90s where Windows people would install Linux on a separate partition, for fun. Then they tried to get rid of it further down the line and oh fuck, I'm never doing this again. Linux on the desktop might be twice as far along if GRUB hadn't been such a piece of utter shit.

Re:Grub bugs

[Knuckles]

Oh, hell, yes. There was a time in the mid 90s where Windows people would install Linux on a separate partition, for fun. Then they tried to get rid of it further down the line and oh fuck, I'm never doing this again. Linux on the desktop might be twice as far along if GRUB hadn't been such a piece of utter shit.

Grub in the mid-nineties? I don't think so.

Re:Grub bugs

[nedlohs]

On noes! Instead of editing /boot/grub/grub.cfg I edit /etc/grub.d/X. The world is ending I say!

Of course you could just edit the file anyway and not run the generator script ever again, but that would be too complicated I guess....

Re:Grub bugs

[bluefoxlucid]

this is wrong, because it'll keep booting old kernels, until they're removed and it won't boot anymore. You want to add your config to /etc/grub/41custom or whatever, so when the automated configurator runs it puts your custom config into the generated configuration file.

Re:Grub bugs

[GameboyRMH]

Yeah it is a bit of a PITA compared to the old system - the first time anyways. Remember with GRUB1 when you had to re-customize your menu.lst after every single kernel upgrade? Good times huh?

Re:Grub bugs

I know this is offtopic, but just a quick request to the powers that be. I tried installing Ubuntu a while back, and 'Grub' not only made Ubuntu boot by defaut, but also wouldn't allow any easy way for to change that to Windows.

You blame GRUB for failings that are entirely in Ubuntu. The GRUB documentation clearly deals with the issues, but the software itself is not intended to be installed or configured by end users, which is the job of distribution vendors/maintainers or administrative personal.
It's not the GRUB folks's job to create user friendly GUI applications to configure the boot loader. That's what the Ubuntu people should have done ages ago.

In addition to that, uninstalling Grub proved to be very cumbersome.

You don't "unsinstall" it, you replace it. I'm not sure how intuitive this seems to you or to other people, but personally I've never had problems with the concept.
That said, I don't promise dpkg won't overwrite your boot loader if you update the grub-pc package. The entire Debian package management system is a mess fully deserving the title "dependency hell".

I'm sure many would be far less patient than me, so it may help perceptions of Linux/Ubuntu if some of the basics were in place.

That pretty much sums up exactly what's wrong with the user-friendly Linux based desktops. You need to be usable for your intended audience if you plan on becoming competitive, and moving around files in /etc/grub.d is anything but.

Re:Grub bugs

[bluefoxlucid]

The syntax in the first GRUB was less ridiculous. GRUB is a very simple, very basic tool; they've mangled the syntax to make something trying to be a nearly turring complete scripting language.

Re:Grub bugs

. Remember with GRUB1 when you had to re-customize your menu.lst after every single kernel upgrade? Good times huh?

Yes. It was trivial. Config scripts are garbage so I blocked grub2.

Re:Grub bugs

I find it VERY EASY to make Windows the default boot in GRUB2.

sudo gedit /etc/default/grub

I change GRUB_DEFAULT=0 to GRUB_DEFAULT="Windows 7 (loader) (on /dev/sda1)"

sudo update-grub

NOTE: I am using the menu entry with the quotes. To determine your menu entry, you need to do this:
grep menuentry /boot/grub/grub.cfg

GRUB_DEFAULT=0 Sets the default menu entry by menu position. As in GRUB, the first "menuentry" in grub.cfg is 0, the second is 1, etc.

GRUB_DEFAULT=saved Sets the default menu entry with whatever was selected last. If the menu is displayed during boot, the last entry selected will be highlighted. If no action is taken, this selection will be booted at the end of the timeout or if the menu is hidden.

GRUB_DEFAULT="xxxx" An exact menu entry, including the quotation symbols, may also be used. In this case, location in the menu will not matter. Example: GRUB_DEFAULT="Ubuntu, Linux 2.6.31-9-generic"
        * For an example of how to enable the "saved" option with a custom menu, see the "Custom User Entries" section.

Re:Grub bugs

[mjm1231]

Which doesn't work if you install Windows or whatever else afterwards. And yes, editing the damn Grub menu has been annoyingly complicated in Ubuntu at least since 9.10. On one system I have, the selection for Window has scrolled off the screen due to the number of kernel updates. Ok, maybe it's a good idea to keep one or two of those options in case of an emergency. But a whole screen worth? I do not consider this a pretty good solution.

Re:Grub bugs

[higuita]

gee... edit/create a /etc/grub.d/??-custom is not much hard than to edit the old /boot/grub/menu.cfg ... you just need to run the update-grub2 next and confirm if everything is OK....

but hey, you can always use lilo

Re:Grub bugs

Yes, but there's a timeout and it selects a default option with that timeout. Now, with GUI utilities, you CAN change that timeout, but I have yet to find a utility that will actually and truly change the default operating system to be booted. Boot Up Manager (or Startup Manager, I can't remember which) shows you the option of default operating system, and it even writes a config, but it does NOT actually change the default operating system on any of 4 systems I have used it on (with Grub 2), and it doesn't throw errors indicating that it didn't actually change that setting either. It's a bug, and it sucks big time.

Re:Grub bugs

[kesuki]

except windows 7 gets confused by the grub bootloader that currently ships with ubuntu... it thinks the drive is virused, attempts to repair the win 7 booter. and if you're lucky it boots. then the next time you boot it sometimes gets confused and thinks a virus has hit the system and it fails to boot without a format. i have hardware this is repeatable on. but i decided when windows 7 locked up hard that i didn't need windows to play movies play the occasional game, geting infomation of the net etc...
i still have one desktop that runs windows, but only for certain tasks that work easier on windows using good software. the rest of my hardware is linux or android.

Re:Grub bugs

[squiggleslash]

You know what would be great? If some of this crap were documented somewhere, preferably in a way that makes it easy to understand what files to modify, what to run afterwards, and so on.

And yes, I am hoping someone out there is going to flame me for saying the above - but just know you're a douchebag if you don't actually include a link to said documentation in your flame ;-) [and no, Google doesn't count]

Re:Grub bugs

[higuita]

touché! :)

but if you open the /boot/grub/grub.cfg (the new grub2 config file) you see:

# DO NOT EDIT THIS FILE
#
# It is automatically generated by grub-mkconfig using templates
# from /etc/grub.d and settings from /etc/default/grub

So its documented... you need to play with the /etc/grub.d/* files and for more simple options, the /etc/default/grub (in debian at least) and run the grub-mkconfig.

Sadly people often dont look at the text, but dont really read it ;)

I think the problem with grub2 is that it have too much silent automatic discovery and all that looks like "magic". A more verbose building of the config would help people understand what is happening what might need to change.

Re:Ubuntu understands users

[SuricouRaven]

Because:
1. Once the technology is deployed, it requires only altering one line of a contract to kill linux on the desktop.
2. Because being able to ensure the OS hasn't been tampered with by the hardware owner is vital for any attempt to make effective DRM schemes.

Astroturf.

Wow. Who knew Canonical had astroturfers? Either that or apologists.

First five posts on this article were all "FSF sucks, Ubuntu knows our Hearts! 3".

Re:Ubuntu understands users

[jawtheshark]

I mean reasons that benefit the user... I thought I made clear that I understood the nefarious uses.

Re:Ubuntu understands users

[betterunixthanunix]

While FSF just tries to fight their ideological war, Ubuntu takes less hard road and understands why Microsoft needs to employ secure boot. Good for them, and better for Linux.

How is this good for users? Restricted boot environments are about DRM, not about securing the system from malware. Canonical does not care about whether or not people can use the computers they own in the manner they wish to use them, so how is that a good thing?

I do not want to choose between Fedora and Ubuntu; I want to use whatever distro I fancy, and I want to be able to switch distros without jumping through hoops (yes, there are hoops to jump through now; this move by Canonical does nothing to advance any solution to that problem).

Mandatory Warning.

Serious Sandwich, aka Bonch, Sharklaser, Tech* etc is one of a number of sockpuppet accounts established and maintained by Burson Marsteller on behalf of Microsoft.

Their presence in this discussion means comments and moderation will be slanted to emphasize their client's viewpoint.

Treat all commenters in this discussion with suspicion and derision. Do not post or reply to posts yourself.

Re:Mandatory Warning.

[Richard_at_work]

Do you offer any proof of your claims? Or are we just going on accusations these days?

Re:Mandatory Warning.

Why because he says something you dont like? Not for nothing having dealt with enough friends who did have rootkits in their boot sector I can see a real need for it as a security feature. And like he pointed out Apple has been doing this for years now and I have no problems booting to Ubuntu or Windows 7

Re:Mandatory Warning.

[rickb928]

"Treat all commenters in this discussion with suspicion and derision."

Suspicion is the norm around here. Derision is the default action of many/most.

I can't hardly tell the difference between the misinformed, ignorant, or paid/unpaid shills. So I end up considering the content of comments. Radical and time consuming, but hey, what else do I have to do?

Re:Mandatory Warning.

[rickb928]

"and I am moderating in this discussion"

Oh, so you're circumventing the system.

Another reason to crush ACs and cast them out. Posting as AC to be able to moderate your comments is pus. May you burn.

Re:Mandatory Warning.

Well, whoever he is he's factually wrong.

UEFI booting has absolutely nothing to do with boot sectors. Secure boot is part of (A superset of?) UEFI booting. A system doing a UEFI neither needs, looks for, nor cares about the boot sector.

Boot sectors are part of the old, old, old legacy boot method where you had to chain larger and larger bits of code to jump the CPU in to its newer, more powerful modes. More or less, the sytem starts in a mode so dumb it can only run a few bytes of code. It can't read or interperate filesystems. It cant jump in to a modern 32 or 64bit kernel I can't do anything but read very simple code from a fixed location. This location is the boot sector, and it's always sector 0. This code calls a larger boot loader, then a larger one, then eventually reaches a point where it can start up a modern operating system.

UEFI is actually a tiny OS that can read partitions/filesystems directly and can call a modern UEFI compatable boot loader directly. Now, not to say you can't subvert your modern UEFI bootloader. (Thats what secure boot is all about) But it certianly has nothing to do with boot sectors.

Re:Mandatory Warning.

[jockm]

Proof? It is hard to take this claim seriously when you provide no proof and post as an AC. I am not saying you aren't right, I am just saying that you are making an assertion with no way to know who you are or verify what you are saying...

Re:Mandatory Warning.

[SomePgmr]

That's reasonable. I'm less suspicious than most I guess, so I just operate on a general rule-of-life that works pretty well. It goes something like, "If it sounds like hyperbole or straight-up bullshit, it probably is. If it sounds rational and even-keeled... trust but verify."

I guess that's two rules. ;)

Re:Mandatory Warning.

so you're circumventing the system.

Huh? You can't moderate your own comments. I guess you could if you wanted to change IP addresses or browsers or whatever, but you totally missed the point of my post. Enjoy your Offtopic mod (compliments of not me, but some other mod with a brain).

Re:Mandatory Warning.

Can't prove he's on someone's payroll, but damn sure he's a sockpuppet and troll.

Here, check his first ever posts and compare with his likely previous account (which only survived for a few hours).

Except for common talk points and phrasing, "Google abuses opensource", "only gives back what they're required to by GPL", "hidden behind servers", note the behavioural similarities, fresh account, dives into Google/MS related discussion right from the start with pro-MS/anti-Google trend, manages to weave agenda-related comments into not really on topic conversations.

Re:Mandatory Warning.

[popoutman]

Posting as AC to be able to moderate your comments is pus. May you burn.

FYI: If you post as AC, you can't moderate the anonymous comment you've just posted.

Re:Mandatory Warning.

[interkin3tic]

Simpler explanation: someone not connected to MS is trolling. Effectively it seems.

Re:Mandatory Warning.

[higuita]

Try using different browsers to do post and to moderate... problem solved

Re:Mandatory Warning.

[hey!]

Why because he says something you dont like?

Well, until people can be persuaded to distrust comments they agree with, people distrusting those they disagree with is the only thing standing between us and total public credulousness.

Re:Mandatory Warning.

[Pieroxy]

From my experience, you also need to do it from different IPs.

Re:Mandatory Warning.

And what is going to prevent it, magic?

Re:Mandatory Warning.

[Darinbob]

I'm not anonymous, and would seriously like to know if it's possible to determine identity of an account? If so then Slashdot has some serious privacy holes that need fixing. If not then this is just someone with a conspiracy theory.

Re:Mandatory Warning.

Your comment, while interesting, is difficult to verify objectively, and would be more credible had you not posted anonymously.

No, it's pretty easy to verify objectively. Just take a little time and compare posts among those accounts. Once you're convinced, come back here and I'll give you a few more UIDs that are part of this.

There are now quite a few companies that will handle these astroturf campaigns for you. "New Media Strategies"- type companies that hire college-kid "new media associates" or "specialists" who have or make accounts on social web sites.

Also, there have been a surprising number of Slashdot accounts that have changed hands over the years. Accounts that I know were people suddenly becoming astroturf bots. I assume that means the New Media Strategies-type companies are buying trusted accounts on new media sites.

In this case, I'm pretty sure Microsoft is handling this all in-house, but if you are pretty good at analyzing text (I am) you can pretty easily catch these guys and figure out what's going on. Trolling has gone pro.

Re:Mandatory Warning.

Considering that Bonch is in love with Apple I seriously doubt he works for Microsoft.

Re:Ubuntu understands users

Required by whom? Vendors or YOU?

Keep secure keys at the OWNER level, and that owner is NOT Microsoft, if is YOU. Maybe you forgotten yoru place and became a mushroom.

I Call Bullshit.

[darkonc]

Canonical can't be held responsible for somebody else's screw-up. If Canonical distributes GRUB consistent with the GPL3, then there responsibility is done. If somebody else screws up by distributing GRUB in a non-conformant way, then all they can do is ask canonical to distribute their private key to get the manufacturer's bacon out of the fire. Canonical would then be free to laugh at them.

It seems to me that Canonical is missing the bigger piece -- which is that the vibrancy of Ubuntu depends on the wider vibrancy of Linux. If Ubuntu jumps into Microsoft's lifeboat and leaves the rest of the GNU/Linux community to sink or swim, Canonical is ultimately slitting their own throat slowly.

Trusting Microsoft over the FSF seems foolhardy at best.

Re:I Call Bullshit.

Not really. Microsoft can be trusted to behave like the behemoth it is. They are very consistent. The FSF, however, is a small organization that changes dramaticly with leadership changes. They're stuck between Big Evil and Holy Shit Radicals. It's not a good place, and in their position close to the real world, they've made a reasonable decision. I don't like on religious grounds, but then again, Free Software is a religion.

Re:I Call Bullshit.

[LourensV]

I think the reason for the SFLC's advice regarding having to reveal th key is that Canonical distributes updates directly. Here's the scenario:

1. The OEM sells a PC with Ubuntu preloaded and the BIOS locked.
2. The user buys the PC and then updates GRUB2 to a newer version supplied from the Ubuntu repositories. It'll install fine, because it's been signed by Canonical, and the Canonical key is in the BIOS.
3. User wants to modify GRUB2. They get the sources from Canonical, modify, recompile, and try to install. The computer won't boot, because their modified version is missing a signature.

This means that Canonical is violating the Tivoisation clause in the GPLv3. Canonical is redistributing GRUB2 to the user, and the licence won't let them do that unless they also provide the user with everything they need to be able to change GRUB2 and load it onto their computer just as they're doing with the original they were given. Since Canonical can't unlock the BIOS (only the OEM can), the only way they can fulfil those requirements is by giving out their key.

Re:I Call Bullshit.

[higuita]

+1 totally right

Re:I Call Bullshit.

[squiggleslash]

Maybe someone should produce GILO (Grub LOader - OK, I don't know where the I comes from, I was just being consistent with LILO) that loads Grub, but is licensed under, say, the X11 license.

I can't think of any reason why anyone would object to having a boot loaded load a boot loader that then loads a stub to load a kernel to boot an operating system. (The sad thing is, I really can't. 20 years ago this solution would look ridiculous, today, it's no worse than running an XML widget description language interpreter run over a widget library that runs over a graphics toolkit that runs over a 3D graphics language that runs over a networked graphics terminal system that runs over...)

Re:I Call Bullshit.

I think the reason for the SFLC's advice regarding having to reveal th key is that Canonical distributes updates directly.

The relevant part of the GPL 3:

If you convey an object code work under this section in, or with, or
specifically for use in, a User Product, and the conveying occurs as
part of a transaction in which the right of possession and use of the
User Product is transferred to the recipient in perpetuity or for a
fixed term (regardless of how the transaction is characterized), the
Corresponding Source conveyed under this section must be accompanied
by the Installation Information.

It's been common for distributions to sign their packages long before UEFI, and it would be ridiculous if some evil vendor could force the distro to hand over its private key just by designing its BIOS to insist on seeing the distro's signature on the bootloader. (Of course the standard ways of signing packages don't put the signature somewhere that an ordinary BIOS could find it, but if the vendor's being evil they could probably work out a way of doing it.)

Re:I Call Bullshit.

"If you convey an object code work under this section in, or with, or specifically for use in, a User Product,"

Specificially for use in, how is that to be interpreted? Is code compiled for x86 specifically for use in all x86 PCs? Or is it much more narrow than that?

Re:Ubuntu understands users

[Hatta]

Microsoft "needs" to employ secure boot in order to gain an advantage over smaller competitors who can't push OEMs into providing their signing key by default. Nothing more, nothing less. Any other justifications offered are smokescreens, and you are a naive fool if you believe them.

Get rid of secure boot

If I can't boot linux on a motherboard, I return the motherboard. Its an anti-trust issue. A single motherboard can kill some village idiot outfit like mickeysoft. The FSF is correct. Grub2 is brand new, and works perfectly. Shills and luddites who argue otherwise are brainless pieces of shit. Microsoft needs to die anyway.

Re:Get rid of secure boot

[93+Escort+Wagon]

Shills and luddites who argue otherwise are brainless pieces of shit. Microsoft needs to die anyway.

On the other hand, you sound like you're putting tons of thought into your arguments.

Re:Get rid of secure boot

Wow, this isn't 2001 anymore. I'm surprised you didn't throw in the M$ moniker somewhere. Take your anti-trust hating-MS-because-its-MS ball and go home.

Re:Get rid of secure boot

Why would he need to sit around and spend more time thinking, when his point is obvious and correct, and the latter part you quoted is his opinion?
  All it takes is one motherboard manufacturer to make boards without this "secure boot" bullshit, and it will be the most popular thing out there. For a while the other folks will live in their walled garden setup, but it would lead to a rennaissance of the build-your-own-computer ethos, and eventually other manufacturers would jump ship, too. Eventually even the dummies would be buying off-the-shelf no-drm models on the advice of their teenage computer nerd relatives.
  This is even assuming this shit gets off the ground in the first place. It was a spectacular failure the last two times.

Not quite: They want to still work in a screwup...

[nweaver]

The expect that an OEM may screw up. In that case, their current solution will still allow users to run their own code except for the bootloader itself.

But if they used a GPLv3 bootloader, they have received advice that they might have to reveal the key when the OEM screws up, because that would be necessary for someone to provide their own bootloader.

Far better to not chance it and just avoid the GPLv3 for something that actually has a free license, rather than the significant impositions that GPLv3 attempts to impose in the name of the FSF's particular vision of "freedom".

Re:Ubuntu understands users

[Jean+Taureau]

It's also optional

Unless you're on ARM, in which case it won't be, so no, it's not always optional.

Re:Ubuntu understands users

[betterunixthanunix]

I don't understand why Microsoft requires secure boot. Care to explain?

Here is but one example: the market for video games is billions of dollars, and while a lot of that money is in consoles and phones, there is still plenty in PC games. The problem is that on my PC, I can modify the game in arbitrary ways -- I can remove a license check, I can cheat (BIG problem in MMOs), etc. The reason I can do this is that the OS has no good way to stop me -- even if Windows tried to prevent me from running unsigned code, I can run a program before Windows even boots up to get around that restriction.

Thus restricted boot environments become a necessity for Microsoft to turn Windows into a DRM-friendly platform. DRM on PCs is not dead, it was just on vacation while the big players worked on a way to sneak in restricted boot environments. No more grabbing secret keys out of running processes, no more replacing WoW DLLs to cheat, no more patching software to evade license checks. That's why Microsoft requires this.

That is also why we need to fight back against this.

Except that OEMs are cannonical's partners...

[nweaver]

Part of the vision is that you should buy a Ubuntu system, right? In this case, Canonical is working with the OEMs to produce a certified system.

Thus if one of the OEMs screws up, Canonical does have a relationship with the product, as provider of the software, and may, under the GPLv3's "anti-TiVoization" clause, have to provide the signing key.

This is "Better to avoid the problem altogether"

Re:Except that OEMs are cannonical's partners...

[robmv]

It is simple, add to their legal binding document/contract that the OEM must not ship machines with locked keys and if that happens by accident the OEM must provide an updated firmware

Re:Except that OEMs are cannonical's partners...

[betterunixthanunix]

Part of the vision is that you should buy a Ubuntu system, right? In this case, Canonical is working with the OEMs to produce a certified system.

The vision is that you can buy a system that does not impose restrictions on what software you can run. The point of the GPLv3 is to advance that goal. Having Ubuntu but being unable to run a custom bootloader is not part of the vision.

This is "Better to avoid the problem altogether"

There is another option: require that any bootloader restrictions be disabled by default. If a user wants the restrictions to be enabled, nothing should stop them; but if the restrictions are enabled by default, an OEM may very well ship a system that does stop users from disabling those restrictions (otherwise, what's the point?).

Go complain to Microsoft if they try to make dual booting hard on such systems.

Re:Except that OEMs are cannonical's partners...

[gl4ss]

ah but it's much simpler to simply try to gun for a position where you don't have a choice of running debian - you'll have to run shuttlebitches shitbuntu.

Re:Except that OEMs are cannonical's partners...

[DarkOx]

In a compromise between food and poison only death can win. Which is not say we don't all die anyway but I really hope the community acts viciously toward Ubuntu and RH for these games and demands they stand up for freedom.

For all the good they have done I'd rather see Ubuntu buried tomorrow than let them enable Microsoft and its cronies to destroy the hardware market.

Shuttleworth isn't being entirely candid

[Todd+Knarr]

I'm sure the SFLC did tell him that a mistake by an OEM could force disclosure of the signing key. But notice he doesn't say explicitly that they told him it could force disclosure of Canonical's signing key. That's because I'm pretty sure they didn't tell him that. Think about it. The logic here is that an action that breaches the GPLv3 by a downstream distributor (the OEM) could force the upstream to correct the breach. Now, suppose I put that in the context of code: I distribute a GPLv3'd piece of software, you receive it from me, modify it and distribute the modified version. If Shuttleworth's argument is correct, then I am in breach of the GPLv3 because I'm not distributing the source code to your modifications as required by the GPLv3. But that's obvious nonsense, since I'm only required to distribute the source code to the software I'm distributing and I'm not distributing your modifications at all. Only you're doing that, and the only way you can pass your obligations back to me is if you're me in the legal sense (ie. a wholly-owned subsidiary company or a division of my company) or if I've signed a contract with you to take on those obligations for you.

So I suspect that while Canonical would be required to distribute any tools needed to create signed bootloaders and the keys needed for the BIOS to boot them, unless they're distributing the actual hardware it'd be on the OEM (who selected the hardware) to take any steps necessary to comply with the GPLv3 as regards the hardware (ie. either choose a BIOS that allowed keys to be enrolled or Secure Boot to be disabled, or distribute their own signing keys). Of course that could place the OEMs in a bind: if they used Canonical's signed binaries and keys then the OEM would be obliged to provide the signing key, but Canonical is not obliged to provide it to them. Which I think is exactly the situation the FSF desires: OEMs placed in a position where to use a very desirable bit of software in their equipment requires selecting a BIOS that permits user control over the Secure Boot process and keys.

Re:Shuttleworth isn't being entirely candid

[rudy_wayne]

When Monty Widenius sold MySQL to Sun nobody worried. What could possibly go wrong?

  Mark Shuttle worth is absolutely correct when he says "we have to plan for a world where leaders change and institutional priorities change."

Re:Shuttleworth isn't being entirely candid

So rather than working with institutions that presently have good priorities, we're going to work with institutions that have bad priorities, because fuck it everyone's going to try to fuck us over eventually.

Re:Shuttleworth isn't being entirely candid

To be fair, as Microsoft sinks into irrelevance it will probably become less evil.

Re:Shuttleworth isn't being entirely candid

Why not fight? It's how we got through the Fritz Hollings "encrypt it all" horse shit. It's how we got through the TPM nonsense...

Why roll over now?

Re:Shuttleworth isn't being entirely candid

[ArsonSmith]

And that is the biggest argument for small government there can ever be.

Re:Shuttleworth isn't being entirely candid

Using Monty and MySQL is a really bad choice of examples. The Monty/MySQL debacle was exclusively due to Monty greediness. He got a gallon from the firehose and then found out after selling everybody else out, everyone else was getting a hundred gallons from the firehose and Monty threw a temper tantrum. Canonical/Shuttleworth is merely another example of spoiled brats

Re:Shuttleworth isn't being entirely candid

[synthespian]

Where I think your logic goes wrong is that it probably doesn't conform to the way commercial deals are done. The deal with an OEM is a two-way street, probably, and they install your software, and they probably exempt themselves from certain responsibilities regarding your software.

Re:Shuttleworth isn't being entirely candid

[Todd+Knarr]

That's the thing, though: the OEM can't exempt themselves from copyright law by signing a contract with someone who isn't the copyright holder. The OEMs can make any agreement they want with Canonical, it simply isn't relevant to the license terms for GRUB since the FSF, not Canonical, is the copyright holder. I can sign an agreement with my neighbor allowing me to make additional copies of the Harry Potter books for free, and it's so much waste paper because unless my neighbor's J.K. Rowling they aren't the copyright holder and the copyright holder simply doesn't need to care about them.

Re:Shuttleworth isn't being entirely candid

No. No, it isn't.

Not everything is an argument for small government. And that certainly wasn't. Not even remotely.

Re:Shuttleworth isn't being entirely candid

[ArsonSmith]

"we have to plan for a world where leaders change and institutional priorities change."

Yes, yes it is.

Not everything is an argument for small government, but this certainly is. You want the next tyrannical maniac to have as little chance of success as possible by limiting powers in the government.

Poor, poor Anonymous Coward. You may never know your willful ignorance.

Re:Ubuntu understands users

[betterunixthanunix]

I mean reasons that benefit the user

That never enters the picture; users, in this model, are nothing more than an exploitable resource, a source of revenue for the corporate overlords.

Re:Ubuntu understands users

I can only think of one modern OS family that regularly gets viruses/malware that hide in the boot sector. Care to name the OS I'm thinking of? Hint: Starts with "W".

Bonus points if you can think of the historical and no longer published OS that got viruses in its boot sector. Hint: It is made by the same company as the above OS.

Re:Ubuntu understands users

[jmorris42]

> Secure Boot is very much required security feature. It will lock out malware that hides rootkits in boot sector. That's a very good thing.

Somebody with more crypto knowhow, please put me some knowledge on here. Because I'm not seeing it that way. Secure boot will work wonders to ensure Hollywierd and Microsoft that their hardware isn't doing something nasty like letting the guy who put money on the counter and thinks they own it (how funny!) run something of their choosing. What I don't see is how it really protects the user from malware.

The security only runs one way. Once somebody can subvert the boot process in any way (and show me ONE device that hasn't been rooted) all malware need do is what it has always been doing. Take over the boot. Then IT checks the sig on Windows and tells it that "I'm the bootloader, you can trust me." and there isn't a 100% sure way to verify backwards. We all know most vendors will still be flashing the BIOS/UEFI from Windows because anything else will be too much hassle for the end users. They will pretty much have to do it to get key revocation lists. Oh yea they talk now about secure pathways through secured supervisor modes but we know that if it is running Windows nothing on that CPU is really and truly secure. And wait until the motherboard makers start encheapening the system. Remember when a physical write protect jumper was standard to protect flash BIOS? And a ROM portion with an emergency rescue reflash util? When was the last time you saw any of those protective measures on sonsumer equipment?

> It's also optional, so you can always install Linux.

On x86, for now.

Re:Ubuntu understands users

[jawtheshark]

As I said to the other person telling me similar things. I assumed that I was clear that I understood the nefarious uses. So, what's in for the users? I can tell you: nothing...

In a sense, my question required no answer... I know the answers already.

Re:Not quite: They want to still work in a screwup

[betterunixthanunix]

The expect that an OEM may screw up. In that case, their current solution will still allow users to run their own code except for the bootloader itself.

In other words, what we had with OtherOS on the PS3.

But if they used a GPLv3 bootloader, they have received advice that they might have to reveal the key when the OEM screws up, because that would be necessary for someone to provide their own bootloader.

How is that a bad thing? This is not a key that is used to protect military secrets, it's a key that serves exactly one purpose: to prevent people from running modified software.

Far better to not chance it and just avoid the GPLv3 for something that actually has a free license, rather than the significant impositions that GPLv3 attempts to impose in the name of the FSF's particular vision of "freedom".

Your freedom to throw punches ends where my face begins. My freedom to install software on my computer is not less important than some OEM's freedom to restrict what software runs on their products.

Parent post is twitter

AKA Drinkypoo, erris, mactrope, etc. on behalf of the communist website Techrights AKA Boycott Novell.

Re:Ubuntu understands users

Everyone knows the Free Software Foundation cannot be trusted, but Microsoft can.

I just got back from vacation...did the universe invert while I was away?

Re:Not quite: They want to still work in a screwup

[0123456]

Far better to not chance it and just avoid the GPLv3 for something that actually has a free license, rather than the significant impositions that GPLv3 attempts to impose in the name of the FSF's particular vision of "freedom".

The "freedom" to actually be able to run the software you want on the computer you bought? You're right, they suck.

Not quite the flaw you make it sound like, Mark...

[pla]

The SFLC advice to us was that the FSF could require key disclosure if some OEM screwed up.

Yes! Yes, they could - Because it would mean that the OEM had "accidentally" taken away the user's right to do whatever the fuck they want with hardware bought and paid for by that user. And I have no problem with requiring key disclosure in that situation.

Look, Shuttles, we get the idea that you want every bit as much control over Ubuntu as Microsoft has over Windows, and UEFI has the potential to finally fulfill your little wet dream there. You seem to have overestimated your importance in the Linux world, however - If you won't honor the spirit of "free" software, we'll simply use a distro that does.

Re:Ubuntu understands users

[Baloroth]

Thus restricted boot environments become a necessity for Microsoft to turn Windows into a DRM-friendly platform. DRM on PCs is not dead, it was just on vacation while the big players worked on a way to sneak in restricted boot environments. No more grabbing secret keys out of running processes, no more replacing WoW DLLs to cheat, no more patching software to evade license checks. That's why Microsoft requires this.

That is also why we need to fight back against this.

And why I am hoping Steam's Linux initiative is both more than a rumor, and successful. Even if they don't get AAA titles, indie games can still appear on Linux, and the big game studios seem to have forgotten one little thing: they were once small studios, making what are now considered indie games. And that was considered the golden age of gaming.

Oh, and even DRM from boot will never work, not completely. Just ask Sony or MS how well that turned out, and they controlled every aspect of the hardware and software.

Why did you go with Linux?

[ackthpt]

I chose it because I could see the sources, update as I see fit, build as I see fit and be able to do a build without clobbering all my installed software.

So why would I suddenly want to chose a closed source Microsoft solution? This is the company, whose practices since 1995 are the major reason why we have malware, viruses and worms.

Such great vision from the start, nobody would even think to remotely try to control your computer, right?

As a mainframe admin I was charged with keeping sneaky bastages out all the time, why didn't Microsoft believe this sort of thing could happen on a PC? To this day they still have gaping holes in security and their transparency is a thing of fantasy.

Re:Why did you go with Linux?

>This is the company, whose practices since 1995 are the major reason why we have malware, viruses and worms.

Ironically, a trusted code chain is the only way to stop having malware, viruses, and worms and only Microsoft has the weight to get the ball rolling. Perhaps you should put some more thought into it before whingeing.

Re:Why did you go with Linux?

This is the company, whose practices since 1995 are the major reason why we have malware, viruses and worms

What does this even mean?

Are you literally saying that the main reason why malicious software exists is because of Microsoft?

That's insane. Explain yourself.

The fact that Slashdot mods this as "5, Insightful" says a LOT about how low this website has sunk. I simply no longer expect Slashdot to give me any intelligent information anymore.

Re:Ubuntu understands users

[residieu]

You asked why Microsoft requires secure boot, not why Microsoft's users require it.

Re:Ubuntu understands users

[jawtheshark]

Worst thing is that with the current userbase, who is mostly ignorant, they might get what they want.

But Microsoft isn't changing position?

[CanEHdian]

As nice as it is that someone at the FSF says they would not, we have to plan for a world where leaders change and institutional priorities change

As nice as it is that someone at Microsoft says they will sell $99 keys, we have to plan for a world where leaders change and institutional priorities change

Re:Ubuntu understands users

Whether Secure Boot is optional or not doesn't really matter. What matters is who can set the keys that the BIOS will use to check the boot loader. If you can't turn Secure Boot off and there is no way to change keys or add keys, then there's reason to complain. Otherwise there is not. If the first iteration of Secure Boot allows you to run your own software, then it's not a hostile feature. If a board doesn't allow you to change the keys, now or in the future, THEN don't buy that (and do complain to the manufacturer). If used right, Secure Boot can be beneficial. Let's not throw the baby out with the bathwater, mkay?

Re:Ubuntu understands users

[jawtheshark]

Good point... Guess, the tone of my post didn't come over well...

Re:Ubuntu understands users

[Marillion]

So true. After all, drug dealers and computer companies both refer to their customer base as "Users."

Re:Ubuntu understands users

[jellomizer]

Ideology wars, are based on Sliding Scale Arguments. If you take your oppositions ideology side to the extremism imagine how bad it could be.
People who are Pro-Life: Go If we let any of these laws get passed we will finally reach a situation where we can kill child under 21 because before that they are not fully developed yet.
People who are Pro-Choice: Go if we let any of these laws get passed we will revert back a century and loose a hundred years of Women's rights, where the woman would be the slave to the men.

The Republicans say the Democrats will lead the US into Communism.
The Democrats say the Republicans will lead the US into Anarchy or a Military Dictatorship.

We have been hearing about technologies that Microsoft has released that could be used to kill Linux for almost 2 decades now. Reality is if Microsoft Cramps down too much people just don't buy them and the product flops. If Microsoft plays fair, the product usually get used.
 

Re:Not quite: They want to still work in a screwup

[nweaver]

How is revealing the key bad?

Well, how about that it would be revoked! Having the key would allow one to subvert Secure Boot on windows systems, so you can bet dollars-to-doughnuts that if Canonical had to release its key, Microsoft would revoke Canonical's key.

Re:Ubuntu understands users

[betterunixthanunix]

Just ask Sony or MS how well that turned out

Keep in mind that it took four years to break the PS3 DRM, and even now the majority of PS3 owners are not in a position to jailbreak their devices.

Don't forget the big picture

[it5complicated]

Go the Mozilla way: Make deals with Google so you can build an open web. Don't listen to the voices from the cobwebs that speak a lot but don't deliver a usable product. Freedom is good only if it allows me to swim in it.

Re:Ubuntu understands users

In fact, the security on Texas Instrument's ARM CPUs (very popular in tablets) hasn't been broken. The Playbook tablet from RIM hasn't been broken yet. The B&N tablet, also based on TI's CPU, did had its bootloader cracked, but that was due to badly written bootloader (implementation), not a fault in the secure hardware. So there are ways to secure the hardware and boot process that are basically unbreakable.

The point is, it isn't really secure if *YOU* don't hold the keys. What corporation or government to you want to trust with your private data? Your habits and whereabouts? Your most private thoughts? Probably best if the owner of the device owns the keys to the device. But I think there are major forces out there that don't want that to happen.

UbuntWHO?

Screw you Ubuntu. Screw you Shuttleworth. Screw you Canonical.
You exploit the hell out of Debian and free software in general, and what do you give back?

Speaking of leaders changing, when is Shuttleworth's time going to be over so that some sense and honour can be brought into THAT organization?

Why are we allowing these "people" to do this?

[mcgrew]

Intel had the bright idea back in the nineties and it was soundly rejected; Intel got a lot of bad publicity and backed off. Then MS came up with "Palladium" ten years ago and it, too, was soundly rejected and MS got yet another black eye.

WTF, people?? FIGHT THIS MADNESS!! This is yet another round of MS's war against all other OSes. This is MS wanting to control YOUR computer. This has no upsides whatever, and is all bad.

Gees, ten years isn't that long, have you folks forgotten already?

Re:Why are we allowing these "people" to do this?

[bill_mcgonigle]

Gees, ten years isn't that long, have you folks forgotten already?

Two weeks after 9/11 the USAPATRIOT Act was highly controversial, despite the recent attack, and had sunset provisions.

Ten years later, it's renewed without any real debate.

"Keep us safe from the terr^H^H^H^H rootkits". In both cases the power-hungry gladly assume additional control and remove freedoms.

Re:Why are we allowing these "people" to do this?

[jmorris42]

> Gees, ten years isn't that long, have you folks forgotten already?

No, a new crop of idiots with iProducts have shown up. As long as the chains come in both black AND white and are considered the latest style they will not only submit to them, they will wear them with pride. They will make sure their clothing is designed to emphasize the brand name on the chains.

Now consider the XBox fanbois are just as bad. DRM to them is wonderful. It stops cheating, so STFU you haters.

Slowly, surely, relentlessly, those who control the culture have inserted those memes into the young through the media. Remember the close nexus between Apple through Pixar and into Disney that allowed His Steveness to push the RDF straight out into the mass media? And now follow the influences from Microsoft through MSNBC to NBC and out into the vast GE/Comcast media empire, the large game publishing houses into all of the other media. And for that matter, every media company, by definition, pushes the agenda of big media and DRM is their number one issue. They are nothing if not patient.

Re:Why are we allowing these "people" to do this?

[GameboyRMH]

Gees, ten years isn't that long, have you folks forgotten already?

Everyone forgot their last vague memories of the importance of computing freedom after iOS showed them how nice the inside of a prison cell could be.

Re:Why are we allowing these "people" to do this?

[7-Vodka]

They who can give up essential liberty to obtain a little temporary safety, deserve neither liberty nor safety.

Ben Franklin.. sometime shortly before February 17, 1775 as part of his notes for a proposition at the Pennsylvania Assembly, as published in Memoirs of the life and writings of Benjamin Franklin (1818).

Re:Why are we allowing these "people" to do this?

[ceswiedler]

"They who can give up essential safety to obtain a little temporary liberty, deserve neither safety nor liberty."

-- Me

Having dispensed with the pointless question-begging, can we start talking about which is essential and which is temporary in this case?

Re:Why are we allowing these "people" to do this?

I'm not so sure that's the best analogy for a situation in which you enter entirely voluntarily, continuously decide to be there, and can leave at any time. The only way Apple keeps you there is not extending their app store to non-Apple devices, something which they probably shouldn't be required to do. So, if you buy apps for your iDevice, you will have to buy them again on your Android device. But, if you switch Android devices, do you get to keep all of the apps that you bought, or do you have to re-buy all of them again?

Like it or not, the way to get "normal" people to buy your shit is to have a good, well polished, workable-by-the-masses product. But, not enough people in the Linux-on-the-desktop camp want that to make it work for "normal" people, so we're continually stuck in the Dark Ages (although driver support, the most basic thing for an OS, has gotten incredibly better in the past few years).

Re:Why are we allowing these "people" to do this?

[Rich0]

Then MS came up with "Palladium" ten years ago and it, too, was soundly rejected and MS got yet another black eye.

How do you figure? They never really implemented it, but just about every computer in use today has all the hardware necessary to make it work.

If MS wanted to they could push out an XP update that encrypted the drive on the next boot, and blocked all access to any data stored on it if you mess with any part of the boot chain. That's one of the things I don't get about UEFI/etc - you can already block boot-sector rootkits today but with the caveat that you can't prevent people from just wiping the drive and installing a new OS.

Even Linux supports this today. Linux has support for TPM, and there is a fork of Grub that supports it as well. You could easily configure a linux distro to encrypt your home directory with a key stored in the TPM that is only accessible if the OS booted cleanly without tampering. Stick a rootkit in the MBR and you won't be able to log in. (None of these technologies block denial-of-service - just the much more dangerous hidden software-level tampering.)

Re:Why are we allowing these "people" to do this?

WTF, people?? FIGHT THIS MADNESS!! This is yet another round of MS's war against all other OSes. This is MS wanting to control YOUR computer.

Standard anti-MS troll, ignoring the facts. The fact is that Microsoft mandates that if a PC is Windows 8-certified it must provide the option to turn off SecureBoot, which blows your rubbish anti-MS conspiracy-theory rhetoric out of the water.

Gees, ten years isn't that long, have you folks forgotten already?

No, people just don't care about that shit, that's why the iPad is so popular. Sure anyone could buy a free (freedom) tablet and install whatever they want, but the vast majority of people do not want that, just like the last 30-odd years (and also for the forseeable future given the provisions regarding SecureBoot in the Windows 8 certification) where people can buy a free (freedom) PC and install whatever they want but again the vast majority of people do not want that.
There will always be niche products for niche markets and the mainstream products still cater for that niche which proves you to simply be an anti-MS instigator especially given the growth of the tablet market and the fact that most of the devices there are far more locked down than any Windows 8-certified PC will be.

Re:Ubuntu understands users

[blue_teeth]

Does this mean, it is good time to buy and stock non-UEFI mainboards?

they promise

[v1]

The FSF wrote a licence that would give them the rights to take specific actions, and it's hard for them to argue they never would!'"

Couldn't agree more. "We insist you write us a blank check, just in case we need it. We won't abuse it. We promise!"

No. Blank checks get abuse, pretty much always. It's difficult to find examples of where abusable rights were given and then later did not go on to get abused at least once. (and sometimes as a matter of policy) It's also sadly entertaining to watch how they tend to fight you when you try to add in anti-abuse clauses, things that make you go "hmmmmm...."

Good call, Shuttleworth. Stand your ground.

Re:they promise

[GameboyRMH]

Except he's now made the same promise with Microsoft instead of the FSF.

Re:they promise

[thereitis]

Yes, I love this quote:

"As nice as it is that someone at the FSF says they would not, we have to plan for a world where leaders change and institutional priorities change. The FSF wrote a licence that would give them the rights to take specific actions, and it's hard for them to argue they never would!'"

It should be made into a plaque. Assuming that an advantage will be abused eventually is a safe and reasonable position to take. Keep this in mind when giving any person or organization power and plan accordingly.

Re:Not quite: They want to still work in a screwup

[betterunixthanunix]

That's the point of GPLv3: if these OEMs want to screw things up, then they have to deal with not getting to run GPLv3 software. If Canonical wants to make these "certified" hardware systems, then they should do one of the following:

1. Require that all certified systems ship with custom mode enabled by default, or that they ship without any restricted boot environment
2. Produce a separate key for every OEM, so that if one OEM screws up, they lose their Ubuntu certification without affecting other OEMs.

Otherwise, they are just legitimizing an attack on user freedoms, despite being the maintainers of the most popular GNU/Linux distribution out there (and despite the fact that those very freedoms are what enabled their entire operation).

Re:Ubuntu understands users

No one needs secure boot. We've lived without it for a long time, and that isn't even how most people get infected.

Re:Ubuntu understands users

[KingMotley]

The security only runs one way. Once somebody can subvert the boot process in any way (and show me ONE device that hasn't been rooted) all malware need do is what it has always been doing. Take over the boot.

That is correct. Which is why the UEFI/BIOS needs to be able to be secure. It does this in a number of ways, one of which is secure boot, which verifies the executable that it passes control to after initialization is one that has been untampered with. This prevents any malware from trying to infect the system that can get control before the OS itself does.

Then IT checks the sig on Windows and tells it that "I'm the bootloader, you can trust me." and there isn't a 100% sure way to verify backwards.

You have the process backwards. UEFI/BIOS doesn't tell the bootloader that it can trust the UEFI/BIOS. The UEFI/BIOS checks and verifies the boot loader to make sure it's untampered with before handing off control to it. The trust the other way is implied/assumed.

We all know most vendors will still be flashing the BIOS/UEFI from Windows because anything else will be too much hassle for the end users.

It's pretty easy for UEFI makers to include the process to update itself within itself. If you don't have the know how to boot to your UEFI menu, then you really shouldn't be updating your UEFI/BIOS anyway. Really, it's not that difficult. Most are graphical, and pretty simple.

They will pretty much have to do it to get key revocation lists. Oh yea they talk now about secure pathways through secured supervisor modes but we know that if it is running Windows nothing on that CPU is really and truly secure.

I'm not sure why they would need a revocation list. There is a handful of keys and they won't ever be revoked. You can add keys (or remove them I suppose), but the list of signatures of untampered boot loaders shouldn't need to ever be revoked. Even in the case that such a process does need to be put into place, that would either have to be done through the UEFI/BIOS subsystem itself, or verified by the UEFI/BIOS system before commiting it.

And wait until the motherboard makers start encheapening the system. Remember when a physical write protect jumper was standard to protect flash BIOS? And a ROM portion with an emergency rescue reflash util? When was the last time you saw any of those protective measures on sonsumer equipment?

And you get what you pay for sometimes. Nothing stopping $.02 manufacturers from shipping UEFI/BIOSes preinfected either. Just because a solution doesn't solve the entire worlds problems shouldn't mean you don't implement it. This is a solution to one problem that simply put, can't be solved any other way. It's a good solution, but it doesn't turn smog infested, violence prone, poor cities into gleaming bastions of godlyness either.

Re:Not quite the flaw you make it sound like, Mark

[nweaver]

Except that key disclosure would cause a lot of harm.

Canonical's solution still allows you to run all your own code except the bootloader in this case. Since the bootloader itself is not locked down, you can boot anything from the bootloader.

But if they had to disclose the key, then this means Microsoft has to revoke Canonical's key, because that key would allow subverting Window's secure boot model, and now it can't be used to install without requiring user EFI reconfiguration on any PC that includes Canonical's key in its revocation list.

Re:Ubuntu understands users

[rickb928]

"I want to be able to switch distros without jumping through hoops (yes, there are hoops to jump through now; this move by Canonical does nothing to advance any solution to that problem)."

So you want what you what you not only do not have now, but somehow manage without.

So you want Grand Unification between distributions. Oh my. I doubt we could even get decent migration tools between the major distros, 'major'
defined as the ones you and I use. :)

Antitrust authoritities?

[ThePhilips]

Anybody heard any reaction from the antitrust authorities?

US would probably remain mum, but I do not think EU would accept the OEM lockdown by convicted monopolist that readily.

Yes, there are security concerns, but they are negligible compared to the power grab by the convicted monopolist.

Re:Ubuntu understands users

[betterunixthanunix]

So you want what you what you not only do not have now, but somehow manage without.

The point is that we do have a real problem with GNU/Linux: switching distros is difficult and requires a lot of work, and sometimes you do not get what you wanted at the end. That is a problem that we should be working to solve or at least mitigate. This nonsense with signed bootloaders on personal computers is a step in the complete opposite direction.

Which would be a greater attack on user freedom?

[nweaver]

Which is a greater attack on user freedom?

a) Not being able to change the bootloader?

b) Not being able to install on new systems without changing EFI settings because the signing key got revoked?

Canonical chose "A". Fedora chose A, too, btw, because they didn't sign grub, but built a "pre-bootloader-bootloader" to load Grub.

Re:Ubuntu understands users

[phantomfive]

So, what's in for the users?

Same thing you get on iOS, and some Android devices.....a walled garden. Unfortunately, some people prefer that. It makes me sad.

Re:Ubuntu understands users

[spire3661]

Most of the people in the scene will tell you that the PS3 wasnt cracked for 4 years because the truly skilled people that crack this stuff were being hands off about it. Once Sony went into full on evil mode, all bets were off.

Re:Ubuntu understands users

[recoiledsnake]

> Restricted boot environments are about DRM, not about securing the system from malware

Really? Here are some references about boot malware which UEFI secure boot can prevent.

http://www.chmag.in/article/sep2011/rootkits-are-back-boot-infection

http://www.theregister.co.uk/2010/11/16/tdl_rootkit_does_64_bit_windows/

http://www.computerworld.com/s/article/9217953/Rootkit_infection_requires_Windows_reinstall_says_Microsoft

TDL4 is the most recent high tech and widely spread member of the TDSS family rootkit, targeting x64 operating systems too such as Windows Vista and Windows 7. One of the most striking features of TDL4 is that it is able to load its kernel-mode driver on systems with an enforced kernel-mode code signing policy (64-bit versions of Microsoft Windows Vista and 7) and perform kernel-mode hooks with kernel-mode patch protection policy enabled.

When the driver is loaded into kernel-mode address space it overwrites the MBR (Master Boot Record) of the disk by sending SRB (SCSI Request Block) packets directly to the miniport device object, then it initializes its hidden file system. The bootkit’s modules are written into the hidden file system from the dropper.

The TDL4 bootkit controls two areas of the hard drive one is the MBR and other is the hidden file system created at the time of malware deployment. When any application reads the MBR, the bootkit changes data and returns the contents of the clean MBR i.e. prior to the infection, and also it takes care of Infected MBR by protecting it from overwriting.

The hidden file system with the malicious components also gets protected by the bootkit. So if any application is making an attempt to read sectors of the hard disk where the hidden file system is stored, It will return zeroed buffer instead of the original data.

The bootkit contains code that performs additional checks to prevent the malware from the cleanup. At every start of the system TDL4 bootkit driver gets loaded and initialized properly by performing tasks as follows: Reads the contents of the boot sector, compares it with the infected image stored in hidden file system, if it finds any difference between these two images it rewrites the infected image to the boot sector. Sets the DriverObject field of the miniport device object to point to the bootkit’s driver object and also hooks the DriverStartIo field of the miniport’s driver object. If kernel debugging is enabled then this TDL4 does not install any of it’s components.

TDL4 Rootkit hooks the ATAPI driver i.e. standard windows miniport drivers like atapi.sys. It keeps Device Object at lowest in the device stack, which makes a lot harder to dump TDL4 files.

All these striking features have made TDL4 most notorious Windows rootkit and it is also very important to mention that the key to its success is the boot sector infection. ....

The original MBR and driver component are stored in encrypted form using the same encryption. Driver component hooks ATAPI's DriverStartIo routine where it monitors for write operations. In case of write operation targeted at the MBR sector, it is changed to read operation. This way it is trying to bypass repair operation by Security Products.

Atleast you'd have some credibility left if you had said that the restrictions could be about DRM also.

I do not want to choose between Fedora and Ubuntu; I want to use whatever distro I fancy, and I want to be able to switch distros without jumping through hoops (yes, there are hoops to jump through now; this move by Canonical does nothing to advance any solution to that problem).

Moving one slid

Re:Ubuntu understands users

If I don't have the keys to my computer, it's not mine.
RMS's The Right to Read looks less and less paranoid all the time.

Re:Ubuntu understands users

[spire3661]

"If Microsoft plays fair" Does not compute.

An impossible solution

[rickb928]

I wopiudl be interested in the naive idea that users shouidl be able to turn secure boot on and off. So if it's off, no Windows but other OSes could boot. On, and Windows would boot, but other OSes may or may not.

Then, if I choose to NOT use Windows, I'm in a much simpler reality.

Of course, I'm certain this cannot work. Darn.

Re:Ubuntu understands users

[wmspider]

I haven't looked up how exactly the signing mechanism works, so please correct me if i'm wrong.
Since you can install your own certificates on your local machine, couldn't you also alter Windows and resign it with your local keys, thus defeating the DRM "feature" of UEFI Secure Boot?

Re:Ubuntu understands users

[TheGratefulNet]

fwiw, just last week I bought an intel n2800 mobo and it allowed bios flash 'f7' from a regular fat formated usb drive. not even bootable! pure fat16 blank non-system usb drive, copy the .BIO file there, hit f7 and do an upgrade. worked fine.

this was not a secure system but requiring windows for upgrades of bios is not the norm anymore. I've seen quite a few 'boot from cdrom' style bios upgrades, too. and on the cdrom? syslinux! ;)

Re:Not quite the flaw you make it sound like, Mark

But if they had to disclose the key, then this means Microsoft has to revoke Canonical's key, because that key would allow subverting Window's secure boot model, and now it can't be used to install without requiring user EFI reconfiguration on any PC that includes Canonical's key in its revocation list.

Then maybe Microsoft shouldn't have picked such a fscked-up security model.

SECURE BOOT IS A FRAUD

[Jeremiah+Cornelius]

Ask yourself, what percentage of a system's time and lifecycle are spent in boot? What percentage of the binary runtime image is loaded in this process?

"Secure boot" is FAKE SECURITY whose ACTUAL risk is GREATER than its SUPPOSED benefit. Lock boot images, and the real security problems for persisting on a host and hiding activity will only move to the next rung on this ladder.

The only thing "Secured" is vendor lock-in.

Sure, you can detect a compromised kernel at boottime. That is a FRACTIONAL coutermeasure, to actual risk. EVERY driver and ring-0 loadable module needs also to be signed. It's bullsht, in the real computing world - unless you have an XBox or iPad model.

Re:SECURE BOOT IS A FRAUD

[TheCarp]

well actually this is a very real and meaningful security step.... for which the mid 1990s is desperately calling and asking if we would like to let them have.

seriously, you are spot on. This is just an excuse for lock in. What year is it? 2012? When was the last serious "boot sector virus"?

Not to say it doesn't happen....however the serious win from this technology can only be had if the owner of the machine gets to set the key and sign his own boot images. Then you are talking about some serious win.

Without that though, the only protection you are getting is from random boot sector re-writing malware.... which generally has easier ways to perform its task.

However vendors are getting protection from competition.... protection they only get by keeping the keys to themselves and refusing real benefit of the technology from the system owner.

Re:SECURE BOOT IS A FRAUD

[Jeremiah+Cornelius]

Boot sector virus is not the target, to be fair.

It's to prevent loading a compromised kernel image. A signed boot-loader chain will only load if uncompromisable with cryptographically verified signatures and checksums.

But this is not the threat to most users, most of the time.

And? If they are dumb or mistaken enough to get an infection that will compromise their OS image and ring-0 loadable software? They are going to be compromised in OTHER WAYS that will NEVER touch the system image. Secure system boot is a good way to protect a boot-loader for encrypted volumes - but not even needed for this to be effective.

It is a security chimera - with more opportunity for mistakes and misuse than protection.

Re:SECURE BOOT IS A FRAUD

[recoiledsnake]

>When was the last serious "boot sector virus"

Refer to my other post. http://slashdot.org/comments.pl?sid=2962071&cid=40565349

>however the serious win from this technology can only be had if the owner of the machine gets to set the key and sign his own boot images. Then you are talking about some serious win.

Umm, thats exactly what Microsoft requires for Windows 8 certification of x86 machines. You can even remove Microsoft's key if you so wish.

  Why is this so hard to comprehend?

Re:SECURE BOOT IS A FRAUD

[thebrieze]

Sony Rootkit anyone?

Re:SECURE BOOT IS A FRAUD

[networkBoy]

This has nothing to do with vendor lock in (in the /. microsoft sense) nor is it really targeted at preventing viruses. It is so that microsoft or apple can sell an OS that is guaranteed to not have been tampered with for content protection enforced at boot time by the hardware.

I imagine there will be ways around this, but it is going to be much harder.
-nB

Re:SECURE BOOT IS A FRAUD

[Electricity+Likes+Me]

It also makes it harder to crack Windows and has the side-benefit of screwing over anyone who might be pliable to switching to Linux.

Re:SECURE BOOT IS A FRAUD

[Jeremiah+Cornelius]

Bingo.

This serves the interest of every RENT TAKER on your PC - and does so by depriving YOU, the "owner" of the machine. Your choice is limited, to created guarantee of revenue to certain corporations.

Mind you, now. Shuttleworth is either naive - or playing a sacrifice move in the Chess game. This is an incremental step towards the death of Linux/BSD/etc on general-purpose hardware. It is a CRITICAL step - the direction of the game will be decided on how this plays.

Re:SECURE BOOT IS A FRAUD

[alva_edison]

  Why is this so hard to comprehend?

http://www.softwarefreedom.org/blog/2012/jan/12/microsoft-confirms-UEFI-fears-locks-down-ARM/

http://download.microsoft.com/download/A/D/F/ADF5BEDE-C0FB-4CC0-A3E1-B38093F50BA1/windows8-hardware-cert-requirements-system.pdf System.Fundamentals.Firmware.UEFISecureBoot items 17.c, 18 and 19

Re:SECURE BOOT IS A FRAUD

[Plekto]

No, All it does is hasten the move towards obsolescence for Ubuntu and a move to a better fork instead.

There's a real reason I use Mint now, and it's not because of me saying that it's better. It's that Ubuntu has just simply gotten so much worse and bloated lately. In addition, the person in charge of Ubuntu's development is a type-A asshat is essentially acting exactly like your typical tyrannical CEO at work. "You'll suffer under my vision of how things should be and like it".

As if. I jumped ship over a year ago and have never looked back.

Ubuntu getting you upset? Find something else and be happy.

Re:SECURE BOOT IS A FRAUD

[Z34107]

Lock boot images, and the real security problems for persisting on a host and hiding activity will only move to the next rung on this ladder.

Except with Windows, at least, the next rungs on this ladder are already secureâ"signed bootloader boots signed kernel runs signed drivers. Regardless of how tight your tinfoil hat is (or how tight it should be!), this is the last step in defeating TDSS-alikes.

Re:SECURE BOOT IS A FRAUD

[lsatenstein]

Ask yourself, what percentage of a system's time and lifecycle are spent in boot? What percentage of the binary runtime image is loaded in this process?

"Secure boot" is FAKE SECURITY whose ACTUAL risk is GREATER than its SUPPOSED benefit. Lock boot images, and the real security problems for persisting on a host and hiding activity will only move to the next rung on this ladder.

The only thing "Secured" is vendor lock-in.

Sure, you can detect a compromised kernel at boottime. That is a FRACTIONAL coutermeasure, to actual risk. EVERY driver and ring-0 loadable module needs also to be signed. It's bullsht, in the real computing world - unless you have an XBox or iPad model.

The first introduction to secure boot came from the Intel/AMD/IBM/Industry spec for TPM (trusted platform module). The problem will be interesting for VMware or other Linux VM systems when they need to execute and to test secure boot. I have not read if the operating system that boots the hardware is the only one that owns the hardware. It could very well be that only MS based VM systems will be able to boot.
In other words, booting Windows 8 under a Linux VM may never work. Moreover, without an internet connection, as with a warehouse terminal or some other internal (barcode) data logging facility, how is a secure boot going to work?

IBM has noted that with TPMs the virtual machine application (another operating system) may not boot. Why should that not be an issue for UEFI?

Re:SECURE BOOT IS A FRAUD

[lsatenstein]

Boot sector virus is not the target, to be fair.

It's to prevent loading a compromised kernel image. A signed boot-loader chain will only load if uncompromisable with cryptographically verified signatures and checksums.

But this is not the threat to most users, most of the time.

And? If they are dumb or mistaken enough to get an infection that will compromise their OS image and ring-0 loadable software? They are going to be compromised in OTHER WAYS that will NEVER touch the system image. Secure system boot is a good way to protect a boot-loader for encrypted volumes - but not even needed for this to be effective.

It is a security chimera - with more opportunity for mistakes and misuse than protection.

I see the UEFI solution, is for future hardware which will have no micro usb port, no slot for external memory, a sealed unit and exist only as a tablet. Otherwise, one could have a read-only USB device that is UEFI compliant and since it is read-only, secure boot is achieved. The software in the USB device is used to verify the mother board bios, which is what is desired.

Here is my prediction. I believe that Microsoft itself is going to run into a few hundred million customer problems one day within 18 months of UEFI implementation, and that the mother board bios chips in these things will be white elephants, as will be Windows 8. I can see it now, a new update causes UEFI to fail. News at 11pm.

When you enforce Rube-Goldberg software designs to verify a bios, in the end you get bitten by unforeseen combinations of technology that is designed to lockout other vendor products.

Re:SECURE BOOT IS A FRAUD

[Jeremiah+Cornelius]

TPM is useless to a clustered virtual private cloud or distributed data center. Sorry. I exaggerate.

It is nearly useless. There are Geolocation possibilities but they are inelegant.

The tying of runtime images to specific hardware is 180 degrees contrary to the cloud VM use case.

Any intermediation by the software layer to solve 1-to-many and many-to-1 issues will largely deprecate the value of hardware key store and validatiion.

Re:SECURE BOOT IS A FRAUD

[Jeremiah+Cornelius]

Win 8 will be a small commercial success.

Not on any merits of its own, nor of technologies it enables - nor of demand by any real market.

Microsoft could spend as much to promote new standard mattress-sizes, and have equivalent adoption.

Re:SECURE BOOT IS A FRAUD

[darkonc]

All you have to do to secure 'secure boot' is to ensure that the key list isn't writable after you leave the bios. (until the next hard boot).

That's it. The rest of the requirements are simply anti-competitive action hiding behind the chimera of security. There were some MS emails released a few years ago where Microsoft executives wondered about if there was a way to force vendors to lock down the BIOS in a way that locked out Linux ... Now, a few years later, they've managed to do just that.

If Microsoft were pro-active about dealing with other security concerns within WIndows, then I might accept a claim that it's benign paranoia. It is, however, clear that Microsoft still considers security to be mostly a PR/marketing issue. If you look at 'Secure Boot' as a primarily marketing/PR issue, then the intent is clear.

It's intentional. There's no coincidence.

Re:SECURE BOOT IS A FRAUD

[lsatenstein]

The only use I see for TPM is for storing personal information and for remote killing of the system via a blacklist. Intel can block the bios or even burn some fusable links on the Mother board to kill a stolen computer.

Re:SECURE BOOT IS A FRAUD

[Jeremiah+Cornelius]

Yep. A laptop technology - salvaged from the wreckage of NGSCB.

Re:Which would be a greater attack on user freedom

[betterunixthanunix]

Except that Canonical is in a position to demand that EFI boot restrictions be disabled by default. That does not seem to have entered the picture, because they do not care about user freedom. I disagree equally with Fedora's approach, because I personally switched away from Fedora when I disagreed with some changes they made, and this boot restriction system will make that harder to do.

Now is the time to fight back, not compromise. Bootloader restrictions are a direct attack on free software and user freedom, and the response by Canonical and the Fedora project has been to just lie down and accept that attack.

Re:Ubuntu understands users

[KingMotley]

I don't understand why Microsoft requires secure boot. Care to explain?

Because, it is fairly easy -- especially with so much open source software out there -- to create malware that gets control of the system before the OS does. This malware will then hide itself, using hardware, to intercept any attempt to find it and virtualize the checks to fail. Simply, once in place, it is in control of your system, and the OS (or any anti-virus, etc) software from even being able to tell it is on your system at all. Basically, in the first moments you turn on your computer, you've lost the battle, and there is nothing any software can do to remove the malware, or even detect it is even on the system at all. Please note, this isn't just a Microsoft problem, you can have linux, unix, or OS/X, etc all rootkitted as well. It's just many linux folks don't understand the problem, don't care, and like spreading FUD because it hasn't affected them YET.

I mean the boot sector "virus"/"malware" thing is highly overrated. I've never seen one in the wild. The situation as is was just fine.

I've seen many. In fact, it's pervasive enough that sony created one for it's own gain -- http://en.wikipedia.org/wiki/Sony_BMG_copy_protection_rootkit_scandal

Re:Ubuntu understands users

[jawtheshark]

You say that as if it were something positive. A bit like the dog thinking his leach is the best thing ever....

Re:Ubuntu understands users

[recoiledsnake]

It's also optional

Unless you're on ARM, in which case it won't be, so no, it's not always optional.

Huh? There are ARM devices right now like Android tablets that you can go buy some of which have unlocked bootloaders. iPads rule the ARM tablet market, but no one wants to talk about Apple. Raspberry Pi is also an ARM device. How is Microsoft locking those?

So it is entirely optional right now.

Maybe you(and all others) should specify that you're taking about Windows RT devices, not ARM devices, which is terribly misleading, probably intentionally so.

Re:Ubuntu understands users

[KingMotley]

FUD. Secure boot doesn't enable any of those crazy scenarios that you've mentioned. The user is still free to install software that does all the above even with secure boot enabled.

Funny (Sqore:1,000,000), Gifted

It's funny how problems in MS's OSs to date have been, well,
MSs poor architecture problem, but yet are pushed off as the user's fault.
And, have all surfaced since Ballmer took the helm. A coincidence, not really.

And now innocent Linux users are being made to pay?

CAPTCHA = display

Re:Ubuntu understands users

[betterunixthanunix]

Since you can install your own certificates on your local machine

There is no guarantee of that; see, for example, the iPad.

Re:Ubuntu understands users

Reality is if Microsoft Cramps down too much people just don't buy them and the product flops. If Microsoft plays fair, the product usually get used.

It doesn't work that way with a monopoly.

Re:Ubuntu understands users

[poetmatt]

What makes you think adding DRM is simply going to stop cheating? That's pretty hilarious by itself. Also considering that a non-arm laptop/desktop doesn't require this type of secureboot lockdown, what makes you think not enforcing your own security mechanism is going to do *anything*?

Re:Ubuntu understands users

[Hatta]

And we are supposed to give Microsoft ultimate control over what we run on our computers because you want to play a game?

Re:Not quite: They want to still work in a screwup

[bluefoxlucid]

The FSF's version of freedom is equivalent to nanny-state socialism. They've basically decided that their idea of playing nice needs to be enforced by big stick, and will happily trample over anything and everything that does something they dislike.

In this particular case, Ubuntu wants to place a bootloader that will allow you to load ANY operating system, bypassing the "security" features they dislike in the new UEFI. Ubuntu wishes to ensure that users can boot any operating system they like and run any software they want. Their concern is that the GPLv3 makes provisions by which the FSF could, in this case as the owner of GRUB2, deem that a machine that won't let them replace GRUB2 with something else is in violation of the GPLv3. At that point, they can demand that Ubuntu surrender its encryption keys used to provide secure bootloader verification--which then allows anyone to sign any bootloader they want, thus negating any security features you could leverage out of the bootloader (for example, intentionally instructing it to boot only signed code--keeping the chain trusted, rather than booting a foreign OS as is the option).

The point of contention is where the FSF gets to demand Ubuntu hand over their encryption keys for this particular application because they've decided it's 'unfair' that users don't have the option to replace a bootloader. The GPLv3 is a restrictive license agreement whose provisions do in fact allow the copyright holder to make certain demands about HOW their software is used. Most people fixate on the "Free" part because you're free to distribute and modify the software; but you are also "Obligated" to publish your modifications in source form if published in any form.

The GPLv3 brings restrictions on how you can use the software, such that you must be able to modify it--the hardware you use the software on must be configured to allow the use of modified software (or any other software). 'Jailbreaking' is not a thing with GPLv3 because the vendors would have to supply a way to run custom software. If the Linux Kernel was GPLv3, then you wouldn't have to root any phones to install Cyanogenmod: vendors would be required to provide an official method for the end user to replace the software with custom versions.

The Affero versions of the GPL family of licenses go even further: if you USE a modified version of the software, you must publish its source. That means if you modify an AGPL Web server and use it to serve your Web site, you have to put up the Web server's source code. An AGPL Web application would work the same way: modify an AGPL CMS and you need to publish its source code on your Web site.

These licensing restrictions are important to understand when licensing Free software. Canonical has decided not to license GRUB2 in Ubuntu on UEFI platforms because of potential conflicts between their requirements and the requirements of fulfilling the licensing agreement in certain cases. The FSF is extremely well known for its hard-line enforcement stance and thus there is the concern that they would not negotiate to reconcile technical mistakes, but rather take advantage of them to file a hostile injunction and demand release of encryption keys. The FSF behaves in this way because they have high ideals about what's "good for everybody"--as I said, they are effectively nanny-state socialists and want to get their fingers in everything so they can make people "play nice."

In short, this is why we have many licenses. The FSF uses the GPLv3 because they have their ideals and can support them with the GPLv3 (which, by the way, was born mainly out of the FSF's distaste for locked-down TiVo platforms). Other people still use the GPLv2 because they understand what the GPLv3 entails and their ideals are dissimilar from the FSF--Linux is GPLv2 because the relevant bodies are not sharply against locked-down phones running android, something they could legally prevent with GPLv3. Similarly many people use the BSD and MIT licenses because their philosophy is, "Here is code! Somebody might find this useful!"

Re:Ubuntu understands users

all asus motherboard.
which is why I bough that brand.

Golden rule

CYA

Sadly.

Malware vs. DRM

[DrYak]

Then IT checks the sig on Windows and tells it that "I'm the bootloader, you can trust me." and there isn't a 100% sure way to verify backwards.

For local malware: Indeed, there is no way.
In theory, the correct way to check anything in a Secure Boot environment is to ask the TPM chip.
In practice, a compromised machine might be running inside a hypervisor. All traffic to the TPM chip will be instead routed to a fake-TPM routine which sign stuff with the malware's private key, and at load time, the rogue hypervisor could patch Windows to put the malware's public key where normally the official TPM key resides.
Everytime Windows has a doubt, it will ask the TPM which will give a perfectly bogus positive answer, which will perfectly match the bogus patched in key.

For DRM: There is a way.
In this case the whole secure environment isn't only restricted to the local machine.
The streaming sever can require the compromised client to provide a proof that the machine is legit (an answer from the TPM chip "yes, I did boot only a legit version of windows" signed with the TPM key) but although the hypervisor fake-TPM can provide such an answer, it can't sign it with actual real keys that will be recognized by the streaming server.

It won't be impossible to circumvent neither, it just requires a bit more work than compromising a machine locally.

Re:Malware vs. DRM

[networkBoy]

How will the hypervisor load if it is not signed?
That's the point of secure boot, only your "trusted" os kernel loads, from there only "trusted" DLLs (or SOs) load, etc. Now the target of this is actually content protection with a nice side benefit to power users of having a secure kernel, but make no mistake about it, this is a DRM pre-loader.
-nB

Re:Ubuntu understands users

"I can only think about today. It's too hard to think past today to what may happen tomorrow."

FTFY.

Re:Ubuntu understands users

[Sir_Sri]

Because rootkits are bad mkay? Just because you never bought a Sony CD that had one doesn't mean thousands of other people didn't.

It's not really much more complicated than that.

The situation as it was wasn't fine. Just because you didn't get hit by the 'flame' virus or stuxnet doesn't mean those are not serious problems to be solved (notably with windows update in the one case).

The problem with all of these things is that the vast vast vast majority of users don't even know when they have a virus or rootkit, and their computers just keep spamming along, or having their data stolen etc. So the vast majority of users need to protected from themselves, and, importantly, they know they need to be protected from themselves.

Re:Not quite the flaw you make it sound like, Mark

But the mere existence of a signed but unlocked boot loader allows subverting Window's secure boot model.
 
Current situation: BIOS -> Rootkit -> Windows
New situation: EFI -> Unlocked Bootloader -> Rootkit -> Windows
 
Heck, just having unlocked Linux kernels is a threat since you should be able to modify kexec to allow you to boot Windows within Linux. (and we won't even discuss VM's)
Honestly, the only reason I'm not up in arms about this is because the whole thing seems to be so horribly mis-managed that I doubt we will have anything to worry about until at least Windows 9. (Now, the secure boot on ARM, THAT'S someplace I do take issue with M$'s policy, but no-one seems to be worrying about the implications or how to boot Linux there...)

Re:Ubuntu understands users

[phantomfive]

Some dogs like their leashes. :(

Some users prefer walled gardens. They don't know what they've lost.

It's rather stunning how close we are getting to some of the dystopias predicted by the FSF. They seemed silly at the time.

Re:Ubuntu understands users

[Bill_the_Engineer]

You've confused political rhetoric with demonstrated corporate behavior.

Yes both sides of a political debate will try to prove their point with an extreme case. How does this apply to Microsoft's motives? It doesn't. Apples vs Oranges.

We have been hearing about technologies that Microsoft has released that could be used to kill Linux for almost 2 decades now.

Microsoft has been trying to promote their "Trusted Computing" trusted computing consortium since 2003. Microsoft is the only consumer operating system manufacture within the so called "Trusted Computing Group", the other members are AMD, Intel, HP, and IBM. The reason we don't have secure boot as a requirement today is due to the resistance the market has over such a draconian feature being introduced. The amount of time it has taken says more about Microsoft's determination than it does on how much "fear mongering" is being done by the opposition.

Microsoft has been convicted of using its monopolistic powers to thwart competition in the browser market. Under Ballmer, I haven't seen any changes in Microsoft's corporate and competitive culture that indicates that they wouldn't continue to take advantage of any monopolistic power they are able to manufacture. With "Trusted Computing" they are manufacturing a very powerful monopolistic tool.

Re:Ubuntu understands users

[jawtheshark]

I'm not convinced. The Sony Rootkit was not a bootloader rootkit. This is more in the lines what a bootloader rootkit should look like. From what I know there are none in the wild.

Secureboot makes the machine on my desk not mine... That is a problem. That you closed source people don't see this, is actually part of the problem.

Re:Ubuntu understands users

[Soluzar]

It is not optional on ARM. At least not for those manufacturers going for the coveted seal of approval.

Re:Ubuntu understands users

desura

Re:Ubuntu understands users

[Dorkmaster+Flek]

It took four years because the people who could actually do it weren't trying. Once Sony started being dicks about removing OtherOS, they dove in head first. It took about 12 months from that point, which is par for the course with the 360. And when it was finally cracked, it was cracked hard. They got the private key for signing executable code.

Re:Ubuntu understands users

[betterunixthanunix]

Really? Here are some references about boot malware which UEFI secure boot can prevent.

I am not denying that such things exist, but there is no reason for the standard to not require a method to install user generated certificates. It does not have to be easy to do, since it would not have to be done frequently: I could generate my own signing key, then sign as many custom bootloaders as a want to. That is the point of "custom mode," but there is a key problem here: there is no guarantee that custom mode will be available, and there is a mandate for ARM devices that run Windows that custom mode be unavailable.

These sorts of design decisions speak volumes about the purpose and scope of the standard. If the purpose of this standard were to protect users from malware, it would not make room for OEMs to lock users out of their own systems (i.e. right now an OEM has to specifically allow users to enable custom mode, as opposed to having to work to prevent users from doing so). Yes, this will make it much harder to create a bootloader virus, but I would view that as a side effect of the real security goal.

Let's put it this way: the restrictions on the PS3 prevent malware, but nobody would claim that is anything other than a side effect of the DRM-oriented design. We are looking at the same situation here: the security model treats a computer's user as the threat, and seeks to protect the DRM system from attacks by that threat. Bootloader malware (and probably other malware) will be prevented as a side effect, because such things are unapproved; the purpose of the approval process is to enable better DRM.

Right now, we are just seeing the first step. Microsoft and all the OEMs know that the shock of turning PCs into iPads will be too great and that users would flee; they are taking things slow, so that people have time to adjust to losing control over their computers before the change is finalized.

Adding your own keys is jumping through hoops? Why should hundreds of millions of people's security be put at risk because you are lazy to move one slider while moving between multiple distros?

Hundreds of millions of people's security is at risk? Bootloader malware is not even close to reaching that level of penetration. You could thwart bootloader malware almost as effectively by simply requiring that any writes to the MBR occur within some well-defined interactive session e.g. by creating a standardized way of installing an operating system, which cannot occur while another OS is already running (almost as effectively because yes, some users will be tricked into going through that process -- but burning a disk or writing to a thumb drive and then rebooting is enough work to prevent a typical social engineering attack).

This is and has always been about DRM. Bootloader malware is a secondary issue, almost a red herring. Yes, the process of installing keys and moving sliders around is another hoop to jump through in a procedure that already has too many hoops. Yes, there are better ways. No, I should not have to install every project's signing key when I want to install their distro. No, Fedora's tools are not enough, unless those tools allow me to sign a bootloader offline i.e. unless those tools basically give me Fedora's UEFI signing key.

Re:Ubuntu understands users

[jawtheshark]

Just because you never bought a Sony CD that had one doesn't mean thousands of other people didn't.

Just because you didn't get hit by the 'flame' virus or stuxnet doesn't mean those are not serious problems to be solved

Secureboot would not have solved those... Neither are bootloader malware. They hook into the existing infrastructure set up by the bootloader. The original bootloader, signed and fine and dandy, would just continue its work and load the malware. None of those actually replaced the bootloader, which is what Secureboot tries to prevent.

Re:Ubuntu understands users

[jmorris42]

Yes, many enthusiast motherboards do that. But all also, by default, allow updating of the BIOS from within Windows. Now go look at mass produced machines from Dell, HP, Lenovo, etc. How many of them allow updating from within the BIOS? My Thinkpad at least allows the BIOS to be write protected before turning control over to the bootloader but doesn't have a built in flashing utility.

And getting the BIOS image to put onto that USB stick all too often requires Windows to unpack it out of a self executing binary.

> I've seen quite a few 'boot from cdrom' style bios upgrades, too. and on the cdrom? syslinux! ;)

You know what I call that? Flash from user space. Bad idea. If you can flash from Linux malware can flash from Windows.

Flashing should happen one of two ways.

1. From the BIOS itself. And it should check a signature on the proposed image first. It should allow the owner to override the warning if the sig doesn't match to permit things like LinuxBIOS.

2. From an IPMI controller or similar totally isolated processor running a small, carefully controlled software load. And only after checking a signature, probably with no override possible. Physical presence at the console for an override isn't unreasonable and is as close to 100% safe as the real world permits.

Shill season's on again

[GameboyRMH]

Microsoft shill spotted! Look at his post history, especially this one:

http://slashdot.org/comments.pl?sid=2960369&cid=40564793

That's really impressive. In what world is Microsoft losing money ? They're the largest software house (and also hardware manufacturer) on planet. Everyone knows Microsoft, everyone trusts Microsoft and everyone loves Microsoft.

LMAO! Subtle!

Re:Ubuntu understands users

[Soluzar]

I've seen one, but it was about two decades ago...

Re:Ubuntu understands users

Unfortunately, most people prefer that

FTFY.

Re:Ubuntu understands users

[Jean+Taureau]

I was just pointing out that on ARM it can't be assumed to be the case, so saying

It's also optional

is not true

Re:Ubuntu understands users

PS3 was actually cracked in about 1-3 months, depending on what you consider truly "cracked". It wasn't until Sony started locking down the system and removed full support a few years into the slim version that people didn't feel a need to free it up. People were pissed that Sony gave a restricted version of the cell core for all non-gaming processes, but not enough to spend time cracking it. But once Sony said "You do what we tell you on your hardware", the response was "Screw YOU".

I used to be a really big Sony fan a few years back. Now, I don't recommend the Sony phones, PCs, PS3, and games. Its not a I dislike Sony so... thing. In each of those fields (PCs a little less), they messed up in something that lost all of my trust in them.

Re:Ubuntu understands users

[GameboyRMH]

Yes but you could change it and your BIOS wouldn't prevent the computer from booting.

Re:Ubuntu understands users

[betterunixthanunix]

Oh yeah? Restricting the boot environment is fundamental to all of that. This is a step towards the following scenario:

1. The bootloader must be signed, and the contract to get a signing key prevents the key holder from allowing anyone to install software that can be used to subvert the security model of any other installed software.
2. Installed software may be signed, and signed software can request that the OS prevent a debugger from attaching to the process.
3. The OS will provide a DRM service, essentially implementing a TPM in software if one is not present in hardware. The keys will be stored in an area of memory that not user process can read or write.

This is just an early step toward this, to soften us up and get us used to the idea of a restricted boot environment. It also allows Microsoft et al. to see what sort of unexpected problems might occur.

Re:Ubuntu understands users

LOL securing the bootloader is easy, just make the flash writable when a physical switch is set. There is no way a remote attacker can flip a switch, there is no problem with putting up an encryption system, there is no problem reflashing.

Nobody NEEDS to employ that secure boot unless it's for commercial reasons. Microsoft? QED.

Re:Ubuntu understands users

[Soluzar]

It is my understanding that some people tolerate it. I am not aware that anyone who does not profit from it specifically likes it.

Re:Ubuntu understands users

[GameboyRMH]

Boot sector viruses are a vanishingly rare novelty too, possibly the rarest form of virus.

Re:Ubuntu understands users

[fustakrakich]

That is also why we need to fight back against this.

You won't stop it. You can only delay it for some time. And you'll need the same deep pockets that helped to push back SOPA and ACTA for the time being. It's an endless battle... like stopping the waves from eroding the beach.

Re:Not quite: They want to still work in a screwup

[makomk]

Creating a signed bootloader that can boot arbitrary Linux kernels - or even just kernels without restrictions on module loading - would subvert Secure Boot just as effectively though. Which is why I reckon they'd revoke Ubuntu's code signing key just as quickly if they didn't lock down their bootloader so that it only boots Ubuntu-signed kernels that are modified to only load Ubuntu-signed kernel modules. Basically, you can forget about installing third-party drivers or compiling your own kernels.

Re:Ubuntu understands users

Yes, because Microsoft would never, ever start demanding that OEMs remove the ability to install other keys or disabled 'Windows Boot'. Couldn't possibly happen. They're such a lovely company with absolutely no history of trying to eliminate competitors.

Re:Ubuntu understands users

So you want what you what you not only do not have now, but somehow manage without.

Put your home directory on another partition and you're as good as reinstalling another Distro's product. Problem solved. Where's the difficulty again?

Re:Ubuntu understands users

[recoiledsnake]

I am not denying that such things exist, but there is no reason for the standard to not require a method to install user generated certificates. It does not have to be easy to do, since it would not have to be done frequently: I could generate my own signing key, then sign as many custom bootloaders as a want to. That is the point of "custom mode," but there is a key problem here: there is no guarantee that custom mode will be available, and there is a mandate for ARM devices that run Windows that custom mode be unavailable.

These sorts of design decisions speak volumes about the purpose and scope of the standard. If the purpose of this standard were to protect users from malware, it would not make room for OEMs to lock users out of their own systems (i.e. right now an OEM has to specifically allow users to enable custom mode, as opposed to having to work to prevent users from doing so). Yes, this will make it much harder to create a bootloader virus, but I would view that as a side effect of the real security goal.

The standard? What standard? How will the OEMs be held to that? By what legal force?

Right now Microsoft does require that user loaded keys and a way to turn off secure boot be enabled for Windows 8 certification. They cannot mandate that to the OEMs, because of the anti-trust case, ironically.

Re:Not quite the flaw you make it sound like, Mark

[TheSpoom]

If you won't honor the spirit of "free" software, we'll simply use a distro that does.

I took that step several months ago as did many others.

Just set a jumper, done

How about we just physically set a jumper in the computer PCB, and then new keys can be loaded to the device?

It's still secure. If someone unauthorized has physical access to do that, you're screwed anyway.

It adds basically NO COST or complexity to the system.

Why not do it? Because some people want to make sure the machine you bought will be a television where you keep on paying for content all the time.

And Microsoft can go fuck themselves for abusing their monopoly by requiring ARM OEMs to lock up the machine.

Re:Just set a jumper, done

[nautsch]

Why not? This is easily answered.

Secure Boot does not mean "secure for you". It means secure for Microsoft.

The advertised "feature" of anti-virus, anti-malware is a strawman. I don't get why any hardware manufacturer would be so unbelievably greedy and implement this just to get a stupid "Works with Windows 8" sticker, but obviously I am just too stupid to get it, because it will probably happen.

I really, really hope something will happen, that prevents the whole secure boot thing with MS certificates. I don't know. Maybe the European High Court (or whatever its called) does something about "secure boot"

There would be a really easy way of implementing secure boot without any certificates from a special vendor. Just securely hash the boot sector at first boot. If the has changes, ask the user to verify the change or rebuild the old boot sector. This way you cannot change the boot sector without the user knowing it. Easy as this and as secure as the so called "secure boot". And as a bonus you still can run any software YOU want.

Re:Ubuntu understands users

[andydread]

Its easy to say "well don't buy that" if it doesnt allow you to change the keys. the problem comes along when Joe Blow goes out and "buys that" not having a clue that the OS is permanently locked to the device, device is no longer supported and joe blow brings the device to me. I try to wipe windowsX and put some form of linux/android/cyanogen or whatever in an attempt to modernize the device for joeblow and I am blocked from doing that. This is the problem. You cannot reasonably expect Joe Blow to know the intricasies of secure boot before purchase especially when the Microsoft/ATT/Verizon etc are yelling through their marketing drones "Look! its gatz teh securze boot no malware yaaay" and Joe Blow responds to the marketing material by purchasing such locked product.

Many people bring their old tired PCs to me and I put some form of Linux on them and the PCs runs a LOT better and has more modern software etc. If OS is locked to the device, this and most of the devices that are available to Joe Blow are locked devices, then this activity will be will slow to a trickle at best.

Mark said it best

"we have to plan for a world where leaders change and institutional priorities change"

Time to plan for a move away from Ubuntu. Keep the sources safe, and when it's time - fork.

Re:Not quite: They want to still work in a screwup

The Linux kernel is GPL v2 because many, many contributions were made without the "or later" clause. Regardless of any desire to, it is legally impossible to transition to v3 without a massive auditing effort to locate and rewrite every contribution made without the "or later" clause or to locate the original authors and secure permission.
 

Some hardware companies worked on lockin already..

My HP Pavilion dv8 came from HP with a real crappy WiFi card (Intel 5100 AGN (Shiloh)).. In reading many forums people have been throwing these cards away and putting in ANYTHING else they can find. Unfortunately for me HP decided that they would remove that option from people that chose to by their laptops inthat they HARD CODED the PCI device signature into the system BIOS!! If you swap out the mini-PCI WiFi card with ANY other card that does not have the same PCI device signature, the system reports the error at POST and refuses to use the device!! I have no idea what kind of back door dealing went on to get HP to do this kind of thing, but given when updating the BIOS (Had to update to fix Massive ACPI Bugs!) , the only tool to update the BIOS will only run on Windows 7, I guess I should not be too surprised... I do all my work on Linux (CentOS) and my home router/firewall and my NFS server are FreeBSD. All I can say is when I to buy a new development laptop IT WILL NOT BE AN HP!

I am however real concerned that with more and more of this type of hardware and software lock in, will I end up being forced to purchase some total off-brand no-name unknown product just to be able to run the OS I choose? I bought my HP laptop (real nice quad-core i7 w/ huge screen) for Linux development because our data-centers are running RHEL (Red Hat Enterprise Linux) on HP Servers. I just kinda assumed that with HP going full force into Linux on the Enterprise server side they would get the clue that someone has to write that code... My mistake for making that leap of logic.

Re:Ubuntu understands users

[betterunixthanunix]

The standard? What standard?

The UEFI standard.

How will the OEMs be held to that? By what legal force?

Standards do matter, because people expect their devices to comply with standards. Nothing actually requires a wireless NIC to be compliant with the 802.11 standards (2.4GHz, 5.8GHz, and 900MHz are all unlicensed bands, and there are a few proprietary networking systems that use those frequencies), but people would be pretty angry if their NIC did not reliably connect to WiFi networks. At the very least, Microsoft is going to assume the UEFI standard when they produce Windows disks.

Right now Microsoft does require that user loaded keys and a way to turn off secure boot be enabled for Windows 8 certification

Except, of course, on ARM.

They cannot mandate that to the OEMs, because of the anti-trust case, ironically.

Indeed, although Microsoft has no reason to create such a mandate; I do not honestly expect Microsoft to be a proponent of user freedom. Canonical, on the other hand, should -- they are, at least in theory, an open source company.

Re:Not quite: They want to still work in a screwup

[gnasher719]

How is that a bad thing? This is not a key that is used to protect military secrets, it's a key that serves exactly one purpose: to prevent people from running modified software.

Anyone who knows the key can then write malicious software that can be installed. For example, a hacked Windows 8 version. On any device made by any OEM that allowed not only Windows 8, but also Ubuntu on their device. I know you don't care, but Microsoft does, and if that happens, they will do their best to bankrupt whoever is responsible.

ubuntu sells commercial apps in their "appstore"

how can i trust THEM with my software freedom? fuck ubuntu. just a cheap apple knock off. mark shuttleworth is obviously a hack who doesn't deserve his money. ubuntu is pathetic.

Re:Ubuntu understands users

[jank1887]

next time make sure you type with more vocal inflection.

Re:Ubuntu understands users

Now go look at mass produced machines from Dell, HP, Lenovo, etc.

I don't know about Dell but HP and Lenovo have the option of updating the bios from a USB stick and its been an option for many years.

The FSF is missing the point

In the interview Shuttleworth states Canonical's concern with secure boot and GRUB2 is that the GPLv3 requires distributors give up their signing keys. The FSF's response to this was to say, No, Ubuntu wouldn't have to give up their private signing key, the OEM would." Well, fine, but that completely misses the point. In either case the private key would still be released to the public, which would completely remove the usefulness of the key. The only way around this is to either get rid of secure boot or to use a license which doesn't require keys be shared.

Canonical is going with the only solution which both allows them to run on machines with secure boot and keep their private keys private. The FSF is asking them to do both and it isn't legally possible, even the Software Freedom Law Center says so. So who are you going to believe, some PR guy at the FSF or a lawyer whose job it is to understand this stuff?

Re:The FSF is missing the point

[squiggleslash]

Well, fine, but that completely misses the point. In either case the private key would still be released to the public, which would completely remove the usefulness of the key.

No, a private key might be. But there's no reason to believe that the OEM has access to Canonical's private key to begin with. And in order to comply with the license, the OEM merely has to provide the FSF with a private signing key that works, not Canonical's.

The OEM may, of course, be foolish enough not to program anything other than Canonical's original key (and some other similarly unavailable keys too) into its BIOS, in which case the OEM's other option is to default, which means paying statutory damages and ceasing to distribute Ubuntu.

But the OEM certainly can't release something not available to it, it can't compel Canonical to provide the key, so ultimately it can only provide a new key or default. Those are its options.

Re:Ubuntu understands users

[betterunixthanunix]

Put your home directory on another partition and you're as good as reinstalling another Distro's product. Problem solved. Where's the difficulty again?

You also need to remember to set the uid and gid correctly for the user you create, you need to double check that the SELinux policies are compatible, you sometimes need to make sure that some different version of the software between distros won't destroy configuration settings, etc. It is not as simple as having a clever partitioning scheme.

Now, we get to add another item to the list: make sure the distro's signing key is on your system.

Meh, time to go back to Debian

[walterbyrd]

I used Debian for years. Thought I would give Ubuntu a try, jus to what all the fuss was about.

Ubuntu was awsome until version 10.10.

Now, I feel like I can do without Ubuntu.

Re:Meh, time to go back to Debian

[JustNiz]

try the Mint distro. Its much better.

Re:Ubuntu understands users

[fa2k]

The problem is that on my PC, I can modify the game in arbitrary ways -- I can remove a license check, I can cheat (BIG problem in MMOs), etc. The reason I can do this is that the OS has no good way to stop me -- even if Windows tried to prevent me from running unsigned code, I can run a program before Windows even boots up to get around that restriction.

If you think about it, Secure Boot doesn't actually protect against that! Assuming there are still non-Secure Boot computers available, or even VMs, you can create a piece of software that runs before Windows and reports to windows that Secure Boot is active, even if it's not. Then you can run any code you want. As a different poster (I can't find it now) said, Secure Boot authentication only goes one way, and Windows has to trust the hardware. Thus, it's not useful for DRM, it only limits what you can do with a given piece of hardware. The software that runs after Secure Boot is limited, but there is no way for the software to ensure that the Secure Boot loader is "proper" and not some other software.

Re:Not quite the flaw you make it sound like, Mark

[TemporalBeing]

But if they had to disclose the key, then this means Microsoft has to revoke Canonical's key, because that key would allow subverting Window's secure boot model, and now it can't be used to install without requiring user EFI reconfiguration on any PC that includes Canonical's key in its revocation list.

Then maybe Microsoft shouldn't have picked such a fscked-up security model.

But they want to restore their monopoly, and what better way?

So doesn't this open up new

[future+assassin]

markets for other manufacturers to come in and build mother boards that don't have a secure boot. Fuck if I have to pay $50 more to own one of those boards so be it at least I still own the item and am free to do as I wish with my own property.

Re:So doesn't this open up new

ONE MFG makes that board (which will be in demand, no doubt), and ONE person bypasses DRM on some media, and distributes the infringing copy... And everyone can download it sans protection. No fucking benefit, as a DRM tool, the "pirates" don't care about the unjust rules.

Additionally, ONE (reverse) engineer creates a VM to emulate UEFI and you can attack the system from both sides. UEFI Emulator lies to the OS, the OS is run in a debugger which skips the hardware verification code. Distribute the VM & image of the cracked OS -- Now any script kiddie can be a "pirate".

Oh sure, MS or Canonical could sign every piece of code that your system can run -- Hey, I'm a coder! How do I compile my code for my system? Ah, so there will be some facility to run my freshly compiled code? Hmm... Well then, just ONE exploit in the UEFI, Windows or Ubuntu and that "run unsigned code" bit gets flipped, and the OSs are still just as vulnerable as ever. I thought it was a foregone conclusion that bug free code didn't exist; It's too expensive to write.

I say go for it. With so many single points of failure it'll be a fun exercise in futility. Not until the common man feels the Secure Boot at his throat will he try to stand against its oppression. It's the only way they'll learn. Fuck 'em. It's not like open hardware doesn't exist. Those scared, apathetic and lazy morons don't deserve Freedom. Us brave, hard working souls will still have some -- Not as much as we'd like, but that's the price of subverting natural selection and suffering a world of fools to live.

Re:Not quite the flaw you make it sound like, Mark

[Junta]

This is the very question I keep posing, but no one seems to respond to. At what point is allowing owner-controlled code to execute 'ok' to qualify as adequate root kit deterrence?

I think it would go a looong way toward sanity for this to be clarified. If it is a matter of 'anything as fine as long as it makes drawing an obvious banner a first item so it can't be subtle', then I'm not overly bothered by it.

Re:Not quite: They want to still work in a screwup

The FSF's version of freedom is equivalent to nanny-state socialism. They've basically decided that their idea of playing nice needs to be enforced by big stick, and will happily trample over anything and everything that does something they dislike.

Why would you start your comment with such drivel? The rest of your comment is better written.

Re:Ubuntu understands users

[jank1887]

some people like to play. others like to tinker. for many tinkering is play. but for many more it is not. I could build my own PC based DVR. we pay for a Dish-NotATivo. my wife wouldn't tolerate the glitches, the growing pains, the tweaking.

'It just works' is highly valuable to many people. Worth paying for. Especially worth giving up for capabilities they won't use anyway, as they spend their free time not tinkering.

It's not wrong to want a walled garden if it gives you what you want. Those wanting a walled garden shouldn't feel guilty about shifting the market away from open gardens. maybe open gardens get more expensive as the market realizes that most people are happy with walled gardens now that they can be easily created. so it goes.

Wait, what?

[Bacon+Bits]

I'm a little unconvinced by your anecdotal evidence:
1. LILO: Recovery always worked
2. GRUB2: Recovery always worked, except once

Even if you only ever recovered with GRUB2 once and it failed, how does anybody (yourself included) know that a) you didn't screw it up, b) some other software didn't screw it up, or c) your hardware wasn't screwed up?

Re:Wait, what?

[Hatta]

LILO fails under predictiable and preventable circumstances. Grub leaves me wondering whether my system is actually going to boot after I do anything to it.

how does anybody (yourself included) know that a) you didn't screw it up, b) some other software didn't screw it up

Complete reinstallation of the boot loader should always at least get you a system where the boot loader loads. It shouldn't even be possible for me or software that doesn't even load at that point to screw that up.

c) your hardware wasn't screwed up?

Still using the same hardware years later. It took a 'cat /dev/zero > /dev/sdx' on my boot drive to do it, but it definitely wasn't the hardware.

Grub tries to be complex and simple at the same time. It's doing something pretty complicated, and hides all the details from the user. This is great when it works, but when it doesn't you have to learn a whole new command line language to troubleshoot it as opposed to simply checking the values in a configuration file.

Re:Not quite: They want to still work in a screwup

Far better to not chance it and just avoid the GPLv3 for something that actually has a free license, rather than the significant impositions that GPLv3 attempts to impose in the name of the FSF's particular vision of "freedom".

Your freedom to throw punches ends where my face begins. My freedom to install software on my computer is not less important than some OEM's freedom to restrict what software runs on their products.

My freedom to install software on my computer is [vastly more] important than some OEM's [ability] to restrict what software runs on [the products that I buy from them].

I'm on your side on this but I had to fix that for you. Your freedom in your country is a right. In your country after a sale, a manufacturer does not have a right to dictate how you use what you bought. There have been many court cases on this and the companies keep losing. However, your politicians keep introducing legislation to change that. The legislation gets holes punched in it by your constitution, but only in court and years after the legislation has been in effect and ruining lives. And when the legislation is finally useless, the next even harsher version is already passed into law.

And we're copying you. (Canada). /sigh/

I think the Venetians were on to something.

GRUB 2 is horrible

GRUB 2 has been nothing but headaches for me if / when tinkering by hand becomes necessary. The old GRUB was a nice balance - powerful without being overwrought. GRUB 2 is like the Holy Roman Empire: It's neither Grand nor Unified. It IS a bootloader, though, have to give it that...

Disagree with the GPL, then don't use the software

OK, isn't that the standard line when it comes to not wanting to abide by GPL terms? Just don't use it then and everything is kosher.

So Canonical decides not to use GRUB 2, as is its right to do when it would otherwise be impossible to follow the GPLv3. It should be simple. But no, FSF complains even in this circumstance. Childish.

Anyways, if someone wants to install The One True GNU/Linux GPLv3 edition, just disable the secure boot protection.

(and... before whining about Win RT ARM tablets, don't single out those when most ARM tablets supporting a secure boot also "lock out" Linux or other OS installations.)

Doesn't matter either way.

[Junta]

Either way you slice it....

Taking FSF asssement at face value, the implication is that if you acquire hardware and software independent of each other and put them together, neither vendor is accountable for the others distribution model. If Asus releases a motherboard that requires signing but without linux, and Ubuntu distributes a bootloader that is signed and can work but cannot be modified and still work with that motherboard, then that falls outside the scope of Tivoization. If this is *not* true and somehow that arrangement would be construed as some sort of GPL3 violating collusion, then maybe Canonical can worry.

On the other hand, let's say the FSF gets their way and Canonical confidently ships Grub2 with GPL3 and things are signed and the world is happy. FSF likes this approach as it suggests that it legally forces OEMs to allow owner to disable SecureBoot even if the OEM wanted to force it on. This is overly optimistic. If an OEM really wanted to preload Ubuntu but wanted Secureboot locked in, they don't need to use Ubuntu's provided Grub, they could just use elilo or efilinux or whatever to load Ubuntu's platform.

Re:Not quite the flaw you make it sound like, Mark

[Errol+backfiring]

Except that key disclosure would cause a lot of harm.

Such as? The freedom to install Minix3? FreeBSD? Debian/Hurd? Or ReactOS? What harm is there?

Attention hardware manufacturers:

[JustNiz]

Attention hardware manufacturers:

I for one am not about to buy any hardware that implements secure boot without a bios option to completely disable it.

Re:Ubuntu understands users

What do you propose? Start a boycott now? May I remind you that many of the same people who are throwing a fit over this feature have been buying locked down game consoles for two decades and quite a lot of you have iPhones (I have neither, btw.) IMHO it's more important to see to it that this feature is done right than to prevent it.

If someone comes to you to have an old PC revived and you can't do it because it's locked to Windows, then tell them why.

A little background on Burson-Marsteller

(please note that I am NOT the same AC that made the accusation, but rather, one that wondered who this firm is, so I figured I would share my findings...)

Ok, so I do a bit of digging for two minutes, and came up with this:

Who:
Burson-Marsteller is a PR firm. As in, a really, really, REALLY big fuckin' firm. Apparently the only place on Earth worth mentioning that doesn't have an office of theirs is Antarctica.

http://en.wikipedia.org/wiki/Burson-Marsteller

Where:
Burson-Marsteller has been very, very busy. I haven't had time to second-source the entries from Wikipedia, but supposedly this firm has been at the forefront of a lot of really, really bad shit. The original Tylenol Poisoning scare, Three Mile Island, PR for Phillip Morris; you name the PR nightmare, and there's a good chance they've been there to mop up. In other words, these guys are "World-Class Spin Doctors".

When:
"When" really doesn't even apply in the context I'm using because they are still in business as part of the WPP plc, the world's largest advertising agency. Which means, "when" is really all the time.

http://en.wikipedia.org/wiki/WPP_Group

What:
It took a bit of digging but I found a set of links that tied them back to Microsoft. Ok, so now we have something tying the two together with Microsoft as Burson-Marsteller's client.

http://www.economist.com/blogs/babbage/2012/03/microsoft-v-google

http://www.techdirt.com/articles/20110513/15424314269/burson-marsteller-digs-itself-deeper-hole-deletes-critical-comments-its-facebook-page.shtml

The accusation:
I myself have observed "shill-like" behavior over the last decade on Slashdot, and in the last 4 years it has intensified quite a bit. I believe that, while there is no direct way to prove the accusation, there is sufficient background for readers to make an informed decision as to the possibility of the accusation being accurate.

Why AC:
Yes, I have an account here, let's just say numbered under 200,000 and leave it at that. No, I will not post this with my account for reasons that should be readily apparent to anyone with two brain cells attached - which is to say, attracting the attention of a world-sized firm to my little pittance is probably not the wisest move to make. If they have enough money to pay people to sit around all day and troll slashdot forums, then they certainly have enough money to harass me (given the opportunity).

Sometimes the best tactic to keep out of harm, is to simply not be seen.

Pinpointing Paid Microsoft Sympathizers

This thread is a great one for exposing the paid (and/or sycophantic) Microsoft shills. It's pretty obvious that this 'secure boot' thing has no merits on its own and that anyone who comes in here singing its praises is probably one of them.

I'll try to watch this thread through the rest of the day and tabulate a list of the obvious examples/accounts for future reference.

Re:Not quite: They want to still work in a screwup

That’s why I prefer contributing to GPL projects over non-copyleft: I know that helps the fight for a world in which all computer users have the 4 freedoms.

Canonical decided that they no longer care about that which made their founder rich.

GPLv3 just closes some loopholes, so I prefer v3 over v2: more measures to ensure my freedom in the cases where I am a mere user (98% of all the software I interact with).

Re:Not quite: They want to still work in a screwup

[Fri13]

Far better to not chance it and just avoid the GPLv3 for something that actually has a free license, rather than the significant impositions that GPLv3 attempts to impose in the name of the FSF's particular vision of "freedom".

So you are those who say that slavery is freedom....

Re:Which would be a greater attack on user freedom

That's wrong. Fedora will be signing grub (and disabling its module loading functionality), but with its own key.

Re:Not quite: They want to still work in a screwup

[higuita]

You don't understand GPL.

GPL is there to allow the final user to do whatever he want with his hardware.

A developer is not the final users, if he wants to use GPL code, he must give the same rights he received to everyone.
GPL2 had some holes that allowed some developers/builders to take the work of others and not giving back what they should.
GPL3 was made to fix that holes... yep, some people that were abusing the GPLv2 holes didnt like it, but bad luck, its not their code.

If you don't like that license, don't use programs with it and start over with your preferred license. you are not important, the final users are!

So here is the global view:
GPL is to give ALL power to the final users
Closed source gives all the power to the product owners/builders... the user loses freedom
BSD/MIT gives all the power to the developer and hope that product owners/builders are nice to not take the user freedom...

<sarcasm>everyone knows that companies are always nice to the users!!</sarcasm>

observations about open software

[glebovitz]

There is often an ideological debate on these pages about openness and transparency. Some believe open source is a democratic process and everyone should have a say. The debate of over .deb versus .rpm on the ill fated MeeGo forum a few years ago demonstrated this. The debate raged on and In the end, Intel made their choice.

Open source is not a democracy. Both Linus and Mark demonstrate this. It is a business and like most businesses leadership is not elected and therefore doesn't represent the views of the participants.

I am not surprised by Mark's decision. In the face of device lock out by the market leaders, it's best to align yourself with the 600 lb gorilla. If Ubuntu toes the line it will be hard for Microsoft to lock out Ubuntu based on security arguments.

In business I see large companies frightened by the GPL license. While the intent is good, there are too many grey areas that can open a company to litigation. Some are willing to take this risk and others aren't. Looks like Canonical is drawing a line in the sand. This could be interpreted as a wake up call the the FSF.

Re:observations about open software

Hey glebovitz, you posted in the wrong place, needs to be a child of this:

http://linux.slashdot.org/comments.pl?sid=2962071&cid=40566545

Maybe the mods can do something to move your post to the right location.

Kthxbai.

Re:Ubuntu understands users

This security risk is minuscule compared to other risks (such as malware installed by the user or exploits). This is like running around screaming that we're all doomed because the earth might get hit by a meteor.

Re:Ubuntu understands users

[ppanon]

And getting the BIOS image to put onto that USB stick all too often requires Windows to unpack it out of a self executing binary

That's just a bandwidth saving measure for their update servers. You can rename many self-extracting executables to using a .zip extension and just extract the file you need. There are some vendors that do use non-standard extractors for Windows O/S drivers, that require you to run the extractor from Windows (it's a Windows driver, OK!), but I don't remember having that problem with BIOS releases.

> I've seen quite a few 'boot from cdrom' style bios upgrades, too. and on the cdrom? syslinux! ;)
You know what I call that? Flash from user space. Bad idea

I think he meant that it's a bootable CD image using a stripped-down Linux to run the firmware update app (as opposed to old style DOS-based diskettes that no one has floppy drives for anymore). Usually those downloadable images are accompanied by crypto hash checksums so that you can verify they haven't been tampered with. With a UEFI BIOS, they would probably also be signed with the manufacturer's key to allow secure boot. Since it's a read-only medium, as long as you power off the system first to clear RAM, it should be as safe as the BIOS itself, without requiring the user to navigate through a menu to perform the update.

Re:Ubuntu understands users

[gman003]

It took four years because for the first 3.9 years, the tinkerers were satisfied with the official Linux-on-PS3. Sure, it was more locked-down than any Linux ought to be , but it was good enough for the tinkerers to tinker with.

Once Sony stole* Linux back from the tinkerers, it took what, a month or two, before it was cracked? And cracked it open wider than the old Sony Linux port had?

So depending on how you define when the tinkerers started trying to crack it, it took either years, or weeks.

* Yes, stole. If "piracy != stealing because the original guy still has his copy", then taking away a working copy from someone *is* stealing, and should be labeled as such.

Why doesn't Canonical just ask their partners?

[Qubit]

Sure, it would need to be finalized in a legal document, but the first draft can look something like this:

Canonical: Howdy, Partner. When we work together to bring a computer to market running Ubuntu and GPLv3'd GRUB, can you make sure that the end-user is able to install their own signing keys so they can install modified versions of GRUB, per the licensing terms?

Partner: Okay, how would we do that? I mean, how can we make sure that we meet the terms of the license?

C: It's not that difficult. Basically y'all just need to make sure that the end-user can change the set of signing keys listed in the firmware. The Free Software Foundation wrote a whitepaper about it. You can also contact them via email if you have any questions!

P: Wow. That's really difficult to understand, too bad we don't have any engineers on staff who can figure....awww... I'm just kidding with you, of course we have skilled engineers and lawyers on staff. We even have people who know how to write emails. We should be all set!

C: Awesome, Partner. Before you actually ship hardware with an Ubuntu-Certified sticker on it, why don't you send one of the pieces of hardware to us so that we can manually test to make sure that end users can install their own signing keys. We'll use my son jimmy, 'cause we want to make sure it's so easy a kid can do it.

P: Okay, sounds great on my end. Glad that we had this conversation. I was worried it would take all day, but it really just took 15 minutes of my time.

C: Yep. Now remember: If you do ship some hardware with GRUB installed and you make a mistake so that users can't install their own signing keys, you're going to have to make a firmware update or otherwise make this problem right. Understand?

P: Isn't that what we have to do when we break the license of any of the pieces of software that we ship on our devices?

C: Yes. But I just wanted to make sure that we stated it explictly so that you wouldn't try to push the mistake off on us.

P: Fair enough.

C: Great to talk. We'll put all of this down in the formal contract when our lawyers draw it up. Have your engineers call our engineers about any kernel bugs. We should be able to get this hardware out by Q1 of 2013. So long!

P: Bye!

---------------

I mean, seriously, what's The Big Deal here? Just make some contracts with your hardware partners and hold them to the terms of the contracts like every other business deal that has ever happened. Why does Canonical think this is so difficult?

Re:Why doesn't Canonical just ask their partners?

Canonical got legal advice the legal advice said there was an issue with GRUB2's GPLv3 licence and the key signing needed for secure boot. Ubuntu is listening to the legal advice. Ubuntu is also freely re-distributable so an OEM can take Ubuntu, install it on their computers, and sell it without permission from Canonical, Canonical cannot stop the OEM from doing that. From what I can tell the issue is if that OEM has Secure Boot enabled without a way to disable it, Canonical believe they would then be required to give up the signing key, which would lead to Microsoft revoking it making it useless. IANAL so while it sounds unlikely they would be required to give up the key, given the relative unimportance of the bootloader (so long as it does its job) and small cost of switching then it isn't worth even a tiny risk on this, so the risk-benefit analysis shows that even with a tiny risk of being forced to give up the signing key it isn't a risk worth taking.

Re:Ubuntu understands users

[ppanon]

If you try to stock mainboards, then you need to stock memory and CPUs as well because interfaces change. So you won't be able to get CPUs and memory that work with your 2012 mainboard in 2020. You'll also be giving up on all performance improvements that may come along over that time.

There will be somebody that will cater to that niche market by providing current motherboards with firmware that allow you to override the MS Keys. After all, all it will need is a slightly different firmware install on the same hardware, so somebody could just de-solder and swap out the ROMs on COTS hardware. But it will cost you more and you may need to use mail-order instead of being able to pick it up at Walmart or Fry's. When you hear that the government is working on legislation to make it illegal to sell mainboards that allow user-specified keys, that's when you want to stock up. Or emigrate, because the slide down that slippery slope of loss of freedoms will just accelerate.

Re:Not quite: They want to still work in a screwup

[mcgrew]

My freedom to install software on my computer is not less important than some OEM's freedom to restrict what software runs on their products.

THEIR products? You paid for them, they're yours. I'd say you have every right to do anything you damned well please on your own equipment, and the vendor has no rights whatever after he has your cash. His rights are completely unimportant, yours are supremely important.

This is like Ford saying you're only allowed to use Firestone tires, Goodrich aren't allowed.

It's madness to go along with this evil bullshit.

Re:Ubuntu understands users

The republicans would never lead the US into an anarchy. Wishful thinking, I must say.

Re:Ubuntu understands users

[CanHasDIY]

Everyone knows the Free Software Foundation cannot be trusted, but Microsoft can.

I just got back from vacation...did the universe invert while I was away?

Oh yea, that - we sent you an email, but since everything inverted it must have gone to your outbox instead of your inbox, so you must have thought you sent it to yourself...

Re:Ubuntu understands users

[CanHasDIY]

Because being able to ensure the OS hasn't been tampered with by the hardware owner is vital for any attempt to make effective DRM schemes.

This, millions of times over, cannot be repeated enough.

Re:Ubuntu understands users

[ppanon]

That's not quite true. It's possible for an O/S to detect if it's running in a virtualized environment because the overhead of trapping and emulating privileged instructions is substantial and can be detected using the system clock when compared to other non-privileged instructions. It would therefore require a lot of work to trick windows into ignoring that, because you would need to disable that visualization check code, as well as the object loader's crypto checks for the signature on its replacement.

Now for an app to detect that its in a virtualized environment would be much harder because apps shouldn't be able to run privileged instructions. In a world where WINE is able to perfectly impersonate Windows APIs, that app shouldn't be able to tell.

Re:Ubuntu understands users

[CanHasDIY]

The walled garden isn't what's bad - what's bad is the assumption, on the part of the 'gardners,' that they can and should have completely unfettered access to your data, regardless of whether or not you've given them permission.

"But but but, you're in our garden, permission is implied!"

Bullshit; When I take a cab, the drivers do not magically gain the right to go through my personal effects, merely because I'm "using their service."

It never ceases to amaze me the kind of abuse people won't take from brick-and-mortars, but will line up in droves to take it from a toy maker.

He who sacrifices freedom for security ...

[maitas]

He who sacrifices freedom for security deserves neither - Benjy.

In this case Caninical is right.

Re:Ubuntu understands users

It's not wrong to want a walled garden if it gives you what you want.

But if somebody else controls the walled garden, and is operating it for their own benefit rather than yours, you'll probably have to delude yourself into wanting it because either you won't know anything else or it's just to difficult to scale the wall. After all, North Korea is Best Korea, and I'll bet you that a solid majority of North Koreans would tell you that even if they didn't fear retribution.

This is all about Microsoft making it harder to scale the wall.

Who cares about Ubuntu ?

Who cares about Ubuntu anyway ? It's not like we don't have a bazillion other distros to choose from.
The only thing we would loose if they became as undesirable (sorry not english) as Microsoft ... is Unity ... too bad ...

What I'm worried is the future availlability of non secure boot motherboards.

Re:Which would be a greater attack on user freedom

Canonical is in a position to demand things....from *Microsoft*. Really?

Re:Ubuntu understands users

[ppanon]

Secureboot would not have solved those... Neither are bootloader malware.

No, but a secure boot loader is a link in the boot chain, so if you want to require it for the kernel and drivers (which would have solved those) then you do need to extend that to the boot loader or else the boot loader becomes the obvious point of attack. Just because the crooks are coming in the front door doesn't mean you shouldn't improve the lock on the back door at the same time as when you improve the lock on the front door. I agree that it's obvious that the owner should be the one who holds the keys, but concerns about who holds the keys doesn't mean there isn't value in installing [any/better] locks.

It's like a chain of custody for your O/S. The information is only as safe as the weakest link.

Re:Ubuntu understands users

WTF is an Windows RT device?

The parent is clearly talking about Microsoft requiring OEMs to disable any ability to boot any other operating system but Windows on ARM devices that ship with Windows. There is no ability to add alternative keys and no ability to turn off secure boot mode.

Stop being a pedantic jerk. Also, get your facts straight, and stop shilling for Microsoft.

Re:Not quite the flaw you make it sound like, Mark

Fedora/RHEL, they employ a lot of Linux developers.

Re:Not quite: They want to still work in a screwup

[recoiledsnake]

If you don't like that license, don't use programs with it and start over with your preferred license. you are not important, the final users are!

Isn't that exactly what Ubuntu is doing here, but the FSF is still objecting?

Re:Ubuntu understands users

Look, if it hasn't happened to other OSs in a spectacular way for 30+ years, chances are it won't happen any time soon.

With your thinking, we'd put cages on top of our cars in case meteorites strike them. Hell, at least that does actually happen somewhat regularly in reality.

Re:Which would be a greater attack on user freedom

[eric_herm]

No, from their OEM ( ie, OEM shipping Ubuntu ).

The whole point of being certified is that, checking the software and that it run. If Canonical certify something without verifying, that's not good.

Re:Not quite: They want to still work in a screwup

[hairyfeet]

Not to mention there is a REASON that everyone seems to have forgotten as to why MSFT is worried about bootloaders and it ain't malware. Go to TPB and look up "Windows 7 SP1 X64 all versions pre-activated" and you'll find you can download and install Win 7 which WILL pass muster when it comes to updates, in fact it will even automatically uncheck the WGA update that could possibly block the pirate version from getting updates. Feel free to scan the ISO, you'll find that it passes clean with the exception of a few "keygens are naughty!" pop ups from AVs like...well MSE.

So while I personally would have fought piracy by making Win HP upgrade $50 and the Pro and Family Packs $100 you can see why they don't want anyone getting to the Windows bootloader as the pirates have figured out long ago how to completely ruin their shit when it comes to piracy. Hell the Win 7 pirate version is EASIER to install than the old Razr1911 Corporate XP, it doesn't even need a key! So you can bet your ass if Canonical or any other corp lets their keys slip they'll be banhammered majorly quickly. While nobody in the home will give a shit and will just bypass Secureboot for BSA audits it makes it damned easy to spot those pirated Win pro stations because they'll stick out like a sore thumb. One switch to secureboot and they will fail, and then they can pay up for running hot software. Again not how i would have done it, but ultimately its their OS and they can do what they want.

What's wrong with a hardware switch?

Would it be technically impossible to have a hardware switch on the motherboard that says to the UEFI BIOS "No, I don't care how fricking insecure it is. Go ahead and boot whatever the hell I tell you to."

We all know that if you have physical access to the machine, you're screwed anyway. Provide a way for hardware to optionally disable SecureBoot, and I might consider buying it. Otherwise, no.

What??!?

[pem]

Canonical decided that they no longer care about that which made their founder rich.

You obviously don't have a clue what made their founder rich.

Re:Which would be a greater attack on user freedom

[hairyfeet]

How EXACTLY is this insightful? did Canonical stop bleeding money and get some major OEM deals i've not heard of? Last i checked they had a couple of low end units hidden on the back page of Dell, so they don't have anymore pull than "Bob's Distro" in that regard. hell looking at their number fall on distrowatch since Unity Mint would probably have a better shot of influencing the OEMs than canonical has at this point.

sorry but being a big fish in a little pond is a hell of a lot different than being a little fish in a big pond, and compared to OEM sales Canonical's ubuntu wouldn't even be considered a guppy. personally i blame the community for not supporting linux retailers like System76 and instead buying the cheaper Windows units and slapping whatever they wanted on after getting the in reality "Windows tax break" thanks to the trialware and economies of scale. if you want to affect a market you need to be counted, and you're not being counted when you buy Windows units folks, simple as that.

Re:Ubuntu understands users

[ppanon]

Don't forget saving and restoring encryption keys if you're using encryption on user directories.

Re:Not quite: They want to still work in a screwup

[JohnFen]

It's so hard to take you seriously when you keep using phrases like "nanny state" and "socialist". It would be better if you actually used those terms correctly.

I support Ubuntu's right to use whatever software they prefer, but this choice will prevent me from recommending it.

they've decided it's 'unfair' that users don't have the option to replace a bootloader

But it is, in fact, unfair if users don't have that option. Or, at least, it dramatically devalues the computer as you no longer really own it.

If the Linux Kernel was GPLv3, then you wouldn't have to root any phones to install Cyanogenmod: vendors would be required to provide an official method for the end user to replace the software with custom versions.

And wouldn't that be a wonderful world to live in?

Nice try

[pem]

But Canonical isn't requiring signed kernels.

So Debian away.

FSF could solve this.

[Ungrounded+Lightning]

So the issue for Canonical is whether FSF might use the terms of GPL3 to force disclosure of Canonical's key? And Canonical won't take their word that they can't or won't? Then there's a simple solution on FSF's part.

FSF is also the holder of the copyright on GRUB 2. All they have to do is to double-license it, adding a second license that is the same as the GPL3 except for explicitly granting the right to NOT be subject to forced key disclosure. This would make Canonical safe in a legally binding way, as long as any modifications they make to GRUB 2 don't merge in other GPL software that doesn't carry the extra license term.

Problem solved.

Re:FSF could solve this.

[Unknown+Lamer]

The copyright assignment contributors sign to the FSF might be violated if the FSF did that to GRUB2. It would also be counter to their goals of spreading software freedom. I mean, if the FSF weren't fighting against DRM why even bother updating the GPLv2?

Source: I had to sign one of those agreements a couple of years ago.

The Foundation promises that all distribution of the Work, or of any work "based on the Work", that takes place under the control of the Foundation or its assignees, shall be on terms that explicitly and perpetually permit anyone possessing a copy of the work to which the terms apply, and possessing accurate notice of these terms, to redistribute copies of the work to anyone on the same terms. These terms shall not restrict which members of the public copies may be distributed to. These terms shall not require a member of the public to pay any royalty to the Foundation or to anyone else for any permitted use of the work they apply to, or to communicate with the Foundation or its agents in any way either when redistribution is performed or on any other occasion.

Re:Ubuntu understands users

>jumping through hoops

Yes, changing one lousy BIOS setting is a grueling undertaking that requires the hand-eye coordination of an Olympic athlete, a Ph.D in CS (from a top CS school, not one of those crappy second-raters either) and the purity of heart of the Buddha himself. Get real, dude.

Re:Not quite: They want to still work in a screwup

[bluefoxlucid]

Because it's actually true. The heart of socialism is often stated as "from he who has the ability to he who has the need" or such; and overall it's basically a system by which the group shares what it produces. The basic theory is each man can produce more than he needs, and thus we should produce enough for everyone and then share the excess.

The Free Software Foundation is Richard Stallman's brainchild. Stallman's philosophy is that programming code and other creative works are the righteous property of everyone. Because they can be duplicated freely, they should be duplicated freely; and because programming object code is much less elegant and harder to modify than programming source code, programming source code should be supplied with programming object code and should be traded freely as well.

The entire purpose of the FSF is to take Stallman's vision of a world where proprietary, closed, restricted software doesn't exist and shape reality around it. In other words: he wants to take from those who can produce programming code and give to all of us so that we can benefit from that work freely. He'll use any leverage he can to force the issue, too: he's happily forced a few proprietary software applications into GPL by threatening injunction for them linking to GPL libraries (this is covered on the GNU site under Stallman's 'philosophy' area, in an article about why glibc is LGPL and not GPL--he noted as an aside that gettext is GPL and has allowed him to force two closed products into a GPL release thanks to their oversight).

Re:Not quite: They want to still work in a screwup

[bluefoxlucid]

No, it would be a terrible world to live in, because network operators would demand a "secure" phone from vendors so they could rid themselves of built-in e-mail applications and then charge $10/month for them (Verizon did this with the RAZR, for example) without pesky end users replacing the OS. Thus we'd all have Symbian or maybe Windows Phone 7 phones instead of Android.

Re:Ubuntu understands users

They don't know what they've lost.

Pretty sure they know some things they've lost. Constant malware infections, for one.

The one and only problem: Microsoft.

The one and only problem: Microsoft.
Solution: nuke Redmond.

Re:Ubuntu understands users

[Mad+Leper]

Quite incorrect, perusing the PS3 hacking forums prior to the OtherOS debacle shows that the PS3 OS was under attack for years, the big players in the cracking scene were extremely reluctant to advertise their failures and resorted to the old “I could crack it if I wanted to, but who cares about the PS3, has no games” canard.

GeoHot’s announcement of a possible hack using OtherOS combined with Uncharted 2 being nominated Game of the Year threw the pirate community into a fit, here was a triple A game they couldn’t steal but GeoHot’s hack provided a ray of hope that the PS3 could finally be cracked.

SONY removed OtherOS (not their best move, but it was a voluntary choice and any hacker interested in custom firmware just had to say no to the patch) and GeoHot failed to come up with a followup hack, not a surprise considering his talent for self promotion far outweighed his supposed hacking skillz. Having the hope of a cracked PS3 presented and then suddenly snatched away put the pirate community on the warpath. A failed SONY boycott, threats against SONY employees and their families & children, followed up by a full on attack on PSN and a botched attempt to steal credit card information did nothing and resulted in nothing more than turning the PS3 users against the hacking communities.

It wasn’t until a Service USB dongle was stolen and reverse engineered that a brief window of open firmware was available, but SONY closed the hole so quickly and completely that to this day the PS3 is still locked down tight. GeoHot flaunted the cracked keys from the stolen USB dongle in an attempt to shore up his flagging reputation, then quickly caved when SONY filed a civil suit against him. The rumored master key to unlock the entire PS3 OS never materialized and those that were cracked using the USB dongle code are stuck with firmware 3.60.

In the end the PSN credit cards data was never used, OtherOS is still gone and the PS3 is still un-crackable.

And in XBOX land, hundreds (if not thousands) of XBOX-Live users have been suffering through a continued FIFA-2012 hack that has stolen countless amount of cash and point from users credit cards.

Re:Ubuntu understands users

[worldthinker]

Except that we've already seen in the space of 40 years, the Republicans have done exactly what you've written. They've passed all manner of laws that restrict women's rights and have moved this country very much on the path towards fascism driven by a military industrial complex.

Tyranny must be resisted whether it is political ideology or corporate bloodsucking. Ubuntu is playing into Microsoft's hands.

But, in the bigger picture, aren't we moving towards a post-pc world?

Re:Ubuntu understands users

[KingMotley]

From what I know there are none in the wild.

Stoned. Whistler. Phanta. There are at least a half dozen others, and all their variants.

Secureboot makes the machine on my desk not mine... That is a problem. That you closed source people don't see this, is actually part of the problem.

I think I can say that I've likely contributed more to open source projects than the vast majority of even slashdot readers. Feel free to call me a closed source person if you wish however if that makes you sleep better at night.

Re:Ubuntu understands users

[JohnFen]

Please explain why it's a "very much required" security feature. I understand what it does, but I don't understand why it should be required.

Also, the "it's optional" line is a bit misleading. It's "optional" for the OEMs. If the OEM decides they want to require it, it becomes nonoptional for you.

Re:Ubuntu understands users

[KingMotley]

Ah yes, it's also an early step into allowing terrorists to hide child pornography in signed boot loaders so they can have the FBI raid whomever they want and send them away to prison if you have a political agenda they don't agree with. This was all planed by aliens who put cameras in our prisons because, as is proven fact, they enjoy a good anal probing.

Re:Ubuntu understands users

[kesuki]

"I mean the boot sector "virus"/"malware" thing is highly overrated. I've never seen one in the wild. "
I have. i have also seen hackers replace image files on a 'secured' windows box behind 2 firewalls. albeit the second i asked for in a chatroom(thus that was legal hacking). i also have seen multiple machines spontaneously fail, unable to boot like your one windows xp not validating with microsoft, without changing the systems clock. i spent 3 weeks trying to determine (using linux and windows xp sp3) if files were being altered using diff and drive images. and that was all behind a smoothwall firewall (which later failed).

somewhere in all that i was hospitalized and spent months in hospitals with doctors trying a load of different drugs.

Re:Not quite: They want to still work in a screwup

TL;DR

Also, forest for the trees. FSF is not condoning locked bootloaders, just responding to their potential adoption with a way to limit their abuse.

Re:Ubuntu understands users

[JohnFen]

Just because a solution doesn't solve the entire worlds problems shouldn't mean you don't implement it.

True, but if a solution causes more problems than it solves, it certainly should mean you don't implement it.

Re:Ubuntu understands users

[lorinc]

Without tinkering, you will never get any evolution. The market law is milk them till you can't. Without tinkering, it's forever.

Re:Ubuntu understands users

[kesuki]

well i did md5sums on my bios 3 times in 2006-2007 and one of the three did not match the md5sum for the official bios and i only loaded official .tw bios images. that system is fixed now but there is a reason why it would have a custom bios image not installed by default? so i assumed a bios rootkit. (in my previous post) the hardware is fine now and the bios was definitely only reflashed by me, when i was debugging the computers problems.
i did a full backup of the virused bios and reported it. if thats not a bootloader rootkit i guess i need a name for what it was.

Re:Some hardware companies worked on lockin alread

Just for your information, that's not an HP thing, that's a Windows thing. It checksums your hardware at install time and won't boot if you change it to prevent people duplicating installed images.

Re:Ubuntu understands users

[Chirs]

I'm not sure why they would need a revocation list. There is a handful of keys and they won't ever be revoked.

If any of the root private keys ever got leaked they would need to revoke it, otherwise it could be used to sign arbitrary malware and bypass the whole purpose of secure boot.

Re:Ubuntu understands users

I agree that CHOICE IS A GOOD THING. Those wanting a walled garden are free to choose a walled garden and those that want an open garden are free to choose a walled garden.

shifting the market away from open gardens

Purposefully limiting consumer choice for enrichment is not 'shifting the market away', it is forcing sections of the pie into your section of the pie.

Re:Not quite the flaw you make it sound like, Mark

[rastoboy29]

Doesn't matter, they screwed the pooch with forcing Unity anyway--Ubuntu is, unfortunately, on the way down.

Check out the interest ratings at Distrowatch, for example...and I know I've personally just gone to Mint after years of happy Ubuntu usage.  I tried to like Unity, failed, and going back to Gnome stock interface (without the nice Ubuntu configurations) just doesn't cut it.

secure boot extends into the hypervisor

[Chirs]

In a "properly" secure system the hypervisor would be signed with a key as well and the OS wouldn't allow it to boot if it's been tampered with. That hypervisor would then virtualize secure boot and only boot signed binaries, same as the real hardware.

Re:Ubuntu understands users

[shutdown+-p+now]

That's what anti-trust investigations are for.

Re:Not quite the flaw you make it sound like, Mark

[pem]

The key will be revoked and lots of software will stop running.

Re:Ubuntu understands users

RMS was never paranoid. He is always eventually proven correct, unfortunately so.

It's not even some rare ability of his that no one else has, anybody who understans that corporate greed is boundless and that the public is largely incapable of knowing everything it has to know to protect itself (about anything, not just software) can make such predictions.

But...

1) Since WW2 Capitalism has become a Religion, you just can't suggest any form of social protections or you become "one of them commies".
Beause of this it has become not kosher to suggest that corporations are greedy, heartless, amoral monsters out to eat the world and need to be controlled.

2) The public is so clueless that it doesn't quite realize how clueless it is. Meaning you can't explain people why you need to make something ilegal because if they'd understood it you wouldn't need to make it ilegal in the first place. i.e.:

It should be ilegal to sell computers the users can't control, since it's not in their best interests. But if the users knew this they wouldn't buy into it and you wouldn't even need to make it ilegal. The people who DO understand this don't see legislation as giving them any freedom they didn't already had, and the people who don't will lose freedoms they didn't know they had until many years later when it's too late.

(2) Is inevitable and we largely have to live with it. (1) Is mostly a problem of the American culture. My hope honestly is in the EU and, gods forbid, Asia.

Re:Fed up with Ubuntu

Doesn't matter, they screwed the pooch with forcing Unity anyway--Ubuntu is, unfortunately, on the way down.

Check out the interest ratings at Distrowatch, for example...and I know I've personally just gone to Mint after years of happy Ubuntu usage. I tried to like Unity, failed, and going back to Gnome stock interface (without the nice Ubuntu configurations) just doesn't cut it.

Amen bro. After happy years with Ubuntu, I gave up on Unity. I've switched to a new distro. Debian.

Re:Not quite: They want to still work in a screwup

[celle]

"The FSF's version of freedom is equivalent to nanny-state socialism. They've basically decided that their idea of playing nice needs to be enforced by big stick, and will happily trample over anything and everything that does something they dislike."

That's funny. A private foundation having to use a license to force copyright law to do the job it was intended to do. Doesn't seem socialistic to me, if it does to you read your constitution. The goal of copyright and patents is to get developments out in the public as soon as possible for the benefit of all(you know the public) not the developer. Copyright/patent was intended as a short term trade off not a long term benefit to encourage further development.

"In this particular case, Ubuntu wants to place a bootloader that will allow you to load ANY operating system, bypassing the "security" features they dislike in the new UEFI. Ubuntu wishes to ensure that users can boot any operating system they like and run any software they want. Their concern is that the GPLv3 makes provisions by which the FSF could, in this case as the owner of GRUB2, deem that a machine that won't let them replace GRUB2 with something else is in violation of the GPLv3. At that point, they can demand that Ubuntu surrender its encryption keys used to provide secure bootloader verification--which then allows anyone to sign any bootloader they want, thus negating any security features you could leverage out of the bootloader (for example, intentionally instructing it to boot only signed code--keeping the chain trusted, rather than booting a foreign OS as is the option)."

You mean public actually having control of both their hardware and software, especially software as the hardware is worthless without it, that they paid for. And yes they paid for it as all money for development comes from the public via investment to buying the actual devices to taxes that pay for company support(tax breaks, land grants, legal/judges) and other support infrastructure(roads).

"The point of contention is where the FSF gets to demand Ubuntu hand over their encryption keys for this particular application because they've decided it's 'unfair' that users don't have the option to replace a bootloader. The GPLv3 is a restrictive license agreement whose provisions do in fact allow the copyright holder to make certain demands about HOW their software is used. Most people fixate on the "Free" part because you're free to distribute and modify the software; but you are also "Obligated" to publish your modifications in source form if published in any form."

A license version that attempts to control the irresponsible behavior of business types that match toddlers "everything is mine" attitude and attention span of the quarterly stock report. If you don't like the GPL don't use it, you still have your freedom to be selfish and publicly irresponsible as you wish. You know, the public that helped feed, clothe, house, and educate you to be a meaningful member of society rather than kill you for the real threat pure competition would make you out to be.

"The GPLv3 brings restrictions on how you can use the software, such that you must be able to modify it--the hardware you use the software on must be configured to allow the use of modified software (or any other software). 'Jailbreaking' is not a thing with GPLv3 because the vendors would have to supply a way to run custom software. If the Linux Kernel was GPLv3, then you wouldn't have to root any phones to install Cyanogenmod: vendors would be required to provide an official method for the end user to replace the software with custom versions."

The only reason I see you would want to restrict people from altering their software is to lock them out of their hardware. So who's doing the restricting now? Vendors providing options for you to control your device that you paid for in more ways than one, who would have thought? Wouldn't that make it easier for customers/public to

Re:Ubuntu understands users

[Arancaytar]

Interesting. I'm a user and have just now decided to stop using Ubuntu. It's nice that Shuttleworth doesn't trust the FSF; I don't trust him.

A house divided against itself...

[gottabeme]

...cannot stand.

Re:Not quite the flaw you make it sound like, Mark

[drinkypoo]

I'm about to go to Mint after years of happy Ubuntu usage, not because of Unity which I think is OK, but because they keep breaking shit. Right now I can't print because of some fuckup in AppArmor or cups or something. (They just sent my bug from cups to apparmor, we'll see what happens.) It worked a week ago.

Re:Not quite: They want to still work in a screwup

the maintainers of the most popular GNU/Linux distribution out there

Canonical maintains Fedora? No, they do not.
Fedora has a much larger user base than Ubuntu.

Re:Not quite: They want to still work in a screwup

[hairyfeet]

I'm sorry but unless you use newspeak freedom means the freedom to choose or NOT to choose, and the GPL V3 takes part of those freedoms away because you no longer have the right NOT to choose. i would argue that is why Linux will never go anywhere on the desktop, because religious dogma refuses to allow a hardware ABI and they make sure their kernel fiddling breaks shit constantly. Now i'm sure those in the kernel dev team think they can make supporting Linux such a PITA that everyone opens their drivers, but in reality many simply won't support you at all.

if you force me to share with my neighbors at the barrel of a gun, which is what all patents and copyrights are, using the big arm of government to give one group control of something that is neither scarce nor expensive to copy and allowing them to treat it as it is a scarce good, then that is STILL force no matter how much newspeak you use. just because YOU think that force is "good" doesn't change the fact that it is still force anyway you slice it.

Re:Not quite the flaw you make it sound like, Mark

[MichaelSmith]

Yeah I am getting some crash dialog at startup and every hour after that. And Thunderbird crashed yesterday. Its very strange for an LTS release.

anyone who buys an OEM desktop for linux is...

...gay and stupid

Tablets

[MichaelSmith]

A bigger problem for free software is the current boom in closed tablet devices. Some android devices are open. iPads and MS Surface devices are not.

Re:Not quite: They want to still work in a screwup

[bryonak]

The FSF's version of freedom is equivalent to nanny-state socialism. They've basically decided that their idea of playing nice needs to be enforced by big stick, and will happily trample over anything and everything that does something they dislike.

Please put such remarks at the end of your postings, if at all. It helps a lot to not induce a feeling of "oh dear, another childish rant" and thus a negative disposition in the reader for the rest of your text.

In this particular case, Ubuntu wants to place a bootloader that will allow you to load ANY operating system, bypassing the "security" features they dislike in the new UEFI. Ubuntu wishes to ensure that users can boot any operating system they like and run any software they want. Their concern is that the GPLv3 makes provisions by which the FSF could, in this case as the owner of GRUB2, deem that a machine that won't let them replace GRUB2 with something else is in violation of the GPLv3. At that point, they can demand that Ubuntu surrender its encryption keys used to provide secure bootloader verification--which then allows anyone to sign any bootloader they want, thus negating any security features you could leverage out of the bootloader (for example, intentionally instructing it to boot only signed code--keeping the chain trusted, rather than booting a foreign OS as is the option).

Exactly. However, in practice there are a few questions: will Canonical care about making other OSs work with their bootloader? Will Microsoft omit the possibility of leveraging SecureBoot to impose more and more stringent conditions over time?
Basically, does the perceived advantage outweigh the possible disadvantages? Think about it: Canonical says "the FSF might go nuclear" right here and thus plays it "safe", so why shouldn't we say "Microsoft might go nuclear" and play it safe as well (by not supporting SecureBoot)?

The point of contention is where the FSF gets to demand Ubuntu hand over their encryption keys for this particular application because they've decided it's 'unfair' that users don't have the option to replace a bootloader. The GPLv3 is a restrictive license agreement whose provisions do in fact allow the copyright holder to make certain demands about HOW their software is used. Most people fixate on the "Free" part because you're free to distribute and modify the software; but you are also "Obligated" to publish your modifications in source form if published in any form.

I don't really understand this perspective. By the word "use" we mean "run", not "distribute". The "HOW" in this case is: in order to distribute this software, you must comply with it's conditions. The FSF says it will not enforce the full set of conditions now or at any later point in time (=demanding the keys), but Canonical/Mark are afraid they still might if their mood changes.
Of course, "may not distribute" leads to "may not _use_ in packages that we distribute" ;)

The GPLv3 brings restrictions on how you can use the software, such that you must be able to modify it--the hardware you use the software on must be configured to allow the use of modified software (or any other software). 'Jailbreaking' is not a thing with GPLv3 because the vendors would have to supply a way to run custom software. If the Linux Kernel was GPLv3, then you wouldn't have to root any phones to install Cyanogenmod: vendors would be required to provide an official method for the end user to replace the software with custom versions.

Now wouldn't it be awesome if this was considered normal by the vendors? How about we work towards such a world?

The Affero versions of the GPL family of licenses go even further: if you USE a modified version of the software, you must publish its source. That means if you modify an AGPL Web server and use it to serve your Web site, you have to put up the Web server's source code.

My name is Jonathan Swift. I aim to Solve what I..

... call The Software Problem

Software failure is fundamentally a human problem, not a technical one.

Purely technical solutions fail to effect truly meaningful and lasting change.

I haven't written up Burson-Marsteller yet, but I will Right Here over the next day or two. That's just a placeholder directory for now - it gets you a default Apache index page - but I just updated the sitemap at Solving the Software Problem, so all the search engines - not just Google, but also Bing (!), Yahoo, Baidu, SoSo, Yandex, Seznam and so on - will be picking it up over the next few days.

Bring It On, You Ignorant Mother Fuckers!

-- Jonathan Swift, who can't be bothered to recover his password.

Obvious question...

[jonwil]

Instead of requiring that OEMs shipping Ubuntu ("Ubuntu Certified" or whatever) install the Canonical signing keys, they should require that the machines be shipped with secure boot turned off by default (i.e. it will boot any bootloader that doesn't specifically care about secure boot)

That way all the issues about keys and GPL3 and OEM lock-downs and stuff don't matter.

Betting on the wrong horse.

Based on what I have seen of Win8, Microsoft is about to be dead, not the PC.

Re:Ubuntu understands users

[phantomfive]

They may think they want it now, but this is not a movie that ends well.

Re:Ubuntu understands users

It's not wrong to want a walled garden if it gives you what you want.

It is when the walled garden is unnecessary to get what you want.

If a PC owner wants lend the keys of their hardware to the vendor then so be it. However, M$ is also trying to make sure that general purpose PC owners will not get the keys even if they want them. These two things are not incompatible and posts that claim otherwise are disengenuous.

Re:Not quite the flaw you make it sound like, Mark

If people buy a "secure" computer, that's what they expect. Ubuntu isn't preventing you from buying something else..... Ubuntu is providing a solution to dual boot with windows on a "secure" computer.

If you want the ability to easily install something else, then it's no longer secure and defeats the whole purpose.

Secure boot actually is useful

[Galestar]

Perhaps Canonical actually wants secure boot and are willing to use a different boot loader in order to use it (and mitigate the fear of FSF incase there are technical problems)

Re:Not quite: They want to still work in a screwup

nanny-state socialism? This was upvoted to insightful 5? Since when is declairing basic rights (like the EU, UN, Consitution of USA has) a nanny-state socialism?

Re:Ubuntu understands users

[Sir_Sri]

Oh I wasn't suggesting Flame or Stuxnet were something secure boot is for. My point was that just because something doesn't affect you personally doesn't mean it isn't a serious security problem.

And as the other guy said, it doesn't really do any good to secure half the system and not the other half. Secure boot is one piece of the broad puzzle of computer security for the 99.9% of computer users who don't even know what the hell they're doing.

Re:Ubuntu understands users

[IT]

Your citing of TDL4 is a completely invalid argument because TDL4 as you cited did not do anything to BIOS/UEFI. With a clean BIOS, MBR virus can easily be cleaned with a bootable USB stick.

What would be more worrisome is a rootkit that resides on BIOS and is impervious to flashing.

can I jailbreak ?

Can I JailBreak my PC ?

I want Desktop computing not tablet computing.

Heck.

Re:Not quite: They want to still work in a screwup

[walshy007]

Again with this "a fixed driver ABI would fix all business"

The internal kernal abi changes because it's INTERNAL. If I wrote a piece of software, then someone else proceeded to write a binary that hooked into my software without integrating it properly (getting it to mainline) then when my software changes of COURSE they should expect that some of my internal functions have changed... it's called progress.

You want a stable internal abi, then pick a kernel version, a compiler, an architecture (because even with a single version, changing the compiler WILL change the abi) and stick to it, no changes equals no changes.

Otherwise any change at all would break it.

For further reference, see here

Re:Not quite: They want to still work in a screwup

[houghi]

That's the point of GPLv3: if these OEMs want to screw things up, then they have to deal with not getting to run GPLv3 software.

I am sure that that is exactly why this was invented. To ban Linux from running on hardware.

The only reason that there is no year of the Linux Desktop is because Linux is not pre-installed on a serious amount of machines. This could prevent just that to happen.

Microsoft must be wetting their beds in excitement with the possibility of people not being able to use hardware.

Re:Not quite: They want to still work in a screwup

[unixisc]

Aside from that, it's also v2 b'cos Torvalds disagrees w/ the FSF on its fanaticism, and doesn't even describe Linux as 'free software' these days. GPLv3 is to GPL what Windows 8 is to Windows, or GNOME3 is to GNOME or KDE4.0 was to KDE. Except that there is no indication that it will get any better, unless RMS gets abducted and held hostage for life in Argentina

There is a solution

[cyberthanasis12]

Goodbye Ubuntu.

Re:Not quite: They want to still work in a screwup

How is that a bad thing? This is not a key that is used to protect military secrets, it's a key that serves exactly one purpose: to prevent people from running modified software.

The point of the signing the bootloader is to prevent malware subverting the boot process, if the key is available then malware can be signed as though it were legitimate and thus defeating the point of this.

AFAIK, what Ubuntu is doing isn't to lock down the hardware that is to be shipped with Ubuntu, but allow Ubuntu to be installed on computers, that because of Windows 8, have secure boot enabled. Now you should be able to disable Secure Boot in the BIOS which will allow you modify the boot loader and/or kernel to your heart's content, but Ubuntu want things to be as easy as possible for new users and don't want user's to be put off by disabling secure boot -- it's called "secure boot", I don't want my computer to be insecure do I? -- or giving up because they have problems because they forgot (or were unable to) disable secure boot.

I don't like it myself, but I completely understand where Shuttleworth and Ubuntu are coming from and I think it would be a losing proposition not to do it.

Re:Not quite: They want to still work in a screwup

[hairyfeet]

And then I might as well use Win98 because the amount of resources required to make it functional and still keep security patches would cost millions....or i can just sell and support an OS that is a guaranteed 10 years of support and ignore your fiddly bullshit. Maybe NOW you see why people would rather steal the other guy's than have yours for free? hell you get longer support with a Hackentosh than with your average distro, thanks to Linus and his fellow fiddlers.

Not that you will bother, because I have a feeling i'm talking to a "follower of the one true way' which is about as likely to listen to reason as showing carbon dating to those that believe Adam rode a dino, but for everyone else there is this nice list with over 100 links published THIS YEAR so you can't claim "it's old, not like that anymore' showing just what I said which is YOUR SHIT BE BROKE BRO and pretending your shit be NOT broke is just that, pretending.

Now you can stick your head in the sand, pretend that Linus is smarter than the dev teams for BSD, OSX, Windows, and even OS/2 who ALL HAVE AN ABI but that don't make it reality, anymore than you pointing at a chicken and saying "its a cow!" will make it go moo. The reason your OS doesn't go anywhere unless a corp locks it down and puts it in embedded hardware (like Android) is precisely because Linux is a fiddly PITA without an ABI. Like it or lump it, really don't care at this point.

Re:Not quite: They want to still work in a screwup

[mvdwege]

The Affero versions of the GPL family of licenses go even further: if you USE a modified version of the software, you must publish its source. That means if you modify an AGPL Web server and use it to serve your Web site, you have to put up the Web server's source code. An AGPL Web application would work the same way: modify an AGPL CMS and you need to publish its source code on your Web site.

Yes, and?

Free Software has never meant 'free of cost'. If you want to use and modify an AGPL web application, the republishing requirement is the price you have to pay. You still have the freedom to modify the software, a freedom you won't get if you use a proprietary application.

As usual, an anti-GPL ranter shows himself up to be just another freeloader who wants to use a piece of software without paying the cost.

Mart

Re:Ubuntu understands users

[recoiledsnake]

UEFI Secure boot secures against boot sector viruses.

Who said anything about BIOS viruses?

Shuttleworth's UEFI FUD

[interventka]

Mark Shuttleworth is not a stupid guy, and it seems likely that he is engaging in a misrepresentation rather than a misunderstanding of what he was told by the SFLC. There are a couple of points worth making in this context.

First, the SFLC does not appear to sanction Shuttleworth's interpretation of Grub2 and its implications for UEFI. The SFLC is a signatory of the FSF's statement on UEFI, "Stand up for your freedom to install free software." It has also called out Microsoft's, er, flexible attitude toward its statements and representations about UEFI in the ARM context.

Second, Ubuntu has often shown this inclination to make a "separate peace" with Microsoft and the OEMs without really helping the larger community. The certified hardware deals with Dell and others don't really guarantee a system that will run any distro well without the help of binary blob drivers, and if that's not the point of the certification process, I'm not sure what is--other than to gain some positive cred and some market share in the corporate IT world.

Third, the scenario Shuttleworth is purportedly so worried about--an OEM "screwing up" and not shipping a PC in custom mode, making it impossible to replace its bootloader--is a pretty bad one to have to worry about in the first place. It sounds more like making a deal with a hostage taker than making a deal with the FSF does, because although the FSF does try to be litigious about its copyright, at least you know what its red lines are. Microsoft, as is shown by what they're doing with UEFI in the ARM space, is playing games here, trying to stay one step ahead of antitrust litigation in the Wintel world but no farther.

Exploits

[DrYak]

How will the hypervisor load if it is not signed?

if the firmware isn't 100% locked (like required for current x86 platforms) :
- by using some exploit in the OS at infection time to gain administrative privileges and disable secure boot in the firmware setting
- or add an extra key into the TPM keychain (thus following the same route as proposed by the FSF to boot into customised Grub2 bootloader)
- or the same as any of the two precedent entries, but simply using the legit software by the motherboard manufacturer for that operation and overlaying some click-jacking shit above it ("please punch the moving monkey to prove that your not a robot before seeing the video of the naked cheerleader in the dressing room") given how well this kind of shit works on current social networks, it might be good enough, without even needing to use any actual exploit.
- or getting chained from a legit signed bootloader designed to boot custom code (thus following the same route as proposed by canonical to get custom kernels to be booted onto a secure boot authorised efilinux)

if everything is locked for Microsoft-only booting (like on future ARM platforms running WinRT):
- by getting signed with a stolen key (has been recently be seen on some government cyberwar malware [was it Stuxnet?] using stolen keys from Realtek)
- by getting signed with a forged key that looks similar enough (some other recent cyberwar malware used a forged Microsoft key to pretend being WHQL approved. Not the real stuff, but thank to some collision it looked mostly legit enough to get a critical piece of the code to pass as signed. Similar here: the forged key might not be able to sign any arbitrary piece of code without the forgery getting noticed, but that might be well enough to get the first stage of the bootloader

The only way to prevent this is to go 100% the Apple way:
- a completely locked platform executing only microsoft-approved code, and getting new software only from the single repository approved by Microsoft. No possibility to side-load (no possibility to install something you go from an arbitrary source, not possibility to use an alternative repository (no more Steam, GOG, etc.)
And even that could be abused:
- Apple iDevice *HAVE* been exploited (for jail break and the like). So a walled garden done by someone with such a security record track like Microsoft is bound to be exploitable.
- "Underhanded C code contest"-like style! In this situation you don't even *need* to find a way around the the mini inner-security theatre provided by secure-boot/TPM. You embrace the walled garden and find a way to get the malware approved: Write some app that does synchronise the contact list with some social web service, or a game which use some form of social score board to compare with friends (so the app has a naturally obvious reason to need to access the contact list and to need online access - and thus can ask for these privilege without raising any suspiction. Thus it gets approved/whitelisted for the walled garden), but secretly it uploads the whole contact list to some malicious server where it will be used to build a list of SPAM targets, or initial infos to perform identity theft (and this exact situation was reported here on /. a few days ago. The only reason they got caught is that this specific malware had the brilliant idea to start spamming the whole contact list with SMS originating from the infected phone) . Bonus point if the leak looks accidental. (like most winners of the UCCC). - you get your malware functionality and don't even need to mess with the whole secure boot shit.

Re:Not quite: They want to still work in a screwup

[walshy007]

And then I might as well use Win98 because the amount of resources required to make it functional and still keep security patches would cost millions....

People can and do keep drivers outside of mainline and keep up with internal api changes. Some also release binary only drivers and just compile it once for each target platform.

These people are insane, and doing it the hard way, but they do it without _that_ much trouble. It just limits their target audience to specified platforms.

Now you can stick your head in the sand, pretend that Linus is smarter than the dev teams for BSD, OSX, Windows, and even OS/2 who ALL HAVE AN ABI

Oh, so how are your win98 drivers running in windows 7?

They break their abi periodically too, they just prolong it by keeping faulty interfaces for longer, a design flaw for different goals.

You seem to want a "one kernel version to rule them all" effectively by demanding a stable internal kernel abi, which will never happen as every person is free to do what they wish with it unlike windows/os x.

Mainline drivers make sense, it helps the system to "just work" when they boot it.

Will regressions occur? sure. But so long as more things are fixed than broken progress is made, and in the mean time you just revert back to the older kernel that lacks the regression.

Going to the windows/os x development model of a release every couple years as opposed to three months would slow progress immensely. There are long term 'stable' kernels for this use, where the internal kernel api's do not change (not abi since as mentioned, that requires same kernel and arch etc which you are fine to do if you wish) that you can use in that manner.

hell you get longer support with a Hackentosh than with your average distro, thanks to Linus and his fellow fiddlers.

I have a p3 733 which is still running fine for card games etc for old people, I also have a g4 mac because I like unique architectures, the latest linux runs on both, how long ago was the g4 unsupported from the mac line? I'm guessing at least 7-8 years ago.

You want linux to be a turn-key system? get someone who knows what they are doing to build it for you, get it going and support it. Same deal with a windows machine. I've seen plenty of windows machines that have had no end of trouble with drivers for peripheral cards when the windows vista/7 upgrades came, all because the users were silly enough to not check the drivers etc beforehand. Same deal with linux.

Nothing will replace knowledge of the system, ever. You want something to magically work, get someone else to make it magically work for you (whether that be the oem, or an individual) and then don't touch the internals.

Re:Not quite the flaw you make it sound like, Mark

[Trogre]

And who, exactly, thought it was a good idea to give Microsoft those keys? This is the company known for leveraging their position to screw over any potential competition at every turn.

Why is any hardware manufacturer still taking these clowns seriously?

Re:Not quite: They want to still work in a screwup

[higuita]

The problem is that in the view of FSF (and many, many users in the last few years) if that ubuntu doesnt care about its users and is removing user freedom. They just want to grab windows users, no matter what.

Ubuntu trusting Microsoft and the OEM instead of trusting the FSF might give enough excuse for the former saying that their solutions is good enough, that FSF is crazy and so, affecting the freedom of all users. That is why FSF is objecting, ubuntu decision might not affect just the ubuntu users.

Re:Not quite: They want to still work in a screwup

Interesting that in the name of freedom Canonical is being targeted for not doing it the way someone else wants, even when their way is essentially open.

Re:Not quite: They want to still work in a screwup

[exomondo]

Your freedom to throw punches ends where my face begins. My freedom to install software on my computer is not less important than some OEM's freedom to restrict what software runs on their products.

And they won't be at odds unless you - for some reason - purchase a locked down device, like many people do every day with bootloader-locked phones and tablets, at which point the simple fact of the matter is you bought the wrong product.

Re:Not quite: They want to still work in a screwup

[exomondo]

THEIR products? You paid for them, they're yours. I'd say you have every right to do anything you damned well please on your own equipment, and the vendor has no rights whatever after he has your cash.

That's correct, and we've seen precedents set that reinforce that, for example the ruling on the legality of jailbreaking iDevices.