Slashdot Mirror

← Back to Stories (view on slashdot.org)

OpenBSD's De Raadt Slams Red Hat, Canonical Over 'Secure' Boot

Posted by timothy on from the so-you're-not-a-fan-then dept.

An anonymous reader writes "OpenBSD founder Theo de Raadt has slammed Red Hat and Canonical for the way they have reacted to Microsoft's introduction of 'secure' boot along with Windows 8, describing both companies as wanting to be the new Microsoft."

2 of 391 comments (clear)

  1. Re:A bit over the top by vux984 · · Score: 5, Informative

    ), but it doesn't change the fact Canonical and Redhat were forced to buy a license *from Microsoft* or else their OSes would not run.

    That is not true.

    Their OSes will run just fine provided any of the following are done:

    a) the user logs into UEFI and disables secure boot

    b) the user logs into UEFI and installs a distro key

    c) the user logs into UEFI and installs their own key and signs the distro themselves.

    d) the distro provider works with the manufacturer to have their key pre-loaded the same as microsofts.

    Microsoft (currently) does prevent or even hinder any one of those alternatives on x86.

    Canonical and Red Hat noted that a & b require at least a nomimal effort by the end user. (c requires a fair bit of effort for the end user) And that d required a substantial effort on their part.

    So they chose "e) sign our distros with the MS key" that Microsoft already took the effort to have preloaded so that our users don't need to take the nominal step of disabling secure boot or of installing their own keys.

    "That is called restraint-of-trade and it is VERY clearly a violation of the Sherman Antitrust "...

    No its not.

    "now they are actively blocking other OSes from Opera/Google/other OSes from running (unless they beg MS for a license)"

    You don't need a license from microsoft. The end user can disable secure boot. The end user can install their own keys. The distro can approach the hardware manufacturer and have their own keys preloaded along side microsofts.

    Microsoft isn't preventing anyone from doing anything, and you do not need to interact with microsoft at all to install other OSes.

    Please COMPREHEND the above before replying or commenting on the subject further.

  2. Re:A bit over the top by AdamWill · · Score: 5, Informative

    "That's a nice 3-page essay (double-space I presume), but it doesn't change the fact Canonical and Redhat were forced to buy a license *from Microsoft* or else their OSes would not run."

    That's still not a fact. We were not forced to buy a license. We had several options, which Matthew outlined way back at the start of this whole saga, in this blog post:

    http://mjg59.dreamwidth.org/12368.html

    Specifically, the paragraph headlined "Getting the machine booted". It mentions the other options, including "the possibility of producing a Fedora key and encouraging hardware vendors to incorporate it" and "producing some sort of overall Linux key". There is also the obvious negative possibility of simply not signing anything at all; this would require users to disable Secure Boot in the firmware before installing Linux, but it doesn't prevent them from doing so.

    Both Fedora (note, Fedora, not RH; RH does not necessarily always follow what Fedora does) and Ubuntu had several choices and _chose_ to go with the Microsoft signing service as the 'least bad' option (well, Ubuntu will also be self-signing, for OEM preloads). The fact that we are _choosing_ to get our releases signed with the Microsoft/Verisign key does not imply that we were _forced_ to do so. We _choose_ to do so on the basis that it'll provide the maximum possible success rate of Fedora installs with the minimum amount of work. We could have chosen to self-sign, or not to sign at all, and ask users to disable Secure Boot or import our key. We decided not to do so.

    "Problem si that peope like YOU seem to think corproatuions never od anything wrong"

    This is an absurd stretch. You appear to be implying that anyone who suggests that a corporation might ever do anything at all that is _not_ wrong, must therefore believe that a corporation can _never_ do anything wrong. This is clearly ridiculous and false. You also mistake my opinion that Microsoft's actions are _not illegal_ for an opinion that they're _right_. These are not the same thing at all. I have carefully refrained from stating in public any personal opinion on the Rightness or Wrongness, from an ethical/moral standpoint, of Microsoft's actions. This is intentional. What I have said several times is that I don't believe the actions can successfully be characterized as _illegal_. Not everything that's wrong is also illegal. But if something is wrong/bad but not illegal, then you can't defeat that something through the courts. This sub-thread was prompted by someone saying that RH and Canonical should have chosen to prosecute or sue Microsoft. My point is that this is hardly a viable option if the suit would fail.