
SecureBoot in Ubuntu 12.10 - riledhel
http://web.dodds.net/~vorlon/wiki/blog/SecureBoot_in_Ubuntu_12.10/?utm_source=twitterfeed&utm_medium=twitter
======
avar
I've seen a lot written about the _how_ of SecureBoot but is there a good
summary of the _why's_. I'm still deeply skeptical that this is part of
Microsoft's plan to eventually transform the PC architecture into something
console-like.

They've already de-facto achieved that by not mandating that custom OS's can
be booted on Windows 8 supporting ARM devices, and between them and pressure
from content owners wanting complicit OS's that don't run applications that do
things they don't like I can only see that sort of thing progressing in the
future.

~~~
wmf
Ostensibly secure boot exists to foil bootkits (bootloader rootkits) which (in
theory) cannot be detected or removed by any antivirus tools. Secure boot also
prevents bootloader-based activation hacks (e.g. "Windows Loader") that make
it easy to pirate Windows (these hacks can be seen as a special case of
"benign" bootkits).

~~~
rdl
Lack of secure boot also makes it impossible for remote third parties (e.g.
netflix, content providers, or enterprise IT departments) to trust client
software.

Even windows secure boot doesn't provide protection against a targeted attack,
but conceivably a combination of EFI secure boot and a bug-free well
implemented OS (heh) could provide enough protection for DRM on video content,
basic enterprise computing (with non-hostile users), etc.

I still think none of this crap really belongs on the client; it is however an
awesome fit on the server, which is an area people haven't really explored
enough.

~~~
shykes
> _I still think none of this crap really belongs on the client; it is however
> an awesome fit on the server, which is an area people haven't really
> explored enough._

Agreed. I remember reading an IBM research paper about combining TPM and
virtualization on the server, and getting excited about the possibilities. I
wonder what happened to that project.

EDIT: found it!
[http://domino.watson.ibm.com/library/cyberdig.nsf/papers/442...](http://domino.watson.ibm.com/library/cyberdig.nsf/papers/4427173615992B74852570BC005E7117/$File/rc23778.pdf)

~~~
rdl
VMware has some TPM features built in (although basically limited to remote-
attest that it's a legitimate VMware ESX server).

Intel also had some demo stuff, but the problem is Intel's security software
group was kind of a revolving door spinning at a 3-6 month rotational speed.

------
sedev
The whole mess around this should be a reminder to us all that it's very, very
hard to disentangle social problems from technical problems.

~~~
thwarted
It's easy to disentangle them, they are not inheritenly related. What's hard
is convincing some people that social problems don't have technical solutions.
The attractiveness of the technical solution is that it is so much easier than
the social solution that it just _has_ to exist.

~~~
SoftwareMaven
Like the password problem (eg people choosing "password123" as their
password). That's an easy technical problem to solve (and in fact is solved).
I can't understand why passwords are so easy to crack. It's only a matter of
getting _everyone_ to behave differently. <mild sarcasm/>

I would argue that all of the really hard problems in software development[1]
(and most technologies) are really hard _because_ they are social in nature,
and it is the social nature that makes them so hard.

This is similar to the food production/distribution problem. We create enough
food to feed the world, but, due to many geopolitical forces, we can't get the
food to all the people that need it. No matter how good we get at growing and
shipping food (the technical solution), there is some warlord somewhere who
will steal it from his subjects (the social problem).

1\. Not computer science. P==NP has nothing to do with Aunt Marge.

~~~
sedev
That's a great example, thanks for bringing that in. I was more thinking of
community management since I'd just been skimming "Building Web Reputation
Systems" again and its authors have quite a bit to say about the entanglement
of social and technical problems. But like you say, there are a _lot_ of
domains where technical problems are entangled with social ones - it's just
that those domains are software engineering as a practical discipline, not
computer science as a branch of math. My favorite examples are time zones,
Unicode, and country names/boundaries.

How many time zones are there in the world? How many will there be next year?
Your NTP server needs to know.

How will you store humans' names that can't be expressed with the BMP alone?
The iCloud servers need to know.

Is Taiwan a country? How about Kurdistan? Where are the borders of India?
Google Maps needs to know.

There is plenty of software that won't have to deal with these problems ...
but these problems can be huge headaches, and part of that is because of their
nature as both social and technical problems.

~~~
thwarted
_Is Taiwan a country? How about Kurdistan? Where are the borders of India?
Google Maps needs to know._

Google Maps _needing to know_ is the technical problem, sure. But representing
borders is a reasonably solved technical problem. The social problem is people
disagree about those things, and Google Maps representing that disagreement
(if it can be represented at all) is a secondary concern to third-parties who
just want to provide accurate maps. And there's nothing technical that can be
done to solve that disagreement. You could very well provide localized Indian
borders when viewing Google Maps (which is actually easier to do, and keep
updated, with electronic maps than with print maps), or show the areas in
dispute as being in dispute, but the issue is that the parties that disagree
think everyone else should see it their way (thus the nature of disagreement).

