Draft Fedora plan to cope with Secure Boot on x86 hardware

newer
Next meeting: Thursday the 17th of...

Chris Samuel

31 May 2012 31 May '12

6:43 a.m.

Hi all, Matthew Garrett has just posted a draft plan on how Fedora 18 plans to cope with Windows 8 certified x86 hardware that has Secure Boot enabled in EFI. http://mjg59.dreamwidth.org/12368.html Basically it involves signing up with Microsoft, paying a $99 one-off fee and then getting them to sign a boot shim that will boot Grub2 that has been signed by a Fedora key. Then it has to be signed code all the way down to user space, so no loading out-of-tree drivers, filesystems or other modules, either FLOSS or proprietary (and certainly not a custom kernels) whilst Secure Boot is enabled. For those who've not come across what this means, he has a nice summary: # Secure boot is built on the idea that all code that can touch the # hardware directly is trusted, and any untrusted code must go through # the trusted code. This can be circumvented if users can execute # arbitrary code in the kernel. So, we'll be moving to requiring # signed kernel modules and locking down certain aspects of kernel # functionality. The most obvious example is that it won't be possible # to access PCI regions directly from userspace, which means all # graphics cards will need kernel drivers. Userspace modesetting will # be a thing of the past. Again, disabling secure boot will disable # these restrictions. # # Signed modules are obviously troubling from a user perspective. # We'll be signing all the drivers that we ship, but what about out # of tree drivers? We don't have a good answer for that yet. As # before, we don't want any kind of solution that works for us # but doesn't work for other distributions. Fedora-only or # Ubuntu-only drivers are the last thing anyone wants, and this # really needs to be handled in a cross-distribution way. Interestingly he also shows that you can use Secure Boot to ensure that your system will only be able to boot Fedora (etc) and never boot a proprietary OS: # A system in custom mode should allow you to delete all existing keys # and replace them with your own. After that it's just a matter of # re-signing the Fedora bootloader (like I said, we'll be providing # tools and documentation for that) and you'll have a computer that # will boot Fedora but which will refuse to boot any Microsoft code. # It may be a little more awkward for desktops because you may have # to handle the Microsoft-signed UEFI drivers on your graphics and # network cards, but this is also solvable. I'm looking at ways to # implement a tool to allow you to automatically whitelist the # installed drivers. Barring firmware backdoors, it's possible to # configure secure boot such that your computer will only run software # you trust. Freedom means being allowed to run the software you want # to run, but it also means being able to choose the software you # don't want to run. Interesting times! cheers, Chris -- Chris Samuel : http://www.csamuel.org/ : Melbourne, VIC This email may come with a PGP signature as a file. Do not panic. For more info see: http://en.wikipedia.org/wiki/OpenPGP

Attachments:

signature.asc (application/pgp-signature — 482 bytes)

Show replies by date

Matt Giuca

31 May 31 May

11:38 a.m.

New subject: Draft Fedora plan to cope with Secure Boot on x86 hardware

Well, I'm pretty furious about this. Basically it involves signing up with Microsoft, paying a $99 one-off

...

fee and then getting them to sign a boot shim that will boot Grub2 that has been signed by a Fedora key. Then it has to be signed code all the way down to user space, so no loading out-of-tree drivers, filesystems or other modules, either FLOSS or proprietary (and certainly not a custom kernels) whilst Secure Boot is enabled.

I understand that it's a difficult circumstance, and I read the "You've Sold Out" section and all that... but this is ridiculous. We've already lost. We're giving Microsoft the keys to the entire kingdom. In what other industry would this argument work: "Microsoft basically have a monopoly on software because they force hardware vendors to sell hardware pre-loaded with their software. Instead of fixing this problem, we're going to literally give them the ability to block all of their competitors from being compatible with all of the hardware, and then sell compatibility back to their competitors." This has to be the most flagrant anti-trust violation I have seen. Okay, let me calm down and quote this bit from the article, just so readers don't get the wrong idea: While Microsoft have modified their original position and all x86 Windows

...

machines will be required to have a firmware option to disable this or to permit users to enrol their own keys, it's not really an option to force all our users to play with hard to find firmware settings before they can run Fedora.

So Microsoft is not *technically* enforcing this lock-down on competitors. But they are still clearly exerting enough pressure on competitors that they see no other option but to pay up and let Microsoft control the PC.

Bianca Gibson

12:38 p.m.

New subject: Draft Fedora plan to cope with Secure Boot on x86 hardware

I'm...not exactly happy either. On 31 May 2012 21:38, Matt Giuca wrote:

...

Well, I'm pretty furious about this.

I understand that it's a difficult circumstance, and I read the "You've Sold Out" section and all that... but this is ridiculous.

Please don't blame the fedora people for this. They are doing what they need to, it's not their fault. They have to do this if they want to offer mostly free software within the reach of people without specialist knowledge. It's really unfortunate that this is the best solution.

...

This has to be the most flagrant anti-trust violation I have seen.

I agree, it is ridiculous. A company controlling who has the right to compete against them is very ridiculous. Bianca

Matt Giuca

12:55 p.m.

New subject: Draft Fedora plan to cope with Secure Boot on x86 hardware

...

Please don't blame the fedora people for this. They are doing what they need to, it's not their fault. They have to do this if they want to offer mostly free software within the reach of people without specialist knowledge. It's really unfortunate that this is the best solution.

Yeah I know. I said on my Google Plus posthttps://plus.google.com/108688191891412975833/posts/Ty72kHyT9KV: "Did Fedora make the right choice? I honestly don't know, but it's disgraceful that it has come to this." I just don't know what to think about this, but I can't help feeling that getting into bed with Microsoft can't end well.

Bianca Gibson

1:13 p.m.

New subject: Draft Fedora plan to cope with Secure Boot on x86 hardware

On 31 May 2012 22:55, Matt Giuca wrote:

...

Yeah I know.

I said on my Google Plus posthttps://plus.google.com/108688191891412975833/posts/Ty72kHyT9KV: "Did Fedora make the right choice? I honestly don't know, but it's disgraceful that it has come to this."

OK, I just wanted to check.

...

I just don't know what to think about this, but I can't help feeling that getting into bed with Microsoft can't end well.

I think Fedora did as close to the right thing as exists in this situation. There is no solution that is entirely the right thing to do. I also think that we should kick up a fuss about it. I've put it on the agenda for the next Linux Aus council meeting, which is on the 13th of June, I'll let you know what comes out of that meeting. Bianca

Martin Ebourne

7 Jun 7 Jun

2:35 a.m.

New subject: Draft Fedora plan to cope with Secure Boot on x86 hardware

On Thu, 2012-05-31 at 22:55 +1000, Matt Giuca wrote:

...

...
Please don't blame the fedora people for this. They are doing what they need to, it's not their fault. They have to do this if they want to offer mostly free software within the reach of people without specialist knowledge. It's really unfortunate that this is the best solution.

Yeah I know.

I said on my Google Plus posthttps://plus.google.com/108688191891412975833/posts/Ty72kHyT9KV: "Did Fedora make the right choice? I honestly don't know, but it's disgraceful that it has come to this."

I just don't know what to think about this, but I can't help feeling that getting into bed with Microsoft can't end well.

Unfortunately it seems even the most basic link in this system - the security of Microsoft code signing - cannot be trusted as evidenced with windows update, and so secure boot will probably not be secure at all: http://www.symantec.com/connect/blogs/w32flamer-microsoft-windows-update-man... Meanwhile although x86 PCs are expected to have the ability to disable secure boot MS have decreed that in order to be certified for Windows 8 then ARM based systems *must not* have the ability to disable secure boot, thus completely blocking out all competitive platforms and ensuring a monopoly. With the huge growth in ARM based devices in recent years this is a disaster in progress. IMO this is just another DRM scheme (albeit one restricting the hardware rather than software or media) and like all DRM schemes it will provide minimal security against the people that matter while massively inconveniencing the users and denying them fair usage rights over the product they have purchased. Cheers, Martin

Matt Giuca

8:39 a.m.

New subject: Draft Fedora plan to cope with Secure Boot on x86 hardware

...

Meanwhile although x86 PCs are expected to have the ability to disable secure boot MS have decreed that in order to be certified for Windows 8 then ARM based systems *must not* have the ability to disable secure boot, thus completely blocking out all competitive platforms and ensuring a monopoly. With the huge growth in ARM based devices in recent years this is a disaster in progress.

I guess. I'm not *so* worried about the ARM situation because it only applies to Microsoft ARM devices (currently a very small percentage of the market), whereas Microsoft has a complete monopoly on x86 devices if you take out Apple. While there are a lot of new ARM devices coming out, Microsoft doesn't have the market power to require all of them be locked down. (Of course, Apple already requires all of their ARM devices be locked down as well -- IMHO that's a bigger threat than Microsoft in the mobile space, and one that's already been happening for many years.)

Dennis K

8 Jun 8 Jun

2:14 a.m.

New subject: Draft Fedora plan to cope with Secure Boot on x86 hardware

I think it is a given that companies which sell products, are going to place profits above the data security of their users. Therefore, what matters is not whether secure boot works, but whether it can be perceived as working by customers. It only becomes critical for the company whether it works or not, when the successful implementation of the technology enables them to secure and hold captive their market (ie, Apple). Given that secure boot doesn't really do this (though it is a side effect), having it work properly won't be a priority so I wouldn't be surprised if it ends up like DRM, an inconvenience. People are talking about the death of the PC, maybe secure boot will hasten the demise? It certainly seems to me that the American corporate model is hell bent on self destruction. Wait till China or India or another nation which doesn't so much care about this provide better freer alternatives. Not hard to do given the shoddy treatment that users are given from current IT providers. Then the US computer hardware industry will become what their car industry has become, an expensive, anachronistic, uncompetitive drain. On 06/07/2012 12:35 PM, Martin Ebourne wrote:

...

On Thu, 2012-05-31 at 22:55 +1000, Matt Giuca wrote:

...
...
Please don't blame the fedora people for this. They are doing what they need to, it's not their fault. They have to do this if they want to offer mostly free software within the reach of people without specialist knowledge. It's really unfortunate that this is the best solution.

Yeah I know.

I said on my Google Plus posthttps://plus.google.com/108688191891412975833/posts/Ty72kHyT9KV: "Did Fedora make the right choice? I honestly don't know, but it's disgraceful that it has come to this."

I just don't know what to think about this, but I can't help feeling that getting into bed with Microsoft can't end well.

Unfortunately it seems even the most basic link in this system - the security of Microsoft code signing - cannot be trusted as evidenced with windows update, and so secure boot will probably not be secure at all:

http://www.symantec.com/connect/blogs/w32flamer-microsoft-windows-update-man...

Meanwhile although x86 PCs are expected to have the ability to disable secure boot MS have decreed that in order to be certified for Windows 8 then ARM based systems *must not* have the ability to disable secure boot, thus completely blocking out all competitive platforms and ensuring a monopoly. With the huge growth in ARM based devices in recent years this is a disaster in progress.

IMO this is just another DRM scheme (albeit one restricting the hardware rather than software or media) and like all DRM schemes it will provide minimal security against the people that matter while massively inconveniencing the users and denying them fair usage rights over the product they have purchased.

Cheers, Martin

_______________________________________________ Free-software-melb mailing list Free-software-melb@lists.softwarefreedom.com.au http://lists.softwarefreedom.com.au/mailman/listinfo/free-software-melb

Ben Finney

2:28 a.m.

New subject: Incentives for corporations to protect consumer freedom (was: Draft Fedora plan to cope with Secure Boot on x86 hardware)

Dennis K writes:

...

I think it is a given that companies which sell products, are going to place profits above the data security of their users. Therefore, what matters is not whether secure boot works, but whether it can be perceived as working by customers. It only becomes critical for the company whether it works or not, when the successful implementation of the technology enables them to secure and hold captive their market (ie, Apple).

That's a succinct way of showing how the incentives operate differently to produce different behaviour from corporations. Shoddy security from the ones who only need it as a customer-facing checklist item; effective security from the ones who are protecting their own interests.

...

People are talking about the death of the PC, maybe secure boot will hasten the demise?

It hastens the demise of general-purpose computing; or, at least, it is a significant front in the ongoing war being waged against it URL:http://www.techdirt.com/articles/20111231/01431617249/ongoing-war-comput....

...

It certainly seems to me that the American corporate model is hell bent on self destruction. Wait till China or India or another nation which doesn't so much care about this provide better freer alternatives. Not hard to do given the shoddy treatment that users are given from current IT providers.

What makes you think China or India will actually produce organisations (corporations?) that have better incentives to support customer freedom? Yes, the US's corporate model has failed to do this. But I don't see how merely being a different country would necessarily make it produce better organisations; there are reasons to think they would be even worse in the field of people's freedom.

...

Then the US computer hardware industry will become what their car industry has become, an expensive, anachronistic, uncompetitive drain.

With that I agree. -- \ “A thing moderately good is not so good as it ought to be. | `\ Moderation in temper is always a virtue; but moderation in | _o__) principle is always a vice.” —Thomas Paine | Ben Finney

Dennis K

6:46 a.m.

New subject: Incentives for corporations to protect consumer freedom

On 06/08/2012 12:28 PM, Ben Finney wrote:

...

Dennis K writes:

...
I think it is a given that companies which sell products, are going to place profits above the data security of their users. Therefore, what matters is not whether secure boot works, but whether it can be perceived as working by customers. It only becomes critical for the company whether it works or not, when the successful implementation of the technology enables them to secure and hold captive their market (ie, Apple).

That's a succinct way of showing how the incentives operate differently to produce different behaviour from corporations. Shoddy security from the ones who only need it as a customer-facing checklist item; effective security from the ones who are protecting their own interests.

...
People are talking about the death of the PC, maybe secure boot will hasten the demise?

It hastens the demise of general-purpose computing; or, at least, it is a significant front in the ongoing war being waged against it URL:http://www.techdirt.com/articles/20111231/01431617249/ongoing-war-comput....

I think its a losing war. The worst case scenario is that we have to endure a decade or so of shoddy products and watch parts of the industry crash, whither and die and wait for something better to replace the gaps. Remember "Win Modems"? They were awful software-driven devices, which required Windows specific drivers to work. That was the trend, away form hardware based modem to software driven ones, but that nightmarish scenario disappeared almost overnight. Now we use modem/routers that you can use with any OS, and with some of them, load your own OS onto them. We endured years of crappy modems for nothing, because in the end, we now use hardware based/OS agnostic modems anyway which offer greater freedom. DVD players had region codes to 'lock' markets, then we discovered that cheap DVD players from China didn't bother with those codes because, well, why should the Chinese manufacturers care about Brad Pitt's paycheck? Now the region codes are meaningless and a historical curiosity. Even Apple dropped DRM and I can freely play any MP3 on an iPod.

...

...
It certainly seems to me that the American corporate model is hell bent on self destruction. Wait till China or India or another nation which doesn't so much care about this provide better freer alternatives. Not hard to do given the shoddy treatment that users are given from current IT providers.

What makes you think China or India will actually produce organisations (corporations?) that have better incentives to support customer freedom?

I think there is a different culture there. I was speaking with a regulator who was auditing a pharmaceutical plant in China, and he picked up that they were missing a separate change room which had its own isolated air system. The next morning when he turned up, the room had been built and qualified and was in use. When they need a city, they just build it. There simply isn't much tolerance or perceived need for obstacles which prevent things from getting done. What is secure-boot, other than an obstacle to its users? What is DRM other than an obstacle to its users? Sure, some people want it, but it costs money, requires serious efforts and hamstrings the product. Thats not to say that it will last, or that even they might be able to compete, but there is a possibility, an opportunity there.

...

Yes, the US's corporate model has failed to do this. But I don't see how merely being a different country would necessarily make it produce better organisations; there are reasons to think they would be even worse in the field of people's freedom.

It's not so much that its a different country, but that its a new economy which hasn't gotten to the "fat, lazy" stage yet. I'm sure, given time, any company will become lazy and undynamic. Locking customers in and using laws to keep them captive isn't innovative at all, yet that's what passes for innovation now. It's the symptom of a degenerate industry, and one that won't survive against true innovation. It's no wonder that Western economies are in such bad shape, when this nonsense like secure-boot is considered innovation.

...

...
Then the US computer hardware industry will become what their car industry has become, an expensive, anachronistic, uncompetitive drain.

With that I agree.

Patrick Sunter

14 Jun 14 Jun

1:24 a.m.

New subject: Incentives for corporations to protect consumer freedom (was: Draft Fedora plan to cope with Secure Boot on x86 hardware)

Just responding to one point below... <snip> On Fri, Jun 8, 2012 at 12:28 PM, Ben Finney wrote:

...

...
It certainly seems to me that the American corporate model is hell bent on self destruction. Wait till China or India or another nation which doesn't so much care about this provide better freer alternatives. Not hard to do given the shoddy treatment that users are given from current IT providers.

What makes you think China or India will actually produce organisations (corporations?) that have better incentives to support customer freedom?

Yes, the US's corporate model has failed to do this. But I don't see how merely being a different country would necessarily make it produce better organisations; there are reasons to think they would be even worse in the field of people's freedom.

Agree as a general point, and lord knows in civil society and government China has a long way to go in the direction of freedom of speech etc ;) But - product manufacturers in China arguably have a pretty strong incentive to try and route around competing based on "IP", and instead try to gain market share via efficient low-cost production. A purported example of this is the "Shanzai" group of manufacturers of electronics: http://p2pfoundation.net/Shanzhai An effort to describe the 'rules of Shanzai' include: 1) Design nothing from scratch; rather, build on the best of what others have already done. 2) Innovate the production process for speed and small-scale cost savings. 3) Share as much information as you can to make it easy for others to add value to your process. 4) Don’t make it until you’ve already got a buyer. 5) Act responsibly within the supply chain. -- Pat.

Dennis K

8:38 a.m.

New subject: Incentives for corporations to protect consumer freedom

On 14/06/12 11:24, Patrick Sunter wrote:

...

Design nothing from scratch; rather, build on the best of what others have already done.

"Design nothing from scratch; rather, build on the best of what others have already done." That quote sums up Chinas manufacturing and development to a tee.

4480

Age (days ago)

4494

Last active (days ago)

List overview

Download

11 comments

7 participants

participants (7)

Ben Finney
Bianca Gibson
Chris Samuel
Dennis K
Martin Ebourne
Matt Giuca
Patrick Sunter