Scali wrote:

gdjacobs wrote:

Even if a source tree makes reproducible builds, most Linux distributions won't have a matching binary signature for the bootloader as each has their own build infrastructure and may use a different release version as well.

As I tried to say in my previous post: Then they should stop doing that, because that's clearly not how the world works!

You seem to be resigned to let the whims of others dictate your own course, and yet you argue doggedly about your perception of those events. Truly an enigma.

I am not so willing to give up. You and I (or others, on either side) can disagree, and that's fine. Anything of importance deserves the consideration of alternative points of view. As you mention, the FSF is vehemently idealistic, and while I think they are indeed a little over-the-top, I'm thankful for this. It balances out the insidious lean towards corporatism. Sometimes you have to steer hard left to correct for a long trend of curving gently to the right.

Scali wrote:

It's just a tiny shim that loads the initial bootstrapper for your OS. So even if you want to make modifications to the boot process, there's really no reason to modify the bootloader itself, you just move that into your own bootstrapper.

Which just makes the whole idea pretty much pointless, as it can be trivially bypassed with ONE signed, yet malicious (or not!), shim. Secure Boot doesn't protect against modification, and as you've pointed out, doesn't protect anything after the initial hand-off. Thus, the transition to a secure, validated environment is woefully incomplete. Which leads me right back to the question... is this really designed to be secure? Or just a first step toward locking down an ecosystem?

Scali wrote:

As Linus Torvalds tried to say, people are making a big deal out of nothing.

Linus is a subject matter expert, but he is not God Almighty himself. One dude, with his own opinions. He's rather pragmatic and has his own unsentimental motivations. That is to say, I appreciate his insight and value his experience, but I don't particularly place much stock in his opinions.

386SX wrote:

If a bios become a sort of o.s. itself that's so complex may need many more updates what's the point to put security in such priority with smart logics the o.s. booting while the bios itself may become in the future a more serious source of problems?

I have nothing to add that would be more profound than this statement, I just believe it bears repeating.

I am not a defeatist. I don't believe the status quo is immutable. I think the computing industry is heading down a path where the needs of a few, the convenience of enterprises, and the apathy and ignorance of most others, will strip away the ability for mere mortals to build, maintain, and innovate on their own property. Right-to-Repair is already a canary in this coalmine. Everything we consider essential (insofar as technology itself is essential) is encumbered by patents and licenses -- and it doesn't have to be. It really, truly doesn't. It is the way the world is, but it isn't how it has to be.

SirNickity wrote:

You seem to be resigned to let the whims of others dictate your own course, and yet you argue doggedly about your perception of those events. Truly an enigma.

I take it you never heard the story of Don Quixote?
Other than that, I don't 'argue about my perceptions".
There's a lot of FUD and misinformation being spread (basically entirely by the anti-Secure Boot camp). I am just trying to correct that misinformation, by pointing out objective sources and giving background information.
Personally I don't think the issue of Secure Boot itself even warrants any argument whatsoever (just like how the sky is blue... you buy computers, they come with UEFI, Secure Boot and a Microsoft key preinstalled. Whether I think that's right or not isn't going to make any difference whatsoever). But if you want to argue against it, at least get your facts straight.

SirNickity wrote:

Linus is a subject matter expert, but he is not God Almighty himself. One dude, with his own opinions.

I never claimed otherwise (and those who read my blogs know how I think about Linus, no idea why you would even bother to interject such rhetoric).
Even if someone is not God Almighty himself, if the man makes sense, he makes sense.

no one in this thread is making any sense until everyone switches to windows 95 permanently

oeuvre wrote:

no one in this thread is making any sense until everyone switches to windows 95 permanently

Why go to 95 when we can go to 3.11 ? 🤣

Scali wrote:

SirNickity wrote:

Linus is a subject matter expert, but he is not God Almighty himself. One dude, with his own opinions.

I never claimed otherwise (and those who read my blogs know how I think about Linus, no idea why you would even bother to interject such rhetoric).
Even if someone is not God Almighty himself, if the man makes sense, he makes sense.

I don't read your blogs. (TBH, I wasn't even aware you wrote any. But that's neither here nor there.) Rhetoric? Speaking of claims never made, I hereby claim that I never claimed that you claimed anything. I just don't think Linus' ambivalence has any bearing on whether our fate is to accept Secure Boot, that's all. It's like telling people they should be using FAT32 whenever possible because Peter Norton once made a comment in a bar about it being a decent file system. This isn't a bullet point in an argument, it's just a "so what?"

I appreciate that you clearly spend a lot of time researching hardware, firmware, and software at a fairly deep level, and you've definitely set some of my own assumptions straight. But intentions behind some of these moves, and outlook of the future are not facts and can't be argued as such. You've got no position of authority there. Nobody does, save possibly those actually sitting on the UEFI committee. I'm sure you'll say "I never claimed to" but then proceed to dismiss opinions as being uninformed. We're talking around each other. You're pointing to specs, and you may be totally correct. I, and some others here, have been talking about motive and potential for abuse. Fundamentally different things.

Anyway, we're at a bit of a crossroads point, I think. Apple is poised to break off from the pack and take Mac OS to ARM at desktop scale. Whether they will or not, who knows. Nor would it necessarily mean much for PCs at large, other than weakening Intel's position of dominance by a few percent. Regardless, they are a trend-setter, inspiring ideas that trickle out into PC-land. They're also likely to ratchet the vendor lock even tighter. I don't like that, but I recognize it's both their hardware and their software, and so I see it more as a competitor to the Surface than a competitor to PCs in general. I don't have an issue with a Mac and a Surface being locked to their respective vendors' software, though I would prefer they weren't.

For that matter MS isn't even totally wed to the PC platform. They've strayed before, and likely will again.

More interesting to me, OSHW is tentatively poking at the cracks. Who knows. Linux itself was borne out of the desire for free Unix. Stranger things have happened. AMD could pull another x64 and beat Intel to the punch by deciding it's going to harness the open hardware movement. They would be a fantastic benefactor with the research and manufacturing clout to bring it to fruition. Anything could happen. I do not see the ubiquity of good-ol-boy relationships as inevitable as the sky is blue. As futile as it may be, I'll add one tiny annoying voice to the chorus of dissent and hope for the best.

bfcastello wrote:

Why go to 95 when we can go to 3.11 ? 🤣

3.11 is not an OS. It is just DOSSHELL where someone did a global string search-and-replace from "DOSSHELL" to "WINDOWS" and someone else redrew the icons. 😎

SirNickity wrote:

I don't read your blogs. (TBH, I wasn't even aware you wrote any. But that's neither here nor there.)

Back when the Secure Boot was a thing, I covered it in a few blogs, including this one:
https://scalibq.wordpress.com/2012/06/11/linu … oice-of-reason/

That was 2012 though, I didn't expect people to still be grossly misinformed about the issue in 2019.
In fact, I didn't think people would still have trouble accepting this reality 7 years after the fact.

Anyway, less than a week later, I wrote this blog, again about Linus:
https://scalibq.wordpress.com/2012/06/18/voic … f-reason-quite/

Clearly I'm not one to put Linus on a pedestal, and in many cases I think his opinions are poorly informed and not well thought out.
Secure Boot is actually one of the few times where I can agree with his stance and arguments.
So, long story short: obviously my reference to Linus should not be taken in the context that you're taking it.

SirNickity wrote:

You're pointing to specs, and you may be totally correct. I, and some others here, have been talking about motive and potential for abuse. Fundamentally different things.

'Motive and potential for abuse'. Yes that was based on the assumption that Microsoft was the one that came up with Secure Boot and forced it on vendors.
Specs and facts prove this assumption to be incorrect.
Indeed, fundamentally different things. Basically it's FUD and crackpot theories.

dr_st wrote:

bfcastello wrote:

Why go to 95 when we can go to 3.11 ? 🤣

3.11 is not an OS. It is just DOSSHELL where someone did a global string search-and-replace from "DOSSHELL" to "WINDOWS" and someone else redrew the icons. 😎

🤣. It's a different way to look at the things, but I can understand. I've always preferred Windows 3.11 over all other Windows.

Scali wrote:

'Motive and potential for abuse'. Yes that was based on the assumption that Microsoft was the one that came up with Secure Boot and forced it on vendors.
Specs and facts prove this assumption to be incorrect.
Indeed, fundamentally different things. Basically it's FUD and crackpot theories.

No, your assumption is wrong. I have no illusions that Microsoft "came up" with Secure Boot. I'm sure they've had some influence on it, and I'm sure they championed the hell out of it, once they saw the potential. That's not FUD, it's the track record of an organization that has literally created such conflicts of interest in the past, and then exploited them. Why should anyone believe this will be any different?

Intel's motivation is less obvious. They don't have a dog in the OS fight, directly, but their success is linked to Microsoft -- and open software (which can, in theory, move to another platform with little more than a recompile for the vast majority of code) might not behoove them. Moreover, Intel has been pivotal in changes to the PC architecture for decades. As evidenced in the manufacturing licenses debate last week, they're rarely altruistic.

You're an intelligent guy. I cannot comprehend that you don't see the potential for abuse in this. Even if you don't believe those intentions existed at the point of inception, or even today... I mean, is it just iron will playing devil's advocate, or do you actually not see the flaws in this approach? By that I mean, the ineffectiveness of the solution, the choice to rely on pre-installed vendor keys vs. a chain-of-trust system, and (if nothing else) the mere possibility this could end badly?

Anyway, I'll let it go. If you'd like to get in a last word, or throw in a personal attack for good measure, fire away. No minds have been changed during the course of this exercise -- the Internet wins again.

bfcastello wrote:

EDIT: I have a Win10 VM and I am actually in the works of tweaking its privacy settings to stop the telemetry data and other annoyances. I heard about a WinTweaker or something like that in this thread? Anyone know where can I find it? Much appreciated

https://winaero.com/download.php?view.1796

SirNickity wrote:

The concept that "the Linux community" could sign a bootloader doesn't seem reasonable to me, and this is a central issue I take with this design. Certificates are basically a "proof of origin" that aligns rather poorly with an ecosystem that is, by its very nature, decentralized. Red Hat could have a certificate. GNU probably could. Maybe all the distros could, individually. But since nobody really owns the source code, and it's problematic to assume anyone owns the binaries as well, signing binaries is just not a sensible approach.

Pretty much my point. There could be delegated certificates issued to major standards bodies (like the LF) who can then sign certificates at the bottom of the chain for individual distros. If your objective is to protect the boot process, it benefits you to spread signing authority broadly so long as identifies can be verified.

SirNickity wrote:

As a Gentoo user, the only binaries I get from my distro are the ones used to boot the live CD for installation. I can then choose to either proceed with a base OS underlay, precompiled (a "stage 3" install), or start from scratch and generate every byte of executable code starting with the C libraries, build system, etc. Either way, GRUB is not delivered as a precompiled package, it's delivered as source. So I would have to be able to sign the resulting binary with "Linux's" key, or go to all the trouble of standing up my own self-signed PKI and exporting that to the UEFI keychain. It's not impossible, so long as the UEFI implementation continues to allow importing new keys, but what am I getting from this?

Kernel level developers would probably want to operate with some sort of bypass, as would Gentoo and Arch users (LFS, BLFS, and Debian From Source users as well).

gdjacobs wrote:

Pretty much my point. There could be delegated certificates issued to major standards bodies (like the LF) who can then sign certificates at the bottom of the chain for individual distros. If your objective is to protect the boot process, it benefits you to spread signing authority broadly so long as identifies can be verified.

But you keep missing the point:
Secure Boot uses X509 certificates, so it basically adopted the system that SSL uses.
The problem is that you turn the responsibility around: You say "issued to major standard bodies (like the LF)".
But issuing certificates is not an active task of a Certificate Authority. The LF would need to *request* a certificate from one of these Certificate Authorities. A CA only issues certificates to organizations that request them. They don't go around randomly handing out certificates to whoever.
Had they just done that (as I already said), then they could have sent their key to all OEMs for inclusion in their firmware, just like Microsoft has done with their key.
But the LF just sat on their hands, so nothing happened, no key was obtained, and there was nothing to include for OEMs, even if they wanted to support linux.

The problem with 'delegated' certificates as in SSL doesn't really work in Secure Boot for obvious reasons: you cannot assume any kind of network connectivity, so you cannot 'bubble up' authority via the internet.
All keys have to be present in the keystore at startup.
So while theoretically you *could* give the LF a root certificate and give each linux distro a sub-certificate, there's little point:
Each linux distro key would have to be specifically included in the keystore. Which obviously means that new linux distros would run into the problem that their keys are not widespread yet.
Hence a single shared key is the more practical choice (just like MS uses only one key for all versions of Windows, rather than different keys for Windows Home, Professional, Server, Embedded etc).

A shared key is not a practical choice and the fact that it does not work with the Linux's open source way of things perfectly demonstrates that. Your only argument for pages and pages on this point has been: "So it doesn't work for them? Tough luck, they need to change!" My question is: "Why?" Secure Boot was an uncalled for industry standard and a total inconvenience. It is practical for many involved, including the US government itself, for the exact same reason it does not work with things they do not want to proliferate.

Also, you have absolutely failed to address 386SX's concerns on complicating the UEFI to the point that it becomes a mini-OS itself, prone to attacks. What will we do when the UEFI becomes targeted by malware?

appiah4 wrote:

A shared key is not a practical choice and the fact that it does not work with the Linux's open source way of things perfectly demonstrates that.

That's your perspective.
I say you have it backwards:
Linux' open source way of things is not a practical choice, and Secure Boot (as well as numerous other examples) perfectly demonstrates that.

In the FreeBSD world Secure Boot has never been an issue, and clearly FreeBSD is open source as well.
But since they don't use the GPLv3 license, they didn't have the problem that the license of their bootloader was incompatible with private/public key signing to begin with.
They just went the shim-approach, based on Matthew Garrett (Red Hat)'s work:
https://wiki.freebsd.org/SecureBoot

Scali wrote:

That's your perspective. I say you have it backwards: Linux' open source way of things is not a practical choice, and Secure Boo […]
Show full quote

appiah4 wrote:

A shared key is not a practical choice and the fact that it does not work with the Linux's open source way of things perfectly demonstrates that.

That's your perspective.
I say you have it backwards:
Linux' open source way of things is not a practical choice, and Secure Boot (as well as numerous other examples) perfectly demonstrates that.

So basically your whole argument boils down to "Fuck choice and freedom because I think this is better and I am sure I know better than you."

In the FreeBSD world Secure Boot has never been an issue, and clearly FreeBSD is open source as well.
But since they don't use the GPLv3 license, they didn't have the problem that the license of their bootloader was incompatible with private/public key signing to begin with.

There's a reason why a lot of people stick to Linux instead of FreeBSD out of principle and the GNU License is a fundamental part of that.

appiah4 wrote:

So basically your whole argument boils down to "Fuck choice and freedom because I think this is better and I am sure I know better than you."

No, again that is your perspective.
I'm saying: don't try to obtain control of things you can't control.
"Choice and freedom" is just hollow rhetoric, I personally find that rather immature.

appiah4 wrote:

There's a reason why a lot of people stick to Linux instead of FreeBSD and the GNU License is a fundamental part of that.

Speaking of immaturity. If you make choices, you have to live with the consequences.
Consequence of choosing linux/GPL is that you run into various limitations. The GPL has a way of painting you into a corner.
BSD is the most permissive open source license out there, and the least likely to run into any problems. One could argue that if you want "choice and freedom", BSD is where it's at.

Basically I'm sick of linux/GPL-advocates who make this choice, but can't face up to the consequences. They go cry that they can't have their cake and eat it. That's your choice, you knew that (or should have known).
The world does not revolve around GPL. Don't pretend like it does. I find these cries extremely childish.

Scali wrote:

No, again that is your perspective. I'm saying: don't try to obtain control of things you can't control. "Choice and freedom" is […]
Show full quote

appiah4 wrote:

So basically your whole argument boils down to "Fuck choice and freedom because I think this is better and I am sure I know better than you."

No, again that is your perspective.
I'm saying: don't try to obtain control of things you can't control.
"Choice and freedom" is just hollow rhetoric, I personally find that rather immature.

Do you have any idea how hollow "No, that's just your perspective" sounds in your defense? Your whole argument is that I have to accept and live with the fact because it was forced on me out of my control and I am an idiot for arguing against it because you are sure it is the right way of doing things. If that makes me sound immature, I can't even begin to put into words what it makes you sound like.

Scali wrote:

Speaking of immaturity. If you make choices, you have to live with the consequences. Consequence of choosing linux/GPL is that y […]
Show full quote

appiah4 wrote:

There's a reason why a lot of people stick to Linux instead of FreeBSD and the GNU License is a fundamental part of that.

Speaking of immaturity. If you make choices, you have to live with the consequences.
Consequence of choosing linux/GPL is that you run into various limitations. The GPL has a way of painting you into a corner.
BSD is the most permissive open source license out there, and the least likely to run into any problems. One could argue that if you want "choice and freedom", BSD is where it's at.

Logical fallacy alert. GPL did not paint Linux into a corner, Secure Boot did. God you are a true demagogue.

Scali wrote:

Basically I'm sick of linux/GPL-advocates who make this choice, but can't face up to the consequences. They go cry that they can't have their cake and eat it. That's your choice, you knew that (or should have known).
The world does not revolve around GPL. Don't pretend like it does. I find these cries extremely childish.

And with this, you lose all credibility and objectivity you had in the argument whatsoever. The amount of bias and opinionated nonsense in this statement is mind boggling.

appiah4 wrote:

Logical fallacy alert. GPL did not paint Linux into a corner, Secure Boot did. God you are a true demagogue.

Again, *your* perspective.
Not a logical fallacy in the least.
GPLv3 clearly paints you into a corner because it wants to prevent Tivoization. And Secure Boot happens to be a case of Tivoization.
Secure Boot does not prevent open source, it doesn't prevent choice, it doesn't prevent freedom. It is compatible with all these things: bootloaders may be open source. You may boot any signed bootloader you want, so you have choice and freedom.
The only thing it prevents (assuming it's enabled) is to boot bootloaders that have not been properly signed. Which is pretty much the whole point of Secure Boot.
GPLv3 would mean you'd have to provide the private key together with the source code, which obviously violates the whole concept of private/public key encryption.
Now how would that be Secure Boot's fault?

And I see we've arrived at personal insults again. More immaturity.

Scali wrote:

Again, *your* perspective. Not a logical fallacy in the least. GPLv3 clearly paints you into a corner because it wants to preven […]
Show full quote

appiah4 wrote:

Logical fallacy alert. GPL did not paint Linux into a corner, Secure Boot did. God you are a true demagogue.

Again, *your* perspective.
Not a logical fallacy in the least.
GPLv3 clearly paints you into a corner because it wants to prevent Tivoization. And Secure Boot happens to be a case of Tivoization.

And I see we've arrived at personal insults again. More immaturity.

There is not a single word of insult in my posts, I doublechecked to make sure before posting.

Demagogue is not an insult.

If anything, ad hominem started when you called me immature but I was mature enough to not reciprocate.

Secure Boot does not prevent open source, it doesn't prevent choice, it doesn't prevent freedom. It is compatible with all these […]
Show full quote

Secure Boot does not prevent open source, it doesn't prevent choice, it doesn't prevent freedom. It is compatible with all these things: bootloaders may be open source. You may boot any signed bootloader you want, so you have choice and freedom.
The only thing it prevents (assuming it's enabled) is to boot bootloaders that have not been properly signed. Which is pretty much the whole point of Secure Boot.
GPLv3 would mean you'd have to provide the private key together with the source code, which obviously violates the whole concept of private/public key encryption.
Now how would that be Secure Boot's fault?

People have repeatedly tried to explain to you why signed binaries as boot loaders does not work with Linux's way of doing things. You just don't want to understand. And for some reason, in your twisted way of thinking, Linux, which is a 28 year old OS, has to comply to an arbitrary standard and change the way it works because someone decreed so. With that, I am done here.

appiah4 wrote:

Demagogue is not an insult.

https://en.wikipedia.org/wiki/Demagogue

A demagogue /ˈdɛməɡɒɡ/ (from Greek δημαγωγός, a popular leader, a leader of a mob, from δῆμος, people, populace, the commons + ἀγωγός leading, leader)[1] or rabble-rouser[2][3] is a leader who gains popularity in a democracy by exploiting prejudice and ignorance to arouse the common people against elites, whipping up the passions of the crowd and shutting down reasoned deliberation.[1][4] Demagogues overturn established norms of political conduct, or promise or threaten to do so.[5]

And that is not to be taken as an insult?
And you want to compare that with describing immature behaviour as immature?

Heck, if anything, the prejudice and ignorance comes from the GPL/anti-Secure Boot-camp. I'm actually adding facts and background to the discussion in an attempt to *add* reason to the discussion.