OpenBSD's De Raadt Slams Red Hat, Canonical Over 'Secure' Boot

An anonymous reader writes "OpenBSD founder Theo de Raadt has slammed Red Hat and Canonical for the way they have reacted to Microsoft's introduction of 'secure' boot along with Windows 8, describing both companies as wanting to be the new Microsoft."

A bit over the top

[jmorris42]

We have been hearing various people who should know better that "Redhat is the next MIcrosoft" and variations on that theme now for at least a decade. Guess Ubuntu should take it as a sign that they have 'made it' that the same is now being said of them.

Not saying I agree with either of their solution to the Kobayashi Maru (otherwise known as Secure Boot) problem, but calling them 'traitors' is a bit much. Especially since I can't rightly say I have a better plan and neither does Mr. deRaadt.

Re:A bit over the top

[Hatta]

Especially since I can't rightly say I have a better plan and neither does Mr. deRaadt.

The better plan is to sue Microsoft for abuse of their monopoly.

Re:A bit over the top

[UnknownSoldier]

> but calling them 'traitors' is a bit much.

Not really. They valued convenience over freedom. That is the antithesis of GPL / BSD. Once you start compromising your values for freedom it becomes easier to justify the convenience.

To paraphrase Ben Franklin: "Those Who Sacrifice Liberty For Security Deserve Neither"

At some point this short-sightedness will come back to haunt them.

Re:A bit over the top

[jmorris42]

> The better plan is to sue Microsoft for abuse of their monopoly.

The old consent decree is long since expired. Good luck starting up a new round of lawsuits, Microsoft discovered lobbists after the last round so the DOJ isn't going to be bothering them again. So your plan is do nothing for years while a court case winds its way through the system and more then likely ends up going nowhere. Boy I'd love to take that plan to the stockholders meeting.

Re:A bit over the top

I think in this case, the additional words are important:

"They who can give up essential liberty to obtain a little temporary safety, deserve neither liberty nor safety."

I give up liberties all the time, for various reasons.

Re:A bit over the top

[drinkypoo]

The better plan is to sue Microsoft for abuse of their monopoly.

You mean, so that they can be found guilty again and let go without so much as a hand-slap again? Yes, that would be a wonderfully immense waste of taxpayer dollars.

Re:A bit over the top

[cpu6502]

Desktop and laptop PCs are still 88% dominated by the Microsoft OS. Requiring other OS makers to buy a license from Microsoft is very clear evidence of using their monopoly power to stifle competition. Opera won their lawsuit in the EU with lesser charges. (MS didn't block Opera... just made it difficult to compete against the free OS-embedded IE.) In this case MS is actively blocking Chrome, Ubuntu, Kolibri and other OSes.

I guess I just found another reason to buy a Win7 PC instead of the Win8 version with blockeboot.

Re:A bit over the top

[UnknownSoldier]

Do you want to tell that to all the people that died for WW1 or WW2 ?

It is unfortunate that people have to die, but sometimes that is the only way to get others to listen -- that certain concepts, such as freedom are MORE important then one man's life.

Re:A bit over the top

[AdamWill]

"Requiring other OS makers to buy a license from Microsoft is very clear evidence of using their monopoly power to stifle competition"

It certainly would be. The only problem is that they're not doing that at all.

The industry as a whole agreed to ratify the basic Secure Boot mechanism as part of the UEFI standard. Secure Boot as described in the UEFI standard does not say anything at all about who should sign code and issue keys and any of that stuff. All it does is say 'here is a mechanism called Secure Boot by which the system firmware can maintain a list of keys and refuse to run code which is not signed by one of those keys'.

So once that's in the UEFI standard, we have a world where there is this thing called Secure Boot which operating system developers and hardware vendors can *choose* to implement. Or not. The UEFI standard says nothing about whether it ought to be used, what keys ought to be included, or anything like that.

So Microsoft, as an operating system vendor, decides they want to use this Secure Boot thing. They're going to sign their operating system, and require vendors who want to pre-load that operating system on their systems to ship Microsoft's key. So that their operating system will run. This is what the Microsoft Windows 8 certification requirements for x86 state: you have to turn Secure Boot on by default and include our key.

What the certification requirements explicitly do _not_ state is this: 'you can't include any other keys'. They definitely don't say that. They just say 'you have to include Microsoft's key'. There's no restriction at all on shipping any number of other keys. Additionally, the certification requirements explicitly require that the user be able to enrol their own keys, and also disable Secure Boot if they so desire.

So...Microsoft's requirements for OEMs are that they enable Secure Boot by default (but allow it to be disabled) and ship Microsoft's key (but they can also happily ship any number of other keys, if they choose).

It's logically impossible to construe this as "Requiring other OS makers to buy a license from Microsoft". It doesn't do that, at all. Other OS makers can have their OS signed by themselves or anyone else they like, and ask hardware manufacturers to ship that key. Microsoft does nothing to prevent this. Or they can choose not to sign their OS at all, and ask users to disable Secure Boot. Microsoft does nothing to prevent this. Or they can _choose_ to have Microsoft sign their OS so it'll work without them needing to get any other key loaded into firmware; Microsoft didn't _have_ to provide public signing services, but they are doing so to avoid a PR shitstorm. If Microsoft really wanted to be evil, why would it provide public signing services at all? Wouldn't it be more effective just to say 'no, we won't do that'?

I find it highly unlikely that you could build a convincing case of monopoly abuse over Secure Boot for x86, when the actual facts of the matter are taken into account. They just don't support the accusation strongly enough. If Microsoft could be shown to be exerting pressure to prevent alternative signing groups from existing or getting their keys loaded onto hardware, then maybe...but AFAIK no-one has shown such.

(disclaimers: I am not a lawyer and this is not legal advice or a legal opinion. Furthermore, though I work for Red Hat, I am not directly involved in any RH evaluation of this issue, I am not involved in RH legal in any way, and this is entirely a personal opinion and not in any way representative of Red Hat. It is not Red Hat's official position on the issue of the legality or otherwise of Microsoft's actions. I specifically leave open the possibility that Red Hat as an entity might take a completely opposite view of the case.)

Re:A bit over the top

[pixelpusher220]

Might want to check your history:

MS trial

The DOJ announced on September 6, 2001 that it was no longer seeking to break up Microsoft and would instead seek a lesser antitrust penalty. Microsoft decided to draft a settlement proposal allowing PC manufacturers to adopt non-Microsoft software.

Who was president in Sept 2001 again?

Re:A bit over the top

[cpu6502]

Actually the announcement came from a federal court of appeals in late 2000. QUOTE: "The D.C. Circuit Court of Appeals overturned Judge Jackson's rulings against Microsoft. This was partly because the Appellate court had adopted a "drastically altered scope of liability" under which the Remedies could be taken......" In other words they decided not to breakup the company.

Late 2000..... before President Shrub arrived on the scene. But hey! Why let "facts" get in the way of good-ole FOX or NBC style distorted reporting?

Re:A bit over the top

[Baloroth]

Of course, the DOJ decision was after this little tidbit:

The D.C. Circuit Court of Appeals overturned Judge Jackson's [original judge who issued the breakup order] rulings against Microsoft. This was partly because the Appellate court had adopted a "drastically altered scope of liability" under which the Remedies could be taken, and also partly due to the embargoed interviews Judge Jackson had given to the news media while he was still hearing the case, in violation of the Code of Conduct for US Judges.[17] Judge Jackson did not attend the D.C. Circuit Court of Appeals hearing, in which the appeals court judges accused him of unethical conduct and determined he should have recused himself from the case.

(bracketed bit inserted by me)

Re:A bit over the top

[cpu6502]

Now here's an essay for you to read..... written by the Free Software Foundation:
(snip)

In theory, there should be no problem. In practice, the situation is more complicated. As currently proposed, Secure Boot impedes free software adoption. It is already bad enough that nearly all computers sold come with Microsoft Windows pre-installed. In order to convince users to try free software, we must convince them to remove the operating system that came on their computers (or to divide their hard drives and make room for a new system, perceptually risking their data in the process).

With Secure Boot, new free software users must take an additional step to install free software operating systems. Because these operating systems do not have keys stored in every computer's firmware by default like Microsoft does, users will have to disable Secure Boot before booting the new system's installer. Proprietary software companies may present this requirement under the guise of "disable security on your computer," which will mislead new users into thinking free software is insecure.

Without a doubt, this is an obstacle we don't need right now, and it is highly questionable that the security gains realized from Secure Boot outweigh the difficulties it will cause in practice for users trying to actually provide for their own security by escaping Microsoft Windows.

It's also a problem because the Windows 8 Logo program currently mandates Restricted Boot on all ARM systems, which includes popular computer types like tablets and phones. It says that users must not be able to disable the boot restrictions or use their own signing keys. In addition to being unacceptable in its own right, this requirement was a reversal from Microsoft's initial public position, which claimed that the Windows 8 program would not block other operating systems from being installed. With this deception, Microsoft has demonstrated that they can't be trusted. While we are interpreting their current guidelines, we must keep in mind that they could change their mind again in the future and expand the ARM restrictions to more kinds of systems.

The best way out of all of this (other than having all computers come pre-installed with free software) would be for free software operating systems to also be installable by default on any computer, without needing to disable Secure Boot. In the last few weeks, we've seen two major GNU/Linux distributions, Fedora and Ubuntu, sketch out two different paths in an attempt to achieve this goal.

Fedora's approach

There is much to like about Fedora's thinking, as explained by Matthew Garrett......... Unfortunately, while it is compliant with the license of GRUB 2 and any other GPLv3-covered software, we see two serious problems with the Microsoft program approach.

1) Users wishing to run in a Secure Boot environment will have to trust Microsoft in order to boot official Fedora. The Secure Boot signing format currently allows only one signature on a binary -- so Fedora's shim bootloader can be signed only by the Microsoft-vouched key. If a user removes Microsoft's key, official Fedora will no longer boot, as long as Secure Boot is on.

2) We reject the recommendation that others join the Microsoft developer program. In addition to the $99 expense being a barrier for many people around the world, the process for joining this program is objectionable. A nonexhaustive list of the problems includes: restrictive terms in multiple of the half-dozen contracts that must be signed, a forced commitment "to receive targeted advertisements and periodic member email messages from Microsoft," and a requirement to provide notarized proof of government-issued identification and a credit card.

Ubuntu's approach

Their approach has the same issue as Fedora's official method. Users have to trust Microsoft in order to boot official Ubuntu CDs. Their certification program amplifies this problem, because it means no one can sell certified Ubuntu machines without trusting Microsoft.

Re:A bit over the top

[vux984]

), but it doesn't change the fact Canonical and Redhat were forced to buy a license *from Microsoft* or else their OSes would not run.

That is not true.

Their OSes will run just fine provided any of the following are done:

a) the user logs into UEFI and disables secure boot

b) the user logs into UEFI and installs a distro key

c) the user logs into UEFI and installs their own key and signs the distro themselves.

d) the distro provider works with the manufacturer to have their key pre-loaded the same as microsofts.

Microsoft (currently) does prevent or even hinder any one of those alternatives on x86.

Canonical and Red Hat noted that a & b require at least a nomimal effort by the end user. (c requires a fair bit of effort for the end user) And that d required a substantial effort on their part.

So they chose "e) sign our distros with the MS key" that Microsoft already took the effort to have preloaded so that our users don't need to take the nominal step of disabling secure boot or of installing their own keys.

"That is called restraint-of-trade and it is VERY clearly a violation of the Sherman Antitrust "...

No its not.

"now they are actively blocking other OSes from Opera/Google/other OSes from running (unless they beg MS for a license)"

You don't need a license from microsoft. The end user can disable secure boot. The end user can install their own keys. The distro can approach the hardware manufacturer and have their own keys preloaded along side microsofts.

Microsoft isn't preventing anyone from doing anything, and you do not need to interact with microsoft at all to install other OSes.

Please COMPREHEND the above before replying or commenting on the subject further.

Re:A bit over the top

[drinkypoo]

Who? What?

Re:A bit over the top

[vux984]

What about ARM?

What about it?

Microsoft doesn't have a monopoly in ARM devices (tablets and smartphones). Their competitors in Apple and even many Androids have restricted boot to their signed binaries.

We all agree that its not the situation we want, and we all agree we should demand the right to the keys to our devices (which we currently have on x86).

But it is absurd to suggest Microsoft is abusing its monopoly position in the ARM device market.

Re:A bit over the top

[AdamWill]

Yeah, that's why I limited my post specifically to x86. The ARM requirements are much stricter: Secure Boot must be enabled and must not be disable-able, and the user must not be able to enrol their own keys. I don't believe the requirements reject the possibility of other keys being preloaded, but in practice I doubt we'll see that.

As other responders have pointed out, though, there's a different problem with alleging monopoly abuse when it comes to Windows RT / ARM, which is that Microsoft doesn't have any kind of monopoly on any kind of ARM client device. It doesn't have a tablet or phone monopoly. Consumer ARM devices are often sold heavily locked down; Microsoft isn't doing anything new there. (Most Android phones / tablets, and all Apple ones, are locked down in similar fashion).

Re:A bit over the top

[AdamWill]

"That's a nice 3-page essay (double-space I presume), but it doesn't change the fact Canonical and Redhat were forced to buy a license *from Microsoft* or else their OSes would not run."

That's still not a fact. We were not forced to buy a license. We had several options, which Matthew outlined way back at the start of this whole saga, in this blog post:

http://mjg59.dreamwidth.org/12368.html

Specifically, the paragraph headlined "Getting the machine booted". It mentions the other options, including "the possibility of producing a Fedora key and encouraging hardware vendors to incorporate it" and "producing some sort of overall Linux key". There is also the obvious negative possibility of simply not signing anything at all; this would require users to disable Secure Boot in the firmware before installing Linux, but it doesn't prevent them from doing so.

Both Fedora (note, Fedora, not RH; RH does not necessarily always follow what Fedora does) and Ubuntu had several choices and _chose_ to go with the Microsoft signing service as the 'least bad' option (well, Ubuntu will also be self-signing, for OEM preloads). The fact that we are _choosing_ to get our releases signed with the Microsoft/Verisign key does not imply that we were _forced_ to do so. We _choose_ to do so on the basis that it'll provide the maximum possible success rate of Fedora installs with the minimum amount of work. We could have chosen to self-sign, or not to sign at all, and ask users to disable Secure Boot or import our key. We decided not to do so.

"Problem si that peope like YOU seem to think corproatuions never od anything wrong"

This is an absurd stretch. You appear to be implying that anyone who suggests that a corporation might ever do anything at all that is _not_ wrong, must therefore believe that a corporation can _never_ do anything wrong. This is clearly ridiculous and false. You also mistake my opinion that Microsoft's actions are _not illegal_ for an opinion that they're _right_. These are not the same thing at all. I have carefully refrained from stating in public any personal opinion on the Rightness or Wrongness, from an ethical/moral standpoint, of Microsoft's actions. This is intentional. What I have said several times is that I don't believe the actions can successfully be characterized as _illegal_. Not everything that's wrong is also illegal. But if something is wrong/bad but not illegal, then you can't defeat that something through the courts. This sub-thread was prompted by someone saying that RH and Canonical should have chosen to prosecute or sue Microsoft. My point is that this is hardly a viable option if the suit would fail.

Re:A bit over the top

[jonwil]

Microsoft may have discovered lobbyists but their lobbyists didn't save them from EU rulings (Windows N with no media player, the "Browser Choice" screen etc). There is no reason to think the EU wouldn't be interested in investigating other abuses of monopoly power by Microsoft (including anything to do with secure boot)

Re:A bit over the top

[bws111]

Nope. They valued their customers over fighting some stupid pissing contest.

What exactly are their chioces?

1) Do nothing
2) Whine about how unfair it is
3) Label their product with: Not compatible with any PC with a Windows logo on it
4) Create their own signing infrastructure, sign their binaries, work with all motherboard and system provides to get their key installed
5) Sign their binaries using an already-trusted key
6) Tell their users to disable Secure Boot
7) Tell their users to create and install their own key, and sign the binaries with it

Options 1, 2, and 3 do nothing to advance Linux, the companies, or freedom. They pretty much just relegate Linux to the 'hobby' sector forever.
Options 4 and 5 are the easiest for the end user, with option 4 costing quite a bit more for very little benefit
Options 6 and 7 are inconvenient for the user, and provide no benefit to the user over options 4 and 5

Now, exactly what 'freedom' has been lost by the companies actions? Do you still get the ability to install the binaries wherever you want? Yes. Do you still get the source code? Yes. Can you still install and run your modifications? Yes.

The only thing that changes is that if you want to modify and run the bootloader you must do option 6 or 7. Making everyone use those options is OK, but making only people who want to modify the boot loader jump through those hoops is somehow a loss of freedom? Do explain.

Re:A bit over the top

[occasional_dabbler]

Utter f*cking rubbish. I just installed W8 preview alongside Ubuntu 12.04 (yes, a sweet combination, Ithankyou). Of course the Winstaller doesn't nicely search out the other OSs but it was a couple of clicks on a bootable Ubuntu CD to fix this.

Re:A bit over the top

[lister+king+of+smeg]

well thats great for all of you in Europe and the UK, but for us over here in north America are still screwed up the @SS#013.

Re:A bit over the top

[chriscappuccio]

This is a pathetic response. Companies with resources like Red Hat and Canonical should take the effort to register keys directly from BIOS and/or motherboard manufacturers. The time to get these arrangements is now, when UEFI is in its infancy, not later when Microsoft changes their policies and keys. Some computer manufacturers will choose to not enter agreements, others won't allow you to disable Secure Boot. The right approach is for people who care to support manufacturers that aren't imbeciles. The problem with this approach is that it'll be less convenient for some Red Hat and Canonical customers. Even if Microsoft remains 100% trustworthy, the largest open source operating system companies should not be taking a back seat to Microsoft. Something is really wrong when your company buys control to run on the world's computers from Microsoft for $10.

Re:A bit over the top

[cheesybagel]

What would you think if Microsoft was the only presently available registrar in the Internet and that you had to convince every single hardware vendor in order to get an additional registrar?

Re:A bit over the top

[blind+biker]

You don't need a license from microsoft. The end user can disable secure boot. The end user can install their own keys.

Until that day when the user can't. Even Canonical admitted that this is not just a possibility in the future, but quite likely.

Re:A bit over the top

[metacell]

If Microsoft is defeated in EU courts, it could still help you a little back home, if nothing else by serving as an example.

Re:A bit over the top

[metacell]

So how does having a desktop monopoly facilitate Microsoft's move on ARM?

I'm not so familiar with the facts of the case, so I'm only speaking hypothetically, but Microsoft could use their monopoly on desktop OS:es as leverage when they negotiate with OEM manufacturers, and get them to lock down ARM devices.

Re:A bit over the top

[vux984]

so I'm only speaking hypothetically, but Microsoft could use their monopoly on desktop OS:es as leverage when they negotiate with OEM manufacturers, and get them to lock down ARM devices.

Apple, Samsung, HTC, Motorola, all have locked down bootloaders on devices... clearly you don't need a desktop monopoly for leverage here.

Re:A bit over the top

[vux984]

And in order to gain a monopoly on that new platform, they lock it down there.

How does locking it down gain them a monopoly in a new market?

If people want an android arm device they buy one...
If they want an apple arm device they buy one...

The fact that you can't install ios or android on your arm tablet that came preloaded with windows 8 is hardly going to gain them a monopoly.

None of these companies have a desktop monopoly, hence it doesn't matter what they do.

Microsoft isn't leveraging its monopoly at all though. If they told OEMs they could only sell Windows 8 ARM devices if they wanted to sell windows 8 desktops -that- would be an example of leveraging their marketshare.

Requiring that windows 8 arm 'appliance' devices be locked down, the same as most any other arm appliance device is not an abuse of monopoly.
 

Re:A bit over the top

[metacell]

It increases the cost of business for Canonical/RedHat to negotiate with all the OEM manufacturers and get them to include their key.

If you're Microsoft and already have deals with all OEM manufacturers, the cost may be negligible, but if you're Canonical/RedHat and your OS comes pre-installed on less than 1% of desktops, it may not be practically possible.

This is true for anyone who wants to enter the market for desktop operating systems and potentially compete with Microsoft. In economical terms, the SecureBoot system raises the barrier of entry for the desktop OS market.

Because of Microsoft's history of anti-competitive behaviour, I'm also worried about what they'll do next. Once they have control over the SecureBoot system, they could work to make it mandatory, citing piracy as reason. They could also pressure the OEM manufacturers, inofficially, to say "no" when a competitor asks them to include their OS keys. They could make it slow and costly for competitors to get new OS versions signed. Smaller Linux versions, without the backing of a corporation, won't be able to afford signing or getting OEM manufacturers to include their keys.

I don't know what'll happen, but having control over SecureBoot seems like too much power to place in the hands of any company.

Then there's the risk that the state will abuse the system once it's in place. SecureBoot controls what OS can be run, and the OS can control what software can be run, using a system of checksums and signing keys. In fact, the technology for that is already in place in Windows Vista onwards, but for the moment, you only get a warning when you try to run an unknown executable. If the state decides to outlaw certain software (such as encryption, hacking tools or P2P file sharing programs), SecureBoot combined with Windows enables them to enforce that law. If that ever happens, it'd be very good for Microsoft, since it severely reduces competition in the OS market, and gives even more power to the company who handles the signing of their competitors' OS:es.

Re:A bit over the top

[justforgetme]

Ok, you see, this exactly is a problem. This isn't a monopoly abuse in the classical sense it just is a move to establish the big enterprise at the cost of the smaller solutions. The thing is Microsoft paves the "way" to signed bootloaders in a way that is very unfriendly to homebrew since software can't (AFAIK) auto install it's certs into the pre boot process. This leaves two options: 1) manual installation of the certs by the end user which isn't very straight forward and could even become impossible 2) pre installation of all available certs by the manufaturer (now guess for how many reasons manufacturers aren't going to auto install keys for all available linux/hurd/bsd distros, yep there are many).
Which leaves independent guys that release some spin of some distro out of the game completely since they do not have the manpower to ring up all manufacturers and `demand` the inclusion of their signatures on the manuf's devices' uefi rom and makes it much more difficult for guys trying to do mobile device gnuxes hanging there not knowing how to actually respond.

So yeah. It hasn't anything to do with monopoly or any other 80s board game. It's just the fat bully pushing around the nerds.

Re:A bit over the top

[ifrag]

auto install keys for all available linux/hurd/bsd distros

Couldn't everyone just leech off the "shim" boot loader that Redhat is going to have? Once you are in Grub I'd think you could boot whatever else you wanted (either that or I don't understand how they are implementing this). Is this somehow going to be made technically impossible by Redhat?

Of course this creates a much unwanted dependency on something which other distributions might not be able to include legally in their builds.

Re:A bit over the top

[jbolden]

That is called restraint-of-trade

No it isn't. To commit restraint of trade you actually have to restrict trade. No judge is going to see a $99 processing fee as restricting trade.

Re:A bit over the top

[Aaden42]

Nope MS won't sign for anything that doesn't maintain chain of trust. If they sign a shim, it's only allowed to chain to a signed bootloader that only chains to *signed* kernels that only load signed kmods. If you try to submit anything for signing to MS that would allow loading unsigned code anywhere along the path, it gets rejected.

Re:A bit over the top

[sjames]

Actually, there's no reason the OS shouldn't be able to turn Secure boot ON using ACPI. There is good reason the OS shouldn't be able to turn it OFF.

Expected

[Daniel_Staal]

I love OpenBSD, and run it on my firewall at home, but anyone who's followed De Raadt over the years has to be 100% expecting this.

Including the over-the-top language.

Re:Expected

[masternerdguy]

So he's pretty much your Richard Stallman?

Re:Expected

[Anubis350]

I'm pretty sure Richard Stallman is *everyone's* Richard Stallman, and one is enough :-p

Re:Expected

I've posted exactly one thing on the OpenBSD mailing list (I forget what... something technical and innocuous anyway) and I've been flamed by Theo De Raadt. I think you could make money selling T-shirts that said, "I've been flamed by The De Raadt". I've got a lot of respect for what he's accomplished, but flaming seems to be his customary mode of interaction.

I've also, on occasion, had the opportunity to interact with RMS via email. He has always been extremely generous with his time, gracious and polite, even when he disagreed with me. The guy takes a lot of heat for having strong views, but he genuinely seems like a really nice guy.

Really, I can't imagine two people who are more different in character.

From the article:

[Fwipp]

Responding to a query from iTWire about what OpenBSD, widely recognised as the most security-conscious UNIX, would be doing to cope with "secure" boot, De Raadt said: "We have no plans. I don't know what we'll do. We'll watch the disaster and hope that someone with enough power sees sense."

Is not wanting to "be the new Microsoft" worth being unprepared for a "disaster?"

Re:From the article:

[socceroos]

Mark my words. Anyone who wants to get in to your SecureBoot enabled device will (read: governments now, crackers later). This is an abuse of monopoly and an attempt to seize more control of the user's device.

Re:From the article:

[lister+king+of+smeg]

for now they require it on X86 and X64 systems but it is locked on arm. but what about windows 9? will it be removed because like the start menu because "so few people were using it".

Re:From the article:

[lister+king+of+smeg]

not really all that far fetched Microsoft would love to be the only os on pc's. they have actively smeared Linux and spread fud, they brought xp back form the dead to keep Linux off of mass marketed net-books, and tried to kill it by proxy with sco, they have accused it of being a cancer and communist, they have likened Linux users to pirates and malicious hackers. they have also baselessly accused Linux of patent infringement. Why would they not try to lock down PC's? and they tried to do the same thing before with palladium.

IIRC - Theo

[Gunfighter]

Isn't Mr. De Raadt known for being a bit... shall we say, "pointed" on these sorts of things?

So what's the plan, Theo?

[Chemisor]

Ok, Theo, let's hear your solution then. I, for one, would really love the ability to secure boot a Linux system, knowing that every component is still exactly as it was when I last checked it and nobody has sneakily installed malware that secretly emails spam to all my friends and my financial details to carding sites. Trusted hardware root and signed executables are good things. So tell us then how we are supposed to get them? You obviously do not believe that we should be using Microsoft's key to sign the bootloader. What should we use? Keep in mind that while you have no difficulty installing your own keys in the BIOS, to a typical user (you know, those poor shmucks who get infected most often) that's deep voodoo. Also keep in mind that while Microsoft has the pull to get its key loaded by default into all the TPM chips manufactured, Ubuntu does not. Neither does BSD.

Re:So what's the plan, Theo?

[ceoyoyo]

The BIOS key comes printed in the manual. As a user, if you install the OS, you have to type that number in. Users who cannot enter numbers from a manual when prompted don't generally install OSes.

Re:So what's the plan, Theo?

[snikulin]

A manual could get lost. What's about printing the key on M/B itself, like they do it with MAC ID? It better be some kind of bar code (RSA-4096 wold be tough to type in). Or (and?) BIOS/EFI could have a dedicated page where it shows the whole key in a hand-help scanner friendly format. But in this case the snapshot could leak to the internets.

Re:So what's the plan, Theo?

[cheesybagel]

How about doing it like SSH? The first time you install something with a new key it tells you "the key *blah* is unknown to the system. Do you want to proceed? yes/no". If you say "yes" it memorizes the key.

This stinks!

[deltaromeo]

This whole Microsoft / Secure Boot situation is outrageous, it should never be allowed to be implemented, linux distro's should not be having to get anything signed by Microsoft. Hopefully some judge someday will see sense and kill it and also force Microsoft to carry positive mentions of other OS's in their advertisements in a similar fashion as the Apple / Samsung tablet ruling.

Re:This stinks!

[SgtChaireBourne]

Not in ARM. While everyone is distracted about the atrociousness of what M$ is trying to pull on the x86 with UEFI, an attempt several order of magnitude worse is being made on ARM. The intent, if M$ is given its way by OEMs, is to prevent 'secure' boot from being disabled. ARM is not some fringe architecture, it is the architecture found on today's (and tomorrow's) tablets and phones.

Like RMS, Theo De Raadt is right when everyone

[RLiegh]

else is wrong.

Sadly, MS has the power to take control of our computers away from us --and with secureboot they're doing exactly that. This is a direct attack on personal computing and the freedoms of the end-user to control the software on their computer.

RMS and Theo De Raadt are both right on this --but neither one of them has the influence needed to avert this attack, so it doesn't matter.

The era of personal, general-purpose computing is over.

Re:Like RMS, Theo De Raadt is right when everyone

[Just+Some+Guy]

"There will be a mechanism to turn off this method of booting on x86 hardware."

What's OpenBSD supposed to do on ARM, where Microsoft has mandated that Secure Boot can't be disabled? From the Microsoft "Windows Hardware Certification Requirements", page 116:

MANDATORY: Enable/Disable Secure Boot. On non-ARM systems, it is required to implement the ability to disable Secure Boot via firmware setup. A physically present user must be allowed to disable Secure Boot via firmware setup without possession of Pkpriv. Programmatic disabling of Secure Boot either during Boot Services or after exiting EFI Boot Services MUST NOT be possible. Disabling Secure MUST NOT be possible on ARM systems.

OpenBSD is on a lot more platforms than just x86.

External intermediate nonce & public key &

[tlambert]

You ship the TPM with a per-TPM public key in it, and a USB dongle with a certificate on it signed with the per-TPM secret key for the per-TPM public key, and then you require the presence of the dongle to intermediate the installation of the OS of your choice onto the machine. You allow installation of other public keys signed with the private key, and you have another public key and separate private key to permit per-device self-signing of whatever code you want, but only on a per-device basis.

Then you have your BIOS/EFI/UEFI/Coreboot/u-boot refuse to do anything other than go into "install mode" if the dongle is inserted so that the dongle will be removed after installation for normal operation so that it can't be abused by malware.

After that, all vendors are responsible for securing their own OS past the point of it being loaded into memory.

1 thing I admire about him

He has courage. You have to admire him for being so forthright, right or wrong. It takes balls to act as he does in today's "politically correct society" (what a bunch of hooey) - which in my opinion, is just being as honest as he can despite profanities and what-not.

I state that, because there's truly only 1 thing I personally respect in debates: When people are shown incorrect with facts versus their points. Undeniable reputably backed hard facts that are on the subject at hand, only.

Otherwise, things like ad hominem attacks are nothing but rubbish crap, period.

Thus, when Mr. DeRaadt's undeniably shown to be full of utter crap on statements he's made (we all make mistakes mind you) and moreso, consistently? Then his detractors have actually made a solid point.

When Mr. DeRaadt hasn't been utterly disproven beyond a doubt on his ideas, despite his "let it all hang out" attitude (which to a degree I respect a great deal for the reasons stated above but admittedly, other times not), he has made HIS point, disproving his detractors.

It's as simple as that.

In other words, what I have noted is that when the media or other groups attack a person on illogical grounds, ala ad hominem attacks? They fear them (and often for quite selfish and often nefarious reasons that aren't for the good of others, only themselves. Just an observation from over 1/2 a century of my life now.)

Losing Influence

[wzinc]

Microsoft is quickly losing influence; I don't think their secure boot stuff is going to be that big of a deal. I would say they have a chance with Windows Server, but 2012 has Metro, so I think they'll be declining on all sides now. They don't seem to care about what people actually want; they just want to push some new thing.

Personally, I never liked Windows, but with Metro even on Server, I'll be seriously pushing Linux at work.

Theo ranting, film at 11

Theo, ranting, is why he got kicked off the NetBSD project. Theo, ranting, is why OpenBSD's drivers for Broadcom chipsets stink. (Look up how the original author tried to resolve the licensing problems of sticking his GPL drivers in an OpenBSD kernel and was ignored, then screamed at by Theo for making the issue public.) Theo, ranting, is why OpenBSD doesn't properly handle booting from software RAID. Theo, ranting, is why the OpenBSD installer works like the UNIX crap I learned to loath back in 1985 and can't store the state of what you've already selected or go back, you just have to start over from scratch. Theo, ranting, is why OpenSSH has no built-in support for chroot cages. Theo, ranting, is why OpenBSD has no virtualization server capability. Theo, ranting, is why OpenSSH still stores both host keys and by default, user private keys in clear text with no expiration, and has no plans to fix this. Theo, ranting, is why the "compatiblity chart" is a list of chipsets that don't match the actual chipsets published by the manufacturer, and usually are from chipsets at least 4 years old.

Theo, ranting, usually means you're doing something right for your actual client base rather than for his ivory tower. There's a reason OpenBSD is used only by fanboys who run it on "hobby" systems and don't get any work done. And yes, I've dealt with the crap for years: I *wrote* the first SunOS ports of SSH-1, SSH-2, and OpenSSH. (Theo's fan club did not write SSH: they ported Tatu's previously GPL work into OpenSSH, and screwed up the license. Surprisingly little of the actual codebase is due to OpenBSD hosted development.)

I don't get it

[future+assassin]

whats to stop manufacturers from not including secure boot in their hardware. No way there isn't a big market for some Chinese manufacturer to jump onto this and have the Linux world use their hardware.

Re:Why I Left OpenBSD

http://www.trollaxor.com/2010/06/why-i-left-openbsd.html
Copy and paste from this retard.

Re:External intermediate nonce & public key &a

Even better, just have a fucking pushbutton on the side of the box.

You want to install your own bootloader? Great, it will try to write its key - and you hit the little button to commit that. A virus sneaks onto your machine? Good luck reaching out of the CPU to toggle a physical contact.

Re:Replace SecureBoot?

[LaughingRadish]

Coreboot requires a lot of work to get ported to a new motherboard. I'm trying to wrap my head around how to build and run it just for QEMU and am not getting very far. Keep in mind that Coreboot just sets up the hardware. You also need a payload to accomplish what the BIOS and/or EFI used to do. There is SeaBIOS that replaces the bios, OpenBIOS that provides a Sun-like OpenFirmware, and FILO which is sort of like LILO or Grub in firmware. An overarching deficiency though, is there is no built-in equivalent of the setup menu. I haven't yet figured out what the equivalent is.

Re: They see me trollin'

[cant_get_a_good_nick]

2) pre installation of all available certs by the manufaturer (now guess for how many reasons manufacturers aren't going to auto install keys for all available linux/HURD/bsd distros, yep there are many).

It will be difficult to boot the Hurd on these machines? Think of the poor 4 people this will inconvenience...