Linus Torvalds Clarifies His Position on Signed Modules

An anonymous reader writes "No one, but no one, in the Linux community likes Microsoft's mandated deployment of the Unified Extensible Firmware Interface (UEFI) Secure Boot option in Windows 8 certified PCs. But, how Linux should handle the fixes required to deal with this problem remains a hot-button issue. Now, as the debate continues hot and heavy, Linus Torvalds, Linux's founder and de facto leader, spells out how he thinks Linux should deal with Secure Boot keys." And it's not in the control of Microsoft: distros should sign only the modules they provide with their key, with user built modules signed by locally generated keys (since, as SSL certification authority break-ins have shown, centralized trust systems are prone to abuse and offer dubious security benefits). Basically, no love for proprietary kernel modules.

Re:Oh, Linus; so adorable when you are angry.

[MurukeshM]

What are you smoking? He just provided guidelines for using keys while running Linux. He didn't say UEFI is evil, he just doesn't want sign off the ability to boot Linux on UEFI+Secure Boot to some big company.

Re:Oh, Linus; so adorable when you are angry.

[Dunbal]

Especially some big company that has already been hacked and had its certificates compromised in the past.

Re:Oh, Linus; so adorable when you are angry.

[AdamWill]

"Sure, MS give lip service to this but there's nothing that guarantees it will be available. Nothing at all."

Yes, there is. I quote http://msdn.microsoft.com/en-US/library/windows/hardware/jj128256, "Windows Hardware Certification Requirements for Client and Server Systems":

"Mandatory. On non-ARM systems, the platform MUST implement the ability for a physically present user to select between two Secure Boot modes in firmware setup: "Custom" and "Standard". Custom Mode allows for more flexibility as specified in the following:

        It shall be possible for a physically present user to use the Custom Mode firmware setup option to modify the contents of the Secure Boot signature databases and the PK. This may be implemented by simply providing the option to clear all Secure Boot databases (PK, KEK, db, dbx), which puts the system into setup mode.

        If the user ends up deleting the PK then, upon exiting the Custom Mode firmware setup, the system is operating in Setup Mode with SecureBoot turned off.

        The firmware setup shall indicate if Secure Boot is turned on, and if it is operated in Standard or Custom Mode. The firmware setup must provide an option to return from Custom to Standard Mode which restores the factory defaults. On an ARM system, it is forbidden to enable Custom Mode. Only Standard Mode may be enabled."

Re:Oh, Linus; so adorable when you are angry.

[Goaway]

act like his wants and opinions are more important than anyone else's.

Actually, when it comes to the Linux kernel, his opinions are more important than anyone else's, because he has final say on it.

If Linus doesn't like the Intel/MS control over UEFI then let him conjure up a viable alternative and get it to market.

Like he does in the linked article?

Re:Oh, Linus; so adorable when you are angry.

[Chrisq]

... he just doesn't want sign off the ability to boot Linux on UEFI+Secure Boot to some big company.

But I'll be you he would love to have control of it himself.

No: From TFA:

Torvalds concluded, "It really shouldn't be about Microsoft blessings, it should be about the *user* blessing kernel modules. Quite frankly, *you* are what the key-hating crazies were afraid of. You peddle the "control, not security" crap-ware. The whole "Microsoft owns your machine" is *exactly* the wrong way to use keys.

He goes on to give details of how this would work (each distro has a key and users have to explicitly grant permission to install non-distro apps)