*countable infinities only
pjones at redhat.com
Tue Jun 12 18:27:32 UTC 2012
On 06/12/2012 11:33 AM, Gregory Maxwell wrote:
> On Tue, Jun 12, 2012 at 10:22 AM, Peter Jones <pjones at redhat.com> wrote:
>> This seems like a pretty unlikely scenario. You have to disable secure boot
>> to perform most kernel-level debugging operations in Windows 8. It'd
>> pretty much the entire OEM community for Windows add-on card drivers, pretty
>> much all major enterprise customers, and all computer science departments
>> use windows for any OS program, just as some examples. Microsoft knows it
>> needs these people.
> One way to tell if the characteristics you know about something are meaningful
> is to replace the thing you're talking about and see if the comments make any
> less sense.
This way just as often leads to total nonsense.
> You could replace disable-secure-boot with access to source code here and
> it makes absolutely as much sense except for the fact that they don't generally
> give access to their source code.
Let's replace it with "eat tacos" instead, since that's just as irrelevant
to the point as what you're saying.
To write device drivers you don't need source code, only headers. If
you're going to try to argue by way of making a tortured analogy through
puppetry of grammar, then you can reach any conclusion you want. If instead
you're going to try to make a reasonable analogy, then the one you want is
API headers. They won't take those away from developers, and they won't take
debugging modes away either. They've invested *billions* of dollars in
providing debugging tools and API documentation for developers, and I don't
for a second believe they're going to turn around and stop that out of spite.
No amount of replacing words in unrelated statements is going to convince me
of your premise here. It doesn't follow from the facts.
> Certainly as a developer it's even more important to be able to read the
> implementations of the stuff you're calling than it is to be able to run
> modified versions of them.
Microsoft's position on this has, historically been that generally having
headers and good documentation (and boy, they produce a *lot* of that) will
do. The market seems to agree with them on this regard, and for good reason -
it directly enables the market. On top of that, they will let you see an
NDAd source code tree for the right price.
I'm no MS fan, but you're drawing bizarro conclusions here.
> Presumably if Microsoft manages to get by with giving drivers authors
> highly confined access to implementation details they could get by
> just as well requiring people to sign up to buy developer cryptographic
> keys in order to do kernel debugging.
No, they literally cannot do that. Having a special debugging key that
chains to a CA key that's in the key database (DB), which would allow the
ability to do kernel debugging activities which could, for example, write
to arbitrary memory, would completely obviate the ability of Secure Boot
to be effective at all.
The scenario you describe /cannot/ work.
> Alternatively you could make the same arguments about various mobile
> platforms which are normally shipped to users in a totally locked down
> state: the hardware peripheral makers need low level access. The vendors
> manage to find ways to accommodate these people without compromising
> their control over the normal installed base.
My statements above apply equally well to this scenario.
More information about the devel