Linus Torvalds Clarifies His Position on Signed Modules

An anonymous reader writes "No one, but no one, in the Linux community likes Microsoft's mandated deployment of the Unified Extensible Firmware Interface (UEFI) Secure Boot option in Windows 8 certified PCs. But, how Linux should handle the fixes required to deal with this problem remains a hot-button issue. Now, as the debate continues hot and heavy, Linus Torvalds, Linux's founder and de facto leader, spells out how he thinks Linux should deal with Secure Boot keys." And it's not in the control of Microsoft: distros should sign only the modules they provide with their key, with user built modules signed by locally generated keys (since, as SSL certification authority break-ins have shown, centralized trust systems are prone to abuse and offer dubious security benefits). Basically, no love for proprietary kernel modules.

Oh, Linus; so adorable when you are angry.

I like how Linus (and a lot of the more security paranoid amongst us) have been talking about securing the boot chain for a few decades now, but now that it appears that they've finally won the day and convinced the wider world to get this going it's suddenly TEH EVIL and NOT FREE.

Sorry, dudes, Secure Boot is actually a pretty nice technology, you can load keys of your choice, and you know what? You probably weren't going to buy a surface RT anyway.

Re:Oh, Linus; so adorable when you are angry.

[MurukeshM]

What are you smoking? He just provided guidelines for using keys while running Linux. He didn't say UEFI is evil, he just doesn't want sign off the ability to boot Linux on UEFI+Secure Boot to some big company.

Re:Oh, Linus; so adorable when you are angry.

... he just doesn't want sign off the ability to boot Linux on UEFI+Secure Boot to some big company.

But I'll be you he would love to have control of it himself. He's done a lot of good for computing in general, but his ego and attitudes often eclipses his accomplishments.

Re:Oh, Linus; so adorable when you are angry.

Nice try, Ballmer.

Re:Oh, Linus; so adorable when you are angry.

[fustakrakich]

You're confusing him with Assange

Re:Oh, Linus; so adorable when you are angry.

[ledow]

"you can load keys of your choice"

I think this is the biggest, and most complained about, assumption in all the debacle. If it was true, the Microsoft key issue wouldn't exist (we'd just have a "Linus key" and that would be the end of it).

Sure, MS give lip service to this but there's nothing that guarantees it will be available. Nothing at all. You can turn Secure Boot off, but then you've had BIOS engineers working on a feature that you then turn off because it doesn't work as you need it to.

But nothing guarantees that every user will ever be able to add a key to their own machines, nor that machines would ever come supplied in a way that would ever suggest that's what needed.

Having just fixed a 2012-issue BIOS bug a few months ago, and it being pretty much par for the course with even the larger consumer manufacturers to have such bugs, I don't trust that a BIOS option to enter a key I trust will be present in machines before I've bought them.

The bug I reported (and had to get a custom BIOS patch for)? A whole series of laptop machines from my normal supplier, using big-name BIOS's, motherboards, and other components (and Windows 7 stickers on them!), would refuse to boot if a certain offset on the selected bootable partition on the first disk was not zero.

That offset is actually always zero on a plain Windows NTFS drive. On Linux, or any other filesystem, it is not. On any encrypted system - even with an NTFS partition - (we discovered the problem using Truecrypt), it was not.

You could not fake partitions and juggle them around - whatever the bootable partition was was checked, no matter what the filesystem signature on it. God knows what happens if you use GPT and equivalents. Even chain-loading from partitions was next-to-impossible to set up with booting into an encrypted Windows setup (you would have to boot from an unencrypted NTFS partition into an encrypted one somehow and even playing games with syslinux etc. it was too difficult to even demonstrate a single working example, let alone deploy company-wide) .

Any non-zero byte in that position on the disk, which could be verified with a hex-editor on a blank disk, rendered the machine unbootable. Black screen, no boot options, no truecrypt loader, it just stopped. Zero the byte and it would happily boot again.

Yes, it's stupid and it SHOULD NOT HAPPEN. But only our threat of sending many thousands of pounds worth of laptops back because they did not fulfill the stated purpose actually prompted the reseller to nudge the manufacturer to nudge the board supplier, to nudge the BIOS supplier, to hack up a dirty patch to their BIOS labelled with all sorts of beta /not for distribution / etc. warnings. And even that, it was a close run thing because the reseller was ready to just say "not our problem, it runs Windows which we supplied with it" at any second and only the threat of a lot of future business prompted any sort of action from them.

UEFI just puts an unnecessary burden of responsibility onto BIOS manufacturers and Microsoft. And the vast majority of BIOS manufacturers (even AMI, Pegasus, etc.) are inherently bad and aim at making machines that boot only Windows and then walk away saying "not my problem". Try finding a machine with valid ACPI tables, the problem has actually got WORSE since ACPI become commonplace and in every machine.

Samsung only the other week had a problem where a BIOS issue can cause a complete machine bricking no matter what the OS, but Windows triggers it less because it doesn't do certain things that are perfectly reasonable to do by the standards.

Nobody *cares* what *SHOULD* work. They care what could *NOT* work. And relying on your BIOS manufacturer to be able to boot Linux successfully is, historically, one of the most contentious areas of computer manufacture ever.

Re:Oh, Linus; so adorable when you are angry.

[Dunbal]

Especially some big company that has already been hacked and had its certificates compromised in the past.

Re:Oh, Linus; so adorable when you are angry.

[AdamWill]

"Sure, MS give lip service to this but there's nothing that guarantees it will be available. Nothing at all."

Yes, there is. I quote http://msdn.microsoft.com/en-US/library/windows/hardware/jj128256, "Windows Hardware Certification Requirements for Client and Server Systems":

"Mandatory. On non-ARM systems, the platform MUST implement the ability for a physically present user to select between two Secure Boot modes in firmware setup: "Custom" and "Standard". Custom Mode allows for more flexibility as specified in the following:

        It shall be possible for a physically present user to use the Custom Mode firmware setup option to modify the contents of the Secure Boot signature databases and the PK. This may be implemented by simply providing the option to clear all Secure Boot databases (PK, KEK, db, dbx), which puts the system into setup mode.

        If the user ends up deleting the PK then, upon exiting the Custom Mode firmware setup, the system is operating in Setup Mode with SecureBoot turned off.

        The firmware setup shall indicate if Secure Boot is turned on, and if it is operated in Standard or Custom Mode. The firmware setup must provide an option to return from Custom to Standard Mode which restores the factory defaults. On an ARM system, it is forbidden to enable Custom Mode. Only Standard Mode may be enabled."

Re:Oh, Linus; so adorable when you are angry.

[smpoole7]

It's important to note, though, that Linus isn't saying this just because "Itz Micro$OFT OMG run!11!!" Another nice quote from Linus:

"Encourage things like per-host random keys--with the stupid UEFI checks disabled entirely if required. They are almost certainly going to be *more* secure than depending on some crazy root of trust based on a big company, with key signing authorities that trust anybody with a credit card. Try to teach people about things like that instead."

Like I said elsewhere, Linus can be a big, furry anus, but all he cares about is his baby: the Linux kernel, keeping it free, and giving maximum freedom to the *USER*. I like that.

Re:Oh, Linus; so adorable when you are angry.

you can load keys of your choice

That's actually what Linus is arguing FOR.

It's the people trying to hand the whole thing over to Microsoft he's yelling at.

Re:Oh, Linus; so adorable when you are angry.

[fnj]

Except Microslop could change what passes for their mind tomorrow and there would be no recourse.

Re:Oh, Linus; so adorable when you are angry.

The problem is that giving freedom to uneducated user is the worst security practice.

Re:Oh, Linus; so adorable when you are angry.

[jareth-0205]

So what have you, oh AC, accomplished then that gives you the ability to judge his ego? His being the leading figure in one of the largest distributed projects in human history not enough for you?

Re:Oh, Linus; so adorable when you are angry.

Different AC here. You don't need any special talents to be able to identify an egomaniac, especially one who acts like Torvalds. Taking Linux to where it is today does not give him, or anyone, carte blanche to act like his wants and opinions are more important than anyone else's.

If Linus doesn't like the Intel/MS control over UEFI then let him conjure up a viable alternative and get it to market. Complaining that those who created a technology have final word over how it is implemented is fruitless, just as complaining that Torvalds holds final control over Linux is a waste of time.

Re:Oh, Linus; so adorable when you are angry.

[serviscope_minor]

but Windows triggers it less because it doesn't do certain things that are perfectly reasonable to do by the standards.

I do love how someone effectively wrote a "brickme.exe" for windows to prove this point. That shows some real dedication. I wonder how many times he tested it.

Re:Oh, Linus; so adorable when you are angry.

Well except some massive anti-trust lawsuits all over the world.

Re:Oh, Linus; so adorable when you are angry.

[Dorkmaster+Flek]

Also, let's not forget the "non-ARM systems" part. The fact that they're locking down anything sours me on the whole secure boot BS.

Re:Oh, Linus; so adorable when you are angry.

[Goaway]

act like his wants and opinions are more important than anyone else's.

Actually, when it comes to the Linux kernel, his opinions are more important than anyone else's, because he has final say on it.

If Linus doesn't like the Intel/MS control over UEFI then let him conjure up a viable alternative and get it to market.

Like he does in the linked article?

Re:Oh, Linus; so adorable when you are angry.

Except that's not a rational argument, it's baseless paranoia.

Re:Oh, Linus; so adorable when you are angry.

[recoiledsnake]

I think this is the biggest, and most complained about, assumption in all the debacle. If it was true, the Microsoft key issue wouldn't exist (we'd just have a "Linus key" and that would be the end of it).

Sure, MS give lip service to this but there's nothing that guarantees it will be available. Nothing at all. You can turn Secure Boot off, but then you've had BIOS engineers working on a feature that you then turn off because it doesn't work as you need it to.

Sorry but that's just wrong.
Here's how you add your own keys(and remove Microsoft's if you want):
http://blog.hansenpartnership.com/owning-your-windows-8-uefi-platform/

Owning your Windows 8 UEFI Platform
Posted on 15 February 2013 by jejb

Even if you only ever plan to run Windows or stock distributions of Linux that already have secure boot support, I’d encourage everybody who has a new UEFI secure boot platform to take ownership of it. The way you do this is by installing your own Platform Key. Once you have done this, you can use key database maintenance tools like keytool to edit all the keys on the Platform and move the platform programmatically from Setup Mode to User Mode and back again. This blog post describes how you go about doing this.
First Save the Variables

The first thing to do is to install and run KeyTool either directly (the platform must have secure boot turned off, because keytool is unsigned) or via the mini USB image and save all the current secure variable keys (select the ‘Save Keys’ option from the top level menu). This will save the contents of each variable as a single esl (EFI Signature List) file, so you should end up with three files: PK.esl, KEK.esl and db.esl. These files can later be used to restore the contents if something goes wrong in the updates (and because some platforms put you into setup mode by erasing the contents of all the secure variables), so save them in a safe place.
Use the UEFI Menus to remove the Platform Key

This is the step that it’s impossible to be precise about. Every UEFI platform seems to be different in how you do this. The Linux Foundation hosts a web page collecting the information but so far it only has the Intel Tunnel Mountain system on it, but if you work it out for your platform, leave me a comment describing what you did and I’ll add it to the LF page.

The most common way to get a UEFI system to display the UEFI menus is to press ESC as it boots up.
Create your own Platform Key

If you rpm installed efitools, it will automatically have created a Platform Key for you in /usr/share/efitools/keys, plus all of the PK.auth and noPK.auth files.

A platform key may be self signed, but doesn’t have to be (I’m using one signed with my root certificate). However, assuming you want to create a self-signed platform key manually, here are the steps: The standard command for doing this with openssl is

openssl req -new -x509 -newkey rsa:2048 -subj “/CN=/” -keyout PK.key -out PK.crt -days 3650 -nodes -sha256

None of the parameters for the key (Like the Common Name) matters, so you can replace with anything you like (mine says ‘James Bottomley Platform Key 2013) you can also add other X509 well known objects like your address. Once you have the two files PK.crt and PK.key, you need to save them in a safe location (PK.key is the one to guard since it’s your private key).

Next, create an EFI Signature List file with the public key in (this and the next steps require that you have either installed the efitools rpm or compiled the unix commands from efitools.git and installed them on your system)

cert-to-efi-sig-list -g PK.crt PK.esl

where is any random GUID you choose. You also need to create an empty noPK.esl file which can be used to remove the platform key again

> noPK.esl

Re:Oh, Linus; so adorable when you are angry.

[bbelt16ag]

You are talking about advanced linux users. Not grandma or the little boy with gum in their hair. They know how to build a kernel and setup grub. If they don't they should learn.

Re:Oh, Linus; so adorable when you are angry.

[fredprado]

It is still far preferable than giving control to anyone else.

Re:Oh, Linus; so adorable when you are angry.

[fredprado]

His opinions regarding Linux are more important than anyone else's. I know you don't like it but that does not make it less true. And the best way to deal with UEFI is to disable it. Simple as that.

Re:Oh, Linus; so adorable when you are angry.

[Chrisq]

... he just doesn't want sign off the ability to boot Linux on UEFI+Secure Boot to some big company.

But I'll be you he would love to have control of it himself.

No: From TFA:

Torvalds concluded, "It really shouldn't be about Microsoft blessings, it should be about the *user* blessing kernel modules. Quite frankly, *you* are what the key-hating crazies were afraid of. You peddle the "control, not security" crap-ware. The whole "Microsoft owns your machine" is *exactly* the wrong way to use keys.

He goes on to give details of how this would work (each distro has a key and users have to explicitly grant permission to install non-distro apps)

Re:Oh, Linus; so adorable when you are angry.

Have you met most Linux users lately? They know how to copy and paste crap from the Ubuntu forums. They had problems of their own doing in Windows, blamed "M$" and now use Linux.

Re:Oh, Linus; so adorable when you are angry.

That IS the lip service. Some laptops have shipped without instructions on how to get to the bios screen. They are technically compliant according to what you wrote.

Re:Oh, Linus; so adorable when you are angry.

How's the weather in Redmond, Mr. Ballmer? You think Linus is ranting? That's no rant, THIS is a rant (Crocodile Dundee style). We see what you're doing, you evil bastards. You know how much everyone outside your campus hates W8, and I see your fear -- that people will en-masse will buy a computer, turn it on, say "WTF??" and start looking for an alternate OS. When word spreads that Windows has lacked features compared to all other OSes for a decade now, OEMs might stop paying the "microsoft tax". My experience with Windows (I've had Windows computers since about 1996, DOS before that) hasn't been a good one. W7 seemed to change that.

It seemed to be an OK OS, despite its shortcomings. It seemed far more stable and secure than previous versions of Windows, and the notebook it came on had pretty snappy performance. I bought two more of them for my grown daughters as Christmas presents a year ago; I'd had mine for a year. Despite my grumbling about Reboot Tuesday, I didn't install Linux on it, unlike my XP tower.

I absolutely hate rebooting a Windows computer. Ironically, I don't mind a Linux reboot but you only have to reboot a Linux computer if you want to update the kernel. I've had the Linux computer running for months at a time, and only shut it off when I want to save electricity. When I do power it down to install a new piece of hardware or upgrade the memory, when I power it back up, I don't need to enter the password or reopen all my files; the OS does that for me. Without touching anything but the power switch it's as if it had never been shut down.

I discovered last week why you people demand monthly reboots -- your OS is still an unstable pile of shit. My daughter's notebook started getting sluggish, then she said the firewall refused to start and she feared a virus. My other daughter suggested to her that she wipe and reinstall Windows. Bad move! The battery ran down during the reinstall and it hibernated, now it's completely bricked. When power it up it says "Windows is starting services" (I'm thinking funeral services) and does nothing else after coming out of hibernation. Pressing the space bar to start it normally gives you the option, then goes right back to "starting services". F2 won't bring up the BIOS and the Linux installation thumb drive isn't recognized. Thanks, Microsoft, for being so god damned incompetent that you have an unbreakable infinite loop. Jesus, what moron wrote that shitty code??? A first year programming student knows better!

And, my notebook started getting flaky, not knowing whether or not it was hibernating, with the screen blacking out and the lights not going off and refusing to recognize the power button. When it flickered on for a minute I managed to shut it down. I feared a hardware failure. But after booting it back up, it was fine!

Stable, my ass. kubuntu is going on it this weekend. Note to OEMs who make laptops and tablets: if your wares have "secure" (lol) boot, you won't be getting my nerdy money.

And you, Mister Ballmer, can fucking go to hell. Actually, I'm sure you will, you evil man.

(mcgrew here, sorry I can't log in on this machine. Love that capcha... subdue)

Re:Oh, Linus; so adorable when you are angry.

But why is it okay to deny users of ARM systems the freedom we've all taken for granted lo these many years?

Re:Oh, Linus; so adorable when you are angry.

[AdamWill]

Everyone locks down ARM. It sucks when Microsoft does it, but no more than when Google does it (you can't boot whatever you like on ARM Chromebooks), or Samsung, or Apple, or...

If you want to run Linux on an ARM machine, don't buy one with Windows on it, sure.

Re:Oh, Linus; so adorable when you are angry.

[AdamWill]

Hardware ships with terrible firmware! Film at 11!

It is my previously stated opinion that the firmware engineers' union lists 'deep familiarity with a crack pipe' as a minimum baseline requirement for joining, so this shouldn't really _surprise_ anyone. Secure Boot sucks insofar as it's another firmware mechanism for the firmware engineers to fuck up, but it's not like we're _short_ of those.

Re:Oh, Linus; so adorable when you are angry.

That is marginally accurate of an Ubuntu user, but the other distros are still popular and have only been gaining users since Shuttleworth started sodomizing his userbase.

Re:Oh, Linus; so adorable when you are angry.

[ledow]

Now read what you wrote.

"It shall be possible for a physically present user to use the Custom Mode firmware setup option to modify the contents of the Secure Boot signature databases and the PK. *****This may be implemented by simply providing the option to clear all Secure Boot databases (PK, KEK, db, dbx), which puts the system into setup mode.******"

So the minimum requirement is that you can delete all the keys.

"If the user ends up deleting the PK then, upon exiting the Custom Mode firmware setup, the system is operating in Setup Mode with SecureBoot turned off."

So when you delete the keys, SecureBoot is turned off.

There's also an option to always put the Microsoft key back in place. But that's it. At no point does it guarantee that you can enter an arbitrary key and keep secure mode on. Which is basically what I said.

And "possible" can be provided by means of, say, a supplied disk available at extra cost from the manufacturer that has to be inserted for such action to be taken at all.

Lip service.

Re:Oh, Linus; so adorable when you are angry.

[drinkypoo]

"Sure, MS give lip service to this but there's nothing that guarantees it will be available. Nothing at all."

Yes, there is. I quote http://msdn.microsoft.com/en-US/library/windows/hardware/jj128256, "Windows Hardware Certification Requirements for Client and Server Systems":

Now please inform us as to under which conditions windows hardware certification may be revoked.

Re:Oh, Linus; so adorable when you are angry.

[jbolden]

I'd say end users who are at a minimum configuring and compiling their own kernel modules are rather educated.

Re:Oh, Linus; so adorable when you are angry.

[Electricity+Likes+Me]

That is marginally accurate of an Ubuntu user, but the other distros are still popular and have only been gaining users since Shuttleworth started sodomizing his userbase.

Also it misses the point entirely. Distro maintainers should decide how and why UEFI is used. It shouldn't be baked into the Linux kernel, and if you want to build your own kernel, then it's something you should decide yourself.

Re:Oh, Linus; so adorable when you are angry.

[ozmanjusri]

you can't boot whatever you like on ARM Chromebooks),

Yes you can.

Re:Oh, Linus; so adorable when you are angry.

[ozmanjusri]

Given the evidence of history, it's simple common sense.

Re:Oh, Linus; so adorable when you are angry.

[Sloppy]

It's like democracy. It sucks but is better than everything else.

And if a user 1) lacks the technophilia to be the right person to do it, and 2) lacks the wisdom to defer to another party of their choosing (e.g. a distribution maintainer), then they are a lost cause anyway. There is no solution that is ever going to make their machine secure.

The neat thing about Free OSes is that there are many ways to approach #2, whereas proprietary OSes these days, insist that you must defer to someone (there is no option #1) and may not choose to whom you will defer.

If you happen to think that The One Party to whom you must defer, is unusually trustworthy and competent, then it seems fine. People who look at track records, though, will question the choice, and eventually it always leads to "of course they make it so that you have to trust them; if the choice were left to the computer's owner, they would never choose that company again."

Maybe it's all ancient history to you, but to me, these are the people who thought ActiveX ought to be in web browsers. These are the people who thought an OS should ship such that, by default, it loads and executes code from a CDROM when you insert it. These are the people who still (AFAIK, maybe I'm starting to get out of date) use file names (extensions) instead of permissions, to determine if a file is executable. These are the people who (again, AFAIK, maybe my prejudice is showing) basically invented the idea of a full-fledged programming language engine being in spreadsheets and word processors, which will load and run the code in a document when you load the document. Etc, etc, etc.

I would say that this one company, more than any other that we've ever heard of, has the least credibility if they ever say uneducated users shouldn't be in charge of security. Even an uneducated user isn't likely to make worse choices than Microsoft has. And now they want to be The One global root CA for all code, even outside their own OS. I would say that'd be the funniest thing ever, but then I heard something even more hilarious: some people are taking their proposal seriously.

Re:Oh, Linus; so adorable when you are angry.

[BitZtream]

So it isn't secure boot or Microsoft that actually prevents Linux from booting on these machines, its Linus and you guys that do it to yourself.

You realize no one else in the world outside the Linux community is going to feel any sympathy for you right? You're just making yourselves look selfish and self important.

Re:Oh, Linus; so adorable when you are angry.

[1gig]

... he just doesn't want sign off the ability to boot Linux on UEFI+Secure Boot to some big company.

But I'll be you he would love to have control of it himself. He's done a lot of good for computing in general, but his ego and attitudes often eclipses his accomplishments.

No he does not want control of this or any thing on the users machine. That is his whole point. He wants the user to be in control not some 3rd party.

Re:Oh, Linus; so adorable when you are angry.

Notice what it says at the very top of that document:

Change history for Windows Hardware Certification Requirements for Windows 8 Client and Server Certified Systems:

(emphasis mine)

Those requirements are not set in stone, they can and will change over time and you have not really presented a valid reason why anyone should assume the parts you pointed out are not up for review *all the time*. Need we remind you what company we are talking about here? Please spare me any claims about turning over a new leaf, for example they are still claming Linux violates their patents without releasing any patent ID's so we can check them. History has repeatedly shown that anyone who "partners" with Microsoft (IBM, SGI, Nokia, the Mono project, etc etc etc) either fails miserably or gets stabbed in the back.

Re:Oh, Linus; so adorable when you are angry.

An argument that obtuse could only have come from a marketing team. Are you Burson Marsteller or Waggener Edstrom?

Re:Oh, Linus; so adorable when you are angry.

[AdamWill]

Sorry, you're right. I had somehow got the idea that dev mode wasn't available on the Samsung, but it is.

Chrome OS dev mode is more restrictive than MS' x86 Secure Boot requirements - see http://mjg59.dreamwidth.org/22465.html - but it is indeed less restrictive than MS's *ARM* SB requirements. So indeed an ARM Chromebook is relatively a better choice than an ARM Windows RT device.

Re:Oh, Linus; so adorable when you are angry.

[benjymouse]

So the minimum requirement is that you can delete all the keys.

Wrong. There is no requirement that you *explicitly* can enter UEFI Setup Mode. The system vendor MAY allow such an explicit option, but the MINIMUM requirement is that he MUST allow Setup Mode to be entered by deleting all keys.

Read what you quoted again, please:
1) It SHALL be possible for a physically present user to use the Custom Mode firmware setup option to modify the contents of the Secure Boot signature databases and the PK.
2) This MAY be implemented by simply providing the option to clear all Secure Boot databases (PK, KEK, db, dbx), WHICH puts the system into setup mode.

So the owner of the system can ALWAYS enter setup mode. He may have some direct way to do that, but he can ALWAYS delete the key databases, which will cause the system to go into UEFI Setup Mode.

"If the user ends up deleting the PK then, upon exiting the Custom Mode firmware setup, the system is operating in Setup Mode with SecureBoot turned off."

So when you delete the keys, SecureBoot is turned off.

Correction: When you delete the keys the system enters Setup Mode. If you choose to exit the automatically invoked setup mode WITHOUT entering a new platform key, THEN secure boot is turned off. Which makes perfect sense as there are now no keys in the firmware which could validate anything.

There's also an option to always put the Microsoft key back in place. But that's it.

No, you can enter ANY key into the Platform Key database. From http://lwn.net/Articles/447381/ : "Before a PK is loaded into the firmware, UEFI is considered to be in "setup" mode, which allows anyone to write a PK to the firmware. Writing the PK switches the firmware into "user" mode. Once in user mode, PKs and KEKs can only be written if they are signed using the private portion of the PK, though KEKs can be freely written during setup mode. Essentially, the PK is meant to authenticate the platform "owner", while the KEKs are used to authenticate other components, like operating systems."

At no point does it guarantee that you can enter an arbitrary key and keep secure mode on.

And you are wrong. The PK (Platform Key) is the "owner" key. You can enter your own key if you like.

Which is basically what I said.

But you were mistaken.

And "possible" can be provided by means of, say, a supplied disk available at extra cost from the manufacturer that has to be inserted for such action to be taken at all.

Lip service.

So, basically you are spreading FUD: *Fear* that it may incur extra costs, *uncertainty* because you choose to disregard facts and present your own speculation and conjecture as facts, and finally *doubt* as to the "real" intentions behind secure boot.

Re:Oh, Linus; so adorable when you are angry.

[jbolden]

I think you are missing a layer here.

BIOS contains a key signing authority which signs keys which allows an OS to load.
The Microsoft key exists as an authority. There will probably be some fixed number of signing authorities.
In theory distributions could just pay a nominal fee (about $80 from Microsoft for example) per kernel and get signed.

RedHat decided that was a bad idea since they still wanted to support roll your own kernels without end users paying $80 per kernel and so they invented the shim system. BIOS don't boot Linux they just, if enabled, check that a simple math operation. What works for Microsoft kernels as they release service packs and patches should work equally well for Linux. If BIOS manufacturers are blowing the one, they are most likely blowing the other..

Re:Oh, Linus; so adorable when you are angry.

[jbolden]

They probably aren't going to be the only signing authority on most machines. For example if you were to buy a Samsung laptop, Samsung might decide to have their own master key. I'd assume China is going to want their own master keys. I'd assume for the EU there is going to be someone other than Microsoft, say Unisys.

Re:Oh, Linus; so adorable when you are angry.

[jbolden]

ARM hardware often has different financial models. It certainly has different cultures. I don't think we should think of them as a unit. You can support or oppose more open ARM entirely separately from the x86 discussion.

Re:Oh, Linus; so adorable when you are angry.

[jbolden]

Pick up the phone and ask the manufacturer. That's rather classic, what support is for.

Re:Oh, Linus; so adorable when you are angry.

"Itz Micro$OFT OMG run!11!!"
Anyone who worked with Windows and/or Linux in the past decade or so, will have that reaction. After so many years, it's a reflex. I'm not talking about Windows itself, but the entire ecosystem, the Microsoft Zoo.

This whole UEFI issue, from another company, it would be just another idea, good or bad, it would be implemented properly over time, or quickly killed. Coming from Microsoft, it's hard to tell if they really want to lock in the customers or just to make life hard for Linux users.

Re:Oh, Linus; so adorable when you are angry.

news at 11, children and morons install malware and then brick a machine during the warning of 'don't turn the power off'.

Re:Oh, Linus; so adorable when you are angry.

[jbolden]

Calm down. First off that's not Microsoft. They didn't write your BIOS. Second, the BIOS loads before the operating system so there is no way to "brick" a system like that. Just call the manufacturer and find out what the correct key is to get in.

Re:Oh, Linus; so adorable when you are angry.

and what have you achieved to judge besides scratching your fat ass in your mom's basement?

Re:Oh, Linus; so adorable when you are angry.

[swillden]

act like his wants and opinions are more important than anyone else's.

Actually, when it comes to the Linux kernel, his opinions are more important than anyone else's, because he has final say on it.

True, but it's worth considering why it is that he has the final say. Sure, it was his baby originally, but 20 years later, Linux is an asset worth billions to many big companies with deep pockets and lots of top-notch engineers -- and it's GPLd. If, say, IBM wanted to they could fork the kernel and push their fork farther and faster, make it better-tested, more featureful and more reliable than Linus' fork. They could adopt better policies that would make contributors happier, and Linus would quickly fade into irrelevancy.

Or could they?

The fact is that Linus is still in charge of the 800-pound gorilla that Linux has become for one simple reason: he does a great job. He makes good decisions, manages the process well, and generally keeps things moving along well enough that no one is really even tempted to seriously try to fork the kernel in a way that pushes Linus out of the picture.

What all of that means is that his opinions are more important than anyone else's because he has good opinions. Not that he's perfect (in fact I can name a number of things I strongly disagree with him on), but by and large, what he says on kernel-related topics is worth listening to on its own merit. And because he has final say on it.

Re:Oh, Linus; so adorable when you are angry.

[Hes+Nikke]

And than apple waltzed in with the same "there is no option 1, trust us" model with iOS, and while it hasn't been perfect*, it is certainly a million times more secure out of the box than anything Microsoft has accomplished.

*apple is a bit too draconian in what they do and do not allow in the app store (porn and bitcoin right off the top of my head) and there are still enough security holes that advanced users can still force option 1 by jailbreaking/rooting through exploits.

Re:Oh, Linus; so adorable when you are angry.

[multi+io]

Which would take years to come to any conclusion (if at all), at which time all the damage would've been done already.

Re:Oh, Linus; so adorable when you are angry.

Stop confusing everyone with facts. The facts weren't good enough when Secure Boot was announced and they sure as hell won't be good enough to swing the opinion of anyone who ignored them in the first place!

Re:Oh, Linus; so adorable when you are angry.

[pclminion]

The fact is that Linus is still in charge of the 800-pound gorilla that Linux has become for one simple reason: he does a great job. He makes good decisions, manages the process well, and generally keeps things moving along well enough that no one is really even tempted to seriously try to fork the kernel in a way that pushes Linus out of the picture.

True, but chances are there is somebody better. Linus got the ball rolling, but how much of that was due to personal awesomeness vs. pure luck and being in the right place at the right time? Is your crush from when you were 14 in high school really the right choice for marriage? Yeah, she was cute, intelligent, and funny, but so are a hundred million other people -- you aren't even looking around.

Linus doesn't suck enough to have been ousted yet, that's all.

Re:Oh, Linus; so adorable when you are angry.

"Don't turn the power off" is a REALLY shitty design. Power can go off all by itself, ever seen a thunderstorm? Not every computer has a UPS and it takes a long time to install Windows, if you're doing it on battery power it's going off!

Whoever wrote that installation thing with "do not shut the power off" was a fucking moron. You, maybe?

You won't see stupid shit like that in Linux.

Re:Oh, Linus; so adorable when you are angry.

[pclminion]

Everyone locks down ARM. It sucks when Microsoft does it, but no more than when Google does it (you can't boot whatever you like on ARM Chromebooks), or Samsung, or Apple, or...

Have you not noticed that tablets and smartphones are dissolving away the PC market? There won't be a big consumer market for x86 for much longer. "It's just ARM" is a really shortsighted assessment.

Re:Oh, Linus; so adorable when you are angry.

[devent]

Why are you quoting from "Windows Hardware Certification Requirements for Client and Server Systems"?
How that can be applied to Linux or other systems? And more important, how it prevents Microsoft from changing those requirements?

Re:Oh, Linus; so adorable when you are angry.

"you can load keys of your choice"

I think this is the biggest, and most complained about, assumption in all the debacle. If it was true, the Microsoft key issue wouldn't exist (we'd just have a "Linus key" and that would be the end of it).

You can load your own keys in. It is not some sort of sham, or some sort of half-truth.

The arugment is how you load those keys in. Most utilities do it from the operating system, after assuring that the operating system isn't hijacked. This means OS lock-in, which is exactly why you would want UEFI Secure Boot. Lack of lockin is a vector for a rootkit / replacement with a tainted kernel / os.

So the real argument boils down to do you want to boot Windows to reconfigure so you can secure boot Linux without relying on the Windows key. Linus doesn't want to do that, nor does any major Linux vendor. The solution: have every motherboard ship with a Vendor Key for every Linux distribution; but, only one distribution tried that path to my knowledge, and they only could hit about 60% to 70% of the market, and they decided to ship with a loader signed by Microsoft's key. Of course, that loader does nothing except assure that the next stages are not signed.

Now, if your argument is about the quality of BIOS, that's a different story. There's always been something broken about a BIOS, but few people tend to complain, and few BIOS shops tend act quickly on such complaints.

Re:Oh, Linus; so adorable when you are angry.

[drinkypoo]

They probably aren't going to be the only signing authority on most machines. For example if you were to buy a Samsung laptop, Samsung might decide to have their own master key.

That's true. Now, will Samsung decide to use it and risk incurring Microsoft's wrath?

Re:Oh, Linus; so adorable when you are angry.

[drinkypoo]

You can support or oppose more open ARM entirely separately from the x86 discussion.

You cannot support Microsoft without supporting locked-down ARM platforms, because they are free to share money across their various divisions. That's why you must consider a corporation as a single entity. They insist we do so, but so does reality.

Re:Oh, Linus; so adorable when you are angry.

[jbolden]

Microsoft doesn't expect to be the unique signing authority. They are trying to make sure there is one and acting as one. But they aren't really well setup for it. I don't think there would be any wrath if Microsoft could step away entirely from the signing business.

I'd assume Samsung's prime reason for supporting it would be for Android on x86 and Tizen development.

Re:Oh, Linus; so adorable when you are angry.

It's his fucking kernel you moron.

Re:Oh, Linus; so adorable when you are angry.

Dude, I hate to spoil it for you, but Linux kernel actually HAS been forked and the fork is massively more successful than the original. It is called Android.

Re:Oh, Linus; so adorable when you are angry.

I know this sounds crazy, but why not push for UEFI to allow users to install whichever keys they want into their BIOS. Microsoft can work with OEMs to have their key installed by default, but Linux users will be free to install the keys of their chosen distro themselves...then distros can sign whatever they need to and just distribute their cert.

It's secure, puts users in control and only requires Linux users to make a configuration tweak when installing...which is good preparation for using Linux. And, most importantly, doesn't give Microsoft any control over the Linux community.

Re:Oh, Linus; so adorable when you are angry.

[jbolden]

Most governments can tax or subsidize as they will. So they are free to move money from one entity to any other entity. We don't say that doing any business with a society is supporting everything that society does. We weigh the complexities against one another.

Microsoft is mildly advancing lockdown on ARM. They are taking an already moderately locked down platform and further entrenching lockdown. On x86 so far they are providing a slight move towards avoid OS level hacks, a bit more security with little lockdown. Microsoft has a fairly long record of supporting open systems in hardware. Microsoft has a fairly long record of being hostile to open standards for software.

They are a bit of a mixed bag. But obviously supporting Microsoft is not supporting open system. Obviously there are some vendors that are more open, but not many. Sun was more open in terms of file formats but more closed in terms of hardware. I'm not sure who on ARM is really much better. I'd say right now http://jolla.com/ is probably the most open but it is unclear if they even intend to sell in the USA.

Re:Oh, Linus; so adorable when you are angry.

[AdamWill]

That's why I didn't make it. And yes, I have noticed that, but SB doesn't really seem like the logical place to make your glorious stand on the issue, to me.

Re:Oh, Linus; so adorable when you are angry.

[Dog-Cow]

Red Hat maintains its own kernel. They can put whatever they want in it. Linus maintains his own kernel, and if people want to try and force him to include things, they have another thing coming. I don't know why that's so hard to understand. No one uses Linus's branch of Linux because they have to.

Re:Oh, Linus; so adorable when you are angry.

[swillden]

Dude, I hate to spoil it for you, but Linux kernel actually HAS been forked and the fork is massively more successful than the original. It is called Android.

Forked? I don't think that's an accurate characterization. Yes, Google modifies the kernel in some ways, but the Android kernel still tracks Linus' kernel.

Re:Oh, Linus; so adorable when you are angry.

[Man+Eating+Duck]

I know this sounds crazy, but why not push for UEFI to allow users to install whichever keys they want into their BIOS. Microsoft can work with OEMs to have their key installed by default, but Linux users will be free to install the keys of their chosen distro themselves...then distros can sign whatever they need to and just distribute their cert.

It's secure, puts users in control and only requires Linux users to make a configuration tweak when installing...which is good preparation for using Linux. And, most importantly, doesn't give Microsoft any control over the Linux community.

Exactly, something like Secure Boot is a good idea which would provide protection against unwanted changes. MS tried to hijack it by requiring it to be enabled for computers shipping with Windows 8, essentially making them unable to run anything not blessed by MS. When that backfired they changed their stance, allowing users to override Secure Boot in BIOS. I'm not sure what their position is on allowing users to use their own keys, thus benefiting from the security against changes without depending on Microsoft.

Re:Oh, Linus; so adorable when you are angry.

[cynyr]

I know your are an AC, but I am tasking you on behalf of the entire linux community to write and maintain the documentation for your grandma for every single UEFI bios/computer/variant out there on how to create and add a key.

Right, that is a huge task because every vendor is going to do it differently.

Re:Oh, Linus; so adorable when you are angry.

[strikethree]

How exactly is that a guarantee? It is nothing but words hosted on a Microsoft website. Those words could change tomorrow and a new era of computing would be introduced. One where nothing but Microsoft operating systems will run.

Hold on to your motherboards that were built under that policy because when the new motherboards come out, they will respect the new policy.

Is it really so easy to lead you to the guillotine? Wow.

This just in

[sokoban]

Linus Torvalds sneezes. Early reports are that the discharge was clear with a slight yellow tinge.

Re:This just in

Any word on the approximate speed of the discharge?

Re:This just in

About 50 BogoMips.

ONE WORD !!

Sequestration !!

Jury !!

Bravo Linus!

Keep it up.

Re:Bravo Linus!

I recently bought a non-UEFI motherboard (while I still could). This may be my last x86 system, considering how UEFI effectively destroys choice, which is exactly what made the PC industry so great in the first place.

Re:Bravo Linus!

What a bunch of hyperbolic twaddle.

Re:Bravo Linus!

[gradinaruvasile]

Lol. Just disable "Secure Boot". Thats your choice right there (AFAIK the disable option is in the Microsoft secure boot spec).
The issue is to run Linux WITH SECURE BOOT ENABLED.

Re:Bravo Linus!

[Dunbal]

can't you just turn off "secure boot" in the BIOS?

Re:Bravo Linus!

You do, of course, realize that "UEFI" and "Secure Boot" are neither synonymous, nor mutually inclusive, right? UEFI has been replacing BIOS for almost a decade - obviously, you're a bit out of date when it comes to the state of desktop hardware. Secure Boot is just a single available setting in UEFI, and there's nothing in the current or proposed implementations that requires you to use it.

Re:Bravo Linus!

Lol, while it still can be disabled and hasn't slowly wormed its way to being a non-choice. Lol, 'k thanx, bye.

Re:Bravo Linus!

That's funny, I have had tons of customers tell me the exact same thing in my shop. Now I have to tell them their opinion and outlook is twaddle.

I don't think they'll be pleased.

You moronic git.

Re:Bravo Linus!

It's still twaddle no matter how many of your customers say it isn't. UEFI is far superior to BIOS in every technical manner, is it a great solution? probably not, but none of the customers in your shop will even understand why it's not great.

But it is unmistakably and undeniably better than BIOS in every way.

If your users dislike secure boot just tell them to turn it off or turn it off for them if your customers feel it's bad for them. Turn on legacy BIOS boot to go back to the 80s if you like. You DO know you can still boot your DOS floppies on UEFI machines right?

You really are truly the embodiment of aggressive knee jerk stupidity. You are wrong, but you are so entrenched in your wrongness you'll actually aggressively protect your ignorance.

I'm going to go ahead and assume you're probably religious too.

Twat

Re:Bravo Linus!

They didn't disable it, but they didn't require it to be possible to enable either. Which is sort of the point. MS has a history of not properly testing for compliance with specifications and benefiting from people being unable to use their hardware on other OSes because the MS implementation isn't properly compatible with the spec.

Considering that MS requires it to be there and to be enabled, but doesn't require it to be able to be disabled, it would hardly be shocking if some implementations don't permit themselves to be disabled.

Re:Bravo Linus!

[kbg]

No.

http://arstechnica.com/business/news/2012/01/microsoft-mandating-secure-boot-on-arm-making-linux-installs-difficult.ars

Re:Bravo Linus!

Except the GrandParent is talking about X86, not ARM.

Re:Bravo Linus!

That's on ARM you idiot. He mentioned x86 specifically.

Re:Bravo Linus!

Article is old and outdated more than 9 months before OS release.... this was before the distinction between Windows RT and Windows 8..

But the article title should give you a clue.. SECURE BOOT ON ARM... only Windows RT devices are required to not allow secure boot to be turned off..

It is in fact a REQUIREMENT that Windows 8 certified machines be able to turn off secure boot..

Another article from the same site and the same month..

http://arstechnica.com/information-technology/2012/01/windows-8s-locked-bootloaders-much-ado-about-nothing-or-the-end-of-the-world-as-we-know-it/

Re:Bravo Linus!

So why does MS have to be involved at all? All I've ever seen and all I can find about this bullshit is people that want to run Linux and Windows 8 on the same machine. The UEFI hardware coming out now doesn't need secure boot to run, but even if it's the must-have program to prepare for the year of Linux on the desktop, is there some reason why Linus can't go to the freaking UEFI Foundation directly for some keys instead of getting into a circle-jerk with MS?

Re:Bravo Linus!

[kbg]

So? It means you can't run any other operating system on ARM because of secure boot. But all of this doesn't matter because Microsoft only needs to make a small change in it policy and then all x86 devices are locked out.

UEFI

No one, but no one, in the Linux community likes Microsoft's mandated deployment of the Unified Extensible Firmware Interface (UEFI) Secure Boot option in Windows 8 certified PCs

But only because everyone but no-one in the Linux community is an irrational anti-Microsoft zealot, not because this actually does anything at all to inconvenience Linux users.

Re:UEFI

[axujen]

Stop trolling please.

Re:UEFI

You're a clueless M$ apologist. To begin with, UEFI is not the problem but this Micro$oft's "secure boot" which should rather be called restricted boot as it has nothing to do with security and everything to do with vendor lock-in. When a convicted monopolist starts something like this, people tend to take notice.

Q: So, what's wrong with Micro$oft?
A: How long time did you say you have? Try reading http://wayback.archive.org/web/20120116153542/http://www.msversus.org/ And then about ooxml and this "secure boot". If you're not lobotomized, you'll start to see a pattern. And it's not pretty.

The hate is real. But it's well motivated.

Re:UEFI

[smpoole7]

> not because this actually does anything at all to inconvenience Linux users.

Ummm ... not necessarily. Linus is concerned about two things:

1. That a Microsoft-signed Linux secure boot key could be used to hack systems. Microsoft could disable the key, which would then disable *Linux* systems. We can argue about whether Microsoft would actually do this, but understandably, Linus isn't excited about placing that kind of power in anyone else's hands.

2. Linus also says, "Before loading any third-party module, you'd better make sure you ask the user for permission. On the console. Not using keys."

Linus can be a tyrant and an anus, but I like where his heart is at. The best quote is this Linux's approach to UEFI is (again quoting), "based on REAL SECURITY and on PUTTING THE USER FIRST."

Agree or disagree, don't just dismiss this as the usual "Microsoft bashing." I'm not a Microsoft hater; we use their stuff alongside F/OSS all over our workplace. I prefer Linux, but I don't hate Microsoft. But I am very concerned about this whole UEFI thing and the way it's shaping up.

So is Linus ... and in his usual, inimitable fashion is telling everyone how he feels. :)

Re:UEFI

[AdamWill]

"That a Microsoft-signed Linux secure boot key could be used to hack systems. Microsoft could disable the key, which would then disable *Linux* systems. We can argue about whether Microsoft would actually do this, but understandably, Linus isn't excited about placing that kind of power in anyone else's hands."

You're actually reading Linus' argument exactly backwards.

Howells and Garrett argue that revocation is a significant possibility, _therefore_ we (distributions) need to do kernel module signing (because unsigned kernel modules are an attack vector against a Windows install on the same system). One strand of Torvalds' argument is that MS is never going to revoke any keys anyway, therefore we (distributions) don't need to bother. There are other strands to his argument, but that's how the revocation one goes. That's what http://marc.info/?l=linux-kernel&m=136185309010028&w=2 is about: key revocation is what he describes as an 'unlikely and bogus scenario'.

Re:UEFI

[serviscope_minor]

Linus can be a tyrant and an anus, but I like where his heart is at.

He's an asshole, but an asshole that gets shit done.

Kidding aside...

The best quote is this Linux's approach to UEFI is (again quoting), "based on REAL SECURITY and on PUTTING THE USER FIRST."

Indeed. Too many people seem to be focussing on the technical details and not on how this will actually work. UEFI can be OK (though I don't really see the improvement over Open Firmeware or Coreboot, but that's another discussion).

Sure, you can disable the secureboot and you can add your own keys. And in theory, the board vendors can add keys from multiple authorities.

In practice, that's not how it will happen. What people want it to load an OS on to their computer with minimal fuss, which means having the signed bootloader, signed by Microsoft.

Even ignoring the implications of having Microsoft in particular in that position of power, having one organisation there is just not a good idea. All one has to do it look at the various hacks and cracks against big organisations and their cryptographic stuff (e.g. Sony's PS3 master key, HDCP, various SSL hacks) to see that even with the best of intentions security wise, they are just not trustworthy.

Re:UEFI

[blueg3]

Microsoft could disable the key, which would then disable *Linux* systems.

Future Linux systems, until a new key is obtained. Unless you're suggesting that Secure Boot will connect to the Internet to obtain a CRL.

Re:UEFI

Future Linux systems, until a new key is obtained. Unless you're suggesting that Secure Boot will connect to the Internet to obtain a CRL.

What do you think will happen when Windows Update runs on the Windows 8 install on the other partition?

Re:UEFI

I'll only add this, as was pointed out by another Slashdot poster on another article:

Why not have Apple provide the keys?

It makes no sense, so it makes no sense to have Microsoft provide the keys.

I worry a bit about this turning into some issue about Microsoft, when it really has nothing to do with Microsoft. The question is why should any particular company (other than maybe the hardware manufacturer) provide the keys?

Re:UEFI

[Rockoon]

What people want it to load an OS on to their computer with minimal fuss, which means having the signed bootloader, signed by Microsoft.

..and the reason that this is the case is because the user purchased a windows certified computer. If the user didn't want to run windows, then why did the user buy a windows certified computer at all?

The entire complaint is silly because of this very fact. The user purchased a windows certified computer with secure boot so amazingly its easy to install windows. This isn't some shocking revelation here.

You can choose what to buy and what not to buy. Your continued complaints just prove to rational people that you do not want to take responsibility for your purchasing decisions. Do you also throw a silly looking hissy fit when its hard to figure out the correct driver for a wireless card that Linux doesnt recognize?

Re:UEFI

[Rockoon]

What do you think will happen when Windows Update runs on the Windows 8 install on the other partition?

Nothing, idiot. The keys are not programmable outside the bios config. If they were, Linus's argument would be even more silly.

Re:UEFI

[serviscope_minor]

Again, you're focusing on the technical details and ignoring what actually happens. ..and the reason that this is the case is because the user purchased a windows certified computer. If the user didn't want to run windows, then why did the user buy a windows certified computer at all?

Seriously, you actually asked that? Where the hell can you but a non Windows certified motherboard?

The entire complaint is silly because of this very fact. The user purchased a windows certified computer with secure boot so amazingly its easy to install windows. This isn't some shocking revelation here.

Are you being intentionally obtuse here? You very well know that because of the sway that MS has it is not possible to buy a motherboard which isn't certified to run windows. That means that every single desktop motherboard out there will be "windows certified".

You can choose what to buy and what not to buy.

No, you can't, not if what you want is not for sale.

Your continued complaints just prove to rational people

Out of interest, does your defintion of "rational people" include completely ignoring reality to pursue your own bizarre agenda?

Re:UEFI

[jbolden]

Diverse inexpensive hardware in the hands of hostile end users is not trustworthy.

But... additional layers of security do make a difference. iOS has had far fewer problems that Android not because iOS is inherently more secure that Dalvik, probably the opposite, but a few extra layers of security and management. Internet browsers today are vastly more secure than those 15 years ago because of extra layers. Layers matter.

Re:UEFI

[HiThere]

I doubt that he's clueless, and I suspect that astroturfer is more precise than troll.

Please remember that not all anonymous cowards are the same person, or represent the same entity.

Re:UEFI

[HiThere]

I'm not thrilled witht he manufacturers controlling the keys either, but I will agree it makes *more* sense. Just not much.

Re:UEFI

[AdamWill]

Microsoft chose to provide SB keys because it wants to. Anyone can provide SB keys. You can, if you like; knock yourself out. The trick is in persuading hardware manufacturers to ship with firmwares that trust your keys.

Anyone could step up and offer to provide SB keys for other operating systems, and try to get hardware vendors to ship them. So far, no-one has done so. Red Hat does not want to because a) we don't want to be seen to be in a position of privilege versus other distribution vendors, and b) Red Hat as a company is not really set up to act as a trustworthy CA. (Neither is Microsoft, which is why they outsource a lot of the work to Verisign, but I don't think we can afford that).

The logical entity to do so for Linux would be the Linux Foundation. My understanding, second hand from pjones and mjg59, is that the LF looked into the possibility and said 'thanks, but no thanks'.

SB, per se, is just a mechanism for doing key verification, defined as part of the UEFI spec. The SB part of the UEFI spec doesn't say anything about Microsoft or anyone else providing keys, or make any requirements as to who should trust who else's keys. All of that is an implementation detail so far as the spec is concerned. The implementation that exists in the real world is that MS is providing keys for itself and offering to provide them for others for a nominal fee, MS has succeeded in getting hardware vendors to go along with Windows certification requirements that they enable SB by default and trust MS's key, and that no-one else is offering to act as a key provider to third parties. This reality could change, but it shows no immediate signs of doing so.

Funny

[DaMattster]

People aren't scrambling to get Windows 8. Shall we chalk Windows 8 up to another Microsoft failure (much like Vista and ME)?

Re:Funny

Why? Large swathes of the consumer and enterprise markets don't "scramble" to buy the latest OS, they wait to see how it does and what the early adopters' problems are. There's a good chunk of people who don't buy a Windows OS until after it has its first service pack.

Re:Funny

Windows 8 was selling pretty well, it comes on most new PCs and a lot of people have upgrade. What's not happening is the majority of win7 users are not upgrading, their OS works just fine and the (braindead) changes made for win8 are somewhat discouraging. MS recently killed the upgrade path by raising the price of doing so by 400%. That's a bit short sighted, there's no need for $200 OS updates in 2013, when you can by a perfectly usable (basic) laptop for $350.

Re:Funny

[Dunbal]

They're not adopting Windows 8 because on the whole, Windows 8 sucks or doesn't offer a compelling reason to upgrade. That does not mean that Microsoft will remove secure boot from future operating systems, since most of the drones have no idea at all what it means or what it does, and don't care. If their $500 computer stops working they say "it had a virus" and throw it away and buy another one.

Re:Funny

[gmuslera]

Or getting big enough numbers of bricked Windows 8 machines because the kind of bios messes that Samsung did with secure boot.

Re:Funny

[sjames]

Windows 8 isn't doing as well as Vista did.

Re:Funny

I believe you mean bricked Linux machines.

Re:Funny

[gmuslera]

You can trigger the bricking part under windows too. Suppose that driver or an update choose to brick your laptop if you have illegal downloads on it, or just have a bug, or a worm/cyberattack (that could have bugs too, so the next stuxnet does it in your pc instead of Iranian ones) does it.

Challenge in court?

Wouldn't it be better to stop taking it up the ass from Microsoft and challenge them in court? Considering Microsoft were successfully litigated over browser bundling I'm sure the OSS community would have an even stronger case with Secure Boot. Microsoft's OEM stranglehold is so 1998. Now the Linux kernel is everywhere surely we now have a much stronger case against Balmer and his shills.

Re:Challenge in court?

[dkleinsc]

Microsoft's OEM stranglehold is so 1998. Now the Linux kernel is everywhere surely we now have a much stronger case against Balmer and his shills.

See, you're misunderstanding that: Microsoft made two mistakes that caused that lawsuit. The first was browser bundling. The second was failing to grease the right palms in Washington. They learned their lesson, began giving out the campaign donations, and all of a sudden the case went from seriously considering the breakup of the OS and application divisions to a settlement that amounted to a slap on the wrist.

My take is that we're probably going to end up with instructions on how to disable secure boot, but it may involve soldering or other physical modifications.

Re:Challenge in court?

and voiding any warranty on the hardware

Re:Challenge in court?

On what grounds? Microsoft doesn't control Secure Boot licensing - they're offering it through themselves, but you can still go out and get your own key. You don't even have to use the feature, it can be disabled in the UEFI (read: "BIOS") settings. The "slippery slope" isn't even a rational argument, let alone a solid legal case - you can't sue Microsoft because you're worried they might, maybe, possible, some day in the future abuse Secure Boot by asking OEMs to make it more restrictive. There's nothing actionable about it, by any stretch of the imagination.

Re:Challenge in court?

possibly*

Re:Challenge in court?

[gradinaruvasile]

Go in the UEFI/BIOS, select disable secure boot/use bios compatibility mode or whatever this is labeled on that particular firmware.

Re:Challenge in court?

[Jerry+Atrick]

Which is great until you boot into the legacy BIOS setup and find just 1 option - Enable UEFI. Only seen one claim for that so far but it would be foolish to think this won't happen, it's not forbidden by Microsoft rules.

If you're lucky that board will work with all your hardware without tweaking any settings. If you're really lucky they'll update the legacy firmware side with fixes and new hardware support and won't just orphan it.

Do you feel lucky punk?

Re:Challenge in court?

[Hatta]

The second was failing to grease the right palms in Washington. They learned their lesson, began giving out the campaign donations, and all of a sudden the case went from seriously considering the breakup of the OS and application divisions to a settlement that amounted to a slap on the wrist.

Quoted for emphasis. Microsoft dramatically increased their campaign contributions at the same time they were being prosecuted by the DOJ. It's a perfect example of how corrupt this government has been for decades.

Re:Challenge in court?

The browser issue was selected for court from over 50 other anti-trust issues. The DOJ could not use every single case due to the massive legal costs it would entail. That's the only reason they targeted IE, not because it was THE issue. They were also found guilty as charged, unlike other big tech company anti-trust cases. But thanks to Bush, they got away with it anyway, resulting in nothing more than huge paydays for the lawyers. Who'd have thunk it, eh?

Re:Challenge in court?

[fermion]

Why would you want to sue MS. MS has created a situation in which cheap hardware is widely available to everyone. Now that they do something that makes sure they are more likely to benefit from that work, everyone freaks. This, after all, are machines that primarily exist because MS has invested marketing money in them.

If one wants a *nix machine, I presume that anyone can go over to newegg and buy whatever parts needed to build a *nix machine. It would probably cost more than the $500 that a Windows 8 dell desktop might run, but it would be much less than a thousand. Or maybe pay the thousand for an Apple Laptop. I have had no problem running *nix, or MS Windows, or Chrome on it.

Re:Challenge in court?

[jbolden]

Browser bundling was engaging in unfair competition. Microsoft has been working aggressively and cooperatively with Linux vendors to provide alternative solutions and helping to make sure they don't engage in unfair competition. Far from a stronger case, there is no case.

What everyone is upset about is stuff Microsoft could potentially do, not stuff they are doing. Well, in America, you don't get convicted for potentially being able to do bad stuff, at the very least you have to start taking steps towards going bad stuff.

Re:Challenge in court?

[EdZ]

Only seen one claim for that so far but it would be foolish to think this won't happen, it's not forbidden by Microsoft rules.

But neither is it required, or even implied. It would be entirely up to the OEM to implement. Who could do the exact same thing right now with existing non-secure-boot UEFI firmware, or even BIOS, if they so wished.

But they won't, because they're not blithering idiots.

Re:Challenge in court?

You obviously haven't been to America lately. More and more laws are being written intended to criminalize the *potential* for anyone to "do bad stuff" (for whatever definition of bad stuff the powers that be can come up with this week). This isn't even guilty until proven innocent. This is guilty before you do anything just because you may possibly on an evening of the blue moon when the planets are aligned properly remotely consider doing something that someone in power fears may be bad stuff.

-Anon

Re:Challenge in court?

The problem is that companies that grease both parties palms are kept out of trouble whatever happens.

Just had to get this out...

I was always getting bullied and was constantly ditching school as a result.
Finally my parents removed me from the public school system and put me in
an alternative school. It was the beginning of eighth grade, I had no friends and
the school was full of gangsters and bullies. This one kid named Chris acted like
my friend and brought me to his house after school where he taught me to sniff
glue and huff freon. Sometimes, when he could get it, we would smoke pot.
Sometimes when we were high Chris would slap me, choke me, push me down,
call me his "little bitch." I was scared and didnt fight back.

One day when we were high, he told me that I had to pay him back for all he
had done for me. To make a long story short, he made me dress up in his
moms clothing and then he proceeded to rape me anally. After that, it became
a daily occurrance. After school he would force walk me to his house where I
would have to get dressed up for him; clothing, make-up, wig, etc, he then had
me perform oral sex on him and had anal sex with me. It was painful and
humiliating.

There is not really any more to the story. It went on for a while but Chris's family
eventually moved away. It is just a secret that I have to keep. It sucks.

Microsoft and patents.

Could microsoft refuse to sign a uefi binary because it violated their patents? If so, this could be a way to get everyone using linux to pay them.

Re:Microsoft and patents.

Mark my words. Microsoft will not do anything in the near term but once UEFI is commonplace and non-UEFI systems are no longer available in the market, they will act against non-Windows operating systems. Microsoft plays to win, and all the dipshits on slashdot talking about how we shouldn't worry because the Windows 8 certification guidelines say secure boot can be disabled don't even realize there is a game going on and that they are already losing badly.

Re:Microsoft and patents.

[jon3k]

There's already a signed shim loader. Please go back under your rock, troll.

Re:Microsoft and patents.

Even if they had a patent for it, it would be illegal, because an anti-competitive practice. They could try though, but I don't think Samsung or MS or any other are willing to pay a few millions or billions just to find out where the EU stands on this.

Re:Microsoft and patents.

[theCoder]

And there are provisions for revoking signatures. AIUI, they can be even be distributed through something like Windows update (as long as the revocation is signed by MS), and certainly the revocation lists would be on new hardware. That is what people are worried about.

Re:Microsoft and patents.

The issue here is about dual booting, which might become impossible because Windows 10 will require secure boot to be on all the time, and any changes in hardware will require a MS signed driver.

Re:Microsoft and patents.

[AdamWill]

Microsoft can refuse to sign a UEFI binary for any reason they choose. Signing other people's binaries is an offer they are making voluntarily, not something anyone else is requiring them to do, therefore they set the terms.

Basically, no love for proprietary kernel modules.

[fustakrakich]

Yeah, and? You say that like it's a bad thing.

Eh, once 3D printers come with their own smelters (throw a pile of rocks in the bin and the machine will sort it out.), this won't be a problem anymore.

Face it

Linus Torvalds is the Kanye West of the open source community. He needs to calm down or risk making the entire community look like angry little boys. Yelling every time you're upset is unprofessional and no way to work with people.

I'll wait for the Dualboot Unified EFI

Pronounced "doofy"

I have a better idea...

[pla]

Instead of screwing around with politics, I have a much better idea...

Replace the kernel idle loop with a UEFI signing key cracker. Let it chow down on Microsoft's key.

Re:I have a better idea...

That is not very energy conscious of you.
The standard idle loop in Linux executes the HLT instruction which makes the CPU stop processing new instructions until an interrupt occurs.

Re:I have a better idea...

Yeah because battery life on my Linux power laptop was already just amazing....

Re:I have a better idea...

You don't understand how public key crypto works, do you? I haven't looked into the specifics of what they are using, but unless they are criminally incompetent then they would have used a key long enough that you couldn't brute force it even with all the computing power on the planet dedicated to it for millions of years.

Re:I have a better idea...

[khundeck]

Moderators -- come on..this is should +3 Funny.... this is hilarious! :) I never laugh before noon EST. Mod parent up. KPH

Re:I have a better idea...

[multi+io]

Instead of screwing around with politics, I have a much better idea... Replace the kernel idle loop with a UEFI signing key cracker. Let it chow down on Microsoft's key.

More promising option would be to just collect money and bribe someone inside MS to hand us the key.

Re:I have a better idea...

[gweihir]

I applaud your sentiment, but unfortunately, unless they have badly messed up (and I expect they got competent outside help for this to prevent messing up), cracking this key will not be feasible.

Re:I have a better idea...

There is no such thing as "uncrackable key". Any sufficiently long brute-forcing process will inevitably yield the correct key. Cryptography is the art of making your keys so time-consuming, that nobody with interest in cracking your keys will have the available computing power to crack it in a reasonable timeframe.

Re:I have a better idea...

[gweihir]

Most clueless comment today!

If course, if you ignore reality, every key can be brute forced (oh, wait, no, there _are_ cryptosystems that cannot be brute-forced). There is also the slight problem that this universe seems to be finite and have a finite amount of matter and energy in it, which incidentally is not even enough to brute-force AES-256.

At least get a minimal clue before making such stupid statements.

Re:I have a better idea...

Aside from your incorrect first statement, the fact that you're unaware that you've just agreed with him is priceless.

Re:I have a better idea...

[TangoMargarine]

(oh, wait, no, there _are_ cryptosystems that cannot be brute-forced)

...yet. Never say never; e.g. quantum computing whatnot.

infection

The surgeon general warns that MS is an infectious cunt.

Picture a 60 year old crack whore who has been turning tricks in the ghetto for 45 years. Would you fuck it? That's what you're doing when you deal with microsoft. If you don't want your penis to rot away, then don't fuck crack whores, and don't run Micro$oft.

Re:infection

While MS is a truly horrible disease, it is not actually infectious at all; nor is it sexually-transmitted.

Whitehouse Petition

[DaMattster]

I think this entire issue needs to be looked at by the Attorney General and Federal Trade Commission. The SecureBoot UEFI is nothing more than a form of vendor lock-in, cleverly (or not so much) disguised as a security innovation. Please sign my petition and spread the word: http://wh.gov/wHLq

Re:Whitehouse Petition

Judging by your petition, it sounds like you don't even understand what UEFI is. You just use the phrase "SecureBoot UEFI" repeatedly. Secure Boot is a option in UEFI, which is a replacement for BIOS. Microsoft also requires that vendors make this feature able to be disabled, and allow users to load other, non-Microsoft keys, so your claim that it makes it "difficult, if not impossible to run other OSes" is false. Your silly petition demonstrates a failure to understand the actual issue, and makes factually incorrect and exaggerated claims. You clearly don't understand what's going on.

Re:Whitehouse Petition

Good luck with that who is the "other" person to sign ?

Re:Whitehouse Petition

Perhaps it's Mr "I can't use punctuation such as commas, spaces etc correctly"?

Re:Whitehouse Petition

[Bigby]

How ironic

Re:Whitehouse Petition

Actually, you don't understand much either, pal. Microsoft certainly uses UEFI's Secure Boot to mandate the block of any alternative OS on ARM devices meant to run WinRT (Windows' ARM version), and asks x86 manufacturers to implement some vague way to disable Secure Boot and/or allow alternative keys, in whichever non-standard way these manufacturers choose to (HINT: MS won't lose any sleep if people find installing Linux or FreeBSD or anything else too painful). And no, Apple doesn't do the same thing. Apple blocks alternative OS's on devices they manufacture themselves , while MS is mandating the block for all devices where WinRT will be installed, even those manufactured by other companies . UEFI's Secure Boot can be used for security. But it can be used as DRM too. Also, just 'cause: UEFI compares to BIOS like solid fecal matter compares to diarrhea: it's better, but it's still shit. They should have gone with something based on coreboot. I guess expecting logic from standard comittees is asking too much.

Microsoft

Microsoft = small, soft

Their business model has outgrown the company name. They are big and hard. So big, that they can get by with some shit like this. Hard because their head is hard.

Them getting with the hardware designers and creating this secure boot shit, just so it's harder for pirates to pirate a copy of windows8, is the same thing as GM getting with the folks that make roads, and have them install a switch that can disable ALL CARS if GM decides. GM can just state, "What if a GM car is stolen? How are we supposed to be expected to recover the losses?"

So here is another car manufacturer saying that he's not willing to put the GM parts into his cars. That's all. Our world's problems are getting so stupid, that it's sorta hard to tell/believe what's going on.

I think everyone should read the lyrics to "Wish You Were Here" by Pink Floyd. Or maybe another band should release a song called "I wish we weren't here". Again, hard to tell...

Re:Microsoft

I wish I could mode this "terrible analogy".

No one?

[serviscope_minor]

No one, but no one, in the Linux community likes Microsoft's mandated deployment of the Unified Extensible Firmware Interface (UEFI) Secure Boot option in Windows 8 certified PCs.

I don't believe this. There's always one lunatic out there so in love witn Microsoft "technologies" that they'll love this. Miguel?

Re:No one?

Yes, lets rag on the one person who has done more for Linux than the collective people reading this story ever have or can in the future.

Proof required.

"No one, but no one, in the Linux community likes Microsoft's mandated deployment of the Unified Extensible Firmware Interface (UEFI) Secure Boot option in Windows 8 certified PCs"

Proof required.

And I could just as easily call the Tivo requiring a SIGNED BOOT to run linux that only Tivo can give out as PRECISELY THE SAME THING. But apparently, for no reason, "the linux community" doesn't mind this.

I guess the new anon cow defines "the linux community" as "those who like Tivo signed bootloaders and hate Microsoft signed bootloaders".

Re:Proof required.

I guess the new anon cow defines "the linux community" as "those who like Tivo signed bootloaders

It was actually the author of TFA who said "but no one...". It should've been attributed by the summary.

Re:Proof required.

[ChunderDownunder]

What the? do a search for 'tivoization'. It's a sticking point with Linus and RMS regards GPLv3.

Want to know why Nexus phones are so popular? Because historically numerous Android vendors supplied locked bootloaders, so if you wanted to install Cyanogenmod on them you required an exploit and even then couldn't compile your own kernel.

no one, but no one

"but no one"? Are you all a bunch of fucking fags or something?

woohoo!

[Sloppy]

Somebody gets it:

encourage things like per-host random keys - with the stupid UEFI checks disabled entirely if required. They are almost certainly going to be *more* secure than depending on some crazy root of trust based on a big company, with key signing authorities that trust anybody with a credit card. Try to teach people about things like that instead. Encourage people to do their own (random) keys, and adding those to their UEFI setups (or not: the whole UEFI thing is more about control than security)

Imagine if someone invented a protocol like ssh, but then suggested that of course, nobody should be able to use it except in situations where a host's key is signed by one of the global CAs, like we do on the web except without the possibility of self-signing or for new CAs to enter the market.

Nobody would call that "secure." They would call it a joke which goes out of its way to be less secure, by deliberately adding an untrustable link. And the fix to such a protocol would be obvious. Well, that's just what Linus did in the above paragraph: he told you how to turn SecureBoot from "just plain stupid" into "decent even if still mostly useless."

Re:woohoo!

[BitZtream]

Your post is ignorant and shows you utterly fail to understand how this stuff works.

Requiring a global CA to sign a ssh key would in no way make it less secure. It can't. If it could, the whole system is broken even without the CA's involvement. The CA is just another verification factor.

The CA simply says 'the host key that you're getting from the host is one we have verified them to be allowed to use, and you can tell because here is our stamp of approval in a cryptographically secure way'. That is no different than you putting your stamp of approval on it by typing Y.

To further your ignorance, you're trying to claim that CAs are worse than you seeing a random hex string in front of you and just typing Y. Everyone involved knows that you aren't actually verifying that finger print for the host you get presented with.

The CA is only 'intentionally less secure' if you're a paranoid nutjob that doesn't realize a CA exists based on its reputation, while there have been issues, they still have a reputation that keeps them in business, so they aren't fucking up THAT bad. Even in that case, the CA isn't actually less secure any more than the unicorns that prance around in your penguin porn fantasies are real.

You utterly fail to understand the problem with self-signed certs. There is absolutely NO security increase in a self-signed cert that you have not manually verified. If you claim you verify all the self signed certs you used than everyone reading is going to know you're a liar so don't try that bullshit. So in effect you have demonstrated that you, through your own ignorance and the fact that you think you aren't ignorant on this subject have been the one to lower your own security.

You have no idea what you're talking about, just shut up.

Re:woohoo!

[sjames]

It would, by virtue of creating a whole new set of reasons it might fail of get replaced with telnet on a server.

CAs ARE worse than the random host key. Just think of all those AWS and other instances. Imagine the temptation to just use telnet rather than just senmding all your money to Verisign.

Re:woohoo!

When did u quit taking yur meds?

Re:woohoo!

[EdZ]

Well thank goodness that MS already mandates that you MUST be able to add your own keys to the Secure Boot key store on x86 machines. Not ARM, they're in line with everyone else on the phone/tablet lockdown game, but for any desktop machine or motherboard with a little 'Windows 8' badge on the box, the ability to self-sign your bootloader is a requirement.

Windows 8 certification guidelines, specifically System.Fundamentals.Firmware.UEFISecureBoot Para.17:

Mandatory. On non-ARM systems, the platform MUST implement the ability for a physically present user to select between two Secure Boot modes in firmware setup: "Custom" and "Standard". Custom Mode allows for more flexibility as specified in the following: It shall be possible for a physically present user to use the Custom Mode firmware setup option to modify the contents of the Secure Boot signature databases and the PK. This may be implemented by simply providing the option to clear all Secure Boot databases (PK, KEK, db, dbx), which puts the system into setup mode.

Para.18:

Mandatory. Enable/Disable Secure Boot. On non-ARM systems, it is required to implement the ability to disable Secure Boot via firmware setup. A physically present user must be allowed to disable Secure Boot via firmware setup without possession of PKpriv.

Re:woohoo!

[multi+io]

Requiring a global CA to sign a ssh key would in no way make it less secure. It can't.

The OP was apparently talking about a scenario in which the client is hard-wired to only trust host keys that have been signed by a specific, global CA. And that would be less secure. You would no longer be able to just create and use your own host key at any time.

Re:woohoo!

[gweihir]

Indeed. You have it exactly right. Side note: SSH does support public X.509 certificates but nobody uses them as anybody competent enough to do that also sees that this does not help. SSH with private X.509 certificates is in use.

Re:woohoo!

[gweihir]

Requiring a global CA to sign a ssh key would in no way make it less secure. It can't. If it could, the whole system is broken even without the CA's involvement. The CA is just another verification factor.

You really have no clue, do you? First, global CAs do not "sign" keys, they create keys and sign them. A little often overlooked detail is that having CAs in the X.509 systems sign user-generated keys is very hard to get right and a lot of effort and hence nobody does it. Have a look into the literature. Anybody that does understand the X.509 PKI actually know this, but you do not seem to. The second thing is that any false signature decreases the system security, unless nobody trusts this signature in the first place. Quite obvious. So unless the signature is completely wothless, it does have _negative_ worth.

Stop spouting your clueless nonsense, please.

Re:woohoo!

[gweihir]

I think that if they had left that out, a few billions in fines form the EU would have reminded them of it. They are just being careful, well knowing that it is beyond most users at this time to add their own keys.

I will be very interested though what happens to their anti-competitive move on ARM though.

Re:woohoo!

[Sloppy]

Requiring a global CA to sign a ssh key would in no way make it less secure

Of course it would. You don't know the global CAs or whose interests they're serving or what (if anything) they do to keep safe. OTOH you almost always know your own practices and allegiances. Making the trust path depend on a third party, can only increase the viability of a MitM. The only way their certification could help, would be if it's checked in parallel with other certifications (such as your own), to either bolster it as a corroborating assertion that the identity is correct, or to cast doubt on it if it doesn't match. Alas, without support for multiple signers, neither of these scenarios end up occuring.

You'd be right if ssh used a more modern signing approach, such as PGP. But that's almost never the case, at least in 2013. (I must admit, I still haven't tried building ssh with GNU/TLS.)

The CA is only 'intentionally less secure' if you're a paranoid nutjob that doesn't realize a CA exists based on its reputation

Aha. I see the problem. You're in 1995. You're right. In 1995, if you perceive the risk, then you're either a visonary/cipherpunk or you're a paranoid. In either case, the mainstream press and industry can get away with ignoring your concerns. (In 1995 the only evidence we had that the CA system would fail, was in things like the recent (1994) passage of CALEA, which showed the US government had the intent to systematically weaken communications security. But we didn't yet know what would come of it, and CAs didn't yet admit on their own web pages (!) that they are "CALEA compliant" as Verisign amazingly has.)

In 2013 we know that it has failed (sometimes due to governemnts, sometimes due to other attackers, and sometimes due to mistakes) and continues to fail, routinely. There's a news story every month where some signer, who is fully trusted, turned out to have been undeserving of the trust.

That isn't to say it's useless (no matter how much you increase the MitM vulnerability of a crypto system, it remains more secure than plaintext), just that future PK systems will necessarily allow for multiple trust paths working in parallel, as PGP does and encourages.

(Back to the topic at hand) A code signing system that operated on multiple signatures would be particular valued now, thanks to the recent story of the bit9 failure. Imagine a system that required three "moderately trusted" certs, where no one but a user who does their own builds, would trust any CA more than moderately. All of the failures that the antiquated single-signer systems allow, would be trivially prevented. And yet here we are, going with a single-signer system (which we already know is dumb) and worse, that signer is Microsoft. Three cheers for Linus, telling everyone the rather obvious thing, that if we're going to use such a broken system, at least decentralize the signers.

And if it didn't have one, you get your money back

And if it didn't have one, you get your money back, including your P&P costs?

No, you won't.

And it won't be on the "Specifications" screen, either. So you'll buy it, find it doesn't work, return it and find you're still down for 80% of the cost of the motherboard because you had to pay for P&P both ways.

And there's no way to write down on your purchase order that you want to be able to install Linux on it, or turn off Secure Boot.

RE: #43044347

It's pretty obvious you haven't listened to Linus speak. I get quite the different impression: humble, hard-working, interested.
Let me know when you have your OS ready so that you'll be on equal footing - just sayin'.

It's a shame people have to attack at a personal level rather than offer a logical reason/argument against his ideas.

We see how well MS handles things; people are concerned that MS will mess this up. I'm actually surprised the DoJ
isn't involved. There's has to be a lot of money involved. Every article about this "technology" says that it addresses
a non-existent boot-exploit issue. So, people want to know what MSs motive is behind this.

Rather than everyone petitioning the WH to be allowed to alter their paid for iPhone (and what not), this is an issue that
has worth too, in a White House petition.

CAPTCHA = 'somehow' -- how fitting...

Re: #43044347

Non-existent? I thought this was supposed to keep people from installing those obnoxious MBR loaded malware from being ported over to GPT.

No goatse?

[dimeglio]

I was expecting the link to take me to a goatse image. Maybe the article is really just an euphemism.

GNU/Linux users now have a 'golden opportunity'

[ikhider]

Now there is less reason than ever to buy laptops and computers pre-installed with the Windows operating system and to be made to pay the Windows tax. We can now turn to manufacturers that offer Linux-based machines out of the box such as ThinkPenguin, Lemote, and System 76. Add to that, even companies like HP and Dell (still?) offer pre-installed Linux machines. Previously, gamers needed Windows to run games, but now companies like Steam Valve make that a moot point. As Microsoft resorts to more aggressive tactics to ensure only their product can run on computers, we simply need no longer support manufacturers who bow to their whim. Consumers need choice and freedom and Microsoft will not facilitate this, nor will manufacturers who force people to pay for the Windows OS even though the Microsoft EULA states the consumer can get a refund if s/he does not agree to the terms and conditions. It's time the users of alternate operating systems created and supported their own ecosystem.

Re:GNU/Linux users now have a 'golden opportunity'

Steam is not a company, valve runs steam, steam is a conglomerate store that is nothing but DRM and you're paying for the privilege of it. Thinking microsoft will ever try to mandate secureboot to ONLY boot windows is completely showing the world you're a moron as that would instantly kill any enterprise revenue.

Re:GNU/Linux users now have a 'golden opportunity'

[peawormsworth]

I purchase an HP laptop about 4 years ago. There is no way to hand-build a laptop so there is no way to get out of the "window tax" as you can with a desktop PC by buying components or purchasing from a smaller computer shop.

So I never installed the Windows operating system and I wrote out every word of the EULA. I then read the EULA over and over again... and came to the clear conclusion that they were offering me the opertunity to recieve a refund on the Windows and other software. So I called and requested it. They denied any understanding of what I was talking about. So I sent email after email quoting the neccessary parts of the agreement showing them exactly where it said that they would return some amount of money to me. I called them over and over.

In the meantime, I operated the laptop from an SD card so as to preserve the computer in an untouched state. I specifically did not ever accept the EULA.

I want you to know the wording of the EULA clearly states that the windows software is NOT part of the computer product. And that I was not billed for two separate products on my Best Buy invoice. And the software EULA notes that it can be refunded separately. The wording is so clear as to leave no doubt that they are offering you the opertunity for a refund. And the reason that this wording is in the EULA is because to force the consumer to pay for two products when they only wanted one is a potential illegal violation of sale.

Finally, an HP customer representative definitively said to me: "You wont ever get a refund from us!". He was obviously frustrated with my persistance.

So I reported the potential anti-trust violation to HP corporate. I quoted from their own corporate guidance manual the part that said "do not condition the sale of one product on the purchase of another". The manual called this "a red flag" under the heading of "possible anti-trust violations". But still they did nothing.

I sent the information to a legal consumer advocacy group in Toronto... and they said that they would be interested in persuing this in court if I was willing to work with them. So I thought hard about this and realized that it was all too much trouble to get the (maybe) $40 that I deserved.

Now my laptop is dated. So I called up HP just yesterday and asked them what their policy is regarding refunding people who decide not also pay for the operating system that package with their laptops. The support staff said: "I never heard of this" and "just a minute... let me talk to my manager". And I was flabergasted that they would continue to say this. In light of the fact that I know more people running Ubuntu then Windows. I am a techie... but certainly HP support staff should know of the issue by now and have a quick definitive answer for me.

I swear to you... if this ever happens to me again. I am going to proceed to the courts if they dont honor the EULA they wrote. Because now I feel like I am not so alone. I feel that people really need to stand up for what is right here, because so many are effected. It is just rediculous that there is a company who is repeatedly being rewarded for forcing people to buy a product that they dont want or need.

And what really gets me... is that not only are they continually trying to take money from me and offer no value in return... but now there trying to reinsert themselves into my life with this whole BIOS fiasco.

Generally... I like the idea of competition. But in this case, I wish this company were wiped from the map. Becuase for me, they are just theives who continually make it harder for me to have nothing to do with them.

Re:Basically, no love for proprietary kernel modul

Yeah, and transporters and warp drives too! Gee golly.

Re-license Linux

[Fri13]

Just change the Linux operating system license from GPLv2 to proprietary and thats it!
And while doing it, just copyright all source code for Microsoft same time.

Then justice would be served...

(Yeah, just trolling as I don't have anything better to say).

Re:Re-license Linux

[BitZtream]

You can't be trolling, you aren't even making any sense.

That's a whopper of an aside ....

[Wrath0fb0b]

Since, as SSL certification authority break-ins have shown, centralized trust systems are prone to abuse and offer dubious security benefits

Since, as recent hospital deaths due to MRSA and medical errors have shown, centralized medicine offers dubious health benefits?

Just because there have been failures doesn't make the system dubious at all. Even with all the failures accounted, SSL is a phenomenal success -- effectively protecting billions in eCommerce revenue, trillions of emails and untold other secrets. The fact that any Joe can sit down and go to ${site} and be nearly certain that their communication is authenticated and encrypted without the need to understand anything is a remarkable feat of engineering.

Re:That's a whopper of an aside ....

[ultranova]

The fact that any Joe can sit down and go to ${site} and be nearly certain that their communication is authenticated and encrypted without the need to understand anything is a remarkable feat of engineering.

It would be if it actually existed. As is, Joe needs to understand that if his browser starts giving security warnings, someone's probably trying to steal his credit card info. Joe also needs to understand that SSL can't protect him if he visits sites through links (because they might direct him to amaz0n.com instead of the real deal) and that if someone wants a key for obscuresite.com, they'll probably get it, whether they have anything to do with that site or not. Finally, Joe needs to understand that if his own machine is compromised (for example, by installing the cute cats screensaver a friend sent him as an email attachment), it's game over already.

So yes, Joe needs to understand what he's doing to use SSL succesfully, the same as in any other activity.

Re:That's a whopper of an aside ....

[gweihir]

The public X.509 PKI (what is used for SSL) is fundamentally broken. There are still a lot of people that do not get security and think otherwise, but those of higher competence in the IT security field have reached this consent a while ago. There is no-one with any credibility that disputes this. And it is not that the system has been broken in a surprising way that is unlike to happen again. The system has failed in the expected way and will fail time and again, because its architecture is fundamentally broken and cannot be fixed. We just have observed the attacks in practice now that have been predicted for a longer time.

Read a bit up on the issue before spouting nonsense like "Just because there have been failures doesn't make the system dubious at all." as nobody competent ever claimed that. It is the specific nature of the failures that shows the system is broken and cannot be fixed. Also, a security system does not measure its success by how many people use it, but by how much protection it actually provides. The sad fact of the matter is that the "billions in eCommerce revenue, trillions of emails and untold other secrets" were not protected by SSL (side note: SSL is unsuitable for email protection, have you researched the issue at all???), but because nobody tried sniffing them. Sniffing in the net is hard, most successful sniffing is done at or very close to the endpoints. SSL does not really help in these scenarios even if it were non-broken. So, no, SSL is not a success. It is a spectacular failure and that people trust it makes the failure worse, not better.

Some more notes: SSL does not authenticate communication. It does authenticate the server certificate. That is worth exactly as much as the CA is that issued the certificate and the check that the certificate actually belongs to the site done on client-side. Today that means basically no worth at all. I just recently had a e-banking application that did not validate the server-certificate _at_ _all_! A standard SSL proxy could be put into the connection and the app did not notice! We changed transactions with real money in the proxy to verify this and they went through! This was by a reputed European bank, and not by IT cretins like CitiBank. In addition, the client side does not get authenticated at all, giving raise to a number of attacks. These rarely done because end-user system security is so pathetically poor these days that other attacks are far cheaper.

Re:That's a whopper of an aside ....

[Wrath0fb0b]

I'm 100% certain that my connection to Gmail is protected by SSL/TLS, so I think you have to troll harder than merely saying that it is "unsuitable for email protection".

Re: #43044347

It's a shame people have to attack at a personal level rather than offer a logical reason/argument against his ideas.

Well, if you have no logical argument against his ideals and you're Steve Ballmer, what else can you do?

Clarifies?

[tokul]

What f..k and s..k thing not clear enough?

Linus is right

[gweihir]

Saying things like " If the user has explicitly enrolled a hash then they're stepping outside the trust model." indicates gross incompetence and fundamental non-understanding what security is. After all, all security must always reference back to the user as it is the user (and nobody else) that decides which OS/hardware/mechanism to trust in the first place. That initial security decision overrules all other considerations. If the user cannot be trusted, then all conceivable systems are broken from the start.

It is surprising how many people that have not the first idea what security is about are still active in this field. Fortunately, Linus gets it. His abrasive way of expressing himself may be controversial (although I had far, far worse and in addition complete baseless insults from customers when working as a consultant), but his competence and understanding are not in question. I really hope he stays firm on these issues, but I expect that he will.

Re: #43044347

It's not "non-existent" and MS didn't make secure boot, Intel did. MS is just an end user of a now open industry standard.

Intel started creating Secure Boot many years back because customer feedback was showing demand for this feature. So they started work on the framework, got it all setup, then opened it up to the rest of the industry to be an open standard. MS decided to make use of it.

If you want to blame someone for Secure Boot, blame IT for wanting it. They were sick of computers getting hijacked on the internal network.

Weird argument

Microsofts incompetence is OK, because Apple does it too? You are a crazy person.

Re:Weird argument

[Hes+Nikke]

I never said it was OK for either company. stop putting words in my mouth.

Re:Weird argument

You're still a crazy person.

No one, but no one

[Rogerborg]

Boots in the Imperial Palace without an order from the Emperor.

I just want my linux

[peawormsworth]

This is all very confusing to me. Im certain that I dont quite get it all yet. I just dont want to end up in a situation where Im required to hand control over to any single software or hardware company in order to run the software I TRUST. I could care less about Microsoft protecting their products against piracy. Good for them, do it. Because the tighter they hold on to their product, the more I expect others will find the value Ive found already in free operating systems and software.

In any case, to understand it a little more... I took a micro SD card with a linux installation on it down to my local Best Buy. Then I proceeded to reboot multiple computers to see if I could get linux running. In all case, I was able to get into the BIOS in order to get linux to successfully come up on those machines. I did this with about 10 or more computers to be sure and spread it across brands. Here is what I learned:

1. You have to shut of Secure Boot option and you need to turn off UEFI (to something like 'legacy' or 'CSM OS'). But all BIOS currently allowed this.

2. You cannot tell windows 8 to "SHUTDOWN" and expect to get into the BIOS. Shutdown simply performs a sleep to the hardrive... so you need to click "REBOOT" in order to have the computer recognize the Fn key to get into BIOS.

3. There is no standard on which keys to press to get into BIOS and it is not displayed on the screen during booting (not on any new computers at least). You have to guess and then try and try again... or read the computer manual I guess

4. Sony is the worst offender for having non standard BIOS access. I had to go home and research the manual to find out that BIOS accessed while the computer is OFF and then pressing a particular button on the side to bring up BIOS. Sony is strange.

5. The UBUNTU default kernel was able to detect and load all the sound cards, video cards, network cards that I tested it on. Although I think I also have the binary Broadcom module loaded, which may have helped.

6. I can "see" the Windows partitions of the main harddrive when I boot from the SD card into linux. However, when I wrote some files and made some directories, I was unable to "see" these changes when I rebooted into Windows. Although maybe I just didnt know how to find them... because I couldnt find the Windows shell terminal program I would use to easily navigate through the filesystem... and the Windows file manager is a real mess to use and ugly and seems to hide things from me for "my convenince" or something. Who knows what was going on... windows is a confusing and unfriendly operating system when you already know what you want to do. I would prefer the window manager not try to hold my hand so much while im busy working. Then again... maybe my attempts to write to the windows drive while running the linux OS was defeated by something in the BIOS security settings... although I though this was just for kernel and driver changes... but I repeat: I dont really understand what all this means.

7. In all cases I needed to restore the system to UEFI and Secure boot in order to get windows to run again. This would be a little irritating if I wanted dual boot and regularily switch between windows and linux. It would require BIOS access and changes for every switch. But not a big deal to me as I cant recall the last time I wanted to do that... nor can I recall a need for leaving any space on my hard drive for operating system i was forced to pay for but never used.

Anyhow... I do wish Microsoft all the best luck in stopping people from installing their OS on computers without pay for it. I really hope they succeed and drive more users to superior free software like linux. Maybe then we will get support to have manufacturing companies begin to honor the EULAs they write and start offering refunds for unused windows products. Because forcing the sale of one product on the condition of buying another is down right unamerican... as Sherman put it (https://en.wikipedia.org/wiki/Sherman_Antitrust_Act). And the

apathy

[crutchy]

when i first saw the heading i was expecting from linus something like "we should just ignore uefi... it's just not that bigger deal"

i honestly don't really know what all the fuss is about

i'll keep buying mobos from my local store or online and (assuming the have it) uefi will be disabled by default and i will assemble my new pc's as per usual

as for how it may affect anyone else... i really just don't give a fuck :)

Re:apathy

[peawormsworth]

I generally agree that if it doesnt effect my usage of linux... then I do not care.

I think the problem occurs if UEFI becomes a default for all BIOS systems and you can no longer run an operating system without using it. Because UEFI requires the blessing from Microsoft in order to have the keys approved (I think). Right now... this isnt the case and UEFI can be disabled. However, if linux distributions like RedHat and others begin to apply for keys through Microsoft then there is no reason for manufactures to not make UEFI the default.

I also think the concept behind UEFI is valid. In that it may protect the users from trojans or rootkits being inserted into the kernel or drivers. So linus is saying that instead of applying for the Microsoft approved method, that the linux community should be looking for more open solutions that do not involve any single company like Microsoft.

I think linus is asking: what does Microsoft have to do with linux security? and... is there any reason why the linux community should have anything to do with their methods of implementing it?

As a linux user, you know that Microsoft is largely irrelivent. Red Hat support of the UEFI model by applying for keys, allows Microsoft to reinsert themselves where they are simply not wanted or needed.

Re:apathy

[crutchy]

if mobo suppliers stop selling mobos that can't easily have linux installed, that's sayonara for much of their data center sales/upgrades.

i take comfort in knowing that corporate use of linux has already reached critical mass where hardware availability for linux is assured.

oem's are handy for those that don't know much about computers of just can't be assed or can't afford to fuck around installing anything better than whatever the current windows flavor is, but the real action is in components. always has been, always will be.

Re:apathy

[peawormsworth]

Its always bothered me that one of my laptop requires a closed source broadcom driver in order to get wireless working. It may be true that the desktop/server motherboards will always support booting from linux. And you can always build your own desktop/server from individually selected compatibele components. But that is not true when it comes to laptops. I cant select components to put together my own laptop. Instead I am forced to purchase a hardware package from a commercial computer hardware company (HP, Acer, Dell, etc). And these companies always answer to Microsoft first FYI: IMO Asus is the one company that is most linux friendly as most of their hardware components are open source compatible.

Re:apathy

[crutchy]

as far as laptops, i personally reckon asus would probably only be second best to toshiba; i prefer their quality as opposed to the garbage offered by hp, acer and dell (i made the mistake of giving a hp desktop machine a first birthday and sound drivers supplied by hp for the specific model and windows version didn't install).

maybe microsoft's "surface" disaster might help some of the oem's shed some of their risk in this area by at least offering the option of preinstalled ubuntu etc.
after all, at the end of the day its not microsoft that they have to answer to; it's their shareholders, and shareholders don't like risk.