Ok, let that be a given (albeit one that would raise a few eyebrows at my work) - how do you propose to have a bit of memory that can only be written by the bootloader? Aren't there enough exploits out there that target the BIOS?
You say it yourself: problem with well-tested hash functions is that, without a secret, they are prone to collision attacks. Why and how do you think that the hash-function can be replaced? That is an attack vector in itself!
Secure boot is fantastic: the appliances I make require it, and will require it in the years to come. To be able to use run-of-the-mill hardware for my appliances would be great. But I think there's a lot of ignorance of how many ways there are to implement it. And frankly, there is no way to avoid that the way with which appliance makers would be most happy, is also the way with the FSF would be most unhappy: you tinkering with your own hardware, from that perspective, is the same as the American secret service tampering with it, after all. The first is great, the second is the reason secure boot exists, from my perspective.
However, there are less-evil solutions: a switch on the motherboard, for example, to create a read-only bootloader memory or that same switch, allowing you to sign your bootloader. That would require physical access to your computer, which you can cover in other ways (a seal, for example).
Yes, there is an existing problem. Even if YOU don't suffer from it, many people and situations require it. Dismissing it with a hand-wave, as you seem to be doing, is just short-sighted. Yes, vendor lock-in is a potential problem, but otherwise secure boot is a fantastic feature. We need to sit down and agree on how it's implemented.
But only in the US someone would be shown the door for wanting to buy too many things. Because, you know, the US is the birthplace of capitalism and all that.
The problem is that, when you propose what you propose to a security nerd (as I am), they'll respond with a list of demands to completely cover the entire security umbrella (what about physical access? what about multi-factor authentication? what about... etc) that will make you want to renege on your proposal. Too many requirements, too entangled with hardware and people.
What security nerds often fail to realize is that sometimes, *some* security is good enough. Not all situations involve wiring millions of dollars while living under a dictatorship because you have AIDS (exagerated example).
Take for example https. Yes, it's supposed to protect you from people who aren't who they claim to be, and yes, it would be nice if there was some international, reliable arbitrage of that. However, a) it doesn't always work and b) it prevents people from implementing completely reliable alternatives and using self-signed certs (or no certs at all - just do some Diffie-Hellman and only have confidentiality). Which, under many, many circumstances is _good_enough_.
It isn't about the kernel - it's about the boot loader. And yes, I agree that there should be a dip switch on the motherboard that disables secure boot (letting this know to the boot loaders, so that they won't boot potentially).
"It's a tax, an inconvenience, and it does absolutely nothing in reality to protect the end user."
Yes it does, it's just that you don't see it. Probably because the end user scenarios that you can think of, don't involve it. But when a box is properly tamper-evident, secure boot does a whole lot to a particular class of machines. For most purposes, it throws a big spanner in the works of the whole 'if you have access to the hardware, you have access to everything' mantra.
I'm sure that Apple still aren't swayed by the power of this particular judge - after all, all he can do is increase the fine by something that still will not be significant compared to Apple's bottom-line, but all the eyes of the world are now moving in Apple's direction. And what Apple first thought was a great joke, turns out to be more like a joke that silences the party.
Slashdot Mirror
Ok, let that be a given (albeit one that would raise a few eyebrows at my work) - how do you propose to have a bit of memory that can only be written by the bootloader? Aren't there enough exploits out there that target the BIOS?
You say it yourself: problem with well-tested hash functions is that, without a secret, they are prone to collision attacks. Why and how do you think that the hash-function can be replaced? That is an attack vector in itself!
Except for when the key inside the CPU somehow leaks.
Secure boot is fantastic: the appliances I make require it, and will require it in the years to come. To be able to use run-of-the-mill hardware for my appliances would be great. But I think there's a lot of ignorance of how many ways there are to implement it. And frankly, there is no way to avoid that the way with which appliance makers would be most happy, is also the way with the FSF would be most unhappy: you tinkering with your own hardware, from that perspective, is the same as the American secret service tampering with it, after all. The first is great, the second is the reason secure boot exists, from my perspective.
However, there are less-evil solutions: a switch on the motherboard, for example, to create a read-only bootloader memory or that same switch, allowing you to sign your bootloader. That would require physical access to your computer, which you can cover in other ways (a seal, for example).
Huh? Macs boot nothing but UEFI these days.
Yes, there is an existing problem. Even if YOU don't suffer from it, many people and situations require it. Dismissing it with a hand-wave, as you seem to be doing, is just short-sighted. Yes, vendor lock-in is a potential problem, but otherwise secure boot is a fantastic feature. We need to sit down and agree on how it's implemented.
You already have a treaty. It's called interpol, and Saudi used it last year to have a cartoonist extradited.
No. This is what you have to learn about art. Art doesn't strive to be realistic. It strives to resonate a message with you in a satisfactory manner.
Well it does tend to shrink when it gets colder, doesn't it?
You're doing what annoying people sometimes do at conferences: disguising an overly pompous and wordy opinion as a question. Don't do that.
But only in the US someone would be shown the door for wanting to buy too many things. Because, you know, the US is the birthplace of capitalism and all that.
It's returning though - Damen now build in Romania.
We have the same problem. With an obscure little country called the USA.
Sorry, but the hypocrisy is staggering. We are NOT allowed to even bring an encrypted laptop across US borders.
An even better one is:
"We're fiterling to get a copy of all your porn, so we can hold something over your head when we find it expedient. Now go make us rich."
The problem is that, when you propose what you propose to a security nerd (as I am), they'll respond with a list of demands to completely cover the entire security umbrella (what about physical access? what about multi-factor authentication? what about ... etc) that will make you want to renege on your proposal. Too many requirements, too entangled with hardware and people.
What security nerds often fail to realize is that sometimes, *some* security is good enough. Not all situations involve wiring millions of dollars while living under a dictatorship because you have AIDS (exagerated example).
Take for example https. Yes, it's supposed to protect you from people who aren't who they claim to be, and yes, it would be nice if there was some international, reliable arbitrage of that. However, a) it doesn't always work and b) it prevents people from implementing completely reliable alternatives and using self-signed certs (or no certs at all - just do some Diffie-Hellman and only have confidentiality). Which, under many, many circumstances is _good_enough_.
It isn't about the kernel - it's about the boot loader. And yes, I agree that there should be a dip switch on the motherboard that disables secure boot (letting this know to the boot loaders, so that they won't boot potentially).
"It's a tax, an inconvenience, and it does absolutely nothing in reality to protect the end user."
Yes it does, it's just that you don't see it. Probably because the end user scenarios that you can think of, don't involve it. But when a box is properly tamper-evident, secure boot does a whole lot to a particular class of machines. For most purposes, it throws a big spanner in the works of the whole 'if you have access to the hardware, you have access to everything' mantra.
Because secure boot actually has real, nice consequences, open source or not?
And - could you really fit her into your basement somewhere.
She uses 'I was like', 'they were like' an awful lot. That, to me, is not the sign of an intelligent person.
And you consider 5 years a long time? I think that just shows that you don't work with SCADA systems.
It sound like you need someone at marketing. Or product management.
Since I don't believe in any god, to me, that's completely indistinguishable. God IS 'opinions about god'.
As the grandparent said: god is the problem. Not the solution.
It's funny how your post and your sig contradict each other. /Got no stick in this fire.
I'm sure that Apple still aren't swayed by the power of this particular judge - after all, all he can do is increase the fine by something that still will not be significant compared to Apple's bottom-line, but all the eyes of the world are now moving in Apple's direction. And what Apple first thought was a great joke, turns out to be more like a joke that silences the party.