Fedora ARM and SecureBoot

Adam Jackson ajax at redhat.com
Fri Jun 8 16:42:41 UTC 2012


On Fri, 2012-06-08 at 16:29 +0100, Andrew Haley wrote:
> On 06/08/2012 04:24 PM, Adam Jackson wrote:
> > And?  I wasn't speaking to "we should sign our arm images with
> > Microsoft's key", I was speaking to "we should support Secure Boot on
> > arm".  If someone wants to build an arm machine with SB support capable
> > of running non-Windows operating systems, why would we not want to run
> > there, and why would enabling that look any different from self-signing
> > an x86 machine?
> 
> Forgive me if I'm missing something, but surely the reason we would
> not want to run there is that our users would not be able to do so
> as well: they wouldn't be able to modify our kernel and run it on
> their machine.

I chose my words carefully.  I think you're hearing "Secure Boot on arm"
and concluding "immutable Secure Boot configuration", which to my
knowledge is not a given.  It's a given for machines that will ship with
Windows for arm on them, and one can choose to be angry at Microsoft for
that I suppose, but that's not necessarily a statement about the broader
arm ecosystem.

Personally I really like the idea of establishing my own trust chain on
my own machines.  I like the idea that I can get the assurance that my
firmware hasn't been rooted _and_ not rely on anyone else's cert safety
practices but my own.  If I'm the sort of person who's taking my
computer into hostile territory - insert oppressive government of choice
here - that level of trust is potentially life saving.

And - though it pains me that this next thought might actually be
unpopular, though closer investigation might reveal that I'm giving the
feature too much credit, and without considering or conceding whether
such a machine would be non-free - I'm pretty sure I am willing to
sacrifice a minor technical point of software freedom for real gains in
human freedom.

Software freedom is a means, not an end.

Microsoft's requirements for SB on x86 enable that kind of trust for
Linux (and for anyone else who wants it).  It's possible to build arm
machines the same way; they won't be able to run Windows, but whatever,
as if I want to run Windows anyway.  If arm machines like that were to
exist, why _wouldn't_ we want to support them?  For that matter, why
would we not want to enable building them?

- ajax
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20120608/58d04712/attachment.sig>


More information about the devel mailing list