Slashdot Mirror
OpenBSD's De Raadt Slams Red Hat, Canonical Over 'Secure' Boot
An anonymous reader writes "OpenBSD founder Theo de Raadt has slammed Red Hat and Canonical for the way they have reacted to Microsoft's introduction of 'secure' boot along with Windows 8, describing both companies as wanting to be the new Microsoft."
We have been hearing various people who should know better that "Redhat is the next MIcrosoft" and variations on that theme now for at least a decade. Guess Ubuntu should take it as a sign that they have 'made it' that the same is now being said of them.
Not saying I agree with either of their solution to the Kobayashi Maru (otherwise known as Secure Boot) problem, but calling them 'traitors' is a bit much. Especially since I can't rightly say I have a better plan and neither does Mr. deRaadt.
Democrat delenda est
I love OpenBSD, and run it on my firewall at home, but anyone who's followed De Raadt over the years has to be 100% expecting this.
Including the over-the-top language.
'Sensible' is a curse word.
Responding to a query from iTWire about what OpenBSD, widely recognised as the most security-conscious UNIX, would be doing to cope with "secure" boot, De Raadt said: "We have no plans. I don't know what we'll do. We'll watch the disaster and hope that someone with enough power sees sense."
Is not wanting to "be the new Microsoft" worth being unprepared for a "disaster?"
Isn't Mr. De Raadt known for being a bit... shall we say, "pointed" on these sorts of things?
-- Stu
/. ID under 2,000. I feel old now.
Ok, Theo, let's hear your solution then. I, for one, would really love the ability to secure boot a Linux system, knowing that every component is still exactly as it was when I last checked it and nobody has sneakily installed malware that secretly emails spam to all my friends and my financial details to carding sites. Trusted hardware root and signed executables are good things. So tell us then how we are supposed to get them? You obviously do not believe that we should be using Microsoft's key to sign the bootloader. What should we use? Keep in mind that while you have no difficulty installing your own keys in the BIOS, to a typical user (you know, those poor shmucks who get infected most often) that's deep voodoo. Also keep in mind that while Microsoft has the pull to get its key loaded by default into all the TPM chips manufactured, Ubuntu does not. Neither does BSD.
And there is nothing wrong in being listed at the nasdaq (unless you are facebbok inc ...).
And there is nothing wrong in making money and contribute back to the linux kernel.
Also canonical never made secret in being a wannabe apple, not exactly microsoft...
This whole Microsoft / Secure Boot situation is outrageous, it should never be allowed to be implemented, linux distro's should not be having to get anything signed by Microsoft. Hopefully some judge someday will see sense and kill it and also force Microsoft to carry positive mentions of other OS's in their advertisements in a similar fashion as the Apple / Samsung tablet ruling.
I used to like Ubuntu.
But no, change for change's sake is good. Let's ditch Gnome, its too old. Let's change the entire interface to be more like Win7, that's what people know. Let's bury stuff in endless menus and instead of making it functional lets make it PRETTY.
Canonical sucks and deserves every bit of criticism leveled at them. Ubuntu is dead, maybe Mint won't make the same mistakes.
The better plan is to sue Microsoft for abuse of their monopoly
It's only a better plan if one can demonstrate the facts support it.
What we really need is at least one of the motherboard manufacturers to get onboard with Coreboot. There's quite a bit of new work being done. It's just a matter of getting the low-level documentation and time. There's only so much that can be done on an amateur basis. It's costly to buy motherboards just to port Coreboot.
else is wrong.
Sadly, MS has the power to take control of our computers away from us --and with secureboot they're doing exactly that. This is a direct attack on personal computing and the freedoms of the end-user to control the software on their computer.
RMS and Theo De Raadt are both right on this --but neither one of them has the influence needed to avert this attack, so it doesn't matter.
The era of personal, general-purpose computing is over.
It is possible that Apple will soon hop on the secure boot bandwagon, but until then, buying Apple hardware to run Linux seems to be something of a solution, despite being an expensive one.
I wouldn't be surprised if the mass production of pre-installed systems will be helped with some sort of system that installs "enterprise/OEM" keys into the OS or the BIOS so fully automated installs can take place.
Now where have we seen this done before and what happened because of it?. I doubt this whole "secure boot" thing will last very long before software pirates will have found a way around it again. Once that happens, so will the malware authors and the wohle exercise will be useless again, just like all the other copy protection and anti malware schemes implemented by MicroSoft in their desktop operating systems.
I was promised a flying car. Where is my flying car?
You ship the TPM with a per-TPM public key in it, and a USB dongle with a certificate on it signed with the per-TPM secret key for the per-TPM public key, and then you require the presence of the dongle to intermediate the installation of the OS of your choice onto the machine. You allow installation of other public keys signed with the private key, and you have another public key and separate private key to permit per-device self-signing of whatever code you want, but only on a per-device basis.
Then you have your BIOS/EFI/UEFI/Coreboot/u-boot refuse to do anything other than go into "install mode" if the dongle is inserted so that the dongle will be removed after installation for normal operation so that it can't be abused by malware.
After that, all vendors are responsible for securing their own OS past the point of it being loaded into memory.
He has courage. You have to admire him for being so forthright, right or wrong. It takes balls to act as he does in today's "politically correct society" (what a bunch of hooey) - which in my opinion, is just being as honest as he can despite profanities and what-not.
I state that, because there's truly only 1 thing I personally respect in debates: When people are shown incorrect with facts versus their points. Undeniable reputably backed hard facts that are on the subject at hand, only.
Otherwise, things like ad hominem attacks are nothing but rubbish crap, period.
Thus, when Mr. DeRaadt's undeniably shown to be full of utter crap on statements he's made (we all make mistakes mind you) and moreso, consistently? Then his detractors have actually made a solid point.
When Mr. DeRaadt hasn't been utterly disproven beyond a doubt on his ideas, despite his "let it all hang out" attitude (which to a degree I respect a great deal for the reasons stated above but admittedly, other times not), he has made HIS point, disproving his detractors.
It's as simple as that.
In other words, what I have noted is that when the media or other groups attack a person on illogical grounds, ala ad hominem attacks? They fear them (and often for quite selfish and often nefarious reasons that aren't for the good of others, only themselves. Just an observation from over 1/2 a century of my life now.)
From what I understand, Windows 8 will run on most contemporary hardware. I installed it on a 3.8GHz P4 system and it ran fine. But it looks like if you want Microsoft Certification, then you need a BIOS that contains the UEFI code. But what if a manufacturer doesn't care about Microsoft Certification and elects to install Windows 8 on a PC with a UEFI BIOS? Then Linux or other operating systems should have no problems dual booting with Windows 8. I conclude that market conditions may cause some PC OEM's to eschew this BIOS extension altogether. Especially if it annoys their potential customer base.
Oh, yeah! Wise guy, huh? Woob woob woob woob! Nyuk! Nyuk!
Given that Apple is actively adding Secure Boot Chain to their own devices, I wouldn't place a bet on them as the safe hardware platform here. Normally I buy used Lenovo laptops to put Linux on them. If Microsoft's Secure Boot starts to be more of an issue, I'd probabaly switch to a Linux hardware rebranding company like Emperor Linux to make sure I didn't end up with a problem system.
Microsoft is quickly losing influence; I don't think their secure boot stuff is going to be that big of a deal. I would say they have a chance with Windows Server, but 2012 has Metro, so I think they'll be declining on all sides now. They don't seem to care about what people actually want; they just want to push some new thing.
Personally, I never liked Windows, but with Metro even on Server, I'll be seriously pushing Linux at work.
I was a long-time OpenBSD user since the 3.1 days, and cut my teeth on Unix development there. I was attracted by its focus on security and conscientious coding practices. I was happy through the early 4.x days, but the more I got involved in developing for OpenBSD the more I was dissuaded from doing so.
Part of the issue was this focus on security. After I began to use OpenBSD at home and at work in earnest, I realized that it was limited in hardware support compared to other operating systems. I purchased a new workstation and portable within a year of each other, and both times came to some unhappy realizations about OpenBSD support.
I began to seriously look at Linux and FreeBSD at this point, knowing hardware support was much more robust. (I had also looked at NetBSD, but even though it booted on nearly everything, driver support was anemic.) I started to dual-boot FreeBSD on my workstation, and spent more and more time there. But it wasn't only hardware support that pushed me away from OpenBSD.
The FreeBSD development model is, to say the least, more sensible. Like I said, the more I got involved with OpenBSD development the more I was turned away, and that was mostly due to the project leader's attitude. During the run-up to OpenBSD 4.2, Theo de Raadt had been in a couple highly-publicized arguments with Linux developers, rubbing a ton of people the wrong way.
What many don't understand is that this was not an isolated incident. Try being an OpenBSD developer! These kind of scathing verbal assaults happened all of the time on the mailing lists. I was—and still am, actually—unsure whether Theo doesn't give a shit due to some philosophical stance, or can't help it due to something like Asperger syndrome. In either case, he typically drags anyone he disagrees with over the coals, all while telling them to stop taking it personally.
I wish Theo had taken some of his own advice. I believe he has hurt the OpenBSD platform more than he has helped it, and I also firmly believe that hardware support in OpenBSD sucks not because of code auditing practices or security focus, but because Theo has either scared or purposefully chased away developers.
Long-time OpenBSD developers might migrate to FreeBSD or Darwin; newbies might try for Linux instead. Those who taste the de Raadt wrath, however, always run in the end. A friend of mine once incurred his ire by asking the wrong question at the wrong time, and Theo de Raadt hacked his router and remotely remapped his keyboard!
This is abuse, plain and simple, and Theo's relationship with his developers is abusive. I feel bad for anyone who has to engage him in real life, and fear something Reiser-like happening in the future. This controlling, manipulative attitude coupled with periodic violent outbursts indicates a deep-seated mental health issue that has gone unchecked for far too long. If you are an OpenBSD developer, watch your back!
After all this mess, I switched to FreeBSD 7.2 and never looked back. I upgraded to FreeBSD 7.3 and started using FreeBSD 8 as soon as it was in pre-release, and I am eagerly working on FreeBSD 8.1. I feel spoiled now, too, because of the throng of developers devoted to professionally working the FreeBSD platform into something spectacular instead of naggling over trivial matters or admonishing one another.
The thriving FreeBSD ecosystem contrasts sharply with the Jonestown-like atmosphere of OpenBSD. There is also the fact that no one person looms so largely over any other; ego is checked at the door in FreeBSD since the goal is to make a great operating system, not lord over others like David Koresh and a harem of 14-year-old girls.
Feel free to disagree with me or point out counter-examples; I would love to read them now that I have left OpenBSD. I will always have a soft spot in my heart for the little secure operating system even though it leaves me with chills. I sometimes fondly load www.openbsd.org and read the latest release notes and smile wistfully.
It's okay to smile, now that I'm free from OpenBSD.
Theo, ranting, is why he got kicked off the NetBSD project. Theo, ranting, is why OpenBSD's drivers for Broadcom chipsets stink. (Look up how the original author tried to resolve the licensing problems of sticking his GPL drivers in an OpenBSD kernel and was ignored, then screamed at by Theo for making the issue public.) Theo, ranting, is why OpenBSD doesn't properly handle booting from software RAID. Theo, ranting, is why the OpenBSD installer works like the UNIX crap I learned to loath back in 1985 and can't store the state of what you've already selected or go back, you just have to start over from scratch. Theo, ranting, is why OpenSSH has no built-in support for chroot cages. Theo, ranting, is why OpenBSD has no virtualization server capability. Theo, ranting, is why OpenSSH still stores both host keys and by default, user private keys in clear text with no expiration, and has no plans to fix this. Theo, ranting, is why the "compatiblity chart" is a list of chipsets that don't match the actual chipsets published by the manufacturer, and usually are from chipsets at least 4 years old.
Theo, ranting, usually means you're doing something right for your actual client base rather than for his ivory tower. There's a reason OpenBSD is used only by fanboys who run it on "hobby" systems and don't get any work done. And yes, I've dealt with the crap for years: I *wrote* the first SunOS ports of SSH-1, SSH-2, and OpenSSH. (Theo's fan club did not write SSH: they ported Tatu's previously GPL work into OpenSSH, and screwed up the license. Surprisingly little of the actual codebase is due to OpenBSD hosted development.)
whats to stop manufacturers from not including secure boot in their hardware. No way there isn't a big market for some Chinese manufacturer to jump onto this and have the Linux world use their hardware.
by TheSpoom (715771) Uncaring Linux user here. I have nothing to add to this but please continue. *munches popcorn*
It isn't a fact if all I have is your word. It is just some anonymous (what is your name and address?) bozo's opinion on the internet.
I feel bad for anyone who has to engage him in real life, and fear something Reiser-like happening in the future. This controlling, manipulative attitude coupled with periodic violent outbursts indicates a deep-seated mental health issue that has gone unchecked for far too long. If you are an OpenBSD developer, watch your back!
So it's better to do PROZAC till you uncork\go postal! Quit trying to play psychiatric science professional - you're not qualified to do so for one thing. Your other example of him allegedly taking over the router of a naysayer made me laugh actually. Why?? First it's unsubstantiated anecdotal b.s. until you supply a citation and proof backing it. Secondly, I also suspect the person it happened to may have had it coming for one (probably a flamer who thought himself untouchable online and quite possibly started with DeRaadt). So, if it happened at all that is, it also shows he wasn't very technically competent from a security standpoint either or it would not have happened to him.
Lastly, as far as verbal assaults - your current blatantly illogical attempt at discrediting a guy based on anecdotal unsubstantiated statements and ad hominem attacks from yourself don't go very far here either. Especially since I doubt you've done 1/10th of what DeRaadt has in the science of computing. I wager I am so right here you won't be able to show you've done more than he has of good repute.
Nobody can tell me that people like yourself, that act the meek worm online with innuendo and implications with no backing is now playing psychiatric pro (which you clearly are not) is not the worst offender of all via implication and innuendo possible.
Get over yourself Mr. Shrink. You aren't one.
So we get double. Both men have done a lot of good for the world, more than most people on /. have done. Just because they take predictable positions and have personality with strong convictions does not mean we should dismiss what they say like they were some air head cranks who do nothing but rant ignorantly about any topic. They are also not sell out spokes people. They deserve some respect and should be allowed to get media attention over the "reality star" like experts the press always goes to.
I'm frankly surprised De Raadt didn't speak out sooner about it and instead seemed to delay comment on the matter (well, he wasn't exactly asked about it before or it wasn't reported before.) I would say that their perspective on the matter is that securing the firmware bootstrap loader to this extreme and added complexity is wasteful; the added security has to be appealing but the benefits of it are minimal. With all the low security everywhere else it does not matter that you securely started the OS when it is so easily compromised... It will however add more steps, confusion and locked hardware for people trying to run their own software. For example, take some vendor who only cares about windows support - they may prevent the user from being able to choose outside their list or require $$$ to include the keys in the list (many already sell out their customers to spyware to subsidize the hardware cost.)
I've done OpenBSD for a while, building a machine is a bit of work when you have to figure out exactly what all the hardware is so you can see if there is a driver that supports it; it is bad enough vendors never tell you enough details on systems (not everybody builds their system and quite often you are giving an old machine a new life using open source.) I can see down the road an increase in BS we have to deal with getting stuff onto an old computer.
Then you have the blueray situation where they demand huge things from the OS which plays movies. MS has no trouble acting like they own your computer and adding overhead to police you on your own computer. Apple still hasn't added blueray movie playback and it is totally for legal reasons (plus they'd rather you stream on iTunes, notice they are not dropping DVD playback yet...) So, blueray requirements may force whole system vendors into only allowing SPECIFIC OS to boot the system. The MPAA will eventually realize this option and it will surely be discussed. Remember, their business model will push them into creating something to replace blueray in another decade so they can make money reselling people their movie libraries... it could be only streaming at that point but that would require a bigger lockdown than they currently have (unless they can learn.)
Theo de Raadt
Even better, just have a fucking pushbutton on the side of the box.
You want to install your own bootloader? Great, it will try to write its key - and you hit the little button to commit that. A virus sneaks onto your machine? Good luck reaching out of the CPU to toggle a physical contact.
Yes, doing it to iOS devices with their ARM chip. There was nothing from Apple even remotely hinting of doing so with their x86 hardware. Nice FUD, though.
Remember when we used to make fun of the sort of people who would insist that we should say "free software" and not "open source?" I think by this point in time, we can finally acknowledge that they were right: open source is about software development, not respecting or protecting user freedom.
Palm trees and 8
Or making unsubstantiated implications regarding him, rather than points he makes on a computing topic. is indeed, an illogical ad hominem attack. Formal logic illustrates this via the "to the man"/ad hominem attack which is indeed, illogical.
If all anyone has is put downs of this fellow that have nothing to do with the topic at hand, computing, then they are indeed guilty of not only a blatantly illogical ad hominem attack, but also of being grossly off topic. They also aren't impressing myself or most of the crowd around here, because as was said before "let him without sin cast the first stone" (not a one of us can do that, as we all have some 'sin').
I'm more surprised that bios replacement isn't already more prominent. It's not all that complicated to reverse engineer hardware initialization, it's just that it isn't necessary. Hardware will always be rootable. And software will always be able to implement emulation and man in the middle on such hardware. It will just require more active participation from the hardware owner, no virus or software installation will be able root the system without you actively participating.
"An ad hominem (Latin for "to the man" or "to the person"), short for argumentum ad hominem, is an attempt to negate the truth of a claim by pointing out a negative characteristic or belief of the person supporting it. Ad hominem reasoning is normally described as a logical fallacy, more precisely an informal fallacy and an irrelevance." source = http://en.wikipedia.org/wiki/Ad_hominem
That said: What exactly has the poster you're defending done? Attempted to negate the truth of a claim by pointing out a negative characteristicor belief of the person supporting it. Not only that, but he has also gone incredibly off the topic of the news article posting here also. Period. If instead the poster you're defending had disproved some point Mr. DeRaadt had made in said news article here, then I would not be pointing out the obvious that the poster you're defending made quite clear and plain via his UNSUBSTANTIATED claims and opinions of attempting to put them man down, rather than points Mr. DeRaadt made in said article. That is an ad hominem attack, and illogical (as well as off topic). In other words, the poster you're defending is indeed blatantly guilty of an off topic illogical ad hominem attack on Theo DeRaadt himself, but not his points in said report this entire thread is about. No questions asked and no doubt about it.
It was a joke my friend, I would never quit using openbsd.
With "Secure" Boot, hardware must no longer allow BIOS to be freely flashed, it must only be replaced with a new cryptographically signed BIOS image. That must be true for both the main one and the option ROMs. Otherwise the "secure" boot mechanism would be meaningless. (Not that it has much meaning anyway...)
In this situation, it's more pragmatic to require distributors of free software to also distribute the keys needed by the user to run modified versions of the software. A requirement that the authors of GPLv3, with foresight, chose to adopt, with no lack of criticism for being too "extremist".
Unlike Microsoft, though, Apple has no financial incentive to disallow other operating systems on their hardware. If someone buys a Mac, deletes the Mac OS partition, and installs Linux on it, Apple still makes money.
http://www.youtube.com/watch?v=PjtkswyOYMI
Apple has had something similar to this for so long they still only sold PowerPCs back then.
vendor. That is not security, that is a lock in, where you need to opt out from. Only the owner of the hardware should be able to sign and lock his machine and OS.
Everything else just takes security away and opens you up to the mercy of the vendors.
idk... so I'm asking. Say I purchase hw with Windows 8 preinstalled... and I don't want to fuck with any of this BIOS key bullshit, nor run Windows 8, nor any Windows on bare iron (because I am, in fact, sane), but only free software: can I simply reflash the OEM placed SecureBoot with another non-SecureBoot BIOS? What of coreboot (LinuxBIOS)? Can I still use that? If so, why doesn't Canonical, RedHat and the BSDs make something along these lines as an option in their plans? Who forced the top Linux distros to whiddle down options to a single non-choice option?
The Admin and the Engineer
It's not about "wanting to be the next Microsoft" so much as it's about not caring sufficiently about your customer base and the wider IT using community as a whole, by being apathetic in the face of yet another Microsoft extortion campaign. Just roll over, pay them what they ask and they might go away and leave us alone. The opposite is true of course - everyone who pays them, emboldens them to ask for more, on more and more spurious grounds.
What the world needs in an alliance of companies and organisations who decide that Microsoft's bullyboy tactics and protection rackets have to be stopped once and for all. Either they compete by selling products or they leave the market place to those who wish to do that.
So it seems OpenBSD guys will continue to use even older hardware than before. And eventually OpenBSD fades away...
I'm more surprised that bios replacement isn't already more prominent. It's not all that complicated to reverse engineer hardware initialization, it's just that it isn't necessary.
That's why Coreboot supports such a wide variety of motherboards, including newly released ones. Its SO EASY!
Key? What if you want to write your own OS? That's terrible! The whole idea of the PC platform was that it allowed independent commercial programmers to develop their own systems. The platforms that did not do this aren't around any more ...
The purpose of existence is to make money.
What I dont understand is this, if they are going to go through all of this trouble to get a secure boot, with the kernel and whatnot signed, how come they just randomly go around and give out keys to random people (Red Hat and Canonical) so they can sign their own binaries? Do they have some kind of leverage on Red Hat and Canonical in case they screw up and their keys are leaked?
Compare how the PKI for SSL certificates have come under attack recently. Is MS going to review all the code that's signed by Red Hat or Cannonical? Will there be a MS only key so if I, for some unknown reason, wanted to just run Windows I wouldn't run the risk of those hippies at Red Hat and Canonical infecting my computer?
It gets even stranger when Fedora apparently are going to use a '"shim" bootloader' (according to the article) to load GRUB. So, uhm, what else can this bootloader load? Say Windows but modified in a malicious way? Certainly it would seem that GRUB should be able to do that, if nothing else?
I must say I dont really see this making much sense from any kind of security perspective.
The real problem is that people will lose / forget their uefi password -- which will be just as easy as losing a BIOS password, then you'll never be able to disable Secure Boot, and you'll be stuck with whatever OS is currently installed -- most likely being Windows something. If it was possible to hack uefi and reset the password -- well, then -- that kinda defeats the "secure" part of the solution, donut?
There is nothing (apart from cost and practicality) stopping other vendors/distros/organisations from negotiating with hardware manufacturers to have their keys pre-installed, but consider this. Microsoft's action are restraining trade. Microsoft is using their dominant market market position to have hardware manufacturers ship with UEFI enabled by default, with microsoft keys enabled by default. They are saying to the manufacturers, if you want to label your hardware windows complaint you must do X, where X affects other vendors by making their product more difficult to use. Microsoft doesn't need to pay for this 'service' from the manufacturers, the manufacturers are forced to comply in oder to sell their products (because of window's dominant market share). Isn't this is already anti-trust, but against the manufacturers. Other vendors who don't have the market share have two choices:
Both options sound like anti-trust to me. In my mind it would be better for manufacturers to ship with NO keys, and if you want to install an OS, then the OS installation instructions just have to include the extra step explaining what needs to be done. Again, for Joe Schmo who buys his whole PC retail, this doesn't affect him, because some IT guy in a backroom does the installation. The machine comes with one key, for whatever OS Joe wants installed. Practically speaking, this means that everyone will preinstall windows whether or not the customer wants it, same as now. Nothing would stop larger or smaller *nix distro users from installing the approriate keys. Microsoft's advantage would be that the retail industry does work for them for free, same as now. I'm not saying it's right. I'm saying it's not a catastrophe. Microsoft pays for this advantage in a way, through marketing, lobbying, etc. Cananonical and red hat could negotiate similar advantages directly for example with dell/hp/best-buy ... it's probably not worth their while.
2) pre installation of all available certs by the manufaturer (now guess for how many reasons manufacturers aren't going to auto install keys for all available linux/HURD/bsd distros, yep there are many).
It will be difficult to boot the Hurd on these machines? Think of the poor 4 people this will inconvenience...
1) They can only install other OSes on x86 machines. On ARM they cannot. There will be no rooting your Win 8 phone/tablet.
2) As they point out, making non-technical people boot into the bios and disable secure boot is a significant barrier to allowing them to install other OSes.
Isn't "preparing" just "adding to the disaster"?
Ha! That's funny. I'm a long time linux nerd, and I like the idea of the Hurd and can't wait for it to become mainstream. Still, there's nothing wrong with a good joke.
Hell, it wouldn't cost the manufacturers much. For *years* BIOS's had flags to booting in a 9X compatible way, then XP. SATA drive controllers still tend to have an option to emulate IDE, mostly for the benefit of older OS's.
So why not just have a checkbox in the BIOS "All generic boot key", disabled by default, and have a general key for Linux/BSD. Easy enough for most who will use Linux to still make the system bootable, and it allows the system to be locked down by default.
The point of a dongle is physical separation. A push button would let someone left alone with the computer for a few seconds install malware that looks sufficiently like the default system that there is little likelihood of the user noticing.
So for example, you could have a nominally secure OS, like Chrome OS, where it's hard to get a key logger onto it because of the way the TPM is used, and you could install a fake version of the OS that has a built in keylogger which looks and acts sufficiently like the OS that's supposed to be there that the user can't tell the difference.
If you go the push button route, you need to combine it with a mandatory wait interval (on Chrome OS, it's 5 minutes, if you switch the developer switch), on the theory that someone who is not trusted won't be left alone with a machine for longer than 5 minutes, and then this is combined with a user safety screen which beeps and makes you explicitly use the keyboard to get around it and./or wait 30 seconds on each boot to notify you that the push button has been used.
This still isn't great, since if you are left for 5 minutes + 8 seconds with an already booted device, you can get it compromised and rebooted in about 5 minutes and 17 seconds. The binary option, using the dongle, closes that race window entirely.
I think Redhat's and Canonical's decisions are their own counterargument. As paradoxical as that sounds.
The argument against UEFI is that it gives an advantage to Microsoft, putting them in control of licensing.
The counter argument is that UEFI has provisions for running other OS, that don't rely on Microsoft.
Redhat and Canoncial, Microsoft competitors, chose to contract licensing from Microsoft.
Whatever UEFI provisions are*, they are bad enough that paying Microsoft is the better alternative, so it is still the case that UEFI favors Microsoft.
* UEFI provision are.
1.- User's can disable Secure Boot.
2.- Users can sign their own OS at their expense.
3.- Users can install keys provided by distributions.
3.- Distributions can make deals with OEMs to include their keys.
But... the future refused to change.
It's a plausible argument. I'm not sure it's really strong enough for legal proof, though. I'm not a lawyer, so I couldn't really say further than that.
"Cananonical and red hat could negotiate similar advantages directly for example with dell/hp/best-buy ... it's probably not worth their while."
Well, for us (RH) it really isn't, because that's not really what we do - we don't sell consumer OSes in retail. Canonical has more ambition in that direction. They do actually have a plan to self-sign for OEM preloads of Ubuntu; only the 'normal' downloadable Ubuntu images, intended for end-user installation onto systems that shipped with Windows, will be signed with Microsoft's key. If you actually go buy a system with Ubuntu pre-installed from a Canonical-approved reseller, so their plan goes, you'll get a copy of Ubuntu that's pre-signed with a Canonical key.
why on earth do personal computers NOT come pre-installed with free-LINUX operating system?
windows is super simple to install. pop-in a cd, press a key, finish. takes like 20 min and this way will be crap-ware free.
*sigh*
That won't be a problem for years: FSF types won't use hardware that costs money, so it'll be years before they fish any such systems from the dumpster.
4? There are 5 total, and 4 of them are RMS!
If you have the skillset it is easy. It does take work though even if you do have that skillset. The number one motivation to do work is necessity, the second being interest.