
Shuttleworth: Why Windows 8 made us ditch GPL Linux loader - cooldeal
http://www.theregister.co.uk/2012/07/06/shuttleworth_responds_uefi/
======
bediger4000
"The idea is to block viruses from tampering with the boot process and
injecting themselves into a system before they can be detected."

Does _anybody_ serious believe that UEFI will "block viruses" from meddling
with any boot process? Are boot-sector viruses even a problem any more,
because it was pretty obvious that boot-time viruses (like "Brain") were only
widely spread by MS-DOS and early Windows, that required a lot of boots. Boot-
time viruses never made inroads in other populations of computers, just like
Macro viruses never made inroads except in "Word" dominated environments.

UEFI is a power play, pure and simple, just like Digital Rights Management
(a.k.a. "copy protection").

~~~
fein
Even worse, it opens up a whole new attack vector:

"UEFI reimplements a full networking stack, unlike many BIOSes, and therefore
is a target for remote security exploits"
[<http://catless.ncl.ac.uk/Risks/26.18.html#subj13>]

~~~
keithpeter
SO as soon as someone cracks/leaks the Microsoft key, they can compromise all
the Arm tablets?

Disclaimer: Not a programmer and not into details of hardware, just interested

~~~
gvb
Yes, they would have the _ability_ to compromise all PCs (ARM, x86).

Notes, though:

* _All_ BIOS-based PCs and many ARM-based PCs (as well as other CPU-based units) are currently vulnerable. As others have noted, this is not a very active threat vector compared to, say, Flash bugs and infected software ("...to view this p0rn, you have to install this codec" - bam! you are pwned).

* Ability to bypass the key signing via a stolen key is necessary but not sufficient for an attack. You also have to get (trick) the user into installed infected boot-type code. The advantage is that you can then install rootkit-class software, which is very very hard to detect and eradicate.

* People with "powerful" keys take extensive measures to protect them. Having said that, people with "powerful" keys have slipped up, which causes a _lot_ of problems. Examples: Microsoft's key (an old one) was hacked and used to sign the "Flame" virus, Mozilla's private key revealed, the RSA key token hack.

References:

[http://news.cnet.com/8301-10805_3-57446466-75/flame-virus-
sp...](http://news.cnet.com/8301-10805_3-57446466-75/flame-virus-spread-
through-rogue-microsoft-security-certificates/)

[http://www.itnews.com.au/News/252766,comodo-hacker-
reveals-m...](http://www.itnews.com.au/News/252766,comodo-hacker-reveals-
mozilla-private-key.aspx)

[http://blogs.computerworld.com/17995/rsa_securid_hacked_2fa_...](http://blogs.computerworld.com/17995/rsa_securid_hacked_2fa_fob_and_software_compromise)

------
aidenn0
It is ridiculous that a linux company can so misunderstand copyright. GPL
cannot compel you to open source your code or to give out security keys. They
can seek damages against you if you violate the license.

As a more extreme example, lets say I have software with a license that
requires you to punch yourself in the face in order to use it. If I find
you've used it without punching yourself in the face; I can't compel you to
punch yourself in the face, I can only collect monetary damages and get a
court to forbid you from using my software anymore.

When you've tightly tied yourself to a single GPL product, it may be easier to
just comply with the GPL than to switch to using non-GPL software, but a
bootloader is hardly a tightly integrated part of an OS; they could release
with grub 2 and switch to elflinux if it is determined that they were
violating the GPL3 by not divulging their keys.

~~~
s_tec
In other words, just violate the license until you get caught? I don't
understand what you are saying here.

~~~
postfuturist
If you violate the GPL license on code you are distributing, you can be
legally compelled to stop distributing the code and pay damages to aggrieved
parties. You cannot be compelled to fulfill arbitrary requirements of the
license, like sharing private information, your own source code, punch
yourself in the face, fly to the moon, or give up custody of your first-born
child.

~~~
stordoff
If you successfully argue that the GPL forms a contract (and I'm not sure if
it does or not), you can argue for specific performance instead of damages.

------
durpleDrank
They didn't even contact the FSF to discuss the matter. FSF wrote a white
paper about this and stated that the GPL would not force them to release the
public key. Also, does anyone really believe UEFI is not going to be
compromised ? The entire thing ridiculous. It's a power grab, and a lot of
leaders in the open sourced movement are going to come out of this looking
like a pack of fools.

[https://www.fsf.org/campaigns/secure-boot-vs-restricted-
boot...](https://www.fsf.org/campaigns/secure-boot-vs-restricted-
boot/whitepaper-web)

~~~
geofft
The FSF whitepaper is still a bit ambiguous -- it says that they can't come up
with a scenario in which they'd require Canonical to disclose the private key.
It's not as strong as saying the GPLv3 text definitely does not require it,
or, better yet, that they definitely will not require it, as copyright holders
to GRUB.

Now because FSF is also the copyright holder of GRUB, their interpretation of
the GPLv3 is trustworthy in this context, but in other contexts, the FSF
doesn't get to issue retroactive interpretations about the text of the GPLv3.
So seeking the advice of actual lawyers about what the actual text means is
entirely reasonable.

------
kierank
I would speculate the SFLC said the FSF would try and sue to get the keys in a
"civil-war", not that the GPL mandates Canonical giving out the keys.

------
tmzt
I have been trying to find the answer to this, is there a requirement to store
the custom keys installed on a SafeBoot UEFI system in flash or otherwise in
hardware? Are they stored in EBDA or on a disk partition? I can't see how the
standard prevents infection by writing a valid bootsector key to the disk
otherwise.

------
rfugger
Shuttleworth: _The SFLC advice to us was that the FSF could require key
disclosure if some OEM screwed up._

Does anyone know what he's talking about here?

~~~
s_tec
The GPL3 sees the signing keys are part of the source code, so they have to be
provided along with the binaries. The relevant part of the license is in
section 6, third paragraph from the bottom. If an OEM ships a signed copy of
Grub 2, the license states that they need to provide the keys as well. The
fact that the keys come from a third party (Canonical) makes no difference
here. The keys still need to be provided.

~~~
papercrane
I don't think the license says the keys are part of the source code. It says
they have to provide information on how to run your own modified version of
the software.

In this case it would be as simple as allowing the user to install their own
key or disable secure boot. If an OEM didn't do that and pre-installed Ubuntu
on the machine there is no way that Ubuntu would be required to reveal their
private key, they did nothing wrong, the OEM is the one who violated the
license and they are on the hook for damages.

------
rprasad
TLDR: Canonical asked some copyright attorneys who specialize in software
licensing rights if the GPL would create issues. They said it _could_ , and
that Canonical _could_ but probably would not be liable if such issues arose.
Canonical decided that the easiest, most pragmatic thing to do was to switch
bootloaders and not have to deal with this issue at all.

GRUB is a decent bootloader, but it's not sufficiently better than the
alternatives to justify the additional costs keeping it would have imposed.
(These additional costs would likely not be actual expenditures, but reserves
booked pursuant to accounting standards).

------
gcb
I used Ubuntu and promoted it like crazy. Until i realized it's pernicious to
open software. Too many compromises. binary drivers everywhere. Now this. The
Ubuntu moved gnome3 crap that led to the least community driven direction a
project ever took.

Heck and i always seen gpl extremists as crazy and release all my code under
mit... And even so i refuse to use Ubuntu anymore.

~~~
sliverstorm
Sounds like you're a Debian sort of guy, then. That's fine- but, understand
that the reason Ubuntu is at the forefront of "Linux on the desktop" is
because of its willingness to compromise.

You can never have everything; Ubuntu cares more about things that lead to
adoption (i.e. usability), Debian cares more about purity.

~~~
iso8859-1
I doubt that Ubuntu is "the forefront of 'Linux on the Desktop'" because it is
willing to compromise and use binary blobs and the like.

The reason is that there is a proper organization that people trust and
understand behind it (Canonical). People with incentives, money and ads.

Idealism has little to do with it. Granted, Ubuntu would be a bit less popular
if they were as pure, but I don't think it makes much of a difference in the
end.

~~~
geofft
Really? I have plenty of hardware that simply will not work at all without the
binary blobs -- no graphics, no network connection, etc. I've tried installing
Debian on some of my machines, only to find that it doesn't boot and I need to
install Ubuntu instead.

Ubuntu wouldn't lose on mere "popularity" by being less pragmatic, they'd lose
on hardware compatibility. It's pretty easy for a technical user who knows
they want Linux to find hardware well-supported on Linux before they buy it,
but the average user will come with a computer already purchased, and ask if
Ubuntu works on their computer.

