Slashdot Mirror

← Back to Stories (view on slashdot.org)

Linus Torvalds Explodes at Red Hat Developer

Posted by samzenpus on from the can't-we-all-just-get-along? dept.

sfcrazy writes "Quite a lot of people raised their eyebrows the way ex-Red Hat developer Matthew Garrett made Microsoft the 'universal' control of any desktops PCs running with UEFI secure boot. Though the intentions of Garrett were clear — to enable GNU/Linux to be able to run Linux on Windows 8 certified PCs with secure boot; it was clearly putting Microsoft in a very powerful position. Linus, while a supporter of secure boot, exploded at Garrett and Howells when they proposed its inclusion in the kernel. Linus responded: 'Guys, this is not a d*#@-sucking contest. If you want to parse PE binaries, go right ahead. If Red Hat wants to deep-throat Microsoft, that's *your* issue. That has nothing what-so-ever to do with the kernel I maintain. It's trivial for you guys to have a signing machine that parses the PE binary, verifies the signatures, and signs the resulting keys with your own key. You already wrote the code, for chissake, it's in that f*cking pull request.'" Update: 02/25 17:24 GMT by U L : The headline/article are misleading, since mjg seems to agree that the patch is a bit complicated : "(I mean, *I'm* fine with the idea that they're *@#$ing idiots and deserve to be miserable, but apparently there's people who think this is a vital part of a business model)". The issue at hand is a set of patches to load and store keys inside of a UEFI PE binary which is then passed to the kernel, which then extracts the keys from the binary. It's absurd, it's messy, and it's only needed because Microsoft will only sign PE binaries so not supporting it makes restricted boot even more difficult to support.

9 of 786 comments (clear)

  1. Re:Linus Torvalds is his own worst enemy by ledow · · Score: 5, Informative

    Given that Linux is running on everything from my phone to my sat-nav to (some of) my clients to (some of) my servers and just about every oddball bit of embedded hardware in my entire workplace, I don't think Linux is suffering much.

    And what he's basically doing is telling MS, and MS sycophants, that he doesn't want an OS where MS has to "sign off" on any changes in the bootloaders, etc. to make sure they are "secure". It's like being told that all pensions in the world now have to be signed off by Robert Maxwell, who can revoke your ability to use yours (even if you're nothing to do with him) on a whim.

    The day MS lets in a bit of code into their OS that lets Linus turn off any and all Windows machines he wants - whether on a whim or for a good reason - and that they have to run past him every time they want a change made, that's the day I'll let someone put MS-signed junk into a Linux kernel that I use.

  2. Re:Linus Torvalds is his own worst enemy by Anonymous Coward · · Score: 5, Informative

    I dunno... If you read the entire conversation in context it's not that bad and seems more like a slight fist shaking rather than explosion.

  3. Where should we start? by betterunixthanunix · · Score: 5, Informative

    The high-level view is this: Microsoft wants to ensure that nobody can run unapproved software on their home computers. As a first step toward this nightmare, they bullied computer makers into shipping a bootloader signature system that could potentially prevent people from running GNU/Linux. Red Hat, a multibillion dollar GNU/Linux distributor, decided to play along and got a special signing key from Microsoft. Linus apparently does not want to play along (and I commend him for it).

    --
    Palm trees and 8
  4. Context is everything by Anonymous Coward · · Score: 5, Informative

    As Cardinal Richeleiu is reputed to have said:

    Give me six lines written by the most honest of men, and I will find something to hang him.

    Take it out of context and give it an inflamatory introduction and it looks like an explosion.
    Read the exchange in the original context and it reads like just another frank exchange on the LKML.

  5. Re:so uh... by swilver · · Score: 5, Informative

    No, he moved to America.

  6. Re:Can any one help... by mehemiah · · Score: 5, Informative

    First of all, its not just ideological that he doesn't want such specific code in the Linux kernel. For the same reason he doesn't want to put tools/kvm in the kernel, its not germane to BEING A KERNEL so its NOT going into the kernel! read the mail yourself. Its like a government program, in that its likely to live forever, however, Linus wants Linux to outlast Microsoft AND RedHat and that code will become vestigial as soon as microsoft moves on to some other way to control hardware vendors. On the other hand, do servers need secure boot? NO, do tablets need secure boot? NO. So this is Linus admonishing developers for even SUGGESTING to include such a corner case in the code of the linux kernel.

  7. Re:Linus Torvalds is his own worst enemy by Junta · · Score: 5, Informative

    While others have already said 'this specific bit *IS* Microsoft's', I'll also say that UEFI is largely designed around MS conventions and requirements, just like BIOS specs were in the 1980s.

    UEFI interfaces are defined in terms of Microsoft calling conventions and using a binary format defined by Microsoft. The behavior of the system clock is defined in terms of MS expectation of local timezone instead of GMT. All of these things are areas where MS has explicitly deviated from everyone else in the industry, and UEFI happens to follow MS on every last single deviation that presents itself.

    At the core of UEFI, it's genesis was Intel trying to push an incompatible architecture (Itanium) and working closely with MS to assure there would be 'a' Windows running on it which was perceived to be the sole requirement to make the industry dump x86, even if it couldn't run x86 compiled applications. Thinks have evolved from there, but that relationship still defines most of what UEFI continues to be.

    --
    XML is like violence. If it doesn't solve the problem, use more.
  8. Re:Hit his Stallman Point by Junta · · Score: 5, Informative

    Actually, his criticisms aren't about personal computing freedom and secureboot. His criticism is that crafting a PE executable for the express purposes of containing certificate data is utterly asinine. The correct response would be for MS to accomodate signing data in the more usual ways. I suspect a proposol to wrap the x509 data with a dummy ELF file would be met with similar rejection. The difference being no one would propose such a dumbass approach so we'd never find out, it's only thanks to MS dickishness that such a workaround would even be proposed.

    --
    XML is like violence. If it doesn't solve the problem, use more.
  9. Re:Linus Torvalds is his own worst enemy by mabhatter654 · · Score: 5, Informative

    This isn't "ideological bs" any more. In order to BOOT AND RUN Linux on newer Hardware "sold for Windows 8" you must have a signed bios loader. Red Hat COULD have petitioned for their OWN code to be used, but instead "rent" a key from Microsoft.

    Pnce the old stock flushes, We are just a few month away from EVERY MOTHERBOARD SOLD to require Microsoft's PERMISSION to boot another OS. Not just Dells or HPs pre-configured, but companies are now pushed to sell only "Windows Motherboards" whether you decide to buy Windows or not!

    Even APPLE hardware isn't locked down THAT tightly. We've already had cases where the ol' "API works for Windows" bit not the signed Microsoft alternate-OS key... Out of Samsung notebooks.

    We are back to 1999 and using obscure bugs in the "open" hardware to lock Alternate OSes out of the hardware market... For good. Hope you like Rasperry Pi because niche, custom hardware is the only stuff that will FREELY run Linux from this point on.