

Shuttleworth on Ubuntu Linux, Fedora, and the UEFI problem - tanglesome
http://www.zdnet.com/blog/open-source/shuttleworth-on-ubuntu-linux-fedora-and-the-uefi-problem/11270

======
hexis
The fact is that user control will always be a "security risk" and that there
will therefore be a reasonable case to be made that use control should be
restricted. A strong response to this line of argument is the Free Software
perspective, where user control of a computer is a matter of liberty, not
security. Freedom can be messy, it can result in a rootkit, but it's something
many people value.

~~~
zokier
Reminds me of Stallman advocating that all computer users should have root
access.

~~~
drcube
I don't see why this is controversial, especially if you replace "users" with
"owners".

------
jtsagata
I will never buy any hardware, with any vendor specific keys inside. If Ubuntu
or Redhat enter any key at hardware i will never use that distros again. My
computer is mine. It does not belongs to Microsoft or to Redhat or to
Canonical or to anyone else. I'am even willing to pay more money to buy
hardware that i really own, if i have no other option.

------
japhyr
I run a project at my high school where students install linux on donated
laptops, and use them for a variety of purposes. I read these articles and
wonder if this project will come to a screeching halt.

Since our donated laptops are usually 3-5 years old, it seems the project will
be able to continue for about that long without any UEFI-related problems. It
seems we will start having problems when UEFI-based laptops are old enough to
start being donated to us.

Is my understanding reasonable? It is pretty discouraging to think that this
project will continue to evolve, only to hit a brick wall in the next 3-5
years.

~~~
smacktoward
It's bad, but not _quite_ as bad as that. The UEFI spec doesn't explicitly
disallow making Secure Boot a toggle-able option, so some OEMs (like Dell:
[http://www.osnews.com/story/25293/Dell_HP_Respond_to_Secure_...](http://www.osnews.com/story/25293/Dell_HP_Respond_to_Secure_Boot_Issue))
are planning to ship with it on but let you turn it off in the BIOS options if
you want to. So someone technically knowledgeable could switch it off in your
laptops before you hand them out to students.

Still two big "ifs" there, though:

1) You can turn it off _if_ the OEM gives you the option to, and OEMs are
under no obligation to do so; and

2) All of the above is only true for x86 machines; for ARM-based systems,
Microsoft is _requiring_ that no option be provided for the user to disable
Secure Boot (see [http://blogs.computerworlduk.com/open-
enterprise/2012/01/is-...](http://blogs.computerworlduk.com/open-
enterprise/2012/01/is-microsoft-blocking-linux-booting-on-arm-based-
hardware/index.htm)).

So the upshot is that _if_ your hardware comes from a cooperative OEM, and
_if_ it runs on x86, the impact on you will be minimal -- just flipping a
switch. But ARM systems and systems from uncooperative OEMs will be locked, so
you won't be able to assume that any laptop that comes in over the transom
will be useful to you anymore. (ARM laptops are uncommon today, but after
Windows RT launches they may become more common.)

EDIT: Looks like since the last time I looked at this issue MS made it
mandatory for OEMs to allow users to be able to turn off Secure Boot on x86,
see comments below. So having to worry about which OEMs allow it and which
don't isn't an issue. ARM systems still can't let users disable it, though.

~~~
zokier
>1) You can turn it off if the OEM gives you the option to, and OEMs are under
no obligation to do so; and

Wrong.

>Mandatory. Enable/Disable Secure Boot. On non-ARM systems, it is required to
implement the ability to disable Secure Boot via firmware setup. A physically
present user must be allowed to disable Secure Boot via firmware setup without
possession of PKpriv. A Windows Server may also disable Secure Boot remotely
using a strongly authenticated (preferably public-key based) out-of-band
management connection, such as to a baseboard management controller or service
processor. Programmatic disabling of Secure Boot either during Boot Services
or after exiting EFI Boot Services MUST NOT be possible. Disabling Secure Boot
must not be possible on ARM systems.

Source:

Windows Hardware Certification requirements

[http://msdn.microsoft.com/en-
us/library/windows/hardware/jj1...](http://msdn.microsoft.com/en-
us/library/windows/hardware/jj128256)

~~~
japhyr
Does this mean you'd just toggle a BIOS setting to disable secure booting?

~~~
zokier
s/BIOS/UEFI/

Yes, that is exactly what it means.

------
WiseWeasel
This seems like the job for an independent non-profit organization. We need a
trusted third party to rubber-stamp software signing until particular packages
are flagged for malicious or incompetent behavior. It shouldn't be Microsoft
_or_ Canonical.

~~~
jiggy2011
I was thinking about this. It appears that software development is headed to
become a regulated profession but the regulators will be the hardware
manufacturers and platform providers.

There might be value in having a recognized "professional body" where
membership can be revoked but having a rubber stamp issued by such an org
allows the developers code to bypass a lot of the BS.

So "thou shalt not write malware" as opposed to "thou shalt not harm the
interests of the platform vendor".

~~~
WiseWeasel
That's likely a glimpse of our future, since it's been tried so many times in
the past, but I wish we could implement something a little more automated,
decentralized and less prone to human failures than a single professional
ruling body with permanent expulsion for "delinquents".

Maybe Github could offer a service to sign your software, free for open
source, and pay for closed. They might run some kind of automated testing on
your source for deviant behavior and to ensure quality, sign it, and revoke
its keys if verified complaints are submitted. If the author is found to have
malicious intent, then Github could ban him/revoke all his keys, and maybe a
competitor could choose to sign his software instead, possibly one
specializing in high-risk customers.

------
methodin
What are the actual problems Microsoft is ostensibly trying to fix with a
secured bootloader? Something related to viruses/hacks or something else
entirely?

~~~
sixbrx
I also wonder at the utility of this for end user machines. On end user
machines, the valuable and secret data is _owned by the user_ , is volatile
(not protectable at the OS level with current OS's which have no idea when/how
user owned data should be changing), and furthermore is accessed and modified
using processes owned by the user. Confused deputy process which are owned by
the user seem much more likely to me to do real damage on a home machine.

Which is not to say that this technology is useless, boot-level attacks are
important to defend against even if they aren't common now. But one has to
wonder whether the costs are worth the benefit, on end user machines?

~~~
zokier
Botnets often cause little to no perceptible harm to the users of the zombies
machines. I've heard of cases where the viruses actually attempted to improve
the computers security to keep other viruses out and gain exclusive access to
it. But still most agree that fighting botnets is important.

Note that I'm not saying that Secure Boot is significant in the battle against
bots, but rather that security is important even if there is not immediate
benefits to the users of that particular machine.

------
drcube
I think there is a big presumption here that Microsoft will continue to
dominate the tablet/mobile/ARM world like they historically have the
desktop/laptop world. I don't see any reason to believe they will. They are
grasping at straws here.

Frankly I can't wait for the rise of great UEFI Android tablets that lock out
Windows OSes as "insecure". (Most Windows users won't know how to turn off
secure boot. I hope Android doesn't actually permanently lock anything down.)
Then watch Redmond accuse Google of anti-competitive behavior, going against
the users wishes, and general mean-spirited-ness.

------
rogerbraun
I can't see how Microsoft thinks that this can survive an antitrust case in
Europe.

~~~
zokier
The situation with Secure Boot is bit like requiring admin rights to install
Firefox. Neither is likely to trigger antitrust cases anywhere.

~~~
hippich
the only problem here is that in case of ARM devices, truly admin is only one
- Microsoft. IMHO perfect antitrust case.

~~~
zokier
MS does not have significant enough marketshare in ARM devices to trigger
antitrust case.

------
joelthelion
I wonder if someone isn't going to crack it after a few days and it will be
the end of the story?

~~~
takluyver
That's sufficiently unlikely that we shouldn't be relying on it:
<http://mjg59.dreamwidth.org/12897.html>

------
dimecyborg
If MicroSoft can implement a Secure Boot. Linux will implement it much better
:)

~~~
zokier
"Implementing" Secure Boot afaik basically means appending a signature to your
bootloader. Not exactly rocket science, nor much room for improvement.

------
brudgers
People can continue the sport of throwing Microsoft under the bus. But twenty
years on, there isn't enough commercial demand for Linux laptops to create
market meaningful enough that UEFI implementation will affect a laptop
manufacturer's sales.

It's great that Linux is out there. I use Ubuntu for the virtual machine I use
exclusively for Facebook. I use another copy for the virtual machine I use
exclusively for Linkedin, and Xbuntu for the one by which I access Gmail.

The very fact I use Linux at all places me in a tiny slice of the computer
culture - the fact that I am running Linux in a virtual machine is without a
doubt not a particularly distinguishing feature.

I've been reading _Hackers and Painters_. And the problem with Linux is that
it's proponents lack empathy (in Paul Graham's sense). Nobody is going to give
their mother a Linux box - PG even talks about his mother's Mac needing an
upgrade.

There aren't any Linux laptops at your local BestBuy today because regular
people don't want them...and BestBuy's GeekSquad damn sure doesn't want to
support them. It's not Microsoft. It's the market.

~~~
dataminer
You are correct in pointing out that absence of support and preinstalled Linux
laptop and desktop is an impediment to Linux adoption.

However, after installing ubuntu on my Mom's computer last year, my support
calls got cut in half. Now she doesn't have to fight with malware, viruses all
the time. I think Linux as a desktop has matured enough that most people can
use it for their everyday computing.

~~~
brudgers
People could choose Linux for their everyday computing. But they don't for the
same reasons they don't use Pine for their email and EMACS for business
correspondence.

On the other hand, if they are forced to use it by their sys-admin, then of
course they will.

