Slashdot Mirror

← Back to Stories (view on slashdot.org)

Systemd Getting UEFI Boot Loader

Posted by Soulskill on from the one-module-among-many dept.

New submitter mrons writes: Many new features are coming for systemd. This includes the ability to do a full secure boot. As Lennart Poettering mentions in a Google+ comment: "This is really just about providing the tools to implement the full trust chain from the firmware to the host OS, if SecureBoot is available. ... Of course, if you don't have EFI SecureBoot, than nothing changes. Also if you turn it off, than nothing changes either. [sic]" Phoronix notes, "Gummiboot is a simple UEFI boot manager that's been around for a few years but only receives new work from time-to-time. Lennart and Kay Sievers are looking at adding Gummiboot to systemd to complete the safety chain of the boot process with UEFI Secure Boot. Systemd will communicate with this UEFI boot loader to ensure the system didn't boot into a compromised state."

48 of 471 comments (clear)

  1. tl;dr by fisted · · Score: 5, Funny

    Many features
    In the bloat
    Off to FreeBSD
    In a safety boat
    burma shave

    --
    CLI paste? paste.pr0.tips!
    1. Re: tl;dr by armanox · · Score: 5, Insightful

      I think the bigger complaint is that it's being added to systemd, not that it exists (Note that GRUB can already be used with secure boot). Lennart Poettering is pretty disliked for his abandonment of UNIX principles (the biggest one being portability), and somehow his software becomes the de facto standard in the Linux world, long before it is ready (PulseAudio anyone)? He creates issues and fractures the community, and then blames everyone else for the problems.

      --
      I'm starting to think GNU is the problem with "GNU/Linux" these days.
    2. Re:tl;dr by Ol+Olsoc · · Score: 3, Funny

      Many features

      In the bloat

      Off to FreeBSD

      In a safety boat

      burma shave

      systemd has got you itchin'

      would you please just quit your bitchin'?

      --
      The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
    3. Re:tl;dr by hcs_$reboot · · Score: 3

      That thing gets bigger by the day. Isn't there some kind of anti-virus or some' to get rid of it?

      --
      Slashdot, fix the reply notifications... You won't get away with it...
  2. Re:Makes sense by halivar · · Score: 4, Funny

    Just wait. One of these days I expect to read, "Systemd to get Emacs editor."

  3. Monopolist practices by Blaskowicz · · Score: 4, Funny

    This is an evil ploy to prevent freedom-seeking users from trying Windows 10 alongside Systemd OS.

  4. My FreeBSD Report: Four Months In by Anonymous Coward · · Score: 4, Interesting

    Just over four months ago, I updated my Debian testing workstation. To keep a long story short, systemd was installed, and my workstation basically got trashed. It no longer booted properly, and none of my attempts to fix it worked. I used a livecd to perform one final backup.

    I proceeded to install FreeBSD 10. In hindsight, I wish I had done this years ago. FreeBSD has worked almost perfectly for me. The installation was fast and actually quite simple. All of the open source software I used to use under Debian is available and easily installed. ZFS is amazing. My system feels faster than it ever did before. It has yet to crash even once, unlike Debian and Linux, where I'd get a kernel panic around once a month. The upgrade to FreeBSD 10.1 went very smoothly, with almost no effort on my part.

    I used to be disturbed by the recent degradation of the Debian project. But now I no longer care. Since moving to FreeBSD, I have no need for Debian. Debian is basically dead to me now. If it dies as a project, I don't care. FreeBSD does everything I need, and it does it better than Debian and Linux ever did.

    Good riddance, Debian. Good riddance, Linux. Good riddance, systemd. All of them are failures compared to FreeBSD.

    1. Re:My FreeBSD Report: Four Months In by kthreadd · · Score: 4, Insightful

      Just over four months ago, I updated my Debian testing workstation. To keep a long story short, systemd was installed, and my workstation basically got trashed. It no longer booted properly, and none of my attempts to fix it worked. I used a livecd to perform one final backup.

      Have you tried it on a stable OS release that has systemd? I assume you know that testing is a development branch and is supposed to break, otherwise it would be called stable. Fedora has been using it for years now and it has been fine.

    2. Re:My FreeBSD Report: Four Months In by donaldm · · Score: 5, Interesting

      Just over four months ago, I updated my Debian testing workstation. To keep a long story short, systemd was installed, and my workstation basically got trashed. It no longer booted properly, and none of my attempts to fix it worked. I used a livecd to perform one final backup.

      Have you tried it on a stable OS release that has systemd? I assume you know that testing is a development branch and is supposed to break, otherwise it would be called stable. Fedora has been using it for years now and it has been fine.

      I concur, I have been using Fedora for quite a few years and have never had a problem with systemd. I unfortunately think our words are totally wasted on the haters though .

      --
      There ain't no such thing as proprietary standards only proprietary formats. Standards are by definition open.
    3. Re:My FreeBSD Report: Four Months In by koinu · · Score: 5, Informative

      FreeBSD user here since over a decade. Welcome.

      You haven't seen FreeBSD crash? It only means that you haven't seen enough, yet. FreeBSD is a great system and I recommend it to everyone who can manage it, but you don't need to mention stability as a feature, because it is not the highlight about FreeBSD. You don't install a system and watch how stable it is, but how useful it is (for you and your special requirements).

      The best thing about FreeBSD are the FreeBSD Ports and how much commitment there is to make every possible application work on the system. You have basically far more possibilities and options than on Linux distributions thanks to the great job they are doing on this system.

      A second point is that it is easier to feel comfortable on the system, because the whole thing is consistent and easy to understand, provided you take some time and learn about the concepts.

    4. Re:My FreeBSD Report: Four Months In by RabidReindeer · · Score: 4, Funny

      Fedora has been using it for years now and it has been fine.

      Mostly fine.

    5. Re:My FreeBSD Report: Four Months In by Anonymous Coward · · Score: 4, Insightful

      That's the problem. There isn't a stable release with systemd. The code isn't audited, nor has it seen actual production testing. It was just foisted on the end users without any transition period, possibly breaking every single app that uses the init.d mechanism for starting and control.

      To boot, with systemd's ability to listen on the network, it has a good chance of becoming a massive remote root exploit in the waiting. Does it have any internal security? We can cross fingers that this large blob of new code does more harm than good, but all it takes is one glitch, and it would mean havoc worse than the RTM worm on the UNIX side ages ago, or the Windows worms in the early 2000s.

    6. Re:My FreeBSD Report: Four Months In by ruir · · Score: 4, Insightful

      Are you being dense in purpose? The problem is not learning something new, is imposing a political decision down your throat, and letting the cornerstone of open source, choice, out of the equation. Even in my testing servers where sysv was installed, an upgrade was forced to systemd breaking my corporate setup rules and my configurations. What the hell is that?

    7. Re:My FreeBSD Report: Four Months In by kthreadd · · Score: 5, Informative

      That's the problem. There isn't a stable release with systemd.

      Fedora has so far released six stable releases with systemd, and Red Hat shipped their first stable release with systemd last summer.

      The code isn't audited, nor has it seen actual production testing. It was just foisted on the end users without any transition period, possibly breaking every single app that uses the init.d mechanism for starting and control.

      It has been shipping in Fedora for the past four years, and in RHEL since last summer. If that's not production testing then what is?

      To boot, with systemd's ability to listen on the network, it has a good chance of becoming a massive remote root exploit in the waiting. Does it have any internal security? We can cross fingers that this large blob of new code does more harm than good, but all it takes is one glitch, and it would mean havoc worse than the RTM worm on the UNIX side ages ago, or the Windows worms in the early 2000s.

      Inetd has been doing that for years. It has since moved to a different project. Big deal?

    8. Re:My FreeBSD Report: Four Months In by Anonymous Coward · · Score: 4, Funny

      Does it have any internal security?

      It has UEFI Secure Boot. That means that it is now secure.

    9. Re:My FreeBSD Report: Four Months In by rahvin112 · · Score: 4, Insightful

      No, it's not "supposed to break"

      https://wiki.debian.org/Debian...

      The Unstable repositories are updated every 6 hours.

      Some times are safer than others to upgrade packages in unstable, as at any given time, one or more OngoingTransitions may render some packages uninstallable, or release critical bugs may affect key packages.

      Nearly every single time Debian has made major plumbing changes, by for example upgrading or changing major boot packages that run by default, they've broken testing. Read the archives and you'll even find times they've corrupted peoples drives. Maybe you should be aware of what you are using, for gods sake they have a warning when you install testing that you run the chance of total data loss and having to format and reinstall.

      But of course you know better than the Debian Developers!

    10. Re:My FreeBSD Report: Four Months In by rahvin112 · · Score: 4, Informative

      Not enough coffee this morning, I quoted Unstable. Testing has similar warnings and you will find that every time there is major plumbing changes testing breaks. It's inevitable as edge cases break things.

      Still, sometimes, especially when packages are being restructured, packages that are not quite releasable may get into the next-stable distribution. So, there may remain some of the fun of using a constantly evolving development distribution.

      Search the archives, there have been plenty of instances where a package pushed into testing broke people's machines. I remember several.

    11. Re:My FreeBSD Report: Four Months In by 0100010001010011 · · Score: 3, Informative

      https://en.wikipedia.org/wiki/...

      SystemD is fucked up by design. Do one thing. Do it right.

      Now they're taking a separate, barely updated UEFI bootloader and shoehorning it in as well. They would have been a bit better of at least starting from Grub2.

    12. Re:My FreeBSD Report: Four Months In by Anonymous Coward · · Score: 5, Funny

      Well, you see, I don't have a problem with systemd not working. My problem is that systemd is a great OS that lacks a decent init system.

    13. Re:My FreeBSD Report: Four Months In by squiggleslash · · Score: 5, Funny

      The best thing about FreeBSD are the FreeBSD Ports and how much commitment there is to make every possible application work on the system

      That's awesome. Has systemd been ported yet? That's the only absolute must-have I have that's keeping me in GNU/Linux, if systemd is available on FreeBSD I'll switch over tonight.

      --
      You are not alone. This is not normal. None of this is normal.
    14. Re:My FreeBSD Report: Four Months In by zdzichu · · Score: 3, Interesting

      They are doing one thing, and doing it right. They are providing much needed middleware and useful APIs, unifying Linux' Balkans.
      GRUB2 isn't the UEFI bootloader. It does much more, mainly in order to boot on legacy BIOS systems. I find gummiboot much better, I've been using it for years.

      --
      :wq
    15. Re:My FreeBSD Report: Four Months In by 0100010001010011 · · Score: 5, Interesting

      Have you tried it on a stable OS release that has systemd?

      You mean like Fedora/RH which has 4 'urgent' severity bugs with systemd

      Including one where systemd breaks Keyboard shortcuts handling in text virtual consoles on Redhat Enterprise Linux.

      If you lower the bar to "high" priority you get some fun ones like:

      Unable to boot when systemd's LogTarget is set to syslog-or-kmsg or syslog on RHEL7. (The devs left it at "Ok, dropping log messages even just from systemd itself isn't probaly a best way, but wee need more time for investigation." in September 2014).

      reboot or shutdown commands unresponsive during systemd-fsck

      systemd stuck when auto-mouting volume for NFS

      Systemd doesn't unmount all devices before calling reboot/halt and thus corrupts a clean RAID1

      These aren't "oops, I can't play MP3" level bugs.

    16. Re:My FreeBSD Report: Four Months In by 0100010001010011 · · Score: 3, Informative

      It WAS that way:

      A Linux-based system is a modular Unix-like operating system. It derives much of its basic design from principles established in Unix during the 1970s and 1980s. Such a system uses a monolithic kernel, the Linux kernel, which handles process control, networking, and peripheral and file system access. Device drivers are either integrated directly with the kernel or added as modules loaded while the system is running.

      Other people in this thread have already point out that the direction systemd is headed will leave us with 2 binaries: The kernel and systemd. What next, systemd incorporates a mysql server?

    17. Re:My FreeBSD Report: Four Months In by jbolden · · Score: 3, Insightful

      If the transition was going to be smooth it would have been wheezy not Jessie. They waited and so it was bumpy Had they waited longer it would have been more bumpy.

      As for not enforcing the need for sysvinit compatibility how did you want them to do that?

    18. Re:My FreeBSD Report: Four Months In by tlhIngan · · Score: 4, Informative

      The difference is that SysAdmins hate SystemD and FreeBSD is primarily developed by SysAdmins. When FreeBSD has to solve the same problems that SystemD is hoping to solve, FreeBSD will do it in a way that SysAdmins will be more comfortable with.

      SystemD is attempting to solve problems without understanding how they should best be solved. Get a decade or two of managing tens of thousands of servers, then come back and attempt to solve the problems, You'll probably do it a bit differently.

      More like different focuses.

      FreeBSD is nice, but it's very server-oriented. Sure you can use it on a desktop through ports, but everything's still basically assuming you're on a server.

      SystemD is like PulseAudio, CUPS, and NetworkManager - they're tools to handle the complex desktop use cases that don't exist with servers.

      Of course, one thing FreeBSD does have is a general guidance and an avoidance of the latest shiny or political plays, which means a lot of Linux cruftiness is avoided, so stability in that form means things don't change too much.

      But, desktop users have a lot of requirements that just cannot be band-aided over like they do in Linux where you have spitwads, gum and duct tape holding together a lot of the system. Sure it works, but it's an extremely fragile system that's just begging for breakage.

      Here's some use cases that are extremely common in a desktop, but not at all on a server, and how various packages handle them.

      Audio - modern desktops have multiple audio paths - from HDMI to plain old speaker/headphone/line outs. And new ones appear and disappear constantly (say, Bluetooth). And audio needs to be mixed because the user might be watching a YouTube video when the system needs to alert them via a system sound. Or say, the user is listening to music, and then a VoIP call comes in which means muting the audio from the music player and activating the communications audio path (which can be completely different audio paths - the music may play through a speaker path, while the VoIP takes place over a headset using either a separate set of ADCs and DACs, Bluetooth, or whatever). Or perhaps the user is listening to music over their A/V system using HDMI audio. Then they turn off their A/V system losing the audio connection - audio now needs to be transported to a secondary source transparently to the application (can't have apps crashing because the audio device disappeared). Or how about a user opening an audio device for exclusive use (low latency, bit-perfect, whatever), and the system needs to play a sound (VoIP, alert, whatever). If there's no other audio path, it's a too-bad situation. But if there's another set of speakers or audio, why not route that audio that way so the user can get the alert through a secondary audio path?

      Networks are just as tricky - you want to connect to many different networks with differing roles - perhaps if you're at home, you bring down the firewall, while if you're on the go, the firewall goes up and maybe the VPN does too. Suddenly media connections are very important too because once you disconnect, you don't know if the next attachment will be to a trusted or untrusted network. And the firewall may need to manage different rules - like perhaps the HTTP server is allowed on all networks - public, private, VPN, whatever, while say Samba should only be accessible on private networks only. Repeat for other applications as necessary.

      SystemD is similar - a lot of services these days aren't launched on the system's behalf, but on the user. Right now there are dozens of different ways to have services launch when you log in - every environment provides a different way of doing it and there's no standard, so perhaps if you need a service to launch on Ubuntu when you log in, it won't work on Fedora. That's a huge mess - why not have something that's good at managing processes do it? Sure you have system services that start up on system boot, but there are a lot

    19. Re:My FreeBSD Report: Four Months In by sconeu · · Score: 4, Funny

      Coming to Netflix this fall: "Systemd is the new EMACS"

      --
      General Relativity: Space-time tells matter where to go; Matter tells space-time what shape to be.
    20. Re:My FreeBSD Report: Four Months In by Bengie · · Score: 4, Insightful

      It has been shipping in Fedora for the past four years, and in RHEL since last summer. If that's not production testing then what is?

      And to think, enterprise users are still complaining about problems that SystemD is creating, but those issues are being shrugged off as "working as expected".

      To compare it, Windows 8 must be a success because it's been in production for a few years now. SystemD is nearly identical to Metro in every abstract way. The end users who care, don't want it, some people just accept it and think it's great. Well good for them, now give us an option to not use Metro/SystemD and let people who like it use it. the problem with SystemD is there is no option, everything breaks without it as more things become dependent on it.

    21. Re:My FreeBSD Report: Four Months In by blue9steel · · Score: 5, Funny

      What next, systemd incorporates a mysql server?

      How else would you properly store all your binary log files?

    22. Re:My FreeBSD Report: Four Months In by JWW · · Score: 3, Funny

      I stream that movie to find out which of the two monsters comes out on top.

      Or they could both die at the end ;-)

    23. Re:My FreeBSD Report: Four Months In by muirhead · · Score: 4, Funny

      That would be ridiculous. MySQL is so last year. systemD needs something far more Big Data.

    24. Re:My FreeBSD Report: Four Months In by Anonymous Coward · · Score: 3, Insightful

      What we're seeing is a real-life demonstration of "why you really shouldn't try to re-implement the first 4 network layers":

      Because you're going to make all the same mistakes that were stomped out of the Unix TCP/IP stack over the last 25 years.

  5. I can't wait! by dark.nebulae · · Score: 3, Funny

    This was the only piece that was missing from systemd.

    I'm sure now all of the growth will end and the community will start rallying around systemd.

    Hmm, is that hell freezing over outside?

    1. Re:I can't wait! by serviscope_minor · · Score: 5, Funny

      This was the only piece that was missing from systemd.

      It's still missing a good editor.

      --
      SJW n. One who posts facts.
    2. Re:I can't wait! by RabidReindeer · · Score: 5, Insightful

      "does everything you should want to do".

      Do you work for Apple?

    3. Re:I can't wait! by serviscope_minor · · Score: 4, Insightful

      It really is the one and only thing that Linux has been missing for more than 20 years.

      Oh gosh no. For the first time in about 10 years I can no longer get my laptop to sleep reliably using the sleep key, because systemd is eating the events and doing something with them. I've discussed it with various people online and off and no one has been able to help me figure it out.

      The thing is, maybe Linux did need a better boot process (though I've never seen any enormously convinving arguments as it's not like Linux never worked before systemd), but systemd seems to be a bit of a hive of complexity and opaqueness.

      The fact that I can't debug problems that didn't used to be problems is not an enormous point in its favour. It's that sort of reason why so many people are suspicious of it. Well, that and binary log files.

      and does everything you should want to do.

      Well, technically, "everything you should want" is a subset of "everything under the this sun and all others", so systemd does indeed qualify as doinng everything anyone wants.

      --
      SJW n. One who posts facts.
  6. Trust Chain? by Anonymous Coward · · Score: 5, Insightful

    With Lennart Poettering and Kay Sievers lol. 2 of the most untrustworthy and two faced developers in the Linux world.

    Something isn't quite right here

  7. slow to arrive. by nimbius · · Score: 5, Funny

    I for one have been waiting for the promise of a UEFI bootloader for some time, but as an avid Systemd fan I can't help but wonder when Pottering and the team are going to get off their lazy asses and implement a systemd version of the Kernel. The Kernel (linux, ganoo, whatever) is old, inefficient, and can be handled much better by systemd. dmesg is a confusing command too. to replace it in systemd you would just issue a simple systemctl service engage geiss wobble manager=1 --upchuck --lasermode /var/tmp/var/eng/lib/lib64/service/svc/portal/optimized/Skernel.wrapper to get the same data converted from a binary disk image into real text, imaginary text, a full color background, and a chart-topping indie song (--noyuke to remove yukelele) Its really quite simple and I dont understand why linux makes such a fuss about their old fashioned kernels.

    --
    Good people go to bed earlier.
  8. Re:So, UEFI is a good thing now? by ssam · · Score: 4, Insightful

    Can be used for good or evil. Depends if control is in the hands of the hardware manufacturers or the users.

  9. The Systemd of Everything? by Bent+Spoke · · Score: 5, Insightful

    The Systemd Consortium of Uber-Masters (SCUM) is proud to announce the finalization of it's acquisition of the NSA. Hot on the heels of absorbing the CIA and FBI, Vice Chancellor Lennart Poettering had this to say: ".. this brings us one step closer to our ulitimate goal of reducing complexity for the common man."

  10. I foresee... by Torp · · Score: 3, Funny

    ... a great many new contributors to BSD :)

    --
    I apologize for the lack of a signature.
    1. Re:I foresee... by rl117 · · Score: 3, Interesting

      Really? I can.

      I'm a Debian developer who has been moving slowly to using FreeBSD on more and more systems over the last year, displacing Debian use and development on those systems. I've started contributing in minor ways on the lists and the odd patch for the ports tree. I'll likely start packaging my stuff in ports and becoming increasingly more involved over time.

      I contribute to things I'm actively using. For the past 15 years, that was Debian. Unfortunately due to the best efforts of the systemd people, it looks like that's unlikely to continue, though I very much wish this was not the case. But reality can't be avoided, and this is where things are today.

    2. Re:I foresee... by rl117 · · Score: 3, Informative

      What stopped me? Many things. Here's a few.

      The systemd debate reduced the Debian lists to an endless flamewar over three years long. debian-devel is just toxic; it's not useful for any constructive development discussion. I unsubscribed from almost all the lists a year back. I can't describe how wearing and demotivating this is. Reading the archives since then, it hasn't improved.

      Most of the software I write for Debian is core systems programming stuff. Straight out of APUE (Stevens). Over the last year, I've had a stream of bug reports about things not working correctly under systemd. Some fairly fundamental POSIX syscalls and tools no longer have the same behaviour when running under systemd. By "design". That's a fairly huge compatibility break with every other UNIX-like system out there, and one which hasn't seen much attention. But I'm somehow expected to rework my code to work around the breakage systemd brought with it. Breakage which has nothing to do with me. Code which isn't even remotely anything to do with an init system and which is portable code running on many other systems. That's crossed a line. systemd can't and won't be supported.

      I can work on sysvinit, openrc to a lesser extent. For several years it's been all take and no give with the systemd people. We can't do work on integrating openrc since this would require support for runscripts in systemd. What's the chance of that? Zero. Any changes, even minor ones, require superhuman effort to achieve. Essentially, it's an uphill battle to do anything and Debian is no longer a pleasant or productive environment to work in, primarily thanks to the horrible "our way or the highway" attitude of the systemd people. Since when was free software about dictating how everyone must do things? Silly me, I used to think it was about having the personal freedom to tinker with things as I liked to meet my needs. I'm a volunteer, and I give up vast amounts of my life to contribute to free software and Debian. This was previously a fun, collaborative, productive endevour for which my efforts benefitted many people. It's now deeply unpleasant and I don't like being abused, ridiculed and trodden on by the systemd people and their enablers. I'll move on to new and better things. I spent the last decade as the primary maintainer of the core Debian build tools, and later of sysvinit. I've been invested in and contributed heavily to Debian for the last 15 years. Not something easily let go.

      We'll see how Devuan pans out. Until it does, I'll be carrying on the migration to FreeBSD.

      Altruism only goes so far.

  11. Re:You're joking, right? by Ol+Olsoc · · Score: 3, Interesting

    3-4 naysayers? More like the majority of the linux community.

    There's this thing called "The Fox News Bubble"

    You're in a Linux version of that. Would you please just switch to FreeBSD so all your problems will go away?

    --
    The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
  12. Re:Paper tape by kthreadd · · Score: 3, Informative

    If the user can change the keys then I don't see a problem with it, and there are plenty of UEFI motherboards where you can change the keys.

  13. What's coming next ... by Anonymous Coward · · Score: 5, Insightful

    Here's what sure looks like Mr Poettering's plan going forward:
    1. Expand systemd to the point where large swaths of everything depend on it, so that he is controlling as much of the code base as possible.
    2. Insult Linus Torvalds for a while to try to undermine his authority.
    3. Fork Linux, or demand that Linus give control of Linux over to him, or he will rage-quit and take his code with him.

    His goal doesn't seem to be great code (given the number of times he's screwed up big time), or great design (given that he seems to ignore everything Thompson, Ritchie, etc said about how Unix should work). It sure seems to be about becoming the Grand High Poobah of the open source world, without any idea what that actually takes.

    What he doesn't understand is that Linus is in charge because other open source developers genuinely respect his judgment. If Linus was doing a lousy job in his role, there would be calls for Alan Cox or someone else who's been in the inner circle forever to take over, and Linus might actually step aside. If, on the other hand, you're running around insulting everyone for no good reason, you're not going to have the respect of other developers, and they will quite happily shunt you aside, forking systemd if necessary to get rid of you, and life will go on.

  14. SJW tactics 101 by Anonymous Coward · · Score: 3, Informative

    Just look at this presentation, where a presenter dares to suggest that some people don't want Gnome, and then Lennart construes this (immediately) as an attack on handicapped people or people who don't speak English. I'm not exaggerating at all - as soon as someone even suggests doing things a different way, he'll just jump up and say, 'you must hate handicapped people.'

    In fact, this is exactly how Debian has turned now that it's been taken over by his cronies. Anyone who even dares to go against him and Gnome gets insta-banned.

    It's just a simple and very extreme case of playing the victim: pretending he's done nothing wrong and claiming all kinds of discrimination and personal attacks when people criticize him, even if they're just saying that they don't want to use systemd or whatever clusterfuckery he's come up with most recently.

    I've said it before and I'll say it again - Poettering and Co. are the new Steve Jobs Klan of open source, and we need immediate action to get rid of his influence. Everything he's doing for the Free Software community is bad and he should be excommunicated permanently.

  15. Re:So, UEFI is a good thing now? by Wyzard · · Score: 5, Interesting

    First of all, UEFI is more than Secure Boot. UEFI has been standard on PCs for the past few years, and on Macs ever since they switched to x86. Secure Boot is just a feature of some newer UEFI implementations.

    Second, Secure Boot is a legitimate security feature that helps to protect against boot-time malware. There's nothing inherently evil about it. The controversy is over who should have the power to decide which OS is considered trustworthy and allowed to boot: the owner of the computer, or the vendor of the OS that came preinstalled on the computer?

    Naturally, you don't want to buy a computer that doesn't let you choose which OS you trust. But if you have a computer that does give you that choice, why not take advantage of it? Seems to me that it's good to have hardware vendors see increased demand for machines that support securely booting the OS of your choice, as opposed to those where you just have to disable Secure Boot entirely if you want to run something other than Windows.

  16. Re:Not *that* unused by benjymouse · · Score: 3, Informative

    In Windows, it's not unheard of that a piece of malware with sufficient access interjects itself where the next boot will be picked up before the OS has a chance to set up it's own protection. Of course my complaint is that this vector would have easily been sidestepped without a huge firmware mess. If the OS set up access to that area as very very very very special, requiring signed code within the OS to modify that section of the platform, then the problem would have been solved. .

    Sorry, but no. If you knew anything about threat modelling and OS design, you would know that code running at a trust level cannot protect against other code running with the same trust. The x86 architecture does have 4 levels, but for a number of reasons (mostly portability) practically no OSes use more than 2 levels (rings): protected/kernel and user mode.

    What you are proposing is using a 3rd ring - something more privileged than kernel mode. This would constitute a major architectural redesign and would trash portability/compatibility with other architectures.

    The fact is that UEFI Secure Boot is a very effective mechanism for blocking boot sector infections. As Windows has grown ever more resilient against permanent infections (app/driver signing, checksum tables, strong named assembly cache etc) malware authors were forced into infecting at an earlier stage of the boot process, if they wanted to take up permanent residence.

    The OS kernel mode MUST have the capability to write all sectors of the disk. It can effectively block usermode apps from writing such sectors, but if kernel mode driver contains a vuln, rogue code can bypass any security mechanisms enforced by the kernel. It can just jump to the address efter the security check or control the IO itself.

    Bootkits exists for Wndows. It was a real threat. A few unscrupolous individuals (lookng at you Garett) chose to instigate a FUD campaign, deliberately misrepresenting facts and knowlingly failing to correct misunderstandings when they advanced their case.

    And you are still part of that.

    --
    Reading slashdot one-liner: (irm http://rss.slashdot.org/Slashdot/slashdot).rdf.item | fl title,desc*