Ubuntu Can't Trust FSF's Secure Boot Solution

sfcrazy writes "The Free Software Foundation recently published a whitepaper criticizing Ubuntu's move to drop Grub 2 in order to support Microsoft's UEFI Secure Boot. The FSF also recommended that Ubuntu should reconsider their decision. Ubuntu's charismatic chief, Mark Shuttleworth, has responded to the situation during an interview, and explained the reason they won't change their stand on dropping Grub 2 from Ubuntu. Shuttleworth said, 'The SFLC advice to us was that the FSF could require key disclosure if some OEM screwed up. As nice as it is that someone at the FSF says they would not, we have to plan for a world where leaders change and institutional priorities change. The FSF wrote a licence that would give them the rights to take specific actions, and it's hard for them to argue they never would!'"

They expect OEMs to lock machines down?

[makomk]

The SFLC advice to us was that the FSF could require key disclosure if some OEM screwed up.

So in other words they're anticipating not only that OEMs are going to accidentally or intentionally ship machines running Ubuntu that are locked down so that you cannot boot your own kernels on them but also that they won't be able to convince the OEMs to fix their broken BIOSes to allow users to run their own code. By not using GRUB2 they ensure that said OEMs would have no legal obligations to allow you to run the code you wanted on the PC you'd just bought.

Re:They expect OEMs to lock machines down?

[jmorris42]

It gets better. Ubuntu is assuming this lockdown will be happening with OEMs they have a contractual relationship with.

Think about it. I put out Unknown Hacker Linux with a boot loader signed by me. I publish it on my website somewhere. Evil Bit Computers downloads it and installs my public key into the firmware of machines that they then sell to the public in a totally locked state. A buyer of one of those machines decides they want to wipe the preload and install Windows 8. They go Evil Bit and demand they keys per the GPL3 and get an Evil Laugh(TM). Then they come to me and demand the signing key and I tell them, I feel your pain but I'm sorry I can't do that because it would compromise every machine installed with packages signed by that key. And they couldn't do a darned thing to me legally because I have no relationship to Evil Bit Computers. If push came to shove Evil Bit could be required to issue new firmware allowing rekeying or they could be barred from distribution of GPL3 software. But I'd never see the inside of the courthouse.

And now you know why I have never considered Ubuntu. Never could say why, but they have always given off a 'wrong' vibe. Best explanation would be the short story _Young Zaphod Plays It Safe._ Just an undefined unease with em.

Good riddance

[Hatta]

Grub2 is an epic piece of shit anyway.

Re:Ubuntu understands users

[SuricouRaven]

Because:
1. Once the technology is deployed, it requires only altering one line of a contract to kill linux on the desktop.
2. Because being able to ensure the OS hasn't been tampered with by the hardware owner is vital for any attempt to make effective DRM schemes.

Mandatory Warning.

Serious Sandwich, aka Bonch, Sharklaser, Tech* etc is one of a number of sockpuppet accounts established and maintained by Burson Marsteller on behalf of Microsoft.

Their presence in this discussion means comments and moderation will be slanted to emphasize their client's viewpoint.

Treat all commenters in this discussion with suspicion and derision. Do not post or reply to posts yourself.

I Call Bullshit.

[darkonc]

Canonical can't be held responsible for somebody else's screw-up. If Canonical distributes GRUB consistent with the GPL3, then there responsibility is done. If somebody else screws up by distributing GRUB in a non-conformant way, then all they can do is ask canonical to distribute their private key to get the manufacturer's bacon out of the fire. Canonical would then be free to laugh at them.

It seems to me that Canonical is missing the bigger piece -- which is that the vibrancy of Ubuntu depends on the wider vibrancy of Linux. If Ubuntu jumps into Microsoft's lifeboat and leaves the rest of the GNU/Linux community to sink or swim, Canonical is ultimately slitting their own throat slowly.

Trusting Microsoft over the FSF seems foolhardy at best.

Re:I Call Bullshit.

[LourensV]

I think the reason for the SFLC's advice regarding having to reveal th key is that Canonical distributes updates directly. Here's the scenario:

1. The OEM sells a PC with Ubuntu preloaded and the BIOS locked.
2. The user buys the PC and then updates GRUB2 to a newer version supplied from the Ubuntu repositories. It'll install fine, because it's been signed by Canonical, and the Canonical key is in the BIOS.
3. User wants to modify GRUB2. They get the sources from Canonical, modify, recompile, and try to install. The computer won't boot, because their modified version is missing a signature.

This means that Canonical is violating the Tivoisation clause in the GPLv3. Canonical is redistributing GRUB2 to the user, and the licence won't let them do that unless they also provide the user with everything they need to be able to change GRUB2 and load it onto their computer just as they're doing with the original they were given. Since Canonical can't unlock the BIOS (only the OEM can), the only way they can fulfil those requirements is by giving out their key.

Re:Ubuntu understands users

[jmorris42]

> Secure Boot is very much required security feature. It will lock out malware that hides rootkits in boot sector. That's a very good thing.

Somebody with more crypto knowhow, please put me some knowledge on here. Because I'm not seeing it that way. Secure boot will work wonders to ensure Hollywierd and Microsoft that their hardware isn't doing something nasty like letting the guy who put money on the counter and thinks they own it (how funny!) run something of their choosing. What I don't see is how it really protects the user from malware.

The security only runs one way. Once somebody can subvert the boot process in any way (and show me ONE device that hasn't been rooted) all malware need do is what it has always been doing. Take over the boot. Then IT checks the sig on Windows and tells it that "I'm the bootloader, you can trust me." and there isn't a 100% sure way to verify backwards. We all know most vendors will still be flashing the BIOS/UEFI from Windows because anything else will be too much hassle for the end users. They will pretty much have to do it to get key revocation lists. Oh yea they talk now about secure pathways through secured supervisor modes but we know that if it is running Windows nothing on that CPU is really and truly secure. And wait until the motherboard makers start encheapening the system. Remember when a physical write protect jumper was standard to protect flash BIOS? And a ROM portion with an emergency rescue reflash util? When was the last time you saw any of those protective measures on sonsumer equipment?

> It's also optional, so you can always install Linux.

On x86, for now.

Re:Ubuntu understands users

Everyone knows the Free Software Foundation cannot be trusted, but Microsoft can.

I just got back from vacation...did the universe invert while I was away?

Re:Ubuntu is doing the right thing

[betterunixthanunix]

If the only thing keeping this secure

Secure from what? The goal is not to secure you from a bootloader virus; I doubt that was discussed for more than five minutes while this system was being designed. The goal is to secure DRM systems from you, the user, because of what happened with DVDs and deCSS, what happens with software cracking tools, etc. The goal is to turn PCs into iPads.

This is a trap, designed to rob you of the freedom you have right now, which as it so happens is the freedom that PCs were meant to provide in the first place.

Not quite the flaw you make it sound like, Mark...

[pla]

The SFLC advice to us was that the FSF could require key disclosure if some OEM screwed up.

Yes! Yes, they could - Because it would mean that the OEM had "accidentally" taken away the user's right to do whatever the fuck they want with hardware bought and paid for by that user. And I have no problem with requiring key disclosure in that situation.

Look, Shuttles, we get the idea that you want every bit as much control over Ubuntu as Microsoft has over Windows, and UEFI has the potential to finally fulfill your little wet dream there. You seem to have overestimated your importance in the Linux world, however - If you won't honor the spirit of "free" software, we'll simply use a distro that does.

But Microsoft isn't changing position?

[CanEHdian]

As nice as it is that someone at the FSF says they would not, we have to plan for a world where leaders change and institutional priorities change

As nice as it is that someone at Microsoft says they will sell $99 keys, we have to plan for a world where leaders change and institutional priorities change

Re:Ubuntu understands users

If I don't have the keys to my computer, it's not mine.
RMS's The Right to Read looks less and less paranoid all the time.

Re:Why are we allowing these "people" to do this?

[bill_mcgonigle]

Gees, ten years isn't that long, have you folks forgotten already?

Two weeks after 9/11 the USAPATRIOT Act was highly controversial, despite the recent attack, and had sunset provisions.

Ten years later, it's renewed without any real debate.

"Keep us safe from the terr^H^H^H^H rootkits". In both cases the power-hungry gladly assume additional control and remove freedoms.

Re:Which would be a greater attack on user freedom

[betterunixthanunix]

Except that Canonical is in a position to demand that EFI boot restrictions be disabled by default. That does not seem to have entered the picture, because they do not care about user freedom. I disagree equally with Fedora's approach, because I personally switched away from Fedora when I disagreed with some changes they made, and this boot restriction system will make that harder to do.

Now is the time to fight back, not compromise. Bootloader restrictions are a direct attack on free software and user freedom, and the response by Canonical and the Fedora project has been to just lie down and accept that attack.

Re:SECURE BOOT IS A FRAUD

[Jeremiah+Cornelius]

Boot sector virus is not the target, to be fair.

It's to prevent loading a compromised kernel image. A signed boot-loader chain will only load if uncompromisable with cryptographically verified signatures and checksums.

But this is not the threat to most users, most of the time.

And? If they are dumb or mistaken enough to get an infection that will compromise their OS image and ring-0 loadable software? They are going to be compromised in OTHER WAYS that will NEVER touch the system image. Secure system boot is a good way to protect a boot-loader for encrypted volumes - but not even needed for this to be effective.

It is a security chimera - with more opportunity for mistakes and misuse than protection.

A little background on Burson-Marsteller

(please note that I am NOT the same AC that made the accusation, but rather, one that wondered who this firm is, so I figured I would share my findings...)

Ok, so I do a bit of digging for two minutes, and came up with this:

Who:
Burson-Marsteller is a PR firm. As in, a really, really, REALLY big fuckin' firm. Apparently the only place on Earth worth mentioning that doesn't have an office of theirs is Antarctica.

http://en.wikipedia.org/wiki/Burson-Marsteller

Where:
Burson-Marsteller has been very, very busy. I haven't had time to second-source the entries from Wikipedia, but supposedly this firm has been at the forefront of a lot of really, really bad shit. The original Tylenol Poisoning scare, Three Mile Island, PR for Phillip Morris; you name the PR nightmare, and there's a good chance they've been there to mop up. In other words, these guys are "World-Class Spin Doctors".

When:
"When" really doesn't even apply in the context I'm using because they are still in business as part of the WPP plc, the world's largest advertising agency. Which means, "when" is really all the time.

http://en.wikipedia.org/wiki/WPP_Group

What:
It took a bit of digging but I found a set of links that tied them back to Microsoft. Ok, so now we have something tying the two together with Microsoft as Burson-Marsteller's client.

http://www.economist.com/blogs/babbage/2012/03/microsoft-v-google

http://www.techdirt.com/articles/20110513/15424314269/burson-marsteller-digs-itself-deeper-hole-deletes-critical-comments-its-facebook-page.shtml

The accusation:
I myself have observed "shill-like" behavior over the last decade on Slashdot, and in the last 4 years it has intensified quite a bit. I believe that, while there is no direct way to prove the accusation, there is sufficient background for readers to make an informed decision as to the possibility of the accusation being accurate.

Why AC:
Yes, I have an account here, let's just say numbered under 200,000 and leave it at that. No, I will not post this with my account for reasons that should be readily apparent to anyone with two brain cells attached - which is to say, attracting the attention of a world-sized firm to my little pittance is probably not the wisest move to make. If they have enough money to pay people to sit around all day and troll slashdot forums, then they certainly have enough money to harass me (given the opportunity).

Sometimes the best tactic to keep out of harm, is to simply not be seen.

Re:Not quite: They want to still work in a screwup

That’s why I prefer contributing to GPL projects over non-copyleft: I know that helps the fight for a world in which all computer users have the 4 freedoms.

Canonical decided that they no longer care about that which made their founder rich.

GPLv3 just closes some loopholes, so I prefer v3 over v2: more measures to ensure my freedom in the cases where I am a mere user (98% of all the software I interact with).